Audit-On-Connect

Audits can detect systems on the network using the following methods: DHCP, EVENTLOG, NAC, self-service (for self-service audits).

A system matches this scope if the connection monitor used to connect to it matches the value entered.

Device Type Scopes

Lets you indicate a kind of system to audit. Choices are Windows, UNIX, or Unknown.

A system matches this scope if it's the kind of system selected. Selecting Unknown includes all systems.

IP Range Scopes

A system matches this scope if its IP address is in the range. Use - or : to indicate an IP range.

Ex.:192.168.10.1-62

Use / to indicate an IP range expressed using netmask length.

Ex.: 10.0.3.0/24

You can also enter single IP addresses.

Machine List Scopes

If your organization uses the console application and someone created one or more database machine lists (also known as global machine lists) on it, you may use this scope. Type the names of database machine lists from the console.

A system matches this scope if it's in the machine list.

If a global machine list has Windows Group Results Access restricted in the ML Access page, the restrictions do not affect viewing audit results when a scope is a machine list scope. Only

the Windows Group Results Access setting for the scope applies.

Windows Domain Scopes

A system matches this scope if its fully qualified domain name matches the value entered. Type domains in either Netbios (SYMANTEC) or DNS (symantec.com) format.

This scope only works if you are using the Active Directory connection monitor.

Notifications

Notifications

You can opt to receive email or program-output notifications when audits occur. Notifications apply to Audit-On-Schedule or Audit-On-Connect results and each audit can have one or more notification actions upon completion.

You may use notifications created in SecurityExpressions console in addition to the ones created in SecurityExpressions server. This application lets you select notifications created in

both applications in the Schedules Tasks page and the Scopes page.

The Notifications table displays the notification Name, Type, and Values. From this page you create an email or command notification that you can edit or delete.

39

Page 47
Image 47
Symantec Security Expressions Server manual Notifications