<xsd:element name="auditeventpolicy_test" substitutionGroup="oval_results:test">
<xsd:annotation>
<xsd:documentation>This test looks at the types of events the system can audit.</xsd:documentation>
<xsd:appinfo>
<test_name>Audit Event Policy Test</test_name>
<extends>standardTestType</extends>
<valid_sections>message, definition_data, tested_object</valid_sections>
<example>
</example>
</xsd:appinfo>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval_results:standardTestType">
<xsd:sequence>
<xsd:element name="definition_data" minOccurs="1" maxOccurs="1">
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval_results:definitionDataType">
<xsd:sequence>
<xsd:element name="account_logon" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.</xsd:documentation>
<xsd:appinfo>
<parent_test>Audit Event Policy Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="account_management" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to create, delete, or change user or group accounts. Also, audit password changes.</xsd:documentation>
<xsd:appinfo>
<parent_test>Audit Event Policy Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="detailed_tracking" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit specific events, such as program activation, some forms of handle duplication, indirect access to an object, and process exit. </xsd:documentation>
<xsd:appinfo>
<parent_test>Audit Event Policy Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="directory_service_access" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to access the directory service.</xsd:documentation>
<xsd:appinfo>
<parent_test>Audit Event Policy Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="logon" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.</xsd:documentation>
<xsd:appinfo>
<parent_test>Audit Event Policy Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="object_access" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to access securable objects, such as files.</xsd:documentation>
<xsd:appinfo>
<parent_test>Audit Event Policy Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="policy_change" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to change Policy object rules. </xsd:documentation>
<xsd:appinfo>
<parent_test>Audit Event Policy Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="privilege_use" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to use privileges.</xsd:documentation>
<xsd:appinfo>
<parent_test>Audit Event Policy Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="system" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to shut down or restart the computer. Also, audit events that affect system security or the security log.</xsd:documentation>
<xsd:appinfo>
<parent_test>Audit Event Policy Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<xsd:element name="tested_object" type="oval_results:testedObjectType" minOccurs="0" maxOccurs="1" />
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
|
XSD Schema Diagram:
