Docs for schema item auditeventpolicy_test in Open Vulnerability and Assessment Language (OVAL®)

Documentation for Open Vulnerability and Assessment Language (OVAL®)
Definition Type:	Element
Name:	auditeventpolicy_test
Namespace:	http://oval.mitre.org/XMLSchema/oval#windows
Type:	oval:standardTestType
Containing Schema:	windows-schema.xsd
Abstract
Documentation:	The auditeventpolicy test enumerates the different types of events the system should audit. The defined values are found in window's POLICY_AUDIT_EVENT_TYPE enumeration and accessed through the LsaQueryInformationPolicy when the InformationClass parameters are set to PolicyAuditEventsInformation.
XSD Schema Diagram:
XSD Diagram of auditeventpolicy_test in schema windows-schema_xsd (Open Vulnerability and Assessment Language (OVAL®))
XSD Schema Code:
<xsd:element name="auditeventpolicy_test" substitutionGroup="oval:test">
    <xsd:annotation>
        <xsd:documentation>The auditeventpolicy test enumerates the different types of events the system should audit.  The defined values are found in window's POLICY_AUDIT_EVENT_TYPE enumeration and accessed through the LsaQueryInformationPolicy when the InformationClass parameters are set to PolicyAuditEventsInformation.</xsd:documentation>
        <xsd:appinfo>
            <test_name>Audit Event Policy Test</test_name>
            <extends>standardTestType</extends>
            <valid_sections>notes, data</valid_sections>
            <example>
                <auditeventpolicy_test id="wbt-0" check="all" comment="test certain event policies" xmlns="http://oval.mitre.org/XMLSchema/oval#windows">
                    <oval:notes xmlns:oval="http://oval.mitre.org/XMLSchema/oval">
                        <oval:note>This is an example test written under version 4 of the OVAL schema.  It is meant to give a short overview of the test and might not contain every possible child element.</oval:note>
                    </oval:notes>
                    <data operation="AND">
                        <account_logon>AUDIT_FAILURE</account_logon>
                        <directory_service_access>AUDIT_SUCCESS_FAILURE</directory_service_access>
                    </data>
                </auditeventpolicy_test>
            </example>
        </xsd:appinfo>
    </xsd:annotation>
    <xsd:complexType>
        <xsd:complexContent>
            <xsd:extension base="oval:standardTestType">
                <xsd:sequence>
                    <xsd:element name="data" minOccurs="0" maxOccurs="1">
                        <xsd:complexType>
                            <xsd:complexContent>
                                <xsd:extension base="oval:dataType">
                                    <xsd:sequence>
                                        <xsd:element name="account_logon" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
                                            <xsd:annotation>
                                                <xsd:documentation>Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.</xsd:documentation>
                                                <xsd:appinfo>
                                                    <parent_test>Audit Event Policy Test</parent_test>
                                                    <cardinality>0-1</cardinality>
                                                    <content>string</content>
                                                    <valid_datatypes>string</valid_datatypes>
                                                    <valid_operators>equals, not equal</valid_operators>
                                                </xsd:appinfo>
                                            </xsd:annotation>
                                        </xsd:element>
                                        <xsd:element name="account_management" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
                                            <xsd:annotation>
                                                <xsd:documentation>Audit attempts to create, delete, or change user or group accounts. Also, audit password changes.</xsd:documentation>
                                                <xsd:appinfo>
                                                    <parent_test>Audit Event Policy Test</parent_test>
                                                    <cardinality>0-1</cardinality>
                                                    <content>string</content>
                                                    <valid_datatypes>string</valid_datatypes>
                                                    <valid_operators>equals, not equal</valid_operators>
                                                </xsd:appinfo>
                                            </xsd:annotation>
                                        </xsd:element>
                                        <xsd:element name="detailed_tracking" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
                                            <xsd:annotation>
                                                <xsd:documentation>Audit specific events, such as program activation, some forms of handle duplication, indirect access to an object, and process exit. </xsd:documentation>
                                                <xsd:appinfo>
                                                    <parent_test>Audit Event Policy Test</parent_test>
                                                    <cardinality>0-1</cardinality>
                                                    <content>string</content>
                                                    <valid_datatypes>string</valid_datatypes>
                                                    <valid_operators>equals, not equal</valid_operators>
                                                </xsd:appinfo>
                                            </xsd:annotation>
                                        </xsd:element>
                                        <xsd:element name="directory_service_access" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
                                            <xsd:annotation>
                                                <xsd:documentation>Audit attempts to access the directory service.</xsd:documentation>
                                                <xsd:appinfo>
                                                    <parent_test>Audit Event Policy Test</parent_test>
                                                    <cardinality>0-1</cardinality>
                                                    <content>string</content>
                                                    <valid_datatypes>string</valid_datatypes>
                                                    <valid_operators>equals, not equal</valid_operators>
                                                </xsd:appinfo>
                                            </xsd:annotation>
                                        </xsd:element>
                                        <xsd:element name="logon" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
                                            <xsd:annotation>
                                                <xsd:documentation>Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.</xsd:documentation>
                                                <xsd:appinfo>
                                                    <parent_test>Audit Event Policy Test</parent_test>
                                                    <cardinality>0-1</cardinality>
                                                    <content>string</content>
                                                    <valid_datatypes>string</valid_datatypes>
                                                    <valid_operators>equals, not equal</valid_operators>
                                                </xsd:appinfo>
                                            </xsd:annotation>
                                        </xsd:element>
                                        <xsd:element name="object_access" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
                                            <xsd:annotation>
                                                <xsd:documentation>Audit attempts to access securable objects, such as files.</xsd:documentation>
                                                <xsd:appinfo>
                                                    <parent_test>Audit Event Policy Test</parent_test>
                                                    <cardinality>0-1</cardinality>
                                                    <content>string</content>
                                                    <valid_datatypes>string</valid_datatypes>
                                                    <valid_operators>equals, not equal</valid_operators>
                                                </xsd:appinfo>
                                            </xsd:annotation>
                                        </xsd:element>
                                        <xsd:element name="policy_change" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
                                            <xsd:annotation>
                                                <xsd:documentation>Audit attempts to change Policy object rules. </xsd:documentation>
                                                <xsd:appinfo>
                                                    <parent_test>Audit Event Policy Test</parent_test>
                                                    <cardinality>0-1</cardinality>
                                                    <content>string</content>
                                                    <valid_datatypes>string</valid_datatypes>
                                                    <valid_operators>equals, not equal</valid_operators>
                                                </xsd:appinfo>
                                            </xsd:annotation>
                                        </xsd:element>
                                        <xsd:element name="privilege_use" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
                                            <xsd:annotation>
                                                <xsd:documentation>Audit attempts to use privileges.</xsd:documentation>
                                                <xsd:appinfo>
                                                    <parent_test>Audit Event Policy Test</parent_test>
                                                    <cardinality>0-1</cardinality>
                                                    <content>string</content>
                                                    <valid_datatypes>string</valid_datatypes>
                                                    <valid_operators>equals, not equal</valid_operators>
                                                </xsd:appinfo>
                                            </xsd:annotation>
                                        </xsd:element>
                                        <xsd:element name="system" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1">
                                            <xsd:annotation>
                                                <xsd:documentation>Audit attempts to shut down or restart the computer. Also, audit events that affect system security or the security log.</xsd:documentation>
                                                <xsd:appinfo>
                                                    <parent_test>Audit Event Policy Test</parent_test>
                                                    <cardinality>0-1</cardinality>
                                                    <content>string</content>
                                                    <valid_datatypes>string</valid_datatypes>
                                                    <valid_operators>equals, not equal</valid_operators>
                                                </xsd:appinfo>
                                            </xsd:annotation>
                                        </xsd:element>
                                    </xsd:sequence>
                                </xsd:extension>
                            </xsd:complexContent>
                        </xsd:complexType>
                    </xsd:element>
                </xsd:sequence>
            </xsd:extension>
        </xsd:complexContent>
    </xsd:complexType>
</xsd:element>
Child Elements:
Name	Type	Min Occurs	Max Occurs
notes	oval:notes	0	1
data	windows:data	0	1
Child Attributes:
Name	Type	Default Value	Use
id	oval:id		Required
comment	oval:comment		Required
check	oval:check	all	Optional
Derivation Tree:
	oval:testType oval:standardTestType *auditeventpolicy_test*
References:
	oval:test
Documentation for Open Vulnerability and Assessment Language (OVAL®)

Generated using Liquid Studio - Developer Bundle 21.0.0.0