Endpoint Administration Guide for Windows › Monitoring and Auditing › Events Interception › Types of Intercepted Events
Types of Intercepted Events
CA ControlMinder intercepts two types of events:
Interception Modes
Based on the interception mode, CA ControlMinder intercepts, checks for authorization, and logs audit records of access request events. CA ControlMinder has the following modes of interception:
- Full Enforcement mode Full Enforcement mode is the normal operation mode for CA ControlMinder. In this mode, CA ControlMinder intercepts events and enforces the access rules written to the database.
- Audit Only mode Audit Only mode records all intercepted events without checking or enforcing access rules.
- No Interception mode No Interception mode disables CA ControlMinder event interception. In this mode, CA ControlMinder does not intercept events or enforce access rules.
Note: Warning mode Warning Mode is a property that you can apply to a resource, and an option that you can apply to a class. If Warning mode is applied to a resource or a class and an access violates an access rule, CA ControlMinder writes an audit log entry with the return code W, but permits the access to the resource. If a class is in Warning mode, all the resources in that class are in Warning mode. is not an interception mode; it works in Full Enforcement mode only and is designed for short term use during implementation.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|