Skip to main content

Illumio Core 22.2 Administration Guide

Common Criteria Only Events

The following table lists the types of JSON events that are generated and their descriptions.

For each of these events, the CEF/LEEF success or failure events generated are the event name followed by .success or .failure.

For example, the CEF/LEEF success event for agent.update is agent.update.success and the failure event is agent.update.failure.

Auditable Event	Description
`pce.application_started`	PCE application started
`pce.application_stopped`	PCE application stopped
`remote_syslog.reachable`	Remote syslog destination reachable
`remote_syslog.unreachable`	Remote syslog destination not reachable
`tls_channel.establish`	TLS channel established
`tls_channel.terminate`	TLS channel terminated

Management Functions

The following table describes management activities of the evaluated security functionality. All management activities require the role Global Organization Owner.

Requirement	Management Activities
ESM_ACD.1	Creation of policies
ESM_ACT.1	Transmission of policies
ESM_ATD.1	Definition of object attributes Association of attributes with objects
ESM_EAU.2	Management of authentication data for both interactive users and authorized IT entities (if managed by the TSF)
ESM_EID.2	Management of authentication data for both interactive users and authorized IT entities (if managed by the TSF)
FAU_SEL_EXT.1	Configuration of auditable events for defined external entities
FAU_STG_EXT.1	Configuration of external audit storage location
FIA_AFL.1	Configuration of authentication failure threshold value Configuration of actions to take when threshold is reached Execution of restoration to normal state following threshold action (if applicable)
FIA_SOS.1	Verification of secrets
FIA_USB.1	Definition of default subject security attributes, modification of subject security attributes
FMT_MOF_EXT.1	Configuration of the behavior of other ESM products
FMT_MSA_EXT.5	Configuration of what policy inconsistencies the TSF shall identify and how the TSF shall respond if any inconsistencies are detected (if applicable)
FMT_MTD.1	Management of user authentication data
FMT_SMR.1	Management of the users that belong to a particular role
FTA_TAB.1	Maintenance of the banner
FTP_ITC.1	Configuration of actions that require trusted channel (if applicable)
FTP_TRP.1	Configuration of actions that require trusted path (if applicable)

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.