© Copyright Netsurion. All Rights Reserved. 4
6. Object Access .......................................................................................................................... 27
6.1 Application Generated ....................................................................................................................... 27
6.2 Certification Services ......................................................................................................................... 28
6.3 Detailed File Share ............................................................................................................................. 30
6.4 File Share ........................................................................................................................................... 30
6.5 File System ......................................................................................................................................... 31
6.6 Filtering Platform ............................................................................................................................... 32
6.7 Filtering Platform Packet Drop .......................................................................................................... 33
6.8 Handle Manipulation ......................................................................................................................... 34
6.9 Kernel Object ..................................................................................................................................... 35
6.10 Other Object Access Events ............................................................................................................... 35
6.11 Registry .............................................................................................................................................. 37
6.12 SAM - Security Accounts Manager ..................................................................................................... 38
7. Policy Change .......................................................................................................................... 39
7.1 Audit Policy Change ........................................................................................................................... 39
7.2 Authentication Policy Change ............................................................................................................ 40
7.3 Authorization Policy Change .............................................................................................................. 41
7.4 Filtering Platform Policy Change ........................................................................................................ 42
7.5 MPSSVC Rule-Level Policy Change ..................................................................................................... 45
7.6 Other Policy Change Events ............................................................................................................... 46
8. Privilege Use ............................................................................................................................ 47
8.1 Non-Sensitive Privilege Use ............................................................................................................... 48
8.2 Sensitive Privilege Use ....................................................................................................................... 49
8.3 Other Privilege Use Events ................................................................................................................. 50
9. System .................................................................................................................................... 50
9.1 IPSEC Driver ....................................................................................................................................... 50
9.2 Other System Events.......................................................................................................................... 53
9.3 Security State Change ........................................................................................................................ 55
9.4 Security System Extension ................................................................................................................. 56
9.5 Security System Integrity ................................................................................................................... 57
10. Global Object Access Auditing ............................................................................................... 59
10.1 Registry (GOAA) ................................................................................................................................. 59
10.2 File System (GOAA) ............................................................................................................................ 59