Symantec Security Expressions Server manual Edit a Scope

Page 43

Audit-On-Connect

Device Connect Notifications - Sends selected notifications when a device is detected in this Scope, regardless of audit posture. This value may be blank.

Pass Notifications - Sends selected notifications if the audit's group posture result is Pass.

Fail Notifications - Sends selected notifications if the audit's group posture result is Fail.

Error Notifications - Sends selected notifications if the audit's group posture result is Error.

Connection Error Notifications - Sends selected notifications if the audit cannot connect to at least one target system.

SE Console Notifications - Lets you select notifications configured in the console application, if any exist. Select as many as you want.

11.Set Windows Group Access. Enter Windows groups, separated by a comma, that can view audit results for this scope. This establishes which users can access this scope's audit results due to their role. If a Windows User Group isn't on the local computer, you'll need to enter the group in domain\groupname format.

In the View Audit Results field, enter the Windows groups who should be able to view results from audits using the scope. To grant all users access, type Everyone. To restrict all users, type None.

If a computer is listed in multiple scopes, the only Windows Group Access settings that apply to the audit results are the ones from the scope used by the audit. Also, if a

global machine list has Windows Group Results Access restricted in the ML Access page, the restrictions do not affect viewing audit results when a scope is a machine list scope. Only the Windows Group Results Access setting for the scope applies.

12.Click Add to store the new Scope in the database.

Edit a Scope

1.Click the Edit hyperlink on the Scopes table to select the row to edit.

2.Make any necessary modifications to:

•order number

Note: If you change the order, the application automatically rearranges the order of any existing scopes. For example, if you already have scopes 1 through 4 in the table and you create a new scope with an order number of 1, the existing scopes become scopes 2 through 5.

•scope name

•scope type

•values for the scope type

•link speed

•user name (variables allowed)

•password

•policies

35

Image 43

Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage How to Audit your Local Computer Self-Service AuditWhat is Self-Service Auditing? Self-Service Audit AgreementDisplays on the page. No detailed audit results appear Pages with Role Settings Configure ServersAbout Server Configuration Local Server SettingsViewing Audit Results SetupDatabase Connection Windows 2000 Servers Secure ConnectionCredential Store User Click OK on the Default Web Site Properties windowCreating Credential Stores Site Preferences Enable Web ServicesSecurityExpressions Console Credential Stores Software RegistrationAccess Item Rights Global Machine List Access User RolesLibrary Synchronization Policy File LibraryCheck the Synchronize with a policy file library box How System Scores are Calculated About Policy FilesDefault method for remote execution on Windows Agent & Service ConfigurationTarget Options SSH Agent Authentication Database Cleanup Add Task Update TaskCancel PoliciesSite Preferences Agent DownloadsClick Use the Following Agreement Allow Remediation Page Policies Table What is Audit-on-Connect?Audit-On-Connect PoliciesPage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Supported Operators Deleting ScopesDNS Domain Name Scopes Expression ScopesOrg Unit Scopes Supported FunctionsDetection Method Scopes Notifications Editing Notifications Creating New Command NotificationsCreating New Email Notifications Click Add NewClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsAdding Exceptions ExceptionsExceptions Exceptions Table Column DescriptionConnection Monitors Specify Password and Encrypted PasswordConnection Monitors Deleting ExceptionsRemove Configuring Connection MonitorsEnabling Connection Monitors IP Range Section Connection Monitor Configuration FileOptions DefaultConfiguration File Syntax Processing the Configuration FileActive Directory Active Directory Connection Monitor only Slow Links NetworkInitial Token Trace Route InformationNetwork Admissions Control Unmanaged SystemsRedirection Web HealthyQuarantined/Unknown Reaudit if quarantinedRedirection Web Page Behavior Audit on Connect TracingAudit on Connect Tracing Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsScheduled Tasks Scheduled TasksDeleting Machine Lists Editing Global Machine ListsAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Adding a New Audit-On-Connect Report Profile View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Audit-On-Connect Activity Table Column DescriptionDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage Browse Audit Results View Audit ResultsAdding a New Audit Results Report Profile Page Deleting Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Editing Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights