autosys_secure tool is normally used to change AutoSys from EEM to Native (or Native to EEM) security mode. Audit information about such a switch does not seem to be in autotrack.

When autosys_secure is switched to native, that specific item is not audited to autotrack at this time.  However a message below is logged to the Application Server logs

[03/24/2025 10:53:24]      CAUAJM_I_10493 CA EEM security session terminated.   

When such a message is seen,  the user / host from which the AutoSysSecure call comes into the as_server log is the only way to identify which user / host  and that that user switched to Native.  

Example:

[01/01/2025 10:53:22]      CAUAJM_I_30030 Client [AutoSys AutoSysSecure:14675][17][autosys-server.example.com:49342:##:##:##:##] [] session established.
[01/01/2025 10:53:22]      CAUAJM_I_30031 Client [AutoSys AutoSysSecure:14675][17][autosys-server.example.com:49342:##:##:##:##] [0x827060][01/01/2025 10:53:22.0278][0:[email protected]<@hostname.example.com> 0] API ID [37] execution started.
..
..
[01/01/2025 10:53:24]      CAUAJM_I_30031 Client [AutoSys AutoSysSecure:14675][17][autosys-server.example.com:49342:##:##:##:##] [0x830950][01/01/2025 10:53:24.5816][0:[email protected]<@hostname.example.com> 0] API ID [104] execution started.
[01/01/2025 10:53:24]      CAUAJM_I_10493 CA EEM security session terminated.
[01/01/2025 10:53:24]      CAUAJM_I_30032 Client [AutoSys AutoSysSecure:14675][17][autosys-server.example.com:49342:##:##:##:##] [0x830950][01/01/2025 10:53:24.5816][0:[email protected]<@hostname.example.com> 0] API ID [104] execution completed. Total time: 0.242 seconds.
..

Other than that, there is no additional auditing at this time in the product.