Symantec Security Expressions Server Server User Manual


 
27
Audit-On-Connect
What is Audit-on-Connect?
Audit-on-Connect is an optional feature of SecurityExpressions Audit & Compliance Server that is
sold separately. It enables you to audit systems as they connect to the network rather than on a
fixed schedule. This allows you to audit systems that might not be regularly or predictably
connected to the network such as field-user laptops. This also allows for systems that are missed
in a scheduled audit to be automatically picked up the next time they connect.
Use the following pages to configure Audit-on-Connect:
Policies
Scopes
Notifications
Exceptions
Connection Monitors
Network
Audit on Connect Tracing
Policies
Policies Page
When you create a new policy, you assign a name and a policy file (.sif) to the policy. Note that
policies differ from policy files: a
policy
contains a designated
policy file
.
From the Policies page you create policies to define the audits. You also edit or delete existing
policies. If performing an Audit-on-Connect audit, you also set the run-time variables on the
Policies page.
Policies are saved to the database. If more than one person is editing the same policy at the
same time, the version saved last is the only version that will be stored.
Note that you can associate one or more policy files with specific conditions and the scope.
The Policies table displays available policies for the audits and policy configurations.
Policies Table
The Policies table displays available policies for the audits and policy configurations. The Policies
table consists of the following columns:
Column Description
Active If Yes, then apply the policy. If the policy is active, within
that Scope, the policy will be applied.
If No, the policy is not applied but will not be deleted.
Edit Make changes to this policy entry in the table.
Delete Remove this entry from the table.
Name Policy name as it is listed for selection when creating a