Symantec Security Expressions Server manual View Audit-On-Connect Activity

Page 85

View Audit-On-Connect Activity

Browse Audit-On-Connect Activity

Audit-On-Connect activity reports show Audit-On-Connect connection events as they were logged over time. Use these reports to troubleshoot and optimize Audit-on-Connect configurations.

SecurityExpressions Audit & Compliance Server dynamically generates reports based on preconfigured or user-defined report profiles. When you first browse Audit-On-Connect activity, a table appears with Audit-On-Connect preconfigured reports and any previously created user- defined reports. SecurityExpressions Audit & Compliance Server provides five Audit-On-Connect preconfigured reports, which are status reports over specific time periods. The top level table shows names such as Status 01 Hour as a preconfigured report. Additional standard reports include Audit-On-Connect Error Log and Audit-On-Connect Exceptions.

Click Show to open the saved report profile. Click Details to drill-down to see details.

Only the policies and scopes to which you have Use access rights appear for selection. Access rights are set in the Windows Group Access options on the Policies page and Scopes page. If you can't find a policy or scope you need to use, ask the item's creator or administrator to add you to one of the Windows User Groups with Use access rights to it.

Furthermore, reports only display audit results involving scopes to which you have View access rights and policies to which you have Result access rights.

Audit-On-Connect Activity Table

Column

Description

 

 

Preconfigured

Yes indicates a standard report. No indicates a custom report

 

profile.

Name

Report Name from the Audit-On-Connect Activity Report

 

Profile

Description

Report description from the Audit-On-Connect Activity Report

 

Profile

Show Most Recent

If you audit the same device multiple times, show the most

 

recent activity report

Detection Methods

Connection Monitor type, which includes DHCP, EventLog, or

 

both

Date From

Date and time activity reporting started

Date To

Date and time activity reporting ended

Adding a New Audit-On-Connect Report Profile

Creating a new report profile creates a filter for a report and defines what appears in each report.

To define a new Audit-On-Connect Report Profile, click New and save the settings and fields to include in the report.

1. Type a Report Name and a short report Description.

77

Image 85
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage What is Self-Service Auditing? Self-Service AuditSelf-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear About Server Configuration Configure ServersLocal Server Settings Pages with Role SettingsViewing Audit Results SetupDatabase Connection Windows 2000 Servers Secure ConnectionCredential Store User Click OK on the Default Web Site Properties windowCreating Credential Stores SecurityExpressions Console Credential Stores Enable Web ServicesSoftware Registration Site PreferencesAccess Item Rights Global Machine List Access User RolesLibrary Synchronization Policy File LibraryCheck the Synchronize with a policy file library box How System Scores are Calculated About Policy FilesDefault method for remote execution on Windows Agent & Service ConfigurationTarget Options SSH Agent Authentication Database Cleanup Cancel Update TaskPolicies Add TaskSite Preferences Agent DownloadsClick Use the Following Agreement Allow Remediation Page Audit-On-Connect What is Audit-on-Connect?Policies Policies TablePage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table DNS Domain Name Scopes Deleting ScopesExpression Scopes Supported OperatorsOrg Unit Scopes Supported FunctionsDetection Method Scopes Notifications Creating New Email Notifications Creating New Command NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsExceptions ExceptionsExceptions Table Column Description Adding ExceptionsConnection Monitors Specify Password and Encrypted PasswordDeleting Exceptions Connection MonitorsRemove Configuring Connection MonitorsEnabling Connection Monitors IP Range Section Connection Monitor Configuration FileOptions DefaultConfiguration File Syntax Processing the Configuration FileActive Directory Active Directory Connection Monitor only Slow Links NetworkNetwork Admissions Control Trace Route InformationUnmanaged Systems Initial TokenQuarantined/Unknown HealthyReaudit if quarantined Redirection WebRedirection Web Page Behavior Audit on Connect TracingAudit on Connect Tracing Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsDeleting Machine Lists Scheduled TasksEditing Global Machine Lists Scheduled TasksAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Browse Audit-On-Connect Activity View Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage Browse Audit Results View Audit ResultsAdding a New Audit Results Report Profile Page Adding Custom Reports to the Server Application Scheduled Audits Log ReportEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights