Table of items saved in audit log
User authentication and identification
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
1 |
Execute CE authentication |
CE ID |
OK/NG |
|
5 |
Change or register CE password |
CE ID |
OK |
|
2 |
Execute administrator authentication |
Administrator ID |
OK/NG |
|
6 |
Change or register administrator password |
CE ID/Administrator ID |
OK |
|
11 |
Execute user authentication |
User ID / Unregistered ID |
OK/NG |
User alteration
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
7 |
Create user by administrator |
User ID |
OK |
|
8 |
Change/Register user password by administrator |
User ID |
OK |
|
9 |
Delete user by administrator |
User ID |
OK |
|
10 |
Change user attribute by administrator |
User ID |
OK |
|
12 |
Change the user attributes according to the user (change the user password, etc.) |
User ID |
OK |
Use of management functions and change of security setting
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
3 |
Set/Change Enhanced Security mode |
Administrator ID | OK/NG |
|
19 |
Change HDD lock password |
Administrator ID | OK |
|
41 |
Change password rules setting |
Administrator ID | OK |
|
42 |
Change network setting |
Administrator ID | OK |
|
43 |
Change the service login allow setting |
Administrator ID | OK |
Usage of management functions and security audit
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
4 |
Audit log output (Manual and automatic modes) |
Administrator ID | OK/err No |
|
44 |
Change the audit log transmission address setting |
Administrator ID | OK |
Use of management functions and encryption support
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
45 |
Start the HDD encryption function |
CE ID / Administrator ID | OK/NG |
|
46 |
Change the HDD encryption setting |
Administrator ID / Unregistered ID | OK/NG |
|
47 |
Change the HDD encryption password |
Administrator ID / Unregistered ID | OK/NG |
Usage of management functions and protection of security function operating environment
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
49 |
Execute ISW |
CE ID / Administrator ID | OK/NG |
|
50 |
Firmware diagnosis |
Administrator ID / Unregistered ID | OK/NG |
|
51 |
Device diagnosis |
Administrator ID / Unregistered ID | OK/NG |
Time change (Use of management functions and protection of security function operating environment)
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
20 |
Date/time setting |
User ID | OK |
Start and exit of audit function
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
52 |
Power-on (Start of audit function) |
Unregistered ID | OK |
|
53 |
Power-off (Exit of audit function) * Sub power |
Unregistered ID | OK |
|
54 |
Power-off (Exit of audit function) * Main power |
Unregistered ID | OK |
End of job and job operations
|
Stored action |
Operation |
Audit ID |
Result |
|---|---|---|---|
|
16 |
Delete store job |
User ID | OK |
|
21 |
Print copy job |
User ID / Unregistered ID | OK/NG |
|
22 |
Store copy job |
User ID / Unregistered ID | OK/NG |
|
23 |
Print print job |
User ID / Unregistered ID | OK/NG |
|
24 |
Store print job |
User ID / Unregistered ID | OK/NG |
|
25 |
Execute scan job |
User ID / Unregistered ID | OK/NG |
|
26 |
Print store job |
User ID / Unregistered ID | OK/NG |
|
27 |
Change or restore store job (move or copy) |
User ID / Unregistered ID | OK/NG |
|
28 |
Recall store job |
User ID / Unregistered ID | OK/NG |
|
29 |
Output store job file |
User ID / Unregistered ID | OK/NG |
The purpose of analyzing the audit log is to understand the following and implement countermeasures:
-
Whether or not data was accessed or tampered with
-
Subject of attack
-
Details of attack
-
Result of attack
For specific analysis methods, refer to the following description.