Symantec Security Expressions Server manual Adding Policies

Page 37

 

Audit-On-Connect

 

 

 

to control how often a system gets audited — as long as a

 

 

posture result remains valid, the software won't attempt

 

 

to audit a system if it connects to the network again.

 

 

Instead, it returns a posture result of Pass.

 

Cache Fail For

Specify how long posture results remain valid when the

 

(Audit-On-Connect Only)

system fails an audit based on this policy. This is a way to

 

 

control how often a system gets audited — as long as a

 

 

posture result remains valid, the software won't attempt

 

 

to audit a system if it connects to the network again.

 

 

Instead, it returns a posture result of Fail.

 

Adding Policies

 

 

To create a policy:

 

 

1.Click Add New on the Policies page.

2.Select a policy file to associate with the policy using one of the following methods.

Upload a policy file – Type the name or Browse for a SIF file. If the SIF file is encrypted, type a password in the Password box to decrypt it.

Download this file from the Policy File Library – Transfers a copy of a policy file from the Policy File Library over the network. Click the Choose button to display a list of the policy files available in the library. Click a

policy file to select it.

This option is available only if the server can access a Policy File Library.

3.Optional: In the Name box, change the name of the policy.

The name of the policy file you selected in step 2 appeared in this box when you selected it.

4.Optional: In the Description box, type a description of the policy.

5.If you uploaded a policy file that's encrypted, type a password to decrypt it in the Password box.

Policy files downloaded from the Policy File Library aren't encrypted.

6.If you want the policy to be available to use in audits, check the Make this policy active box.

Clear the check box to make the policy unavailable to use in audits without deleting the policy.

7.Check the Policy is kept up to date with Policy File Library box if you want to regularly update the SIF files in this policy using the policy file library available on line.

This option is available only if the server can access a Policy File Library.

8.If you want the policy to be available to use in self-service audits, check the Available for use in self-service audits box.

9.Type a name and optional description of the policy.

10.For Audit-On-Connect include the Link Type, Device Type, Posture Condition, Pass Results Valid For and Fail Results Valid For settings.

11.Set Windows Group Access. Enter Windows groups, separated by a comma, that can use this policy, remediate audit results generated using this policy, and view audit results for this

29

Page 36 Page 38
Image 37
Page 36 Page 38
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage What is Self-Service Auditing? Self-Service AuditSelf-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear About Server Configuration Configure ServersLocal Server Settings Pages with Role SettingsViewing Audit Results SetupDatabase Connection Windows 2000 Servers Secure ConnectionCredential Store User Click OK on the Default Web Site Properties windowCreating Credential Stores SecurityExpressions Console Credential Stores Enable Web ServicesSoftware Registration Site PreferencesAccess Item Rights Global Machine List Access User RolesLibrary Synchronization Policy File LibraryCheck the Synchronize with a policy file library box How System Scores are Calculated About Policy FilesDefault method for remote execution on Windows Agent & Service ConfigurationTarget Options SSH Agent Authentication Database Cleanup Cancel Update TaskPolicies Add TaskSite Preferences Agent DownloadsClick Use the Following Agreement Allow Remediation Page Audit-On-Connect What is Audit-on-Connect?Policies Policies TablePage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table DNS Domain Name Scopes Deleting ScopesExpression Scopes Supported OperatorsOrg Unit Scopes Supported FunctionsDetection Method Scopes Notifications Creating New Email Notifications Creating New Command NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsExceptions ExceptionsExceptions Table Column Description Adding ExceptionsConnection Monitors Specify Password and Encrypted PasswordDeleting Exceptions Connection MonitorsRemove Configuring Connection MonitorsEnabling Connection Monitors IP Range Section Connection Monitor Configuration FileOptions DefaultConfiguration File Syntax Processing the Configuration FileActive Directory Active Directory Connection Monitor only Slow Links NetworkNetwork Admissions Control Trace Route InformationUnmanaged Systems Initial TokenQuarantined/Unknown HealthyReaudit if quarantined Redirection WebRedirection Web Page Behavior Audit on Connect TracingAudit on Connect Tracing Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsDeleting Machine Lists Scheduled TasksEditing Global Machine Lists Scheduled TasksAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Browse Audit-On-Connect Activity View Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage Browse Audit Results View Audit ResultsAdding a New Audit Results Report Profile Page Adding Custom Reports to the Server Application Scheduled Audits Log ReportEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights
Top Page Image Contents