Symantec Security Expressions Server Deleting Scopes, DNS Domain Name Scopes, Expression Scopes

Page 45

	Audit-On-Connect

	blank.
Pass Notifications	Notifications to run when the Group Posture of an audit in
	this scope is PASS. This value may be blank.
Fail Notifications	Notifications to run when the Group Posture of an audit in
	this Scope is FAIL. This value may be blank.
Error Notifications	Notifications to run when the Group Posture of an audit in
	this Scope is ERROR. This value may be blank.
Connection Error Notifications	Notifications to run when the Group Posture of an audit in
	this Scope is CONN_ERROR. This value may be blank.
SE Console Notifications	Notifications from the console application to run when a
	computer in this scope is detected. This value may be
	blank.
Windows Group Results Access	Specify the Windows User Groups who can access results
	from audits that used this scope, if you want to restrict
	access to this scope's audit results. Displays "Everyone" if
	the scope's audit results aren't restricted.

Deleting Scopes

To delete a scope, click the Delete hyperlink for the scope in the table. When you delete a scope, you remove it from the database. A warning appears to remind you that you are about to delete a record from the database. At this time, you can cancel the action or delete the record.

DNS Domain Name Scopes

A domain written in DNS format. You may use the * wild card to represent a range of system names, as in "*.symantec.com".

A system matches this scope if its fully qualified domain name matches the value entered. You can also use any valid shell expression to match against a target's fully qualified domain name. If the server does not know the fully qualified name (typically from a reverse DNS lookup), then it attempts to match the target's IP address against the shell expression.

Expression Scopes

You may use an expression to combine more than one scope type into one unified scope of target systems. Use functions, Boolean operators and parentheses to construct your expression. Function names are not case sensitive. You may use more than one line to enter an expression.

Unlike the other scopes, expression scopes can only accept one entry. Regardless of how many lines long a scope is, all lines are treated as a single expression.

Example: (IPRANGE(12.2.1.0/24) IPRANGE(11.2.1.0/20)) && !DOMAIN(symantec.com)

Supported Operators

Operator	Description

&&	Logical AND
	Logical OR
!	Logical NOT

37

Image 45

Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage What is Self-Service Auditing? Self-Service AuditSelf-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear About Server Configuration Configure ServersLocal Server Settings Pages with Role SettingsSetup Viewing Audit ResultsDatabase Connection Windows 2000 Servers Secure ConnectionClick OK on the Default Web Site Properties window Credential Store UserCreating Credential Stores SecurityExpressions Console Credential Stores Enable Web ServicesSoftware Registration Site PreferencesAccess Item Rights Global Machine List Access User RolesPolicy File Library Library SynchronizationCheck the Synchronize with a policy file library box How System Scores are Calculated About Policy FilesAgent & Service Configuration Default method for remote execution on WindowsTarget Options SSH Agent Authentication Database Cleanup Cancel Update TaskPolicies Add TaskAgent Downloads Site PreferencesClick Use the Following Agreement Allow Remediation Page Audit-On-Connect What is Audit-on-Connect?Policies Policies TablePage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table DNS Domain Name Scopes Deleting ScopesExpression Scopes Supported OperatorsSupported Functions Org Unit ScopesDetection Method Scopes Notifications Creating New Email Notifications Creating New Command NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsExceptions ExceptionsExceptions Table Column Description Adding ExceptionsConnection Monitors Specify Password and Encrypted PasswordDeleting Exceptions Connection MonitorsConfiguring Connection Monitors RemoveEnabling Connection Monitors IP Range Section Connection Monitor Configuration FileOptions DefaultProcessing the Configuration File Configuration File SyntaxActive Directory Active Directory Connection Monitor only Slow Links NetworkNetwork Admissions Control Trace Route InformationUnmanaged Systems Initial TokenQuarantined/Unknown HealthyReaudit if quarantined Redirection WebAudit on Connect Tracing Redirection Web Page BehaviorAudit on Connect Tracing Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsDeleting Machine Lists Scheduled TasksEditing Global Machine Lists Scheduled TasksAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Browse Audit-On-Connect Activity View Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage View Audit Results Browse Audit ResultsAdding a New Audit Results Report Profile Page Adding Custom Reports to the Server Application Scheduled Audits Log ReportEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights