Symantec Security Expressions Server manual View Audit Results, Browse Audit Results

Page 89

View Audit Results

Browse Audit Results

This page shows audit results in the form of reports. It features results from almost all kinds of auditing methods, including:

Audit-on-Schedule

Audit-on-Connect

self-service audits based on multiple policy files and Audit-on-Connect scopes

audits performed on any consoles connected to the same database as the server application

SecurityExpressions Audit & Compliance Server dynamically generates reports based on pre- configured report profiles. Clicking a hyperlink drills down to a new page with a report showing all of the policy files and the individual policy file posture result used during the audit of the device. Additionally you can drill down by policy file to the audit detail for that audit. When browsing audit data, you may view it but cannot modify it.

When you first browse Audit-On-Schedule activity, a table appears with Audit-On-Schedule pre- configured reports and any previously created user-defined reports. SecurityExpressions Audit & Compliance Server provides one Audit-On-Schedule pre-configured report, which is a status report over 30 days, plus one additional standard report called Scheduled Audits Log.

Once you have created a report profile, you can drill down into the details of the report. Click Show to begin to see the which device was audited, by whom, the policy file used for the audit, and the results. Clicking Details from this Audit List displays the audit report with greater details. For example, you can see the status and priority for each rule.

Only the machine lists, policies, scheduled tasks, and scopes (when viewing Audit-on-Connect results) to which you have Use access rights appear for selection. Access rights are set in the Windows Group Access options on the My Machine Lists page, ML Access page, Policies page, Scheduled Tasks page, and Scopes page. If you can't find a machine list, policy, scheduled task, or scope you need to use, ask the item's creator or administrator to add you to one of the Windows User Groups with Use access rights to it.

Furthermore, reports only display audit results involving scopes to which you have View access rights, policies to which you have Result access rights, and machine list members audited using machine lists to which you have Result access rights.

Adding a New Audit Results Report Profile

Creating a new report profile defines a report filter and what appears in each report.

1.Click the New button to display report-profile options.

2.Type a Report Name and a short report Description.

3.Select a report type and then define filters that cause only certain audit results that meet your criteria to display in the report.

The filter options available depend on the report type you select.

81

Page 88 Page 90
Image 89
Page 88 Page 90
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage What is Self-Service Auditing? Self-Service AuditSelf-Service Audit Agreement How to Audit your Local ComputerDisplays on the page. No detailed audit results appear About Server Configuration Configure ServersLocal Server Settings Pages with Role SettingsDatabase Connection SetupViewing Audit Results Windows 2000 Servers Secure ConnectionCreating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User SecurityExpressions Console Credential Stores Enable Web ServicesSoftware Registration Site PreferencesAccess Item Rights Global Machine List Access User RolesCheck the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization How System Scores are Calculated About Policy FilesTarget Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Cancel Update TaskPolicies Add TaskClick Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page Audit-On-Connect What is Audit-on-Connect?Policies Policies TablePage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table DNS Domain Name Scopes Deleting ScopesExpression Scopes Supported OperatorsDetection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Creating New Email Notifications Creating New Command NotificationsClick Add New Editing NotificationsClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsExceptions ExceptionsExceptions Table Column Description Adding ExceptionsConnection Monitors Specify Password and Encrypted PasswordDeleting Exceptions Connection MonitorsEnabling Connection Monitors Configuring Connection MonitorsRemove IP Range Section Connection Monitor Configuration FileOptions DefaultActive Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Slow Links NetworkNetwork Admissions Control Trace Route InformationUnmanaged Systems Initial TokenQuarantined/Unknown HealthyReaudit if quarantined Redirection WebAudit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsDeleting Machine Lists Scheduled TasksEditing Global Machine Lists Scheduled TasksAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Browse Audit-On-Connect Activity View Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report ProfileDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Adding Custom Reports to the Server Application Scheduled Audits Log ReportEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights
Top Page Image Contents