Symantec Security Expressions Server manual Deleting Notifications, Notification Variables

Page 50

SecurityExpressions Server User Guide

To create a new command notification:

1.Click Add New in the Notifications page.

2.Provide a Notification Name, a customized name of the notification to appear in the table.

3.Select Command as the Type.

4.Type the Command to run, which may be a URL. Include the command Arguments. You can pass variables to the command.

If the command is a program, programs expect dependent files to be in the \system32\ folder.

5.Click Add New.

Deleting Notifications

Click the Delete hyperlink for the notification that you want to remove. When you delete a notification, you remove it from the database. A warning appears to remind you that you are about to delete a record from the database. At this time, you can cancel the action or delete the record.

Notification Variables

You can include the variables listed here in any text-entry setting in a notification.

%RESULTLINK% - URL of the results or report

%POLICY% - policy used to perform the audit

%DESCRIPTION% - description of the task that executed the audit, from the Description box located in the Task Options and Scheduling dialog box's List tab

To learn more about the Task Options and Scheduling dialog box, check the SecurityExpressions Console help.

%DATE% - the date this task ran

The following three variables will only return a value if statistics are available:

%COUNTPROBLEMS% - number of errors encountered during the audit

%COUNTRULES% - number of rules used to audit the machine list

%SCORE% - the overall score resulting from the audit

The following four variables will only return a value if the task only audited one system:

%IP% - IP address or name of the system being audited, depending which represents the system in the machine list

%COMPUTER% - identical to the %IP% variable

%HOST% - identical to the %IP% variable

%GROUPPOSTURERESULT% - posture result of the system being audited

Example

42

Image 50

Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit Agreement Self-Service AuditWhat is Self-Service Auditing? How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Local Server Settings Configure ServersAbout Server Configuration Pages with Role SettingsDatabase Connection SetupViewing Audit Results Secure Connection Windows 2000 ServersCreating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User Software Registration Enable Web ServicesSecurityExpressions Console Credential Stores Site PreferencesAccess Global Machine List Access User Roles Item RightsCheck the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization About Policy Files How System Scores are CalculatedTarget Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Policies Update TaskCancel Add TaskClick Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page Policies What is Audit-on-Connect?Audit-On-Connect Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table Expression Scopes Deleting ScopesDNS Domain Name Scopes Supported OperatorsDetection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Click Add New Creating New Command NotificationsCreating New Email Notifications Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions Table Column Description ExceptionsExceptions Adding ExceptionsDeleting Exceptions Specify Password and Encrypted PasswordConnection Monitors Connection MonitorsEnabling Connection Monitors Configuring Connection MonitorsRemove Connection Monitor Configuration File IP Range SectionDefault OptionsActive Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Network Slow LinksUnmanaged Systems Trace Route InformationNetwork Admissions Control Initial TokenReaudit if quarantined HealthyQuarantined/Unknown Redirection WebAudit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsEditing Global Machine Lists Scheduled TasksDeleting Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Audit-On-Connect Activity Table Column Description View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Editing Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights