Symantec Security Expressions Server manual

Page 68

SecurityExpressions Server User Guide

3.In the Parameters tab, the Config parameter is set to .CONFIGURE (Config=.CONFIGURE). When you set the Config key, the WizParams tab appears. On this tab you can type text using the WizParams syntax that controls the available text, input options, and parameters to modify in the Wizard.

4.View the WizParams tab to see the syntax that defines the Wizard's display for the rule. This example displays the question, "Enable safety net for NSA parameters?" In the Wizard you can select Yes or No.

The Wizard tab displays MoreInfo for this .CONFIGURE rule and the options defined in the Wizparams.

5.Review the CrashOnAuditFull rule in the Parameters tab. Note the Modifiers parameter, %get(.CONFIGURE:SAFETYNSA). The %get function calls the .CONFIGURE rule and uses the setting that enables the safety net setting for NSA parameters.

If you open the NSA Guidelines for Windows XP and Windows 2000 policy file, in the Preview pane you can click Configure to see the Wizard and the available options. If your policy file does not have a .CONFIGURE rule, the Configure link does not appear in the Preview pane.

Tip: This example describes how to use a .CONFIGURE rule in the console application. Rather than change the parameters there, you can select the variable settings in the server application and modify the .CONFIGURE rule. When you create a new Policy and select an associated policy file, the server application determines if a .CONFIGURE rule exists and displays prompts for

60

Image 68
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit What is Self-Service Auditing?Self-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Configure Servers About Server ConfigurationLocal Server Settings Pages with Role SettingsDatabase Connection SetupViewing Audit Results Secure Connection Windows 2000 ServersCreating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User Enable Web Services SecurityExpressions Console Credential StoresSoftware Registration Site PreferencesAccess Global Machine List Access User Roles Item RightsCheck the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization About Policy Files How System Scores are CalculatedTarget Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Update Task CancelPolicies Add TaskClick Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page What is Audit-on-Connect? Audit-On-ConnectPolicies Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table Deleting Scopes DNS Domain Name ScopesExpression Scopes Supported OperatorsDetection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Creating New Command Notifications Creating New Email NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions ExceptionsExceptions Table Column Description Adding ExceptionsSpecify Password and Encrypted Password Connection MonitorsDeleting Exceptions Connection MonitorsEnabling Connection Monitors Configuring Connection MonitorsRemove Connection Monitor Configuration File IP Range SectionDefault OptionsActive Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Network Slow LinksTrace Route Information Network Admissions ControlUnmanaged Systems Initial TokenHealthy Quarantined/UnknownReaudit if quarantined Redirection WebAudit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsScheduled Tasks Deleting Machine ListsEditing Global Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page View Audit-On-Connect Activity Browse Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Scheduled Audits Log Report Adding Custom Reports to the Server ApplicationEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights