ZENworks 2017 Update 1 - Auditing Full Disk Encryption Events

July 2017

You can use the ZENworks Audit feature to capture Full Disk Encryption change and agent events that occur in your zone. Change and agent events are configuration changes made to the zone through ZENworks Control Center or the zman command line utilities.

1.0 Auditing Change Events

You use change events to capture changes that ZENworks administrators make to Disk Encryption policies. You can capture any of the following events:

  • Policy Assignment Modified

  • Policy Copied

  • Policy Created

  • Policy Deleted

  • Policy Modified

  • Policy Moved

  • Policy Published

  • Policy Renamed

  • Policy Sandbox Reverted (to previous policy)

  • Policy Share/Unshare

Generated events provide information about the ZENworks administrator who performed the action, the affected policy, and the date the change occurred.

Enabling Change Events

You enable Full Disk Encryption change events at the Management Zone.

  1. In ZENworks Control Center, click Configuration > Management Zone Settings > Audit Management > Events Configuration to display the Events Configuration page.

  2. On the Change Events tab, click Add to display the Add Change Events dialog box.

  3. In the Change Events tree, expand the Full Disk Encryption section, then select the change events you want to audit for Disk Encryption policies.

  4. Configure the event settings, and then click OK to add the events to the list of audited change events.

For more detailed information and instructions, see Enabling a Change Event in the ZENworks Audit Management Reference.

Viewing Generated Change Events

  1. In ZENworks Control Center, click Audit and Messages.

  2. In the Zone Audit panel, use the Dashboard and Events tabs to view the audited events:

    • Dashboard: Shows a summary of the audited events. You can see key indicators about top events and impacted objects, and can drill into the specific events. By default, the dashboard shows you an overview of events in the last 4 hours. If you want to see more data, you can change the time period.

    • Events: Shows the change and agent events being audited and the generated events. You can click a generated event to see its details. By default, the list shows the events generated in the last 4 hours. If you want to see more data, you can change the time period.

For more detailed information and instructions, see Viewing a Generated Change Event in the ZENworks Audit Management Reference.

2.0 Auditing Agent Events

You use agent events to capture when device volumes are encrypted or decrypted on devices that have a Disk Encryption policy applied. You can capture any of the following events:

  • Volume Encryption Started

  • Volume Encrypted

  • Volume Decryption Started

  • Volume Decrypted

Enabling Agent Events

You enable Full Disk Encryption agent events at the Management Zone.

  1. In ZENworks Control Center, click Configuration > Management Zone Settings > Audit Management > Events Configuration to display the Events Configuration page.

  2. On the Agent Events tab, click Add to display the Add Agent Events dialog box.

  3. In the Agent Events tree, expand the Full Disk Encryption section, then select the agent events you want to audit for Disk Encryption policies.

  4. Configure the event settings, and then click OK to add the events to the list of audited agent events.

Viewing Generated Agent Events

  1. In ZENworks Control Center, click Audit and Messages.

  2. In the Zone Audit panel, use the Dashboard and Events panels to view the audited events:

    • Dashboard: Shows a summary of the audited events. You can see key indicators about top events and impacted objects, and can drill into the specific events. By default, the dashboard shows you an overview of events in the last 4 hours. If you want to see more data, you can change the time period.

    • Events: Shows the change and agent events being audited and the generated events. You can click a generated event to see its details. By default, the list shows the events generated in the last 4 hours. If you want to see more data, you can change the time period.

For more detailed information and instructions, see Viewing a Generated Change Event in the ZENworks Audit Management Reference.

3.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.novell.com/company/legal/.

Copyright © 2017 Micro Focus Software, Inc. All Rights Reserved.