Symantec Security Expressions Server manual Healthy, Quarantined/Unknown, Reaudit if quarantined

Page 59

Audit-On-Connect

A managed system is a system on the network that the server software can connect to and audit using the appropriate credentials. It is a target system or potential target system.

Initial Token

Sends the posture token you select to ACS if a system receives a posture result of Fail.

Both Managed and Unmanaged

Network Access Device (NAD) Polling

Select how often ACS should poll the server software for the latest status of target systems. If it finds any updated policies:

the server audits managed target systems with a valid Healthy token unless the policy cache settings indicate otherwise.

NAC places Healthy unmanaged systems into quarantine as soon as their Cache Validity Duration expires.

Healthy

Select how often ACS should poll the server software for the latest status of target systems when the managed target systems have a valid Healthy token. In addition to selecting specific time intervals, you can opt to poll healthy systems as often as the smallest time interval entered in the Cache Pass For option, found in the Policies table, for all policies in the scope used.

Quarantined/Unknown

Select how often ACS should poll the server software for the latest status of target systems when the managed target systems have a valid Quarantined or Unknown token.

Make sure you set the Cache Fail For option, found in the Policies table, for a length of time longer than the time you select here. If you do not set these times strategically,

systems might not be able to get out of quarantine.

Reaudit if quarantined

Check this box if you want to reaudit systems with a valid Quarantined or Unknown token. Quarantined and unknown systems will get audited at the frequency you selected in the Quarantined/Unknown drop-down list until they receive a Healthy

token.

As you're selecting the settings on this page, keep in mind NAC's Audit in Progress Poll Hint Timeout. The poll-timeout hint is a length of time the server software passes to ACS that

indicates the next time it would be appropriate to request another token. NAC uses this value to reduce the number of communication round trips between the servers. The settings affect the poll-timeout hint in the following ways:

If a system has a Healthy token, the poll-timeout hint returned is the length of time selected from the Healthy drop-down list.

If a system has a Quarantined or Unknown token, the timeout hint returned is the length of time selected from the Quarantined/Unknown drop-down list.

If a system does not have a valid Healthy, Quarantined or Unknown token when sent to the auditing queue, the server software returns a timeout hint that takes into account the number of hosts currently waiting to be audited and the average time to complete an audit.

Redirection Web Page

51

Page 58 Page 60
Image 59
Page 58 Page 60
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage How to Audit your Local Computer Self-Service AuditWhat is Self-Service Auditing? Self-Service Audit AgreementDisplays on the page. No detailed audit results appear Pages with Role Settings Configure ServersAbout Server Configuration Local Server SettingsDatabase Connection SetupViewing Audit Results Windows 2000 Servers Secure ConnectionCreating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User Site Preferences Enable Web ServicesSecurityExpressions Console Credential Stores Software RegistrationAccess Item Rights Global Machine List Access User RolesCheck the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization How System Scores are Calculated About Policy FilesTarget Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Add Task Update TaskCancel PoliciesClick Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page Policies Table What is Audit-on-Connect?Audit-On-Connect PoliciesPage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table Supported Operators Deleting ScopesDNS Domain Name Scopes Expression ScopesDetection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Editing Notifications Creating New Command NotificationsCreating New Email Notifications Click Add NewClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsAdding Exceptions ExceptionsExceptions Exceptions Table Column DescriptionConnection Monitors Specify Password and Encrypted PasswordConnection Monitors Deleting ExceptionsEnabling Connection Monitors Configuring Connection MonitorsRemove IP Range Section Connection Monitor Configuration FileOptions DefaultActive Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Slow Links NetworkInitial Token Trace Route InformationNetwork Admissions Control Unmanaged SystemsRedirection Web HealthyQuarantined/Unknown Reaudit if quarantinedAudit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsScheduled Tasks Scheduled TasksDeleting Machine Lists Editing Global Machine ListsAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Adding a New Audit-On-Connect Report Profile View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Audit-On-Connect Activity Table Column DescriptionDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Deleting Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Editing Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights
Top Page Image Contents