Symantec Security Expressions Server manual Target Options, Agent & Service Configuration

Page 28

SecurityExpressions Server User Guide

(weighted total of OK results ÷ (weighted total of OK rules + weighted total of Not

OK rules)) × 100

Example

An audit contains four rules:

•1 High Priority

•1 Medium Priority

•1 Low Priority

•1 no priority or impact, and no Weight key exists

The weight values are:

•High:1.5

•Medium:1.0

•Low:0.5

The rule with no priority or impact set assumes a weight of 1.0, which happens to also be the default Medium priority weight in this example. If none of the rules return Info or Error, the weighted total of all rules is:

((1 × 1.5) + (1 × 1.0) + (1 × 0.5) + (1 × 1.0) + 0) = 4.0

So, if the high-priority rule returns Not OK and the other three rules return OK, the score will be the actual weighted total for OK rule results [i.e. (1×1.0)+(1×0.5)+(1×1.0)] divided by the weighted total of all rules [i.e. 4.0], multiplied by 100:

2.5 ÷ 4.0 × 100 = 63

Target Options

The Agent & Service Configuration options are for Windows target systems only. The SSH Agent Authentication options are for UNIX target systems only.

Agent & Service Configuration

The Agent & Service Configuration options let you manage the remote execution of scripts and programs.

Default method for remote execution on Windows

When a method for executing scripts and programs is not explicitly given in a rule or security check, the application uses the method selected. When set to Automatic, the application tries to run executables using all other methods until it finds a compatible method. It tries the methods in this order:

1.Task Scheduler - Uses the Windows Task Scheduler to remotely execute scripts and programs.

2.WMI - Uses Windows Management Instrumentation, which is typically enabled on all Windows platforms, to remotely execute scripts and programs.

20

Image 28

Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit What is Self-Service Auditing?Self-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Configure Servers About Server ConfigurationLocal Server Settings Pages with Role SettingsViewing Audit Results SetupDatabase Connection Secure Connection Windows 2000 ServersCredential Store User Click OK on the Default Web Site Properties windowCreating Credential Stores Enable Web Services SecurityExpressions Console Credential StoresSoftware Registration Site PreferencesAccess Global Machine List Access User Roles Item RightsLibrary Synchronization Policy File LibraryCheck the Synchronize with a policy file library box About Policy Files How System Scores are CalculatedDefault method for remote execution on Windows Agent & Service ConfigurationTarget Options SSH Agent Authentication Database Cleanup Update Task CancelPolicies Add TaskSite Preferences Agent DownloadsClick Use the Following Agreement Allow Remediation Page What is Audit-on-Connect? Audit-On-ConnectPolicies Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Deleting Scopes DNS Domain Name ScopesExpression Scopes Supported OperatorsOrg Unit Scopes Supported FunctionsDetection Method Scopes Notifications Creating New Command Notifications Creating New Email NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions ExceptionsExceptions Table Column Description Adding ExceptionsSpecify Password and Encrypted Password Connection MonitorsDeleting Exceptions Connection MonitorsRemove Configuring Connection MonitorsEnabling Connection Monitors Connection Monitor Configuration File IP Range SectionDefault OptionsConfiguration File Syntax Processing the Configuration FileActive Directory Active Directory Connection Monitor only Network Slow LinksTrace Route Information Network Admissions ControlUnmanaged Systems Initial TokenHealthy Quarantined/UnknownReaudit if quarantined Redirection WebRedirection Web Page Behavior Audit on Connect TracingAudit on Connect Tracing Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsScheduled Tasks Deleting Machine ListsEditing Global Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page View Audit-On-Connect Activity Browse Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage Browse Audit Results View Audit ResultsAdding a New Audit Results Report Profile Page Scheduled Audits Log Report Adding Custom Reports to the Server ApplicationEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights