CEM SIGNONVIO reporting inconsistant on password violations
Article ID: 131550
Updated On:
Products
Compliance Event Manager
Issue/Introduction
CEM is inconsistent on SIGNONVIO violations being generated, with email messages sent
for certain user ID's based on password violation. These messages being triggered by CEM
do not coincide with the ACF2 password violation report for the given ID's in question.
for certain user ID's based on password violation. These messages being triggered by CEM
do not coincide with the ACF2 password violation report for the given ID's in question.
Environment
CEM 6.0 ACF2 16.0
Cause
From an ESM perspective, SIGNONVIO (signon violation) encompasses more than just a password violation.
This would explain why a SIGNONVIO could trip in CEM, but not show in ACF2 as a password violation.
This would explain why a SIGNONVIO could trip in CEM, but not show in ACF2 as a password violation.
Resolution
To limit the SIGNONVIO to just password violations, and correlate to the ACF2 password violation report, the following criteria needs to be added to the SIGNONVIO policy:
Information Code 1 = 12.
Information Code 1 = 12.
Feedback
Yes
No
Powered by
