Symantec Security Expressions Server Server User Manual


 
Audit-On-Connect
33
and modify the .CONFIGURE rule. When you create a new Policy and select an associated policy
file, the server application determines if a .CONFIGURE rule exists and displays prompts for
modifications. This rule may require synchronization between the database and the policy file. To
synchronize the database and the new file, save the policy file in the database with a new name
with new parameters for the .CONFIGURE rule, if previously saved in the database.
Scopes
Scopes
A scope is a set of target systems that get audited together when using Audit-on-Connect. Each
scope is associated with one or more policies, which indicates how to audit the scope. When a
system connects to the network, the server software checks all scopes to see if the system falls
within one. If it does, and it is not part of an exception, it gets audited using the policy
associated with the scope.
All scopes are assigned an order number. The first scope that matches the system is the scope
used for the audit. All systems in the scope get audited.
The Scopes page displays the Scopes table and lets you add, edit, and delete scopes.
Add a New Scope
1. Click Add New on the Scopes page.
2. If you want to use an order number other than the one automatically generated, type
one in the Order box.
Order number is the numeric order in which the scope should be checked for resolution.
SecurityExpressions Audit & Compliance Server automatically increments the order
number. If you enter a new number or change the order, the application automatically
rearranges the order of any existing scopes. For example, if you already have scopes 1
through 4 in the table and you create a new scope with an order number of 1, the existing
scopes become scopes 2 through 5.
3. In the Name box, type a scope name.
4. Select the scope type.
You may define scopes of the following types:
IP Range
Windows Domain This scope only works if you are using the Active Directory
connection monitor.
Org Unit
DNS Domain Name
Device Type
Machine List
Expression
Detection Method
5. Enter values to determine which target systems belong to the scope. The values entered
are determined valid or invalid depending on the scope type selected.