Previous Topic: Miscellaneous AdministrationNext Topic: USS File Services

Viewing Security Object Data in the InvestigatorSecurity EventsControl

Control

The Investigator displays the following searchable security control event records:

Security System Start

Includes a record for each time a security system starts.

Event Code: 1

Security System Stop

Includes a record for each time a security system stops.

Event Code: 2

Security System Stop Violation

Includes a record for each time a security system stops abnormally, which appears as an ABEND in the external security manager.

Event Code: 3

Security System Modify

Includes a record for each time a user issues a modify command for the security product.

Event Code: 4

Security System Modify Violation

Includes a record for each time a user tries but is denied when issuing a modify command for the security product.

Event Code: 5

Note: For a comprehensive list of security events and the event triggers, see the security events chapter in your external security manager documentation.

Example: Identify the security system modify owner

You have noticed that your default security system settings have changed in the last 24 hours. You would like to know who issued the modify command that changed these settings. This information helps you contact the individual that issued the modify command.

  1. Add the Investigator module to your dashboard, and click Start New Investigation.
  2. Select Security from the drop-down list.
  3. Select Events, Control from the folder list.
  4. Click View Filter (magnifying glass icon).
  5. Filter the data by completing the following steps:
    1. Select Event Category Description from the first drop-down list from the center pane.
    2. Select contains from the second drop-down, and type System Modify.
    3. Specify a start and end date and time that covers the last 24 hours.
    4. Click Search.

    Your Security System Modify events appear for the last 24 hours.

  6. Scroll to the event tied to your system or filter further to narrow the results.
  7. Locate the event and click User from the Actions pane.

    Use the contact information in the record to contact the originator to discuss the modifications.

  8. Click the notes icon and add the details of your conversation to help ensure that future users understand why the settings changed.