Symantec Security Expressions Server manual View Audit-On-Connect Activity

View Audit-On-Connect Activity

Browse Audit-On-Connect Activity

Audit-On-Connect activity reports show Audit-On-Connect connection events as they were logged over time. Use these reports to troubleshoot and optimize Audit-on-Connect configurations.

SecurityExpressions Audit & Compliance Server dynamically generates reports based on preconfigured or user-defined report profiles. When you first browse Audit-On-Connect activity, a table appears with Audit-On-Connect preconfigured reports and any previously created user- defined reports. SecurityExpressions Audit & Compliance Server provides five Audit-On-Connect preconfigured reports, which are status reports over specific time periods. The top level table shows names such as Status 01 Hour as a preconfigured report. Additional standard reports include Audit-On-Connect Error Log and Audit-On-Connect Exceptions.

Click Show to open the saved report profile. Click Details to drill-down to see details.

Only the policies and scopes to which you have Use access rights appear for selection. Access rights are set in the Windows Group Access options on the Policies page and Scopes page. If you can't find a policy or scope you need to use, ask the item's creator or administrator to add you to one of the Windows User Groups with Use access rights to it.

Furthermore, reports only display audit results involving scopes to which you have View access rights and policies to which you have Result access rights.

Audit-On-Connect Activity Table

Adding a New Audit-On-Connect Report Profile

Creating a new report profile creates a filter for a report and defines what appears in each report.

To define a new Audit-On-Connect Report Profile, click New and save the settings and fields to include in the report.

1. Type a Report Name and a short report Description.

77