CEM SIGNONVIO reporting inconsistant on password violations

book

Article ID: 131550

calendar_today

Updated On:

Products

CA Compliance Event Manager

Issue/Introduction

CEM is inconsistent on SIGNONVIO violations being generated, with email messages sent
for certain user ID's based on password violation. These messages being triggered by CEM
do not coincide with the ACF2 password violation report for the given ID's in question.  

Cause

From an ESM perspective, SIGNONVIO (signon violation) encompasses more than just a password violation.
This would explain why a SIGNONVIO could trip in CEM, but not show in ACF2 as a password violation.
 

Environment

CEM 6.0   ACF2 16.0

Resolution

To limit the SIGNONVIO to just password violations, and correlate to the ACF2 password violation report,  the following criteria needs to be added to the SIGNONVIO  policy:
Information Code 1 = 12.