Support User Manuals

Symantec Security Expressions Server Server User Manual

Open as PDF

of 97

Audit-On-Connect

39

Audits can detect systems on the network using the following methods: DHCP, EVENTLOG, NAC,

self-service (for self-service audits).

A system matches this scope if the connection monitor used to connect to it matches the value

entered.

Device Type Scopes

Lets you indicate a kind of system to audit. Choices are Windows, UNIX, or Unknown.

A system matches this scope if it's the kind of system selected. Selecting Unknown includes all

systems.

IP Range Scopes

A system matches this scope if its IP address is in the range. Use - or : to indicate an IP range.

Ex.:192.168.10.1-62

Use / to indicate an IP range expressed using netmask length.

Ex.: 10.0.3.0/24

You can also enter single IP addresses.

Machine List Scopes

If your organization uses the console application and someone created one or more database

machine lists (also known as global machine lists) on it, you may use this scope. Type the names

of database machine lists from the console.

A system matches this scope if it's in the machine list.

If a global machine list has Windows Group Results Access restricted in the ML Access page,

the restrictions do not affect viewing audit results when a scope is a machine list scope. Only

the Windows Group Results Access setting for the scope applies.

Windows Domain Scopes

A system matches this scope if its fully qualified domain name matches the value entered. Type

domains in either Netbios (SYMANTEC) or DNS (symantec.com) format.

This scope only works if you are using the Active Directory connection monitor.

Notifications

Notifications

You can opt to receive email or program-output notifications when audits occur. Notifications

apply to Audit-On-Schedule or Audit-On-Connect results and each audit can have one or more

notification actions upon completion.

You may use notifications created in SecurityExpressions console in addition to the ones

created in SecurityExpressions server. This application lets you select notifications created in

both applications in the Schedules Tasks page and the Scopes page.

The Notifications table displays the notification Name, Type, and Values. From this page you

create an email or command notification that you can edit or delete.

previous next