Symantec Security Expressions Server manual Scopes, Add a New Scope

Page 41

Audit-On-Connect

and modify the .CONFIGURE rule. When you create a new Policy and select an associated policy file, the server application determines if a .CONFIGURE rule exists and displays prompts for modifications. This rule may require synchronization between the database and the policy file. To synchronize the database and the new file, save the policy file in the database with a new name with new parameters for the .CONFIGURE rule, if previously saved in the database.

Scopes

Scopes

A scope is a set of target systems that get audited together when using Audit-on-Connect. Each scope is associated with one or more policies, which indicates how to audit the scope. When a system connects to the network, the server software checks all scopes to see if the system falls within one. If it does, and it is not part of an exception, it gets audited using the policy associated with the scope.

All scopes are assigned an order number. The first scope that matches the system is the scope used for the audit. All systems in the scope get audited.

The Scopes page displays the Scopes table and lets you add, edit, and delete scopes.

Add a New Scope

1.Click Add New on the Scopes page.

2.If you want to use an order number other than the one automatically generated, type one in the Order box.

Order number is the numeric order in which the scope should be checked for resolution. SecurityExpressions Audit & Compliance Server automatically increments the order number. If you enter a new number or change the order, the application automatically rearranges the order of any existing scopes. For example, if you already have scopes 1 through 4 in the table and you create a new scope with an order number of 1, the existing scopes become scopes 2 through 5.

3.In the Name box, type a scope name.

4.Select the scope type.

You may define scopes of the following types:

•IP Range

•Windows Domain This scope only works if you are using the Active Directory connection monitor.

•Org Unit

•DNS Domain Name

•Device Type

•Machine List

•Expression

•Detection Method

5.Enter values to determine which target systems belong to the scope. The values entered are determined valid or invalid depending on the scope type selected.

33

Image 41

Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage What is Self-Service Auditing? Self-Service AuditSelf-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear About Server Configuration Configure ServersLocal Server Settings Pages with Role SettingsDatabase Connection SetupViewing Audit Results Windows 2000 Servers Secure ConnectionCreating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User SecurityExpressions Console Credential Stores Enable Web ServicesSoftware Registration Site PreferencesAccess Item Rights Global Machine List Access User RolesCheck the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization How System Scores are Calculated About Policy FilesTarget Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Cancel Update TaskPolicies Add TaskClick Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page Audit-On-Connect What is Audit-on-Connect?Policies Policies TablePage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table DNS Domain Name Scopes Deleting ScopesExpression Scopes Supported OperatorsDetection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Creating New Email Notifications Creating New Command NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsExceptions ExceptionsExceptions Table Column Description Adding ExceptionsConnection Monitors Specify Password and Encrypted PasswordDeleting Exceptions Connection MonitorsEnabling Connection Monitors Configuring Connection MonitorsRemove IP Range Section Connection Monitor Configuration FileOptions DefaultActive Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Slow Links NetworkNetwork Admissions Control Trace Route InformationUnmanaged Systems Initial TokenQuarantined/Unknown HealthyReaudit if quarantined Redirection WebAudit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsDeleting Machine Lists Scheduled TasksEditing Global Machine Lists Scheduled TasksAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Browse Audit-On-Connect Activity View Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Adding Custom Reports to the Server Application Scheduled Audits Log ReportEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights