diff --git a/releasenotes/notes/improved-audit-rule-keys-9fa85f758386446c.yaml b/releasenotes/notes/improved-audit-rule-keys-9fa85f758386446c.yaml
new file mode 100644
index 00000000..497de35a
--- /dev/null
+++ b/releasenotes/notes/improved-audit-rule-keys-9fa85f758386446c.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - The audit rules added by the security role now have key fields that make
+    it easier to link the audit log entry to the audit rule that caused it to
+    appear.
diff --git a/templates/osas-auditd.j2 b/templates/osas-auditd.j2
index 69bebb04..2559fe9e 100644
--- a/templates/osas-auditd.j2
+++ b/templates/osas-auditd.j2
@@ -1,216 +1,216 @@
 {% if security_audit_clock_settimeofday | bool %}
 # RHEL 6 STIG V-38522
 # Audits changes to system time via settimeofday
--a always,exit -F arch=b32 -S settimeofday -k audit_time_rules
--a always,exit -F arch=b64 -S settimeofday -k audit_time_rules
+-a always,exit -F arch=b32 -S settimeofday -k audit_time_rules-V-38522
+-a always,exit -F arch=b64 -S settimeofday -k audit_time_rules-V-38522
 {% endif %}
 
 {% if security_audit_clock_stime | bool %}
 # RHEL 6 STIG V-38525
 # Audits changes to system time via stime
--a always,exit -F arch=b32 -S stime -k audit_time_rules
--a always,exit -F arch=b64 -S adjtimex -S settimeofday -S clock_settime -k audit_time_rules
+-a always,exit -F arch=b32 -S stime -k audit_time_rules-V-38525
+-a always,exit -F arch=b64 -S adjtimex -S settimeofday -S clock_settime -k audit_time_rules-V-38525
 {% endif %}
 
 {% if security_audit_clock_settime | bool %}
 # RHEL 6 STIG V-38527
 # Audits changes to system time via clock_settime
--a always,exit -F arch=b32 -S clock_settime -k audit_time_rules
--a always,exit -F arch=b64 -S clock_settime -k audit_time_rules
+-a always,exit -F arch=b32 -S clock_settime -k audit_time_rules-V-38527
+-a always,exit -F arch=b64 -S clock_settime -k audit_time_rules-V-38527
 {% endif %}
 
 {% if security_audit_change_localtime | bool %}
 # RHEL 6 STIG V-38530
 # Audits clock changes made via /etc/localtime
--w /etc/localtime -p wa -k audit_time_rules
+-w /etc/localtime -p wa -k audit_time_rules-V-38530
 {% endif %}
 
 {% if security_audit_account_modification | bool %}
 # RHEL 6 STIG V-38531, V-38534, V-38536, V-38538
 # Audits account modifications and terminations
--w /etc/group -p wa -k audit_account_changes
--w /etc/passwd -p wa -k audit_account_changes
--w /etc/gshadow -p wa -k audit_account_changes
--w /etc/shadow -p wa -k audit_account_changes
--w /etc/security/opasswd -p wa -k audit_account_changes
+-w /etc/group -p wa -k audit_account_changes-V-38531
+-w /etc/passwd -p wa -k audit_account_changes-V-38531
+-w /etc/gshadow -p wa -k audit_account_changes-V-38531
+-w /etc/shadow -p wa -k audit_account_changes-V-38531
+-w /etc/security/opasswd -p wa -k audit_account_changes-V-38531
 {% endif %}
 
 {% if security_audit_network_changes | bool %}
 # RHEL 6 STIG V-38540
 # Audits network configuration changes
--a always,exit -F arch=b32 -S sethostname -S setdomainname -k audit_network_modifications
--a always,exit -F arch=b64 -S sethostname -S setdomainname -k audit_network_modifications
--w /etc/issue -p wa -k audit_network_modifications
--w /etc/issue.net -p wa -k audit_network_modifications
--w /etc/hosts -p wa -k audit_network_modifications
--w /etc/network -p wa -k audit_network_modifications
+-a always,exit -F arch=b32 -S sethostname -S setdomainname -k audit_network_modifications-V-38540
+-a always,exit -F arch=b64 -S sethostname -S setdomainname -k audit_network_modifications-V-38540
+-w /etc/issue -p wa -k audit_network_modifications-V-38540
+-w /etc/issue.net -p wa -k audit_network_modifications-V-38540
+-w /etc/hosts -p wa -k audit_network_modifications-V-38540
+-w /etc/network -p wa -k audit_network_modifications-V-38540
 {% endif %}
 
 {% if security_audit_apparmor_changes | bool %}
 # RHEL 6 STIG V-38541
 # Audits changes to AppArmor policies
--w /etc/apparmor/ -p wa -k MAC-policy
--w /etc/apparmor.d/ -p wa -k MAC-policy
+-w /etc/apparmor/ -p wa -k MAC-policy-V-38541
+-w /etc/apparmor.d/ -p wa -k MAC-policy-V-38541
 {% endif %}
 
 {% if security_audit_DAC_chmod | bool %}
 # RHEL 6 STIG V-38543
 # Audits DAC changes via chmod
--a always,exit -F arch=b32 -S removexattr -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b32 -S removexattr -F auid=0 -k perm_mod
--a always,exit -F arch=b64 -S removexattr -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b64 -S removexattr -F auid=0 -k perm_mod
+-a always,exit -F arch=b32 -S removexattr -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38543
+-a always,exit -F arch=b32 -S removexattr -F auid=0 -k perm_mod-V-38543
+-a always,exit -F arch=b64 -S removexattr -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38543
+-a always,exit -F arch=b64 -S removexattr -F auid=0 -k perm_mod-V-38543
 {% endif %}
 
 {% if security_audit_DAC_chown | bool %}
 # RHEL 6 STIG V-38545
 # Audits DAC changes via chown
--a always,exit -F arch=b32 -S chown -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b32 -S chown -F auid=0 -k perm_mod
--a always,exit -F arch=b64 -S chown -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b64 -S chown -F auid=0 -k perm_mod
+-a always,exit -F arch=b32 -S chown -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38545
+-a always,exit -F arch=b32 -S chown -F auid=0 -k perm_mod-V-38545
+-a always,exit -F arch=b64 -S chown -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38545
+-a always,exit -F arch=b64 -S chown -F auid=0 -k perm_mod-V-38545
 {% endif %}
 
 {% if security_audit_DAC_fchmod | bool %}
 # RHEL 6 STIG V-38547
 # Audits DAC changes via fchmod
--a always,exit -F arch=b32 -S fchmod -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b32 -S fchmod -F auid=0 -k perm_mod
--a always,exit -F arch=b64 -S fchmod -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b64 -S fchmod -F auid=0 -k perm_mod
+-a always,exit -F arch=b32 -S fchmod -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38547
+-a always,exit -F arch=b32 -S fchmod -F auid=0 -k perm_mod-V-38547
+-a always,exit -F arch=b64 -S fchmod -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38547
+-a always,exit -F arch=b64 -S fchmod -F auid=0 -k perm_mod-V-38547
 {% endif %}
 
 {% if security_audit_DAC_fchmodat | bool %}
 # RHEL 6 STIG V-38550
 # Audits DAC changes via fchmodat
--a always,exit -F arch=b32 -S fchmodat -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b32 -S fchmodat -F auid=0 -k perm_mod
--a always,exit -F arch=b64 -S fchmodat -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b64 -S fchmodat -F auid=0 -k perm_mod
+-a always,exit -F arch=b32 -S fchmodat -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38550
+-a always,exit -F arch=b32 -S fchmodat -F auid=0 -k perm_mod-V-38550
+-a always,exit -F arch=b64 -S fchmodat -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38550
+-a always,exit -F arch=b64 -S fchmodat -F auid=0 -k perm_mod-V-38550
 {% endif %}
 
 {% if security_audit_DAC_fchown | bool %}
 # RHEL 6 STIG V-38552
 # Audits DAC changes via fchown
--a always,exit -F arch=b32 -S fchown -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b32 -S fchown -F auid=0 -k perm_mod
--a always,exit -F arch=b64 -S fchown -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b64 -S fchown -F auid=0 -k perm_mod
+-a always,exit -F arch=b32 -S fchown -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38552
+-a always,exit -F arch=b32 -S fchown -F auid=0 -k perm_mod-V-38552
+-a always,exit -F arch=b64 -S fchown -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38552
+-a always,exit -F arch=b64 -S fchown -F auid=0 -k perm_mod-V-38552
 {% endif %}
 
 {% if security_audit_DAC_fchownat | bool %}
 # RHEL 6 STIG V-38554
 # Audits DAC changes via fchownat
--a always,exit -F arch=b32 -S fchownat -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b32 -S fchownat -F auid=0 -k perm_mod
--a always,exit -F arch=b64 -S fchownat -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b64 -S fchownat -F auid=0 -k perm_mod
+-a always,exit -F arch=b32 -S fchownat -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38554
+-a always,exit -F arch=b32 -S fchownat -F auid=0 -k perm_mod-V-38554
+-a always,exit -F arch=b64 -S fchownat -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38554
+-a always,exit -F arch=b64 -S fchownat -F auid=0 -k perm_mod-V-38554
 {% endif %}
 
 {% if security_audit_DAC_fremovexattr | bool %}
 # RHEL 6 STIG V-38556
 # Audits DAC changes via fremovexattr
--a always,exit -F arch=b32 -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b32 -S fremovexattr -F auid=0 -k perm_mod
--a always,exit -F arch=b64 -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b64 -S fremovexattr -F auid=0 -k perm_mod
+-a always,exit -F arch=b32 -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38556
+-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -k perm_mod-V-38556
+-a always,exit -F arch=b64 -S fremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38556
+-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -k perm_mod-V-38556
 {% endif %}
 
 {% if security_audit_DAC_fsetxattr | bool %}
 # RHEL 6 STIG V-38557
 # Audits DAC changes via fsetxattr
--a always,exit -F arch=b32 -S fsetxattr -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b32 -S fsetxattr -F auid=0 -k perm_mod
--a always,exit -F arch=b64 -S fsetxattr -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b64 -S fsetxattr -F auid=0 -k perm_mod
+-a always,exit -F arch=b32 -S fsetxattr -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38557
+-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -k perm_mod-V-38557
+-a always,exit -F arch=b64 -S fsetxattr -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38557
+-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -k perm_mod-V-38557
 {% endif %}
 
 {% if security_audit_DAC_lchown | bool %}
 # RHEL 6 STIG V-38558
 # Audits DAC changes via lchown
--a always,exit -F arch=b32 -S lchown -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b32 -S lchown -F auid=0 -k perm_mod
--a always,exit -F arch=b64 -S lchown -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b64 -S lchown -F auid=0 -k perm_mod
+-a always,exit -F arch=b32 -S lchown -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38558
+-a always,exit -F arch=b32 -S lchown -F auid=0 -k perm_mod-V-38558
+-a always,exit -F arch=b64 -S lchown -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38558
+-a always,exit -F arch=b64 -S lchown -F auid=0 -k perm_mod-V-38558
 {% endif %}
 
 {% if security_audit_DAC_lremovexattr | bool %}
 # RHEL 6 STIG V-38559
 # Audits DAC changes via lremovexattr
--a always,exit -F arch=b32 -S lremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b32 -S lremovexattr -F auid=0 -k perm_mod
--a always,exit -F arch=b64 -S lremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b64 -S lremovexattr -F auid=0 -k perm_mod
+-a always,exit -F arch=b32 -S lremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38559
+-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -k perm_mod-V-38559
+-a always,exit -F arch=b64 -S lremovexattr -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38559
+-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -k perm_mod-V-38559
 {% endif %}
 
 {% if security_audit_DAC_lsetxattr | bool %}
 # RHEL 6 STIG V-38561
 # Audits DAC changes via lsetxattr
--a always,exit -F arch=b32 -S lsetxattr -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b32 -S lsetxattr -F auid=0 -k perm_mod
--a always,exit -F arch=b64 -S lsetxattr -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b64 -S lsetxattr -F auid=0 -k perm_mod
+-a always,exit -F arch=b32 -S lsetxattr -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38561
+-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -k perm_mod-V-38561
+-a always,exit -F arch=b64 -S lsetxattr -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38561
+-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -k perm_mod-V-38561
 {% endif %}
 
 {% if security_audit_DAC_setxattr | bool %}
 # RHEL 6 STIG V-38565
 # Audits DAC changes via setxattr
--a always,exit -F arch=b32 -S setxattr -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b32 -S setxattr -F auid=0 -k perm_mod
--a always,exit -F arch=b64 -S setxattr -F auid>=500 -F auid!=4294967295 -k perm_mod
--a always,exit -F arch=b64 -S setxattr -F auid=0 -k perm_mod
+-a always,exit -F arch=b32 -S setxattr -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38565
+-a always,exit -F arch=b32 -S setxattr -F auid=0 -k perm_mod-V-38565
+-a always,exit -F arch=b64 -S setxattr -F auid>=500 -F auid!=4294967295 -k perm_mod-V-38565
+-a always,exit -F arch=b64 -S setxattr -F auid=0 -k perm_mod-V-38565
 {% endif %}
 
 {% if security_audit_failed_access | bool %}
 # RHEL 6 STIG V-38566
 # Audits failed attempts to access files and programs
--a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access
--a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access
--a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid=0 -k access
--a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid=0 -k access
--a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access
--a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access
--a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid=0 -k access
--a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid=0 -k access
+-a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access-V-38566
+-a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access-V-38566
+-a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid=0 -k access-V-38566
+-a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid=0 -k access-V-38566
+-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500 -F auid!=4294967295 -k access-V-38566
+-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500 -F auid!=4294967295 -k access-V-38566
+-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid=0 -k access-V-38566
+-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid=0 -k access-V-38566
 {% endif %}
 
 {% if security_audit_filesystem_mounts | bool %}
 # RHEL 6 STIG V-38568
 # Audits filesystem mounts
--a always,exit -F arch=b32 -S mount -F auid>=500 -F auid!=4294967295 -k export
--a always,exit -F arch=b32 -S mount -F auid=0 -k export
--a always,exit -F arch=b64 -S mount -F auid>=500 -F auid!=4294967295 -k export
--a always,exit -F arch=b64 -S mount -F auid=0 -k export
+-a always,exit -F arch=b32 -S mount -F auid>=500 -F auid!=4294967295 -k export-V-38568
+-a always,exit -F arch=b32 -S mount -F auid=0 -k export-V-38568
+-a always,exit -F arch=b64 -S mount -F auid>=500 -F auid!=4294967295 -k export-V-38568
+-a always,exit -F arch=b64 -S mount -F auid=0 -k export-V-38568
 {% endif %}
 
 {% if security_audit_deletions | bool %}
 # RHEL 6 STIG V-38575
 # Audits deletion of files and programs
--a always,exit -F arch=b32 -S rmdir -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k delete
--a always,exit -F arch=b32 -S rmdir -S unlink -S unlinkat -S rename -S renameat -F auid=0 -k delete
--a always,exit -F arch=b64 -S rmdir -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k delete
--a always,exit -F arch=b64 -S rmdir -S unlink -S unlinkat -S rename -S renameat -F auid=0 -k delete
+-a always,exit -F arch=b32 -S rmdir -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k delete-V-38575
+-a always,exit -F arch=b32 -S rmdir -S unlink -S unlinkat -S rename -S renameat -F auid=0 -k delete-V-38575
+-a always,exit -F arch=b64 -S rmdir -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k delete-V-38575
+-a always,exit -F arch=b64 -S rmdir -S unlink -S unlinkat -S rename -S renameat -F auid=0 -k delete-V-38575
 {% endif %}
 
 {% if security_audit_sudoers | bool %}
 # RHEL 6 STIG V-38578
 # Audits /etc/sudoers changes
--w /etc/sudoers -p wa -k actions
+-w /etc/sudoers -p wa -k actions-V-38578
 {% endif %}
 
 {% if security_audit_kernel_modules | bool %}
 # RHEL 6 STIG V-38580
 # Audits kernel module loading/unloading
--w /sbin/insmod -p x -k modules
--w /sbin/rmmod -p x -k modules
--w /sbin/modprobe -p x -k modules
--a always,exit -F arch=b32 -S init_module -S delete_module -k modules
--a always,exit -F arch=b64 -S init_module -S delete_module -k modules
+-w /sbin/insmod -p x -k modules-V-38580
+-w /sbin/rmmod -p x -k modules-V-38580
+-w /sbin/modprobe -p x -k modules-V-38580
+-a always,exit -F arch=b32 -S init_module -S delete_module -k modules-V-38580
+-a always,exit -F arch=b64 -S init_module -S delete_module -k modules-V-38580
 {% endif %}
 
 {% if security_audit_change_system_time | bool %}
 # RHEL 6 STIG V-38635
 # Audits system time changes
--a always,exit -F arch=b32 -S adjtimex -k audit_time_rules
--a always,exit -F arch=b64 -S adjtimex -k audit_time_rules
+-a always,exit -F arch=b32 -S adjtimex -k audit_time_rules-V-38635
+-a always,exit -F arch=b64 -S adjtimex -k audit_time_rules-V-38635
 {% endif %}