Symantec Security Expressions Server Server User Manual


 
Audit-On-Connect
37
blank.
Pass Notifications Notifications to run when the Group Posture of an audit in
this scope is PASS. This value may be blank.
Fail Notifications Notifications to run when the Group Posture of an audit in
this Scope is FAIL. This value may be blank.
Error Notifications Notifications to run when the Group Posture of an audit in
this Scope is ERROR. This value may be blank.
Connection Error Notifications Notifications to run when the Group Posture of an audit in
this Scope is CONN_ERROR. This value may be blank.
SE Console Notifications Notifications from the console application to run when a
computer in this scope is detected. This value may be
blank.
Windows Group Results Access Specify the Windows User Groups who can access results
from audits that used this scope, if you want to restrict
access to this scope's audit results. Displays "Everyone" if
the scope's audit results aren't restricted.
Deleting Scopes
To delete a scope, click the Delete hyperlink for the scope in the table. When you delete a
scope, you remove it from the database. A warning appears to remind you that you are about to
delete a record from the database. At this time, you can cancel the action or delete the record.
DNS Domain Name Scopes
A domain written in DNS format. You may use the * wild card to represent a range of system
names, as in "*.symantec.com".
A system matches this scope if its fully qualified domain name matches the value entered. You
can also use any valid shell expression to match against a target's fully qualified domain name. If
the server does not know the fully qualified name (typically from a reverse DNS lookup), then it
attempts to match the target's IP address against the shell expression.
Expression Scopes
You may use an expression to combine more than one scope type into one unified scope of
target systems. Use functions, Boolean operators and parentheses to construct your expression.
Function names are not case sensitive. You may use more than one line to enter an expression.
Unlike the other scopes, expression scopes can only accept one entry. Regardless of how
many lines long a scope is, all lines are treated as a single expression.
Example: (IPRANGE(12.2.1.0/24) || IPRANGE(11.2.1.0/20)) && !DOMAIN(symantec.com)
Supported Operators
Operator Description
&& Logical AND
|| Logical OR
! Logical NOT