I have enabled the auditlog file for the security domain ManagementDomain, I attempt to access the http management endpoint with invalid credentials  (9990:management), no failed event is logged in the audit log (although, I can see traces in the server log file with org.wildfly.security logger enabled).

Note that successful access is logged.

Note that failure to attempt using BASIC or WildFLy CLI are logged. 

It seems that the underlying mechanism sends the notifications and maybe the HTTP digest mechanism is not sending it.