Symantec Security Expressions Server manual Click Add New

Page 70

SecurityExpressions Server User Guide

The group posture result is %GROUPPOSTURERESULT%.

Click here for the report: %RESULTLINK%

5.Select Attach trace route information for Audit-on-Connect for the message body to include the trace route. The message body always includes a link to the report for the audit that caused this notification.

6.Recommended: Click Send Test to make sure the notification will send as configured.

7.Click Add New.

Set Server for Email Notifications

Email notifications require that you set the SMTP server settings. These global settings include the email server (the name of the server through which to send email notifications) and the sender address (the email address of the person sending the email notifications).

Editing Notifications

To edit a Notification, click the Edit hyperlink on the Notifications table to select the row to edit. Make the necessary modifications and click Update.

To Edit an email notification, make the necessary modifications to:

•Notification Name

•To – person receiving the notification. This address appears as the Value in the table.

•Subject – Notification topic

•Message – Text of the email notification, including variables.

•Check or clear the Attach trace route information for Audit-on-Connect box to determine whether or not the message body will include the trace route.

We recommend you click Send Test to make sure the modified notification will send. To Edit a command notification, make the necessary modifications to:

•Notification Name

•Command

•Optional Arguments

Deleting Notifications

Creating New Command Notifications

To create a new command notification:

1.Click Add New in the Notifications page.

2.Provide a Notification Name, a customized name of the notification to appear in the table.

3.Select Command as the Type.

4.Type the Command to run, which may be a URL. Include the command Arguments. You can pass variables to the command.

If the command is a program, programs expect dependent files to be in the \system32\

62

Image 70

Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit Agreement Self-Service AuditWhat is Self-Service Auditing? How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Local Server Settings Configure ServersAbout Server Configuration Pages with Role SettingsViewing Audit Results SetupDatabase Connection Secure Connection Windows 2000 ServersCredential Store User Click OK on the Default Web Site Properties windowCreating Credential Stores Software Registration Enable Web ServicesSecurityExpressions Console Credential Stores Site PreferencesAccess Global Machine List Access User Roles Item RightsLibrary Synchronization Policy File LibraryCheck the Synchronize with a policy file library box About Policy Files How System Scores are CalculatedDefault method for remote execution on Windows Agent & Service ConfigurationTarget Options SSH Agent Authentication Database Cleanup Policies Update TaskCancel Add TaskSite Preferences Agent DownloadsClick Use the Following Agreement Allow Remediation Page Policies What is Audit-on-Connect?Audit-On-Connect Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Expression Scopes Deleting ScopesDNS Domain Name Scopes Supported OperatorsOrg Unit Scopes Supported FunctionsDetection Method Scopes Notifications Click Add New Creating New Command NotificationsCreating New Email Notifications Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions Table Column Description ExceptionsExceptions Adding ExceptionsDeleting Exceptions Specify Password and Encrypted PasswordConnection Monitors Connection MonitorsRemove Configuring Connection MonitorsEnabling Connection Monitors Connection Monitor Configuration File IP Range SectionDefault OptionsConfiguration File Syntax Processing the Configuration FileActive Directory Active Directory Connection Monitor only Network Slow LinksUnmanaged Systems Trace Route InformationNetwork Admissions Control Initial TokenReaudit if quarantined HealthyQuarantined/Unknown Redirection WebRedirection Web Page Behavior Audit on Connect TracingAudit on Connect Tracing Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsEditing Global Machine Lists Scheduled TasksDeleting Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Audit-On-Connect Activity Table Column Description View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage Browse Audit Results View Audit ResultsAdding a New Audit Results Report Profile Page Editing Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights