Symantec Security Expressions Server manual Audit-On-Connect, What is Audit-on-Connect?, Policies

Page 35

Audit-On-Connect

What is Audit-on-Connect?

Audit-on-Connect is an optional feature of SecurityExpressions Audit & Compliance Server that is sold separately. It enables you to audit systems as they connect to the network rather than on a fixed schedule. This allows you to audit systems that might not be regularly or predictably connected to the network such as field-user laptops. This also allows for systems that are missed in a scheduled audit to be automatically picked up the next time they connect.

Use the following pages to configure Audit-on-Connect:

•Policies

•Scopes

•Notifications

•Exceptions

•Connection Monitors

•Network

•Audit on Connect Tracing

Policies

Policies Page

When you create a new policy, you assign a name and a policy file (.sif) to the policy. Note that policies differ from policy files: a policy contains a designated policy file.

From the Policies page you create policies to define the audits. You also edit or delete existing policies. If performing an Audit-on-Connect audit, you also set the run-time variables on the Policies page.

Policies are saved to the database. If more than one person is editing the same policy at the same time, the version saved last is the only version that will be stored.

Note that you can associate one or more policy files with specific conditions and the scope.

The Policies table displays available policies for the audits and policy configurations.

Policies Table

The Policies table displays available policies for the audits and policy configurations. The Policies table consists of the following columns:

Column	Description

Active	If Yes, then apply the policy. If the policy is active, within
	that Scope, the policy will be applied.
	If No, the policy is not applied but will not be deleted.
Edit	Make changes to this policy entry in the table.
Delete	Remove this entry from the table.
Name	Policy name as it is listed for selection when creating a

27

Image 35

Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage How to Audit your Local Computer Self-Service AuditWhat is Self-Service Auditing? Self-Service Audit AgreementDisplays on the page. No detailed audit results appear Pages with Role Settings Configure ServersAbout Server Configuration Local Server SettingsDatabase Connection SetupViewing Audit Results Windows 2000 Servers Secure ConnectionCreating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User Site Preferences Enable Web ServicesSecurityExpressions Console Credential Stores Software RegistrationAccess Item Rights Global Machine List Access User RolesCheck the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization How System Scores are Calculated About Policy FilesTarget Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Add Task Update TaskCancel PoliciesClick Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page Policies Table What is Audit-on-Connect?Audit-On-Connect PoliciesPage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table Supported Operators Deleting ScopesDNS Domain Name Scopes Expression ScopesDetection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Editing Notifications Creating New Command NotificationsCreating New Email Notifications Click Add NewClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsAdding Exceptions ExceptionsExceptions Exceptions Table Column DescriptionConnection Monitors Specify Password and Encrypted PasswordConnection Monitors Deleting ExceptionsEnabling Connection Monitors Configuring Connection MonitorsRemove IP Range Section Connection Monitor Configuration FileOptions DefaultActive Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Slow Links NetworkInitial Token Trace Route InformationNetwork Admissions Control Unmanaged SystemsRedirection Web HealthyQuarantined/Unknown Reaudit if quarantinedAudit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsScheduled Tasks Scheduled TasksDeleting Machine Lists Editing Global Machine ListsAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Adding a New Audit-On-Connect Report Profile View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Audit-On-Connect Activity Table Column DescriptionDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Deleting Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Editing Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights