Symantec Security Expressions Server manual Scheduled Tasks, Deleting Machine Lists

Page 74

SecurityExpressions Server User Guide

Make sure you type the system names or IP addresses correctly. If you did not type a system's name or address correctly or somehow entered an invalid system, the audit skips the system and moves on to the next system in the list.

5.Set Windows Group Access. Enter Windows groups, separated by a comma, that can use this machine list and view audit results for it. This establishes which users can access this machine list and its audit results because of their role. If a Windows User Group isn't on the local computer, you'll need to enter the group in domain\groupname format.

In the Use Machine List field, enter the Windows groups that should be able to use the machine list in scheduled audits. In the View Audit Results field, enter the Windows groups that should be able to view results from audits using the machine list. To grant all users access, type Everyone. To restrict all users, type None.

6.When you're done modifying the machine list, click the Add/Update button. The machine list appears in the table at the top of the page.

Deleting Machine Lists

Click the Delete hyperlink in the same row as the machine list that you want to delete. When you delete a machine list, you remove it from the database. A warning appears to remind you that you are about to delete a record from the database. At this time, you can cancel the action or delete the record.

Editing Global Machine Lists

You can use global machine lists, which are database machine lists created in the console application, to indicate which target systems you want to audit on a schedule. If a database machine list requires credentials in order to access the systems in it, and you plan to use it in the server application, someone needs to delegate the machine list's credentials to the server application.

To delegate a database machine list's credentials to the server application, open the console application, right click the Database Machine List in the Audit tab's left pane and select Edit from the menu. The Edit Machine List dialog box appears. Use the Connect tab and the Delegation tab to set and delegate credentials. For more information on editing machine lists in the console application, check its on-line help.

Scheduled Tasks

Scheduled Tasks

SecurityExpressions automatically starts a scheduled task at some future time based on options defined through Audit-On-Schedule.

Audit-On-Schedule specifies a daily, weekly, or monthly schedule to audit certain devices and how to audit those devices. You can assign previously created notifications to scheduled audits. While viewing the scheduled audits, you can click Run Now to run the task immediately.

From the Scheduled Task page you add, edit, or delete a task. You must be logged in as the same user that created a scheduled task in order to use it, unless you belong to a Windows User Group listed in the Edit Private Items field in the Item Rights options.

Scheduled tasks use only the policy file and .CONFIGURE information of a policy, ignoring the other settings.

66

Image 74
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit Agreement Self-Service AuditWhat is Self-Service Auditing? How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Local Server Settings Configure ServersAbout Server Configuration Pages with Role SettingsDatabase Connection SetupViewing Audit Results Secure Connection Windows 2000 ServersCreating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User Software Registration Enable Web ServicesSecurityExpressions Console Credential Stores Site PreferencesAccess Global Machine List Access User Roles Item RightsCheck the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization About Policy Files How System Scores are CalculatedTarget Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Policies Update TaskCancel Add TaskClick Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page Policies What is Audit-on-Connect?Audit-On-Connect Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table Expression Scopes Deleting ScopesDNS Domain Name Scopes Supported OperatorsDetection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Click Add New Creating New Command NotificationsCreating New Email Notifications Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions Table Column Description ExceptionsExceptions Adding ExceptionsDeleting Exceptions Specify Password and Encrypted PasswordConnection Monitors Connection MonitorsEnabling Connection Monitors Configuring Connection MonitorsRemove Connection Monitor Configuration File IP Range SectionDefault OptionsActive Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Network Slow LinksUnmanaged Systems Trace Route InformationNetwork Admissions Control Initial TokenReaudit if quarantined HealthyQuarantined/Unknown Redirection WebAudit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsEditing Global Machine Lists Scheduled TasksDeleting Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Audit-On-Connect Activity Table Column Description View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Editing Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights