Table of items saved in audit log
User authentication and identification
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
1 |
Execute CE authentication |
CE ID |
OK/NG |
|
5 |
Change/Register CE password |
CE ID |
OK |
|
2 |
Execute administrator authentication |
Administrator ID |
OK/NG |
|
6 |
Change/Register administrator password |
CE ID/Administrator ID |
OK |
|
11 |
Execute user authentication |
User ID / Unregistered ID |
OK/NG |
User alteration
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
7 |
Create user by administrator |
User ID |
OK |
|
8 |
Change/Register user password by administrator |
User ID |
OK |
|
9 |
Delete user by administrator |
User ID |
OK |
|
10 |
Change user attribute by administrator |
User ID |
OK |
|
12 |
Change attributes of user by user (user password, etc.) |
User ID |
OK |
Use of management functions and change of security setting
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
3 |
Set/Change Enhanced Security mode |
Administrator ID | OK/NG |
|
19 |
Change HDD lock password |
Administrator ID | OK |
|
41 |
Change password rules setting |
Administrator ID | OK |
|
42 |
Change network setting |
Administrator ID | OK |
|
43 |
Change Service Login Allow Setting |
Administrator ID | OK |
Use of management functions and security audit
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
4 |
Outputting audit log (Manual / Auto) |
Administrator ID | OK/err No |
|
44 |
Change audit log transmission destination setting |
Administrator ID | OK |
Use of management functions and encryption support
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
45 |
Start HDD encryption function |
CE ID / Administrator ID | OK/NG |
|
46 |
Change HDD encryption setting |
Administrator ID / Unregistered ID | OK/NG |
|
47 |
Change HDD encryption password |
Administrator ID / Unregistered ID | OK/NG |
Use of management functions and protection of security function operating environment
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
49 |
ISW execution |
CE ID / Administrator ID | OK/NG |
|
50 |
Firmware diagnosis |
Administrator ID / Unregistered ID | OK/NG |
|
51 |
Device diagnosis |
Administrator ID / Unregistered ID | OK/NG |
Time change (Use of management functions and protection of security function operating environment)
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
20 |
Date/time setting |
User ID | OK |
Start and exit of audit function
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
52 |
Power-on (Start of audit function) |
Unregistered ID | OK |
|
53 |
Power-off (Exit of audit function) * Sub power |
Unregistered ID | OK |
|
54 |
Power-off (Exit of audit function) * Main power |
Unregistered ID | OK |
End of job and job operations
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
16 |
Delete store job |
User ID | OK |
|
21 |
Print copy job |
User ID / Unregistered ID | OK/NG |
|
22 |
Save copy job |
User ID / Unregistered ID | OK/NG |
|
23 |
Printing print job |
User ID / Unregistered ID | OK/NG |
|
24 |
Store print job |
User ID / Unregistered ID | OK/NG |
|
25 |
Execute scan job |
User ID / Unregistered ID | OK/NG |
|
26 |
Print store job |
User ID / Unregistered ID | OK/NG |
|
27 |
Change/re-save store job (Movement or reproduction) |
User ID / Unregistered ID | OK/NG |
|
28 |
Recall store job |
User ID / Unregistered ID | OK/NG |
|
29 |
Output store job file |
User ID / Unregistered ID | OK/NG |
The purpose of analyzing the audit log is to understand the following and implement countermeasures:
-
Whether or not data was accessed or tampered with
-
Subject of attack
-
Details of attack
-
Result of attack
For specific analysis methods, refer to the following description.