Symantec Security Expressions Server manual Policy File Library, Library Synchronization

Page 26

SecurityExpressions Server User Guide

When you schedule an audit, you can specify which computers to audit by selecting machine lists created on the My Machine Lists page and machine lists created in the console application (global machine lists). You can grant or restrict access to My Machine Lists and the results from audits using them with the Windows Group Access options on the My Machine Lists page. Since global machine lists were created in the console application, the server application needs to provide a place to grant or restrict access to them and the results from audits using them. The ML Access page is where you can accomplish that.

If the central database doesn't contain any global machine lists created in the console application, the table on this page will be empty.

To grant or restrict access to a global machine list in the Audit and Compliance Server:

1.Click the machine list's name in the Name column.

2.Set Windows Group Access. Enter Windows groups, separated by a comma, that can use this machine list, remediate computers in this machine list, and view audit results for this machine list. This establishes which users can access this machine list and its audit results due to their role. If a Windows User Group isn't on the local computer, you'll need to enter the group in domain\groupname format.

In the Use Machine List field, enter the Windows groups who should be able to modify the machine list.

In the Remediate field, enter the Windows groups who should be able to remediate computers in the machine list.

In the View Audit Results field, enter the Windows groups who should be able to view results from audits using the machine list.

To grant all users access, type Everyone. To restrict all users, type None.

3. When you're done, click the Add/Update button.

Policy File Library

Before you can select a policy file in the Policies page, you must enter the policy file library's path and credentials here. This enables the application to gain access to the library and its policy files.

To gain access to a policy file library:

1.In the Library URL field, enter the library's path.

2.In the Library Login field, type the user name needed to gain access to the library.

3.In the Library Password field, type the password needed to gain access to the library.

Library Synchronization

Policy files are updated frequently by the organizations that issue them. If you audit with policy files from a standard policy library, such as the policy file library found at http://www.pedestal.com/products/se/resources/Library, you might want to set a synchronization schedule to remain current. This keeps audits in compliance with current policy files.

To synchronize with a Policy File Library:

1.Check the Synchronize with a policy file library box.

2.Decide whether to check for policy file updates regularly on a schedule or to just update now.

18

Page 25 Page 27
Image 26
Page 25 Page 27
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit Agreement Self-Service AuditWhat is Self-Service Auditing? How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Local Server Settings Configure ServersAbout Server Configuration Pages with Role SettingsDatabase Connection SetupViewing Audit Results Secure Connection Windows 2000 ServersCreating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User Software Registration Enable Web ServicesSecurityExpressions Console Credential Stores Site PreferencesAccess Global Machine List Access User Roles Item RightsCheck the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization About Policy Files How System Scores are CalculatedTarget Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Policies Update TaskCancel Add TaskClick Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page Policies What is Audit-on-Connect?Audit-On-Connect Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table Expression Scopes Deleting ScopesDNS Domain Name Scopes Supported OperatorsDetection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Click Add New Creating New Command NotificationsCreating New Email Notifications Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions Table Column Description ExceptionsExceptions Adding ExceptionsDeleting Exceptions Specify Password and Encrypted PasswordConnection Monitors Connection MonitorsEnabling Connection Monitors Configuring Connection MonitorsRemove Connection Monitor Configuration File IP Range SectionDefault OptionsActive Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Network Slow LinksUnmanaged Systems Trace Route InformationNetwork Admissions Control Initial TokenReaudit if quarantined HealthyQuarantined/Unknown Redirection WebAudit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsEditing Global Machine Lists Scheduled TasksDeleting Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Audit-On-Connect Activity Table Column Description View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Editing Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights
Top Page Image Contents