Attributes of "audit policies"

(imported topic written by kbrammer)

How do I find out what the entire attribute tree for “audit policies” is?

I know I can reference, for example: “audit success of system policies of subcategories of categories of audit policies”, and put stipulations in there to get the information I want. But say I wanted to look at the same thing at the category level rather than the subcategory level? Unless someone tells me what the components of “categories” are here, how am I supposed to find this out myself?

I couldn’t find this in the reference guide for Relevance.

(imported comment written by JasonWalker)

Introspectors! You know the “audit policy” type so you’re almost there…

q: properties of type “audit policy”

A: categories of : audit policy category

A: system category of : audit policy category

A: logon logoff category of : audit policy category

A: object access category of : audit policy category

A: privilege use category of : audit policy category

A: detailed tracking category of : audit policy category

A: policy change category of : audit policy category

A: account management category of : audit policy category

A: ds access category of : audit policy category

A: account logon category of : audit policy category

T: 0.182 ms

q: properties of type “audit policy category”

A: name of : string

A: subcategories of : audit policy subcategory

T: 0.176 ms

q: names of categories of audit policy

A: System

A: Logon/Logoff

A: Object Access

A: Privilege Use

A: Detailed Tracking

A: Policy Change

A: Account Management

A: DS Access

A: Account Logon

T: 0.282 ms

q: properties of type “audit policy subcategory”

A: name of : string

A: system policy of : audit policy information

A: per user policy of : audit policy information

A: effective policy of : audit policy information

A: guid of : string

T: 0.221 ms

q: (name of it & “:” & concatenation ", " of names of subcategories of it) of categories of audit policy

A: System:Security State Change, Security System Extension, System Integrity, IPsec Driver, Other System Events

A: Logon/Logoff:Logon, Logoff, Account Lockout, IPsec Main Mode, IPsec Quick Mode, IPsec Extended Mode, Special Logon, Other Logon/Logoff Events, Network Policy Server, User / Device Claims

A: Object Access:File System, Registry, Kernel Object, SAM, Certification Services, Application Generated, Handle Manipulation, File Share, Filtering Platform Packet Drop, Filtering Platform Connection, Other Object Access Events, Detailed File Share, Removable Storage, Central Policy Staging

A: Privilege Use:Sensitive Privilege Use, Non Sensitive Privilege Use, Other Privilege Use Events

A: Detailed Tracking:Process Creation, Process Termination, DPAPI Activity, RPC Events

A: Policy Change:Audit Policy Change, Authentication Policy Change, Authorization Policy Change, MPSSVC Rule-Level Policy Change, Filtering Platform Policy Change, Other Policy Change Events

A: Account Management:User Account Management, Computer Account Management, Security Group Management, Distribution Group Management, Application Group Management, Other Account Management Events

A: DS Access:Directory Service Access, Directory Service Changes, Directory Service Replication, Detailed Directory Service Replication

A: Account Logon:Credential Validation, Kerberos Service Ticket Operations, Other Account Logon Events, Kerberos Authentication Service

T: 17.278 ms