Symantec Security Expressions Server manual Adding Policies

Page 65

 

Audit-On-Schedule

 

 

 

posture result remains valid, the software won't attempt

 

 

to audit a system if it connects to the network again.

 

 

Instead, it returns a posture result of Pass.

 

Cache Fail For

Specify how long posture results remain valid when the

 

(Audit-On-Connect Only)

system fails an audit based on this policy. This is a way to

 

 

control how often a system gets audited — as long as a

 

 

posture result remains valid, the software won't attempt

 

 

to audit a system if it connects to the network again.

 

 

Instead, it returns a posture result of Fail.

 

Adding Policies

 

 

To create a policy:

 

 

1.Click Add New on the Policies page.

2.Select a policy file to associate with the policy using one of the following methods.

Upload a policy file – Type the name or Browse for a SIF file. If the SIF file is encrypted, type a password in the Password box to decrypt it.

Download this file from the Policy File Library – Transfers a copy of a policy file from the Policy File Library over the network. Click the Choose button to display a list of the policy files available in the library. Click a policy file to select it.

This option is available only if the server can access a Policy File Library.

3.Optional: In the Name box, change the name of the policy.

The name of the policy file you selected in step 2 appeared in this box when you selected it.

4.Optional: In the Description box, type a description of the policy.

5.If you uploaded a policy file that's encrypted, type a password to decrypt it in the Password box.

Policy files downloaded from the Policy File Library aren't encrypted.

6.If you want the policy to be available to use in audits, check the Make this policy active box.

Clear the check box to make the policy unavailable to use in audits without deleting the policy.

7.Check the Policy is kept up to date with Policy File Library box if you want to regularly update the SIF files in this policy using the policy file library available on line.

This option is available only if the server can access a Policy File Library.

8.If you want the policy to be available to use in self-service audits, check the Available for use in self-service audits box.

9.Type a name and optional description of the policy.

10.For Audit-On-Connect include the Link Type, Device Type, Posture Condition, Pass Results Valid For and Fail Results Valid For settings.

11.Set Windows Group Access. Enter Windows groups, separated by a comma, that can use this policy, remediate audit results generated using this policy, and view audit results for this policy. This establishes which users can access this policy and its audit results due to their role. If

57

Image 65
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage What is Self-Service Auditing? Self-Service AuditSelf-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear About Server Configuration Configure ServersLocal Server Settings Pages with Role SettingsDatabase Connection SetupViewing Audit Results Windows 2000 Servers Secure ConnectionCreating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User SecurityExpressions Console Credential Stores Enable Web ServicesSoftware Registration Site PreferencesAccess Item Rights Global Machine List Access User RolesCheck the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization How System Scores are Calculated About Policy FilesTarget Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Cancel Update TaskPolicies Add TaskClick Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page Audit-On-Connect What is Audit-on-Connect?Policies Policies TablePage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table DNS Domain Name Scopes Deleting ScopesExpression Scopes Supported OperatorsDetection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Creating New Email Notifications Creating New Command NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsExceptions ExceptionsExceptions Table Column Description Adding ExceptionsConnection Monitors Specify Password and Encrypted PasswordDeleting Exceptions Connection MonitorsEnabling Connection Monitors Configuring Connection MonitorsRemove IP Range Section Connection Monitor Configuration FileOptions DefaultActive Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Slow Links NetworkNetwork Admissions Control Trace Route InformationUnmanaged Systems Initial TokenQuarantined/Unknown HealthyReaudit if quarantined Redirection WebAudit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsDeleting Machine Lists Scheduled TasksEditing Global Machine Lists Scheduled TasksAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Browse Audit-On-Connect Activity View Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Adding Custom Reports to the Server Application Scheduled Audits Log ReportEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights