Endpoint Administration Guide for Windows › Monitoring and Auditing › Events Interception › Types of Intercepted Events › Audit Only Mode

Audit Only Mode

Audit Only mode records all intercepted events without checking or enforcing access rules. Use this mode to collect data for compliance requirements or regulations. In Audit Only mode, CA ControlMinder intercepts the event and writes an audit event but does not process the request for authorization and does not enforce rules. As a result, CA ControlMinder permits all access requests it intercepts. This means that the authorization result recorded in the audit log for all events is P (permitted).

The following restrictions apply to Audit Only mode:

• No audit records are sent to Unicenter.

  In Audit Only mode all events are permitted (P). Permitted events are not sent to Unicenter.

• The audit properties of the resource and the user are not taken into consideration.

  Audit Only mode records all intercepted events regardless of resource- or user-specific settings.