2016-09-22 12:43:57 +00:00
---
title: About the audit_policy Resource
2018-02-16 00:28:15 +00:00
platform: linux
2016-09-22 12:43:57 +00:00
---
# audit_policy
2018-02-15 04:31:56 +00:00
Use the `audit_policy` InSpec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`.
2016-09-22 12:43:57 +00:00
2017-10-03 21:35:10 +00:00
<br>
2018-08-09 12:34:49 +00:00
## Availability
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
### Version
This resource first became available in v1.0.0 of InSpec.
2016-09-27 19:03:23 +00:00
## Syntax
2016-09-22 12:43:57 +00:00
An `audit_policy` resource block declares a parameter that belongs to an audit policy category or subcategory:
describe audit_policy do
its('parameter') { should eq 'value' }
end
where
* `'parameter'` must specify a parameter
* `'value'` must be one of `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`
2017-10-03 21:35:10 +00:00
<br>
2016-09-22 12:43:57 +00:00
2016-09-27 19:03:23 +00:00
## Examples
2016-09-22 12:43:57 +00:00
The following examples show how to use this InSpec audit resource.
2016-09-27 19:03:23 +00:00
### Test that a parameter is not set to "No Auditing"
2016-09-22 12:43:57 +00:00
describe audit_policy do
its('Other Account Logon Events') { should_not eq 'No Auditing' }
end
2016-09-27 19:03:23 +00:00
### Test that a parameter is set to "Success"
2016-09-22 12:43:57 +00:00
describe audit_policy do
its('User Account Management') { should eq 'Success' }
end
2017-10-03 21:35:10 +00:00
<br>
## Matchers
2018-02-16 03:07:18 +00:00
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).