Symantec Security Expressions Server Server User Manual


 
SecurityExpressions Server User Guide
38
Supported Functions
Function Argument Description
iprange a valid IP range Returns TRUE if the target
computer is a member of the IP
range.
domain a windows domain in Netbios or
DNS format
Returns TRUE if the target
computer is a member of the
windows domain.
machinelist a database machine list created
using the console application
Returns TRUE if the target is a
member of the machine list.
devicetype a valid device type Returns TRUE if the target is the
type of device specified.
fqdnmatch a shell expression Returns TRUE if the target’s full
qualified domain name matches
the shell expression.
ou the name of an OU in Microsoft
shorthand, and optionally an LDAP
URL specifying what directory and
credentials should be queried
Returns TRUE if the target is a
member of the organizational
unit.
detectionmethod a method for detecting systems on
the network
Returns TRUE if the target was
detected on the network using
this method.
aocserver a shell expression Returns TRUE if the server
processing the connection event
matches the shell expression.
Org Unit Scopes
Also known as an OU, a system's organizational unit is listed in the domain controller. The
software searches OUs in order to find Active-Directory computer accounts. OU searches begin at
the directory’s default naming context.
Use Microsoft shorthand notation to type OUs. You do not need to type OUs in a case-sensitive
manner. For example, the Active Directory DN of “ou=A,ou=B,dc=symantec,dc=com” would be
entered as “B/A.” If your computer accounts are located in Active Directory's default location of
"cn=computers,dc=symantec,dc=com," you can simply enter "computers" to search for all
computer accounts.
If you're running the server application on a system that's not a member of an Active
Directory domain, you'll need to override the directory, protocol and login credentials to the
directory by specifying an LDAP URL as the first OU. The syntax is
"ldap://[user:password@]host[:port].” The User can be in Microsoft format such as
"user@domain.com” or in standard LDAP format such as "cn=user,dc=symantec,dc=com."
A system matches this scope if its Active-Directory computer account matches the value entered.
Detection Method Scopes