Symantec Security Expressions Server manual

Page 42

SecurityExpressions Server User Guide

All scope types except Expression can accept as many values as you want to enter, listing one value per line. Scope type Expression only accepts one expression.

6.Indicate if the network link speed of the systems in this scope are Unspecified, Slow or

Fast.

If all systems in the scope use a fast connection, for example, indicating this in the scope's definition prevents the need to check each system's speed during audits. Select Unspecified if you are unsure of network-connection speed or the scope contains a mix of slow and fast connections.

7.Type the Username and Password (credentials) needed to access the scope.

You may use variables in the user name, such as %computer% and % computershortname%, to access all target systems in the scope more efficiently. These variables return the target system's name. The variable you want to use depends on how your organization's DNS server is configured. Use %computer% if DNS returns short names. Use %computershortname% if DNS returns fully qualified names. For example, if DNS returns "hostname.domain.com," %computershortname% would change it to "hostname."

In order for the variable to work, the password of the account you're using must be the same to access all systems in the scope.

If you use the Windows connection method to audit systems in a workgroup, or if you're logging on using a local Windows user account instead of a domain account, you

must include the system names in the Username box in this format: systemvariable\username, where systemvariable is either %computer% or %computershortname%.

Credential Precedence: If your organization uses the console application and someone delegated one or more database machine lists to the server application, and if one of the systems identified in this scope is also listed in one of those database machine lists, the server uses the database machine list's credentials to access the system rather than the scope credentials you enter here.

8.Select one or more policies to use to audit the targets in this scope from the Policies list.

Only the policies to which you have Use access rights appear for selection. Access rights are set in the Windows Group Access options on the Policies page. If you can't

find a policy you need to use, ask the policy's creator to add you to one of the Windows User Groups with access rights to the policy.

9.If you have Altiris Notification Server and you want to send information about the audits generated on this schedule to Notification Server, select Send a Notification Server Event. If you prefer to send this information after each target computer is audited, select Send a Notification Server Event for each target.

10.If you want to send one or more notifications when an audit based on this scope occurs, select them in the Notification Options section.

You may use notifications created in SecurityExpressions console in addition to the ones created in SecurityExpressions server. The Notification Options section lists

notifications created in both applications.

There are five conditions under which you can send notifications. Check which notification(s) you want to send when each condition occurs.

34

Page 41 Page 43
Image 42
Page 41 Page 43
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit Agreement Self-Service AuditWhat is Self-Service Auditing? How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Local Server Settings Configure ServersAbout Server Configuration Pages with Role SettingsSetup Viewing Audit ResultsDatabase Connection Secure Connection Windows 2000 ServersClick OK on the Default Web Site Properties window Credential Store UserCreating Credential Stores Software Registration Enable Web ServicesSecurityExpressions Console Credential Stores Site PreferencesAccess Global Machine List Access User Roles Item RightsPolicy File Library Library SynchronizationCheck the Synchronize with a policy file library box About Policy Files How System Scores are CalculatedAgent & Service Configuration Default method for remote execution on WindowsTarget Options SSH Agent Authentication Database Cleanup Policies Update TaskCancel Add TaskAgent Downloads Site PreferencesClick Use the Following Agreement Allow Remediation Page Policies What is Audit-on-Connect?Audit-On-Connect Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Expression Scopes Deleting ScopesDNS Domain Name Scopes Supported OperatorsSupported Functions Org Unit ScopesDetection Method Scopes Notifications Click Add New Creating New Command NotificationsCreating New Email Notifications Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions Table Column Description ExceptionsExceptions Adding ExceptionsDeleting Exceptions Specify Password and Encrypted PasswordConnection Monitors Connection MonitorsConfiguring Connection Monitors RemoveEnabling Connection Monitors Connection Monitor Configuration File IP Range SectionDefault OptionsProcessing the Configuration File Configuration File SyntaxActive Directory Active Directory Connection Monitor only Network Slow LinksUnmanaged Systems Trace Route InformationNetwork Admissions Control Initial TokenReaudit if quarantined HealthyQuarantined/Unknown Redirection WebAudit on Connect Tracing Redirection Web Page BehaviorAudit on Connect Tracing Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsEditing Global Machine Lists Scheduled TasksDeleting Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Audit-On-Connect Activity Table Column Description View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage View Audit Results Browse Audit ResultsAdding a New Audit Results Report Profile Page Editing Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights
Top Page Image Contents