Symantec Security Expressions Server manual

Page 36

SecurityExpressions Server User Guide

 

scope or scheduled task.

Description

Optional statement about the policy.

Policy File

Name of the policy file (.sif), from the policy file library or

 

a customized policy file.

Last Updated

Date and time the policy file was last saved to the

 

database.

Configure

Some policy files, such as the NSA Guidelines for Windows

 

XP and Windows 2000, contain a special rule named

 

.CONFIGURE. The .CONFIGURE rule allows you to

 

configure your policy files and set global parameters for

 

policy files at run time. This column shows whether or not

 

the policy file contains the .CONFIGURE rule.

 

Certain information is unique and distinct between

 

systems or groups of systems. A run-time policy variable

 

allows administrators to use a single policy file but allows

 

identification of unique rules that require variable

 

information.

Windows Group Use Access

Specify the Windows User Groups who can use this policy,

 

if you want to restrict access to this policy. Displays

 

"Everyone" if the policy isn't restricted.

Windows Group Remediation

Specify the Windows User Groups who can remediate

Access

audit results generated using this policy, if you want to

 

restrict access to remediation through this policy. Displays

 

"Everyone" if remediation through this policy isn't

 

restricted.

Windows Group Results Access

Specify the Windows User Groups who can access results

 

from audits that used this policy, if you want to restrict

 

access to this policy's audit results. Displays "Everyone" if

 

the policy's audit results aren't restricted.

Use on Link Type

Specify whether to run this policy over fast or slow

(Audit-On-Connect only)

connections, or both kinds. Some policies might not be

 

appropriate to run over slow connections if they request a

 

large amount of data. For example, applying large policy

 

files like MS Fixes over a slow network connection, such

 

as a 56K modem, can take a long time.

Device Types

Audit with this policy on these device types. Choices

(Audit-On-Connect only)

include Windows, UNIX, and Unknown.

Posture Condition (Fail If)

The rules for determining if the resulting posture after

(Audit-On-Connect only)

auditing with this policy is Pass or Fail. The posture is

 

based on all policy-file rule results (OK, Not OK), plus

 

impact and priority settings. Available posture conditions

 

are:

Always Pass

 

 

Any Fail

 

Any Not OK

 

Any Not OK with Priority

 

Any Not OK with Score

 

Any Not OK with Impact

 

Any Not OK with Key

Cache Pass For

Specify how long posture results remain valid when the

(Audit-On-Connect Only)

system passes an audit based on this policy. This is a way

28

Image 36
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit What is Self-Service Auditing?Self-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Configure Servers About Server ConfigurationLocal Server Settings Pages with Role SettingsSetup Viewing Audit ResultsDatabase Connection Secure Connection Windows 2000 ServersClick OK on the Default Web Site Properties window Credential Store UserCreating Credential Stores Enable Web Services SecurityExpressions Console Credential StoresSoftware Registration Site PreferencesAccess Global Machine List Access User Roles Item RightsPolicy File Library Library SynchronizationCheck the Synchronize with a policy file library box About Policy Files How System Scores are CalculatedAgent & Service Configuration Default method for remote execution on WindowsTarget Options SSH Agent Authentication Database Cleanup Update Task CancelPolicies Add TaskAgent Downloads Site PreferencesClick Use the Following Agreement Allow Remediation Page What is Audit-on-Connect? Audit-On-ConnectPolicies Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Deleting Scopes DNS Domain Name ScopesExpression Scopes Supported OperatorsSupported Functions Org Unit ScopesDetection Method Scopes Notifications Creating New Command Notifications Creating New Email NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions ExceptionsExceptions Table Column Description Adding ExceptionsSpecify Password and Encrypted Password Connection MonitorsDeleting Exceptions Connection MonitorsConfiguring Connection Monitors RemoveEnabling Connection Monitors Connection Monitor Configuration File IP Range SectionDefault OptionsProcessing the Configuration File Configuration File SyntaxActive Directory Active Directory Connection Monitor only Network Slow LinksTrace Route Information Network Admissions ControlUnmanaged Systems Initial TokenHealthy Quarantined/UnknownReaudit if quarantined Redirection WebAudit on Connect Tracing Redirection Web Page BehaviorAudit on Connect Tracing Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsScheduled Tasks Deleting Machine ListsEditing Global Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page View Audit-On-Connect Activity Browse Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage View Audit Results Browse Audit ResultsAdding a New Audit Results Report Profile Page Scheduled Audits Log Report Adding Custom Reports to the Server ApplicationEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights