Symantec Security Expressions Server manual Audit-On-Schedule, What is Audit-on-Schedule?

Page 63

Audit-On-Schedule

What is Audit-on-Schedule?

Audit-on-Schedule is an auditing method that audits a group of systems at scheduled intervals. You create a scheduled task that audits all systems in a machine list based on a policy. When the audit is finished, the task can send notifications indicating the audit is done and where to view audit results.

Use the following pages to configure Audit-on-Schedule:

Policies

Notifications

My Machine Lists

Scheduled Tasks

First create policies, notifications and machine lists to add to scheduled audit tasks. Then create a task. Once the task is scheduled, it runs automatically

Policies

Policies Page

When you create a new policy, you assign a name and a policy file (.sif) to the policy. Note that policies differ from policy files: a policy contains a designated policy file.

From the Policies page you create policies to define the audits. You also edit or delete existing policies. If performing an Audit-on-Connect audit, you also set the run-time variables on the

Policies page.

Policies are saved to the database. If more than one person is editing the same policy at the same time, the version saved last is the only version that will be stored.

Note that you can associate one or more policy files with specific conditions and the scope.

The Policies table displays available policies for the audits and policy configurations.

Policies Table

The Policies table displays available policies for the audits and policy configurations. The Policies table consists of the following columns:

Column

Description

 

 

Active

If Yes, then apply the policy. If the policy is active, within

 

that Scope, the policy will be applied.

 

If No, the policy is not applied but will not be deleted.

Edit

Make changes to this policy entry in the table.

Delete

Remove this entry from the table.

Name

Policy name as it is listed for selection when creating a

 

scope or scheduled task.

55

Image 63
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage How to Audit your Local Computer Self-Service AuditWhat is Self-Service Auditing? Self-Service Audit AgreementDisplays on the page. No detailed audit results appear Pages with Role Settings Configure ServersAbout Server Configuration Local Server SettingsSetup Viewing Audit ResultsDatabase Connection Windows 2000 Servers Secure ConnectionClick OK on the Default Web Site Properties window Credential Store UserCreating Credential Stores Site Preferences Enable Web ServicesSecurityExpressions Console Credential Stores Software RegistrationAccess Item Rights Global Machine List Access User RolesPolicy File Library Library SynchronizationCheck the Synchronize with a policy file library box How System Scores are Calculated About Policy FilesAgent & Service Configuration Default method for remote execution on WindowsTarget Options SSH Agent Authentication Database Cleanup Add Task Update TaskCancel PoliciesAgent Downloads Site PreferencesClick Use the Following Agreement Allow Remediation Page Policies Table What is Audit-on-Connect?Audit-On-Connect PoliciesPage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Supported Operators Deleting ScopesDNS Domain Name Scopes Expression ScopesSupported Functions Org Unit ScopesDetection Method Scopes Notifications Editing Notifications Creating New Command NotificationsCreating New Email Notifications Click Add NewClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsAdding Exceptions ExceptionsExceptions Exceptions Table Column DescriptionConnection Monitors Specify Password and Encrypted PasswordConnection Monitors Deleting ExceptionsConfiguring Connection Monitors RemoveEnabling Connection Monitors IP Range Section Connection Monitor Configuration FileOptions DefaultProcessing the Configuration File Configuration File SyntaxActive Directory Active Directory Connection Monitor only Slow Links NetworkInitial Token Trace Route InformationNetwork Admissions Control Unmanaged SystemsRedirection Web HealthyQuarantined/Unknown Reaudit if quarantinedAudit on Connect Tracing Redirection Web Page BehaviorAudit on Connect Tracing Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsScheduled Tasks Scheduled TasksDeleting Machine Lists Editing Global Machine ListsAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Adding a New Audit-On-Connect Report Profile View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Audit-On-Connect Activity Table Column DescriptionDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage View Audit Results Browse Audit ResultsAdding a New Audit Results Report Profile Page Deleting Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Editing Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights