Symantec Security Expressions Server manual Creating New Command Notifications, Click Add New

Page 48

SecurityExpressions Server User Guide

Creating New Command Notifications

To create a new command notification:

1.Click Add New.

2.Provide a Notification Name, a customized name of the notification to appear in the table.

3.Select Command as the Type.

4.Type the Command to run, which may be a URL. Include the command Arguments. You can pass variables to the command.

If the command is a program, programs expect dependent files to be in the \system32\ folder.

5.Click Add New.

Creating New Email Notifications

When you create an email notification, you must identify the SMTP email server and the address from which the email should be sent.

To create a new email notification:

1.Click Add New.

2.Provide a Notification Name, a customized name of the notification to appear in the table.

3.Select Email as the Type.

4.Complete the following email information:

To – person receiving the notification. This address appears as the Value in the table. Or Select allows you to select a previously entered email address.

Subject – Notification topic. Or Select allows you to select a previously entered subject.

Message – Text of the email notification, including variables.

Examples: An audit has finished: %COMPUTER%

The group posture result is %GROUPPOSTURERESULT%.

Click here for the report: %RESULTLINK%

5.Select Attach trace route information for Audit-on-Connect for the message body to include the trace route. The message body always includes a link to the report for the audit that caused this notification.

6.Recommended: Click Send Test to make sure the notification will send as configured.

7.Click Add New.

Set Server for Email Notifications

Email notifications require that you set the SMTP server settings. These global settings include the email server (the name of the server through which to send email notifications) and the sender address (the email address of the person sending the email notifications).

Editing Notifications

40

Image 48
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit What is Self-Service Auditing?Self-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Configure Servers About Server ConfigurationLocal Server Settings Pages with Role SettingsSetup Viewing Audit ResultsDatabase Connection Secure Connection Windows 2000 ServersClick OK on the Default Web Site Properties window Credential Store UserCreating Credential Stores Enable Web Services SecurityExpressions Console Credential StoresSoftware Registration Site PreferencesAccess Global Machine List Access User Roles Item RightsPolicy File Library Library SynchronizationCheck the Synchronize with a policy file library box About Policy Files How System Scores are CalculatedAgent & Service Configuration Default method for remote execution on WindowsTarget Options SSH Agent Authentication Database Cleanup Update Task CancelPolicies Add TaskAgent Downloads Site PreferencesClick Use the Following Agreement Allow Remediation Page What is Audit-on-Connect? Audit-On-ConnectPolicies Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Deleting Scopes DNS Domain Name ScopesExpression Scopes Supported OperatorsSupported Functions Org Unit ScopesDetection Method Scopes Notifications Creating New Command Notifications Creating New Email NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions ExceptionsExceptions Table Column Description Adding ExceptionsSpecify Password and Encrypted Password Connection MonitorsDeleting Exceptions Connection MonitorsConfiguring Connection Monitors RemoveEnabling Connection Monitors Connection Monitor Configuration File IP Range SectionDefault OptionsProcessing the Configuration File Configuration File SyntaxActive Directory Active Directory Connection Monitor only Network Slow LinksTrace Route Information Network Admissions ControlUnmanaged Systems Initial TokenHealthy Quarantined/UnknownReaudit if quarantined Redirection WebAudit on Connect Tracing Redirection Web Page BehaviorAudit on Connect Tracing Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsScheduled Tasks Deleting Machine ListsEditing Global Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page View Audit-On-Connect Activity Browse Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage View Audit Results Browse Audit ResultsAdding a New Audit Results Report Profile Page Scheduled Audits Log Report Adding Custom Reports to the Server ApplicationEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights