|
Event ID
|
Event Name
|
Detects
|
Operation
|
|
11000
|
_sys.db.enc.enable
|
Enable encryption
|
PROUTIL ENABLEENCRYPTION
|
|
11001
|
_sys.db.enc.disable
|
Disable encryption
|
PROUTIL DISABLEENCRYPTION
|
|
11100
|
_sys.ks.create
|
Create a new OpenEdge key store
|
PROUTIL ENABLEENCRYPTION; PROUTIL EPOLICY MANAGE key store reconstruct
|
|
11101
|
_sys.ks.delete
|
Delete an existing OpenEdge key store
|
PROUTIL DISABLEENCRYPTION
|
|
11102
|
_sys.ks.open.pass
|
Successfully opened an OpenEdge key store
|
PROUTIL EPOLICY MANAGE;internal ABL and SQL commands
|
|
11103
|
_sys.ks.rekey
|
Changed OpenEdge key store's encryption key
|
Not in use for this release
|
|
11104
|
_sys.ks.setcipher
|
Changed OpenEdge key store encryption cipher
|
Not in use for this release
|
|
11105
|
_sys.ks.setadmin.pwd
|
Changed OpenEdge key store's admin passphrase
|
PROUTIL EPOLICY MANAGE key store adminphrase …
|
|
11106
|
_sys.ks.setuser.pwd
|
Changed OpenEdge key store's user passphrase
|
PROUTIL EPOLICY MANAGE key store userphrase …
|
|
11107
|
_sys.ks.ke.create.pass
|
Successfully created new encryption key entry
|
PROUTIL ENABLEENCRYPTION; PROUTIL EPOLICY MANAGE key store reconstruct
|
|
_sys.ks.ke.update.pass
|
Successfully changed a key entry's owner, passphrase or state
|
PROUTIL DISABLEENCRYPTION
|
|
|
11109
|
_sys.ks.ke.delete.pass
|
Successfully deleted a key entry
|
Not in use for this release
|
|
11110
|
_sys.ks.ke.read.pass
|
Successfully returned a clear-text encryption key
|
_mprosrv; database utilities; ABL single-user database connection
|
|
11111
|
_sys.ks.open.fail
|
Failed when attempting to open a OpenEdge key store
|
_mprosrv; database utilities; ABL single-user database connection
|
|
11112
|
_sys.ks.ke.create.fail
|
Failed when attempting to create a new key entry
|
PROUTIL ENABLEENCRYPTION
|
|
11113
|
_sys.ks.ke.update.fail
|
Failed when attempting to change a key entry's owner, passphrase, or state
|
PROUTIL DISABLEENCRYPTION
|
|
11114
|
_sys.ks.ke.delete.fail
|
Failed when attempting to delete a key entry
|
Not in use for this release
|
|
11200
|
_sys.as.create.pass
|
Successfully created new autostart credentials (for key store access)
|
PROUTIL ENABLEENCRYPTION
|
|
11201
|
_sys.as.delete.pass
|
Successfully deleted existing autostart credentials (for key store access)
|
PROUTIL DISABLEENCRYPTION
|
|
11202
|
_sys.as.open.pass
|
Successfully opened autostart credentials and accessed the key store
|
_mprosrv; database utilities; ABL single-user database connection
|
|
11203
|
_sys.as.recover.pass
|
Successfully forced new autostart credentials and OpenEdge key store passphrase credentials after lockout condition entered
|
PROUTIL EPOLICY MANAGE key store reconstruct
|
|
11204
|
_sys.as.update.pass
|
Successfully updated autostart credentials (for key store access)
|
PROUTIL EPOLICY MANAGE KEYSTORE [autostart | userphrase | rebind];PROUTIL EPOLICY MANAGE AUTOSTART
|
|
11205
|
_sys.as.open.fail
|
Successfully opened autostart credentials but failed to access the key store
|
_mprosrv; database utilities; ABL single-user database connection
|
|
11206
|
_sys.as.update.fail
|
Failure found when updating autostart credentials
|
PROUTIL EPOLICY MANAGE KEYSTORE [autostart | userphrase | rebind]PROUTIL EPOLICY MANAGE AUTOSTART
|
|
11207
|
_sys.as.recover.fail
|
Failed to forced new autostart credentials and OpenEdge key store passphrase credentials after lockout condition entered
|
PROUTIL EPOLICY MANAGE key store reconstruct
|
|
11300
|
_sys.enc.scan
|
Started a scan of an encrypted object to determine the # of blocks related to each object security policy
|
PROUTIL EPOLICY SCAN
|
|
11301
|
_sys.enc.update
|
Started an update of an encrypted object to re-encrypt previous policy encrypted block with the current policy
|
PROUTIL EPOLICY UPDATE
|
|
11400
|
_sys.db.dbpolicy.create
|
Create a new version of a database master key's security policy
|
PROUTIL ENABLEENCRYPTION
|
|
11401
|
_sys.db.dbpolicy.update
|
Updated an existing database master key's security policy's information
|
Not in use for this release
|
|
11402
|
_sys.db.dbpolicy.delete
|
Deleted an existing database master key's security policy [version]
|
PROUTIL DISABLEENCRYPTION
|
|
11500
|
_sys.db.objpolicy.create
|
Create a new version of a database object's security policy
|
PROUTIL EPOLICY MANAGE;internal ABL and SQL commands
|
|
11501
|
_sys.db.objpolicy.update
|
Update an existing database object security policy's state
|
PROUTIL EPOLICY MANAGE;internal ABL and SQL commands
|
|
11502
|
_sys.db.objpolicy.delete
|
Delete an existing [version] of a database object's encryption policy
|
Dictionary: delete table/index SQL: DROP table/index … proutil: TBD
|
|
11600
|
_sys.db.pwdpolicy.create
|
Create a new version of a database passphrase rules policy
|
PROUTIL ENABLEENCRYPTION
|
|
11601
|
_sys.db.pwdpolicy.update
|
Update an existing [version] of a database passphrase rules policy
|
Not in use for this release
|
|
11602
|
_sys.db.pwdpolicy.delete
|
Delete an existing [version] of a database passphrase rules policy
|
PROUTIL DISABLEENCRYPTION
|
Track Encryption Policy Changes Report — Reports any events related to encryption policy maintenance. Events with IDs 11400-11402, 11500-11502, and 11600-11602 are tracked by this report.
Track Key-store Changes Report — Reports any events related to the key store and autostart. Events with IDs 11100-11114 and 11200-11207 are tracked by this report.
Database Encryption Administration (Utilities) Report — Reports events such as enabling and disabling encryption for your database, and scan and update utilities. Events with IDs 11000, 11001, 11300, and 11301 are tracked by this report.