Symantec Security Expressions Server manual What is Self-Service Auditing?

Page 17

Self-Service Audit

What is Self-Service Auditing?

Self-service auditing lets anyone audit just their local Windows computer. Typically, a person performing self-service audits is not a SecurityExpressions user, but must have administrator privileges on the computer they're auditing. A designated Web page gives self-service auditors access to self-service features only.

A self-service audit runs a local system audit against a policy and then allows you to view the resulting system assessment. You can audit, assess, and, comply with your organization's unique security policy or a standard policy file. A self-service audit may require the acceptance of a corporate agreement.

Self-service audits can optionally apply settings defined in an Audit-On-Connect scope. If a self- service audit uses an Audit-On-Connect scope, it does so to audit just the local system. The other devices in the scope are ignored.

Self-Service Audit Agreement

An organization may require the acceptance of corporate agreement text before allowing an audit. Your organization can customize an agreement and include it in the Self-Service Audit settings. The administrator configures the system to require users to accept the agreement text before running a self-service audit or skip this agreement.

If you wish to comply with the agreement text, the Self-Service Audit proceeds and the results display. If you disagree with the agreement, the self-service audit does not occur.

Agreement acceptance remains throughout the session. If you time out or shut down, you must accept or reject the agreement the next time you want to audit the local system.

The agreement version number logs the user’s acceptance of the agreement.

How to Audit your Local Computer

Self-service audits are for auditing Windows computers only.

To perform a Self-Service Audit:

1.From the server application's home page, click the Self-Service Audit link at the bottom of the page. You may also reach the Self-Service Audit page by browsing to https://servername/seserver/selfservice, where servername is the name of the server on which the server software resides.

If agreement text was configured, you must accept the agreement to continue.

2.Select a method of self-service auditing by clicking one of the following links.

Self-audit using a specific policy file - Click this link to select from a list of policy files.

In order for the list to contain policy files, the administrator of this product must have already created policies and associated policy files with them. If the Policy File

list is empty, ask the product's administrator to create some policies.

Self-audit against a list of policy files that apply to your computer - Click this link to self audit based on an Audit-on-Connect scope, which has the ability to

9

Image 17
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage What is Self-Service Auditing? Self-Service AuditSelf-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear About Server Configuration Configure ServersLocal Server Settings Pages with Role SettingsDatabase Connection SetupViewing Audit Results Windows 2000 Servers Secure ConnectionCreating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User SecurityExpressions Console Credential Stores Enable Web ServicesSoftware Registration Site PreferencesAccess Item Rights Global Machine List Access User RolesCheck the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization How System Scores are Calculated About Policy FilesTarget Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Cancel Update TaskPolicies Add TaskClick Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page Audit-On-Connect What is Audit-on-Connect?Policies Policies TablePage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table DNS Domain Name Scopes Deleting ScopesExpression Scopes Supported OperatorsDetection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Creating New Email Notifications Creating New Command NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsExceptions ExceptionsExceptions Table Column Description Adding ExceptionsConnection Monitors Specify Password and Encrypted PasswordDeleting Exceptions Connection MonitorsEnabling Connection Monitors Configuring Connection MonitorsRemove IP Range Section Connection Monitor Configuration FileOptions DefaultActive Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Slow Links NetworkNetwork Admissions Control Trace Route InformationUnmanaged Systems Initial TokenQuarantined/Unknown HealthyReaudit if quarantined Redirection WebAudit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsDeleting Machine Lists Scheduled TasksEditing Global Machine Lists Scheduled TasksAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Browse Audit-On-Connect Activity View Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Adding Custom Reports to the Server Application Scheduled Audits Log ReportEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights