Symantec Security Expressions Server manual Other Options Settings

Page 82

SecurityExpressions Server User Guide

A reaudit cycle could go on indefinitely if a system is off or never connects. Limiting the number of times the task can attempt to reaudit systems keeps the reaudit cycle from continuing indefinitely.

Both steps B and C provide end points to the reaudit cycle. You may use one method or the other, or both. If you use both methods together, whichever limit is reached first ends the audit cycle.

Tip: Steps 11 and 12 each provide a way for audits to occur on systems that were not available when the task was scheduled to audit them. You may use these features together or separately. If you use them together, Audit-on-Connect is active both during and after the reaudit cycle.

If a system was contacted but the login credentials were incorrect, the task does not attempt to reaudit the system.

Other Options Settings

13.If you want to limit the length of time this task takes to complete from the time it actually begins auditing, regardless of the reason, click the Limit to Hours radio button in the Maximum amount of time an audit may run section. Then type the number of hours to which you want to limit the task.

After this number of hours, the task finishes auditing the system it was working on and then terminates. If reauditing or Audit-on-Connect on Fail is part of the task, they are included as part of the overall time it takes to run the entire task.

14.If you want to keep track of which target systems the task could not audit, check Enable in the Save target names that could not be contacted to the following machine list section. Then type a name for the machine list, using variables in the name if you want.

The machine list you enter saves the names of all systems that did not get audited as a result of the termination. Auditing this machine list later enables you to finish auditing the

remaining systems.

If you type the name of an existing machine list, any systems already listed in it will be removed. Unless you want the machine list altered in the case of an incomplete audit,

we recommend creating a database machine list expressly for this purpose.

Credentials Settings

15.If you want to use specific credentials to access all systems whenever this audit task runs, type those credentials in the Login box.

If you do not want to specify credentials, skip to step 18.

16.In the Password box, type the password of the credentials you specified in the previous

step.

17.If you want to make sure these credentials are used to access target systems instead of any credentials that might be delegated from other credential stores or from the console application, check the Always use my credentials over delegated ones box.

Windows Group Access

18.Set Windows Group Access. Enter Windows groups, separated by a comma, that can edit this scheduled task and use it to perform audits. This establishes which users can access this task and its audit results due to their role. If a Windows User Group isn't on the local computer, you'll need to enter the group in domain\groupname format.

74

Page 81 Page 83
Image 82
Page 81 Page 83
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit Agreement Self-Service AuditWhat is Self-Service Auditing? How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Local Server Settings Configure ServersAbout Server Configuration Pages with Role SettingsViewing Audit Results SetupDatabase Connection Secure Connection Windows 2000 ServersCredential Store User Click OK on the Default Web Site Properties windowCreating Credential Stores Software Registration Enable Web ServicesSecurityExpressions Console Credential Stores Site PreferencesAccess Global Machine List Access User Roles Item RightsLibrary Synchronization Policy File LibraryCheck the Synchronize with a policy file library box About Policy Files How System Scores are CalculatedDefault method for remote execution on Windows Agent & Service ConfigurationTarget Options SSH Agent Authentication Database Cleanup Policies Update TaskCancel Add TaskSite Preferences Agent DownloadsClick Use the Following Agreement Allow Remediation Page Policies What is Audit-on-Connect?Audit-On-Connect Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Expression Scopes Deleting ScopesDNS Domain Name Scopes Supported OperatorsOrg Unit Scopes Supported FunctionsDetection Method Scopes Notifications Click Add New Creating New Command NotificationsCreating New Email Notifications Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions Table Column Description ExceptionsExceptions Adding ExceptionsDeleting Exceptions Specify Password and Encrypted PasswordConnection Monitors Connection MonitorsRemove Configuring Connection MonitorsEnabling Connection Monitors Connection Monitor Configuration File IP Range SectionDefault OptionsConfiguration File Syntax Processing the Configuration FileActive Directory Active Directory Connection Monitor only Network Slow LinksUnmanaged Systems Trace Route InformationNetwork Admissions Control Initial TokenReaudit if quarantined HealthyQuarantined/Unknown Redirection WebRedirection Web Page Behavior Audit on Connect TracingAudit on Connect Tracing Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsEditing Global Machine Lists Scheduled TasksDeleting Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Audit-On-Connect Activity Table Column Description View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage Browse Audit Results View Audit ResultsAdding a New Audit Results Report Profile Page Editing Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights
Top Page Image Contents