Cryptographic Security Platform 1.0.0 - Installation and administration guide [PDF]

Audit the actions performed in Certificate Manager.

To audit logs

Log in as an administrator with the global_admin role.
Go to Administer > Audit Log.
Define log views.
- Unfold the Columns list to select the properties you want to display as columns.
- Click Show Filter Options to display a filtering form below each column name.
- Select Show Filter Options / Remove all filters to remove all filters.
- Select Show Filter Options / <column> to remove the filters on the <column> column.
- Click Show Filter Options to hide the filtering options and keep the filters.
- Click Items per page at the bottom of the page, select the number of items to view per page: 10, 25, 50, or 100.
- Click Reset layout to remove all the column and filter customizations.
- Click the refresh icon to rerun the query with the current filters.
On the main grid, check the following log details.
- Performed By: The identifier of the user or internal component that performed the event.
- Logged At: The event time and date.
- Logs: A summary description of the event.
- Audit Code: The internal code of the audit log. See below for the supported values.

Administration logs

The following logs record administration events.

Audit Code	Log
AUDIT_1114	Events retention period set to `<retention_period>` days
AUDIT_1115	Reports settings updated. Retention period: `<retention_period>`, Copyright text `<copyright_text>`
AUDIT_1116	Plugin `<plugin_name>` updated. State set to `<plugin_active_state>`
AUDIT_1117	Public Enrollment Forms `<general_setting_enabled/disabled>`
AUDIT_1119	Address `<address_name>` updated
AUDIT_1120	Single address created: `<address_name>`
AUDIT_1121	Mapped address created: `<address_name>`
AUDIT_1122	List of addresses created: `<address_name>`
AUDIT_1124	Address deleted: `<address_name>`
AUDIT_1125	Address `<address_name>` removed from rules
AUDIT_1126	Address `<address_name>` removed from schedules
AUDIT_1127	New addresses imported in list of address `<address_name>`
AUDIT_1128	Imported single address `<address_name>`
AUDIT_1129	Imported list of addresses `<address_name>`
AUDIT_1168	License with order number: `<order_number>`, Revision number: `<revision_number>` uploaded
AUDIT_1169	License with order number: `<order_number>`, Revision number: `<revision_number>` updated.
AUDIT_1170	Entitlement usage updated for `<consumption_type>`. Usage count: `<usage_count>`

Authentication and authorization logs

The following logs record authentication and authorization events.

Audit Code	Log
AUDIT_1010	Auth provider `<auth_provider_name>` registered
AUDIT_1011	Auth provider `<auth_provider_name>` updated
AUDIT_1012	LDAP login failed for user: `<username>`
AUDIT_1013	LDAP login failed as user: `<username>` is not in the required group: `<auth_provider_registration_group_name>`, dn: `<email>`
AUDIT_1017	API token created for user `<username>`
AUDIT_1018	API token deleted for user `<username>`
AUDIT_1023	Roles updated for user `<username>`
AUDIT_1030	API token deleted for user `<username>`
AUDIT_1031	API token updated for user `<username>`
AUDIT_1032	All API tokens deleted for user `<username>`
AUDIT_1033	All API tokens deactivated for user `<username>`
AUDIT_1036	Created initial user with username: `<username>`.
AUDIT_1037	Created user with username: `<username>`.
AUDIT_1039	Created LDAP user with username: `<username>`.
AUDIT_1040	Created external user username: `<username>`.
AUDIT_1041	Deleted user: `<username>`.
AUDIT_1042	Updated user: `<username>`.
AUDIT_1043	Updated LDAP user: `<username>`.
AUDIT_1044	Updated external user: `<username>`.
AUDIT_1046	Updated account password for user: `<username>`.
AUDIT_1047	Updated last login for user: `<username>`.
AUDIT_1048	Successful login by User: `<username>`.
AUDIT_1057	Failed login attempt for user: `<username>`
AUDIT_1058	Failed login attempt for user: `<username>`
AUDIT_1059	Maximum login attempts exceeded. Rejected login attempt for user: `<username>`
AUDIT_1060	Login denied. Tenant id not found for user `<username>`
AUDIT_1061	Global role created: `<role_name>`
AUDIT_1062	Custom role created: `<role_name>`
AUDIT_1063	Custom role updated: `<role_name>`
AUDIT_1064	Authority role created: `<role_name>`
AUDIT_1065	Composite role created: `<role_name>`
AUDIT_1066	Role deleted: `<role_name>`
AUDIT_1067	Role updated: `<role_name>`
AUDIT_1068	Role `<role_name>` assigned to user `<username>`.
AUDIT_1069	Role `<role_name>` unassigned from user `<username>`.
AUDIT_1070	Certificate role created: `<role_name>`
AUDIT_1071	Certificate role updated: `<role_name>`
AUDIT_1092	Failed login attempt for user: `<username>`. User is not active.
AUDIT_1093	Failed login attempt. User does not exist.

Automation logs

The following logs record rule and report events.

Audit Code	Log
AUDIT_1201	`<rule_type>` Rule created: `<rule_name>`
AUDIT_1205	`<rule_type>` Rule updated: `<rule_name>`
AUDIT_1209	`<rule_type>` Rule deleted: `<rule_name>`
AUDIT_1250	Generated certificate report: `<rule_name>`
AUDIT_1251	Created report: `<rule_name>`
AUDIT_1252	Updated report: `<rule_name>`
AUDIT_1253	Deleted report: `<rule_name>`
AUDIT_1254	Report Schedule `<schedule_name>` deleted
AUDIT_1255	Report Schedule `<schedule_name>` created for report `<rule_name>`
AUDIT_1256	Report Schedule `<schedule_name>` updated
AUDIT_1257	Delete report execution at `<executed_at>` for report `<rule_name>`
AUDIT_1258	Successfully renewed certificate `<cert_name>` (Serial Number: `<cert_sn>`)

Certificate logs

The following logs record certificate events.

Audit Code	Log
AUDIT_1434	Certificate `<cert_name>` (Serial Number: `<cert_sn>`) archived
AUDIT_1435	Certificate `<cert_name>` (Serial Number: `<cert_sn>`) unarchived
AUDIT_1436	Certificate `<cert_name>` (Serial Number: `<cert_sn>`) revoked
AUDIT_1437	Certificate `<cert_name>` (Serial Number: `<cert_sn>`) released from hold
AUDIT_1472	Custom Field created: `<custom_field_name>`.
AUDIT_1473	Custom Field deleted: `<custom_field_name>`.
AUDIT_1474	Custom Field updated: `<custom_field_name>`.
AUDIT_1480	Certificate exported: Common Name `<cert_name>`, Serial Number `<decimal_cert_sn>`, export type: `<export_type>`
AUDIT_1491	<n`umber_of_updated_certs>` certificates queued for bulk update.
AUDIT_1492	New certificate issued by authority: <a`uth_name>`. (Common Name: `<cert_name>`, Serial Number: `<cert_sn>`)
AUDIT_1493	Certificate `<cert_name>` (Serial Number: `<cert_sn>`) updated
AUDIT_1494	Certificate `<cert_name>` (Serial Number: `<decimal_cert_sn>`) imported
AUDIT_1498	Certificate view `<view_name>` created.
AUDIT_1499	Certificate view `<view_name>` updated.
AUDIT_1500	Certificate view `<view_name>` deleted.

Certificate policy logs

The following logs record Access Tags events.

Audit Code	Log
AUDIT_1481	Certificate Access Tag `<access_tag_name>` created.
AUDIT_1482	Certificate Access Tag `<access_tag_name>` updated.
AUDIT_1483	Certificate Access Tag `<access_tag_name>` deleted.

Control logs

The following logs record events on authorities, key managers, and discovery scanners.

Audit Code	Log
AUDIT_1301	CA Gateway added: `<cagw_name>`
AUDIT_1302	CA Gateway updated: `<cagw_name>`
AUDIT_1303	CA Gateway deleted: `<cagw_name>`
AUDIT_1304	Authority added: `<auth_name>`
AUDIT_1305	Authority updated: `<auth_name>`
AUDIT_1306	Authority deleted: `<auth_name>`
AUDIT_1371	Successfully uploaded certificate with Private key Id: `<priv_key_id>` and Public key Id: `<pub_key_id>` to KMS using plugin: `<plugin_name>`
AUDIT_1375	Key pair deactivated at Key Manager `<plugin_name>`, Private key id: `<priv_key_id>`, Public key id: `<pub_key_id>`
AUDIT_1376	Verification request submitted for domain `<domain_name>` to authority `<auth_name>`
AUDIT_1377	Key manager with plugin `<plugin_name>` created: `<key_manager_name>`
AUDIT_1378	Key manager updated: `<key_manager_name>`
AUDIT_1379	Key manager deleted: `<key_manager_name>`
AUDIT_1382	Status updated for domain `<Domain name>` from authority `<auth_name>`
AUDIT_1383	Re-verify request submitted for domain `<domain_name>` to authority `<auth_name>`
AUDIT_1384	Discovery scanner added: `<disco_agent_name>`
AUDIT_1385	Discovery scanner updated: `<disco_agent_name>`
AUDIT_1386	Discovery scanner deleted: `<disco_agent_name>`
AUDIT_1387	`<num_of_disco_agent_scans>` Scan configurations updated for discovery scanner `<disco_agent_name>`
AUDIT_1388	Discovery scanner <`disco_agent_name>` policy updated, new polling frequency: `<disco_agent_poll_freq>` seconds

Destination logs

The following logs record destination events.

Audit Code	Log
AUDIT_1495	Destination `<dest_name>` created.
AUDIT_1496	Destination `<dest_name>` updated.
AUDIT_1497	Destination `<dest_name>` deleted.

Public form logs

The following logs record Public Enrollment Form events.

Audit Code	Log
AUDIT_1504	Public form `<pub_form_name>` created.
AUDIT_1505	Public form `<pub_form_name>` updated.
AUDIT_1506	Public form `<pub_form_name>` deleted.
AUDIT_1507	Certificate request (ID: `<cert_request_id>`) of requester `<requester>`(IP:`<remote_ip>`) is rejected.
AUDIT_1508	Certificate request (ID: `<cert_request_id>`) of requester `<requester>`(IP:`<remote_ip>`) is approved.
AUDIT_1509	Certificate request (ID: `<cert_request_id>`) of requester `<requester>`(IP:`<remote_ip>`) is already approved.
AUDIT_1510	Certificate request (ID: `<cert_request_id>`) of requester `<requester>`(IP:`<remote_ip>`) is already rejected.
AUDIT_1511	Error rejecting certificate request (ID: `<cert_request_id>`) of requester `<requester>`(IP:`<remote_ip>`).
AUDIT_1512	Error approving certificate request (ID: `<cert_request_id>`) of requester `<requester>`(IP:`<remote_ip>`) .
AUDIT_1513	New Certificate request created.
AUDIT_1514	Certificate request (ID: `<cert_request_id>`) of requester `<requester>`(IP:`<remote_ip>`) is cancelled.
AUDIT_1515	New Certificate request created with key algorithm `<key_alg>`, key size `<Key size>` (IP:`<remote_ip>`)
AUDIT_1516	New Certificate request created key algorithm `<key_alg>`, (IP:`<remote_ip>`)
AUDIT_1517	New Certificate request created with key algorithm `<key_alg>`, OID `<pub_key_info_alg>` (IP:`<remote_ip>`).
AUDIT_1518	Deleted `<num_cert_requests_deleted>` certificate requests last modified `<cert_request_retention>` days ago.
AUDIT_1519	Certificate request (ID: `<cert_request_id>`) of requester `<requester>`(IP:`<remote_ip>`) with CA side key generation (profile:`<profile_id>` is marked approved.
AUDIT_1520	Certificate request (ID: `<cert_request_id>`) of requester `<requester>`(IP:`<remote_ip>`) is already issued.
AUDIT_1521	Pkcs12 for Certificate Request (ID: `<cert_request_id>`) of requester `<requester>`(IP:`<remote_ip>`) with CA side key generation (profile:`<profile_id>` is issued.

Source logs

The following logs record source events.

Audit Code	Log
AUDIT_1501	Source deleted: `<source_name>`
AUDIT_1502	Source with plugin `<plugin_name>` created: `<source_name>`
AUDIT_1503	Source updated: `<source_name>`