Stored action | Operation | Audit ID | Result |
---|---|---|---|
User authentication and identification | |||
1 | Execute CE authentication | CE ID | OK/NG |
5 | Change or register the CE password | CE ID | OK |
2 | Execute administrator authentication | Administrator ID | OK/NG |
6 | Change or register the administrator password | CE ID or administrator ID | OK |
11 | Execute user authentication | User ID *1 or unregistered ID *2 | OK/NG |
User modification | |||
7 | Create user by administrator | User ID | OK |
8 | Change/Register user password by administrator | User ID | OK |
9 | Delete user by administrator | User ID | OK |
10 | Change user attribute by administrator | User ID | OK |
12 | Change the user attributes according to the user (change the user password, etc.) | User ID | OK |
Use of management functions and change of security setting | |||
3 | Set/Change Enhanced Security mode | Administrator ID | OK/NG |
19 | Change HDD lock password | Administrator ID | OK |
41 | Change the password rules setting | Administrator ID | OK |
42 | Change the network setting | Administrator ID | OK |
43 | Change the service login allow setting | Administrator ID | OK |
Usage of management functions and security audit | |||
4 | Audit log output (Manual and automatic modes) | Administrator ID | OK/err No |
44 | Change the audit log transmission address setting | Administrator ID | OK |
Use of management functions and encryption support | |||
45 | Start the HDD encryption function | Unregistered ID | OK |
46 | Change the HDD encryption setting | Administrator ID | OK |
47 | Change the HDD encryption password | Administrator ID | OK |
Usage of management functions and protection of security function operating environment | |||
49 | Execute ISW | CE ID or administrator ID | OK/NG |
50 | Firmware diagnosis | Administrator ID or unregistered ID | OK/NG |
51 | Device diagnosis | Administrator ID or unregistered ID | OK/NG |
Time change (Use of management functions and protection of security function operating environment) | |||
20 | Date/time setting | User ID | OK |
Start and exit of audit function | |||
52 | Power-on (Start of audit function) | Unregistered ID | OK |
53 | Power-off (Exit of audit function) * Sub power | Unregistered ID | OK |
54 | Power-off (Exit of audit function) * Main power | Unregistered ID | OK |
End of job and operation | |||
16 | Delete store job | User ID | OK |
21 | Print copy job | User ID or unregistered ID | OK/NG |
22 | Store copy job | User ID or unregistered ID | OK/NG |
23 | Print print job | User ID or unregistered ID | OK/NG |
24 | Store print job | User ID or unregistered ID | OK/NG |
25 | Execute scan job | User ID or unregistered ID | OK/NG |
26 | Print store job | User ID or unregistered ID | OK/NG |
27 | Change or restore store job (move or copy) | User ID or unregistered ID | OK/NG |
28 | Recall store job | User ID or unregistered ID | OK/NG |
29 | Output store job file | User ID or unregistered ID | OK/NG |
**1: Audit log ID is saved as user ID when user authentication is successfully made, or when password inconformity occurs with a registered user name.
**2: Audit log ID is saved as unregistered user ID when authentication failure occurs with an unregistered user name.
The purpose of analyzing the audit log is to understand the following and implement countermeasures:
Whether or not data was accessed or tampered with
Subject of attack
Details of attack
Result of attack
For specific analysis methods, refer to the following description.