Symantec Security Expressions Server manual My Machine Lists

Page 72

SecurityExpressions Server User Guide

The following three variables will only return a value if statistics are available:

%COUNTPROBLEMS% - number of errors encountered during the audit

%COUNTRULES% - number of rules used to audit the machine list

%SCORE% - the overall score resulting from the audit

The following four variables will only return a value if the task only audited one system:

%IP% - IP address or name of the system being audited, depending which represents the system in the machine list

%COMPUTER% - identical to the %IP% variable

%HOST% - identical to the %IP% variable

%GROUPPOSTURERESULT% - posture result of the system being audited

Example

A Subject or Message may contain text such as "Latest SecurityExpressions audit located at %RESULTLINK%."

My Machine Lists

My Machine Lists

When you schedule an audit task, you need to indicate which systems on the network you want the task to audit. The way to do that is to compile a machine list. A machine list collects in one place the names of the systems you want to audit in one session. Once you compile one or more machine lists, you can assign them to audit tasks.

In machine lists, systems are indicated by their system name or IP address. A machine list might include all systems in an organization, a department, a geographic territory, domain, or the entire network.

From the My Machine Lists page you add, edit, or delete a machine list. These machine lists, unlike any machine lists created in the console application (global machine lists), are secure personal lists. You must be logged in as the same user that created a list in order to use it, unless you belong to a Windows User Group listed in the Edit Private Items field in the Item Rights options.

Tip: When you schedule an audit, you can use either the machine lists created on this page or machine lists created in the console application (global machine lists). If all the machine lists you want to use were already created in the console, you do not have to create any machine lists here.

The table at the top of the My Machine Lists page contains the following information:

Column

Description

 

 

Edit

Click this link to edit the machine list in this row.

Delete

Click this link to delete the machine list in this row.

Name

Name of the machine list.

Member Count

The number of systems that are members of this machine list.

64

Image 72
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit What is Self-Service Auditing?Self-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Configure Servers About Server ConfigurationLocal Server Settings Pages with Role SettingsSetup Viewing Audit ResultsDatabase Connection Secure Connection Windows 2000 ServersClick OK on the Default Web Site Properties window Credential Store UserCreating Credential Stores Enable Web Services SecurityExpressions Console Credential StoresSoftware Registration Site PreferencesAccess Global Machine List Access User Roles Item RightsPolicy File Library Library SynchronizationCheck the Synchronize with a policy file library box About Policy Files How System Scores are CalculatedAgent & Service Configuration Default method for remote execution on WindowsTarget Options SSH Agent Authentication Database Cleanup Update Task CancelPolicies Add TaskAgent Downloads Site PreferencesClick Use the Following Agreement Allow Remediation Page What is Audit-on-Connect? Audit-On-ConnectPolicies Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Deleting Scopes DNS Domain Name ScopesExpression Scopes Supported OperatorsSupported Functions Org Unit ScopesDetection Method Scopes Notifications Creating New Command Notifications Creating New Email NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions ExceptionsExceptions Table Column Description Adding ExceptionsSpecify Password and Encrypted Password Connection MonitorsDeleting Exceptions Connection MonitorsConfiguring Connection Monitors RemoveEnabling Connection Monitors Connection Monitor Configuration File IP Range SectionDefault OptionsProcessing the Configuration File Configuration File SyntaxActive Directory Active Directory Connection Monitor only Network Slow LinksTrace Route Information Network Admissions ControlUnmanaged Systems Initial TokenHealthy Quarantined/UnknownReaudit if quarantined Redirection WebAudit on Connect Tracing Redirection Web Page BehaviorAudit on Connect Tracing Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsScheduled Tasks Deleting Machine ListsEditing Global Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page View Audit-On-Connect Activity Browse Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage View Audit Results Browse Audit ResultsAdding a New Audit Results Report Profile Page Scheduled Audits Log Report Adding Custom Reports to the Server ApplicationEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights