Documentation for Open Vulnerability and Assessment Language (OVAL®)
Definition Type: Element
Name: auditeventpolicy_state
Namespace: http://oval.mitre.org/XMLSchema/oval-definitions-5#windows
Type: oval-def:StateType
Containing Schema: windows-definitions-schema.xsd
Abstract
Documentation:
The auditeventpolicy_state element specifies the different system activities that can be audited. An audit event policy test will reference a specific instance of this state that defines the exact settings that need to be evaluated. The defined values are found in window's POLICY_AUDIT_EVENT_TYPE enumeration and accessed through the LsaQueryInformationPolicy when the InformationClass parameters are set to PolicyAuditEventsInformation. Please refer to the individual elements in the schema for more details about what each represents.
Collapse XSD Schema Diagram:
Drilldown into system in schema windows-definitions-schema_xsd Drilldown into privilege_use in schema windows-definitions-schema_xsd Drilldown into policy_change in schema windows-definitions-schema_xsd Drilldown into object_access in schema windows-definitions-schema_xsd Drilldown into logon in schema windows-definitions-schema_xsd Drilldown into directory_service_access in schema windows-definitions-schema_xsd Drilldown into detailed_tracking in schema windows-definitions-schema_xsd Drilldown into account_management in schema windows-definitions-schema_xsd Drilldown into account_logon in schema windows-definitions-schema_xsd Drilldown into notes in schema oval-definitions-schema_xsd Drilldown into Signature in schema xmldsig-core-schema_xsd Drilldown into deprecated in schema oval-definitions-schema_xsd Drilldown into comment in schema oval-definitions-schema_xsd Drilldown into operator in schema oval-definitions-schema_xsd Drilldown into version in schema oval-definitions-schema_xsd Drilldown into id in schema oval-definitions-schema_xsd Drilldown into StateType in schema oval-definitions-schema_xsdXSD Diagram of auditeventpolicy_state in schema windows-definitions-schema_xsd (Open Vulnerability and Assessment Language (OVAL®))
Collapse XSD Schema Code: 
<xsd:element name="auditeventpolicy_state" substitutionGroup="oval-def:state">
    <xsd:annotation>
        <xsd:documentation>The auditeventpolicy_state element specifies the different system activities that can be audited. An audit event policy test will reference a specific instance of this state that defines the exact settings that need to be evaluated. The defined values are found in window's POLICY_AUDIT_EVENT_TYPE enumeration and accessed through the LsaQueryInformationPolicy when the InformationClass parameters are set to PolicyAuditEventsInformation. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation>
    </xsd:annotation>
    <xsd:complexType>
        <xsd:complexContent>
            <xsd:extension base="oval-def:StateType">
                <xsd:sequence>
                    <xsd:element name="account_logon" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="aepsteaccount_logon" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicy_state/win-def:account_logon">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the account_logon entity of an auditeventpolicy_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="account_management" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>Audit attempts to create, delete, or change user or group accounts. Also, audit password changes.</xsd:documentation>
                            <xsd:appinfo>&gt; <sch:pattern id="aepsteaccount_management" xmlns:sch="http://purl.oclc.org/dsdl/schematron"><sch:rule context="win-def:auditeventpolicy_state/win-def:account_management"><sch:assert test="not(@datatype) or @datatype='string'"><sch:value-of select="../@id" /> - datatype attribute for the account_management entity of an auditeventpolicy_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="detailed_tracking" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>Audit specific events, such as program activation, some forms of handle duplication, indirect access to an object, and process exit. </xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="aepstedetailed_tracking" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicy_state/win-def:detailed_tracking">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the detailed_tracking entity of an auditeventpolicy_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="directory_service_access" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>Audit attempts to access the directory service.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="aepstedirectory_service_access" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicy_state/win-def:directory_service_access">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the directory_service_access entity of an auditeventpolicy_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="logon" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="aepstelogon" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicy_state/win-def:logon">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the logon entity of an auditeventpolicy_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="object_access" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>Audit attempts to access securable objects, such as files.</xsd:documentation>
                            <xsd:appinfo>&gt; <sch:pattern id="aepsteobject_access" xmlns:sch="http://purl.oclc.org/dsdl/schematron"><sch:rule context="win-def:auditeventpolicy_state/win-def:object_access"><sch:assert test="not(@datatype) or @datatype='string'"><sch:value-of select="../@id" /> - datatype attribute for the object_access entity of an auditeventpolicy_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="policy_change" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>Audit attempts to change Policy object rules. </xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="aepstepolicy_change" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicy_state/win-def:policy_change">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the policy_change entity of an auditeventpolicy_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="privilege_use" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>Audit attempts to use privileges.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="aepsteprivilege_use" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicy_state/win-def:privilege_use">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the privilege_use entity of an auditeventpolicy_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="system" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>Audit attempts to shut down or restart the computer. Also, audit events that affect system security or the security log.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="aepstesystem" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicy_state/win-def:system">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the system entity of an auditeventpolicy_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                </xsd:sequence>
            </xsd:extension>
        </xsd:complexContent>
    </xsd:complexType>
</xsd:element>
Collapse Child Elements:
Name Type Min Occurs Max Occurs
Signature ds:Signature 0 1
notes oval-def:notes 0 1
account_logon win-def:account_logon 0 (1)
account_management win-def:account_management 0 (1)
detailed_tracking win-def:detailed_tracking 0 (1)
directory_service_access win-def:directory_service_access 0 (1)
logon win-def:logon 0 (1)
object_access win-def:object_access 0 (1)
policy_change win-def:policy_change 0 (1)
privilege_use win-def:privilege_use 0 (1)
system win-def:system 0 (1)
Collapse Child Attributes:
Name Type Default Value Use
id oval-def:id Required
version oval-def:version Required
operator oval-def:operator AND Optional
comment oval-def:comment Optional
deprecated oval-def:deprecated false Optional
Collapse Derivation Tree:
Collapse References:
oval-def:state
Documentation for Open Vulnerability and Assessment Language (OVAL®)

Generated using Liquid Studio - Developer Bundle 21.0.0.0