Symantec Security Expressions Server manual Notifications

Page 69

Audit-On-Schedule

modifications. This rule may require synchronization between the database and the policy file. To synchronize the database and the new file, save the policy file in the database with a new name with new parameters for the .CONFIGURE rule, if previously saved in the database.

Notifications

Notifications

You can opt to receive email or program-output notifications when audits occur. Notifications apply to Audit-On-Schedule or Audit-On-Connect results and each audit can have one or more notification actions upon completion.

You may use notifications created in SecurityExpressions console in addition to the ones created in SecurityExpressions server. This application lets you select notifications created in

both applications in the Schedules Tasks page and the Scopes page.

The Notifications table displays the notification Name, Type, and Values. From this page you create an email or command notification that you can edit or delete.

Creating New Command Notifications

To create a new command notification:

1.Click Add New.

2.Provide a Notification Name, a customized name of the notification to appear in the table.

3.Select Command as the Type.

4.Type the Command to run, which may be a URL. Include the command Arguments. You can pass variables to the command.

If the command is a program, programs expect dependent files to be in the \system32\ folder.

5.Click Add New.

Creating New Email Notifications

When you create an email notification, you must identify the SMTP email server and the address from which the email should be sent.

To create a new email notification:

1.Click Add New.

2.Provide a Notification Name, a customized name of the notification to appear in the table.

3.Select Email as the Type.

4.Complete the following email information:

To – person receiving the notification. This address appears as the Value in the table. Or Select allows you to select a previously entered email address.

Subject – Notification topic. Or Select allows you to select a previously entered subject.

Message – Text of the email notification, including variables.

Examples: An audit has finished: %COMPUTER%

61

Image 69

Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage What is Self-Service Auditing? Self-Service AuditSelf-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear About Server Configuration Configure ServersLocal Server Settings Pages with Role SettingsSetup Viewing Audit ResultsDatabase Connection Windows 2000 Servers Secure ConnectionClick OK on the Default Web Site Properties window Credential Store UserCreating Credential Stores SecurityExpressions Console Credential Stores Enable Web ServicesSoftware Registration Site PreferencesAccess Item Rights Global Machine List Access User RolesPolicy File Library Library SynchronizationCheck the Synchronize with a policy file library box How System Scores are Calculated About Policy FilesAgent & Service Configuration Default method for remote execution on WindowsTarget Options SSH Agent Authentication Database Cleanup Cancel Update TaskPolicies Add TaskAgent Downloads Site PreferencesClick Use the Following Agreement Allow Remediation Page Audit-On-Connect What is Audit-on-Connect?Policies Policies TablePage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table DNS Domain Name Scopes Deleting ScopesExpression Scopes Supported OperatorsSupported Functions Org Unit ScopesDetection Method Scopes Notifications Creating New Email Notifications Creating New Command NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsExceptions ExceptionsExceptions Table Column Description Adding ExceptionsConnection Monitors Specify Password and Encrypted PasswordDeleting Exceptions Connection MonitorsConfiguring Connection Monitors RemoveEnabling Connection Monitors IP Range Section Connection Monitor Configuration FileOptions DefaultProcessing the Configuration File Configuration File SyntaxActive Directory Active Directory Connection Monitor only Slow Links NetworkNetwork Admissions Control Trace Route InformationUnmanaged Systems Initial TokenQuarantined/Unknown HealthyReaudit if quarantined Redirection WebAudit on Connect Tracing Redirection Web Page BehaviorAudit on Connect Tracing Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsDeleting Machine Lists Scheduled TasksEditing Global Machine Lists Scheduled TasksAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Browse Audit-On-Connect Activity View Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage View Audit Results Browse Audit ResultsAdding a New Audit Results Report Profile Page Adding Custom Reports to the Server Application Scheduled Audits Log ReportEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights