Symantec Security Expressions Server manual Editing Report Profiles, Deleting Report Profiles

Page 86

SecurityExpressions Server User Guide

2.Select one or more Detection Methods. The detection method identifies the Connection Monitor types.

3.Define filters that cause only certain events that meet your criteria to display in the report. Click the links and set the criteria. You may set as many kinds of filters as you like. The report's contents are based on a combination of all filters you set.

Note: When you click a new link, the options from the previous link no longer display but any options you selected there are still selected. To help you remember which links have filters selected, a check mark appears next to them.

Group Posture Results - Select as many as you want.

Device Type - Select as many as you want.

Enter MACs - Type the MAC addresses you want to use as criteria. One per line.

Enter IP Addresses - Type the IP addresses you want to use as criteria. One per line.

Enter Device Name - Type the device names you want to use as criteria. One per line.

Scope Name – Select as many as you want. More than one Policy can apply to a Scope. If you do not filter by policy, all data displays.

If a computer is listed in multiple scopes, the only Windows Group Access settings that apply to the audit results are the ones from the scope used by the audit.

4.In the Show Fields section, check the boxes to choose which additional columns you want to appear in the summary report of this profile.

5.Under Date/Hour Range Selection, select one of the following options and set a range of data to display each time the report runs.

Open or closed range beginning on a specific day - Includes in the report a range of connection activity starting on a specific date. You may specify an end for the date range or let the report display all activity available after the starting date.

Relative range from the current date - Includes in the report a range of connection activity prior to the day the report ran. Enter how many days, hours and minutes worth of prior data you want to display in the report.

6.Select Most Recent Audit to show the most recent audit only and remove duplicate

data.

7.Click Save to save this report profile.

Editing Report Profiles

To edit a report profile, click the Edit hyperlink and modify the same settings as during the profile creation.

Deleting Report Profiles

To delete a report profile:

1.Click the Edit hyperlink on the Browse Audit-On-Connect Activity table to select the report profile to remove.

78

Image 86
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit Agreement Self-Service AuditWhat is Self-Service Auditing? How to Audit your Local ComputerDisplays on the page. No detailed audit results appear Local Server Settings Configure ServersAbout Server Configuration Pages with Role SettingsDatabase Connection SetupViewing Audit Results Secure Connection Windows 2000 ServersCreating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User Software Registration Enable Web ServicesSecurityExpressions Console Credential Stores Site PreferencesAccess Global Machine List Access User Roles Item RightsCheck the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization About Policy Files How System Scores are CalculatedTarget Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Policies Update TaskCancel Add TaskClick Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page Policies What is Audit-on-Connect?Audit-On-Connect Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table Expression Scopes Deleting ScopesDNS Domain Name Scopes Supported OperatorsDetection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Click Add New Creating New Command NotificationsCreating New Email Notifications Editing NotificationsClick Add New Creating New Command Notifications Deleting Notifications Notification VariablesExceptions Table Column Description ExceptionsExceptions Adding ExceptionsDeleting Exceptions Specify Password and Encrypted PasswordConnection Monitors Connection MonitorsEnabling Connection Monitors Configuring Connection MonitorsRemove Connection Monitor Configuration File IP Range SectionDefault OptionsActive Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Network Slow LinksUnmanaged Systems Trace Route InformationNetwork Admissions Control Initial TokenReaudit if quarantined HealthyQuarantined/Unknown Redirection WebAudit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsAdding Machine Lists Editing Machine ListsEditing Global Machine Lists Scheduled TasksDeleting Machine Lists Scheduled TasksBasic Settings Adding Scheduled TasksSchedule Settings Hosts Not Connected Settings Other Options Settings Credentials SettingsWindows Group Access Editing Scheduled TasksSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Audit-On-Connect Activity Table Column Description View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Adding a New Audit-On-Connect Report ProfileEditing Report Profiles Deleting Report ProfilesAudit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Editing Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Deleting Audit Report Results ProfilesPage Glossary Page Configure IndexIP address 33, 44, 45 Rule weights