Setup, Viewing Audit Results | Symantec Security Expressions Server

SecurityExpressions Server User Guide

Viewing Audit Results

SecurityExpressions generates audit results through the following kinds of audits. To view results from each kind of audit, a user needs rights to view results from key configurable items (machine lists, policies, and scopes) involved in the audit. The configurable items to which a user needs audit-result viewing rights, for each kind of audit, are:

Audit on Schedule

•policies

•My Machine Lists or global machine lists

Audit on Connect

•policies

•scopes

Self-Service Audits

•policies

•any My Machine Lists or global machine lists the computer belongs to, whether or not the machine list is involved in the audit

•Super User item rights, if the computer does not belong to any machine list

Instant Audits - performed in the console application's Audit tab

•policies

•global machine lists, if auditing a machine list

•any My Machine Lists or global machine lists that the computer(s) belong to, if auditing individual computers instead of a machine list

•Super User item rights, if the computer does not belong to any machine list

Web-Services Audits - audits activated through the Web-services layer (see the SecurityExpressions Web Services API Guide for more information)

•policies

•global machine lists, if auditing a machine list

•any My Machine Lists or global machine lists that the computer(s) belong to, if auditing individual computers instead of a machine list

•Super User item rights, if the computer does not belong to any machine list

Setup Page

Database Connection

The Application Setup page displays the name of the system where the database resides and the database's name. The Database Connection settings on the Application Setup page let you connect the SecurityExpressions Audit & Compliance Server to a central database.

If you don’t want to connect to an existing database and don’t need to create a custom database, you have the option of creating the database using the Database Connection settings instead of creating it in the database application.

12

Image 20

Symantec Security Expressions Server manual Setup, Viewing Audit Results, Database Connection

Contents

SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Technical Support Contacting Technical SupportPage Other Products SecurityExpressions ConsolePage Overview About SecurityExpressions Audit & Compliance ServerPage Self-Service Audit What is Self-Service Auditing?Self-Service Audit Agreement How to Audit your Local Computer Displays on the page. No detailed audit results appear Configure Servers About Server ConfigurationLocal Server Settings Pages with Role Settings Database Connection SetupViewing Audit Results Secure Connection Windows 2000 Servers Creating Credential Stores Click OK on the Default Web Site Properties windowCredential Store User Enable Web Services SecurityExpressions Console Credential StoresSoftware Registration Site Preferences Access Global Machine List Access User Roles Item Rights Check the Synchronize with a policy file library box Policy File LibraryLibrary Synchronization About Policy Files How System Scores are Calculated Target Options Agent & Service ConfigurationDefault method for remote execution on Windows SSH Agent Authentication Database Cleanup Update Task CancelPolicies Add Task Click Use the Following Agreement Agent DownloadsSite Preferences Allow Remediation Page What is Audit-on-Connect? Audit-On-ConnectPolicies Policies TablePage Adding Policies Editing Policies Configuring with Run-Time Policy Variables Deleting PoliciesPage Add a New Scope ScopesScopes Page Edit a Scope Scopes Table Deleting Scopes DNS Domain Name ScopesExpression Scopes Supported Operators Detection Method Scopes Supported FunctionsOrg Unit Scopes Notifications Creating New Command Notifications Creating New Email NotificationsClick Add New Editing Notifications Click Add New Creating New Command Notifications Deleting Notifications Notification Variables Exceptions ExceptionsExceptions Table Column Description Adding Exceptions Specify Password and Encrypted Password Connection MonitorsDeleting Exceptions Connection Monitors Enabling Connection Monitors Configuring Connection MonitorsRemove Connection Monitor Configuration File IP Range Section Default Options Active Directory Active Directory Connection Monitor only Processing the Configuration FileConfiguration File Syntax Network Slow Links Trace Route Information Network Admissions ControlUnmanaged Systems Initial Token Healthy Quarantined/UnknownReaudit if quarantined Redirection Web Audit on Connect Tracing Audit on Connect TracingRedirection Web Page Behavior Page Page What is Audit-on-Schedule? Audit-On-SchedulePage Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine Lists Adding Machine Lists Editing Machine Lists Scheduled Tasks Deleting Machine ListsEditing Global Machine Lists Scheduled Tasks Basic Settings Adding Scheduled Tasks Schedule Settings Hosts Not Connected Settings Other Options Settings Credentials Settings Windows Group Access Editing Scheduled Tasks Schedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page View Audit-On-Connect Activity Browse Audit-On-Connect ActivityAudit-On-Connect Activity Table Column Description Adding a New Audit-On-Connect Report Profile Editing Report Profiles Deleting Report Profiles Audit-On-Connect Error Log Report Audit-On-Connect Exceptions ReportPage Adding a New Audit Results Report Profile View Audit ResultsBrowse Audit Results Page Scheduled Audits Log Report Adding Custom Reports to the Server ApplicationEditing Audit Report Results Profiles Deleting Audit Report Results ProfilesPage Glossary Page Configure Index IP address 33, 44, 45 Rule weights