Manuals / Symantec / Computer Equipment / Server

Symantec Security Expressions Server manual Audit-On-Connect, What is Audit-on-Connect?, Policies

Models: Security Expressions Server

1 97

Download 97 pages 26.04 Kb

Page 35

Image 35

Audit-On-Connect

What is Audit-on-Connect?

Audit-on-Connect is an optional feature of SecurityExpressions Audit & Compliance Server that is sold separately. It enables you to audit systems as they connect to the network rather than on a fixed schedule. This allows you to audit systems that might not be regularly or predictably connected to the network such as field-user laptops. This also allows for systems that are missed in a scheduled audit to be automatically picked up the next time they connect.

Use the following pages to configure Audit-on-Connect:

•Policies

•Scopes

•Notifications

•Exceptions

•Connection Monitors

•Network

•Audit on Connect Tracing

Policies

Policies Page

When you create a new policy, you assign a name and a policy file (.sif) to the policy. Note that policies differ from policy files: a policy contains a designated policy file.

From the Policies page you create policies to define the audits. You also edit or delete existing policies. If performing an Audit-on-Connect audit, you also set the run-time variables on the Policies page.

Policies are saved to the database. If more than one person is editing the same policy at the same time, the version saved last is the only version that will be stored.

Note that you can associate one or more policy files with specific conditions and the scope.

The Policies table displays available policies for the audits and policy configurations.

Policies Table

The Policies table displays available policies for the audits and policy configurations. The Policies table consists of the following columns:

Column	Description

Active	If Yes, then apply the policy. If the policy is active, within
	that Scope, the policy will be applied.
	If No, the policy is not applied but will not be deleted.
Edit	Make changes to this policy entry in the table.
Delete	Remove this entry from the table.
Name	Policy name as it is listed for selection when creating a

27

Image 35

Symantec Security Expressions Server Audit-On-Connect, What is Audit-on-Connect?, Policies Table, Column Description

Contents

SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage How to Audit your Local Computer Self-Service AuditWhat is Self-Service Auditing? Self-Service Audit Agreement Displays on the page. No detailed audit results appear Pages with Role Settings Configure ServersAbout Server Configuration Local Server Settings Database Connection SetupViewing Audit Results Windows 2000 Servers Secure Connection Creating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User Site Preferences Enable Web ServicesSecurityExpressions Console Credential Stores Software Registration Access Item Rights Global Machine List Access User Roles Check the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization How System Scores are Calculated About Policy Files Target Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Add Task Update TaskCancel Policies Click Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page Policies Table What is Audit-on-Connect?Audit-On-Connect PoliciesPage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table Supported Operators Deleting ScopesDNS Domain Name Scopes Expression Scopes Detection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Editing Notifications Creating New Command NotificationsCreating New Email Notifications Click Add New Click Add New Creating New Command Notifications Notification Variables Deleting Notifications Adding Exceptions ExceptionsExceptions Exceptions Table Column Description Connection Monitors Specify Password and Encrypted PasswordConnection Monitors Deleting Exceptions Enabling Connection Monitors Configuring Connection MonitorsRemove IP Range Section Connection Monitor Configuration File Options Default Active Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Slow Links Network Initial Token Trace Route InformationNetwork Admissions Control Unmanaged Systems Redirection Web HealthyQuarantined/Unknown Reaudit if quarantined Audit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine Lists Editing Machine Lists Adding Machine Lists Scheduled Tasks Scheduled TasksDeleting Machine Lists Editing Global Machine Lists Adding Scheduled Tasks Basic Settings Schedule Settings Hosts Not Connected Settings Credentials Settings Other Options Settings Editing Scheduled Tasks Windows Group Access Schedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Adding a New Audit-On-Connect Report Profile View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Audit-On-Connect Activity Table Column Description Deleting Report Profiles Editing Report Profiles Audit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Deleting Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Editing Audit Report Results ProfilesPage Glossary Page Index Configure IP address 33, 44, 45 Rule weights