Symantec Security Expressions Server manual Supported Functions, Org Unit Scopes

Page 46

SecurityExpressions Server User Guide

Supported Functions

Function

Argument

Description

 

 

 

iprange

a valid IP range

Returns TRUE if the target

 

 

computer is a member of the IP

 

 

range.

domain

a windows domain in Netbios or

Returns TRUE if the target

 

DNS format

computer is a member of the

 

 

windows domain.

machinelist

a database machine list created

Returns TRUE if the target is a

 

using the console application

member of the machine list.

devicetype

a valid device type

Returns TRUE if the target is the

 

 

type of device specified.

fqdnmatch

a shell expression

Returns TRUE if the target’s full

 

 

qualified domain name matches

 

 

the shell expression.

ou

the name of an OU in Microsoft

Returns TRUE if the target is a

 

shorthand, and optionally an LDAP

member of the organizational

 

URL specifying what directory and

unit.

 

credentials should be queried

 

detectionmethod

a method for detecting systems on

Returns TRUE if the target was

 

the network

detected on the network using

 

 

this method.

aocserver

a shell expression

Returns TRUE if the server

 

 

processing the connection event

 

 

matches the shell expression.

Org Unit Scopes

Also known as an OU, a system's organizational unit is listed in the domain controller. The software searches OUs in order to find Active-Directory computer accounts. OU searches begin at the directory’s default naming context.

Use Microsoft shorthand notation to type OUs. You do not need to type OUs in a case-sensitive manner. For example, the Active Directory DN of “ou=A,ou=B,dc=symantec,dc=com” would be entered as “B/A.” If your computer accounts are located in Active Directory's default location of "cn=computers,dc=symantec,dc=com," you can simply enter "computers" to search for all computer accounts.

If you're running the server application on a system that's not a member of an Active Directory domain, you'll need to override the directory, protocol and login credentials to the

directory by specifying an LDAP URL as the first OU. The syntax is "ldap://[user:password@]host[:port].” The User can be in Microsoft format such as "user@domain.com” or in standard LDAP format such as "cn=user,dc=symantec,dc=com."

A system matches this scope if its Active-Directory computer account matches the value entered.

Detection Method Scopes

38

Page 45 Page 47
Image 46
Page 45 Page 47
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit Agreement Self-Service AuditWhat is Self-Service Auditing? How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Local Server Settings Configure ServersAbout Server Configuration Pages with Role SettingsViewing Audit Results SetupDatabase Connection Secure Connection Windows 2000 ServersCredential Store User Click OK on the Default Web Site Properties windowCreating Credential Stores Software Registration Enable Web ServicesSecurityExpressions Console Credential Stores Site PreferencesAccess Global Machine List Access User Roles Item RightsLibrary Synchronization Policy File LibraryCheck the Synchronize with a policy file library box About Policy Files How System Scores are CalculatedDefault method for remote execution on Windows Agent & Service ConfigurationTarget Options SSH Agent Authentication Database Cleanup Policies Update TaskCancel Add TaskSite Preferences Agent DownloadsClick Use the Following Agreement Allow Remediation Page Policies What is Audit-on-Connect?Audit-On-Connect Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Expression Scopes Deleting ScopesDNS Domain Name Scopes Supported OperatorsOrg Unit Scopes Supported FunctionsDetection Method Scopes Notifications Click Add New Creating New Command NotificationsCreating New Email Notifications Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions Table Column Description ExceptionsExceptions Adding ExceptionsDeleting Exceptions Specify Password and Encrypted PasswordConnection Monitors Connection MonitorsRemove Configuring Connection MonitorsEnabling Connection Monitors Connection Monitor Configuration File IP Range SectionDefault OptionsConfiguration File Syntax Processing the Configuration FileActive Directory Active Directory Connection Monitor only Network Slow LinksUnmanaged Systems Trace Route InformationNetwork Admissions Control Initial TokenReaudit if quarantined HealthyQuarantined/Unknown Redirection WebRedirection Web Page Behavior Audit on Connect TracingAudit on Connect Tracing Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsEditing Global Machine Lists Scheduled TasksDeleting Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Audit-On-Connect Activity Table Column Description View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage Browse Audit Results View Audit ResultsAdding a New Audit Results Report Profile Page Editing Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights
Top Page Image Contents