Symantec Security Expressions Server Server User Manual


 
Audit-On-Connect
39
Audits can detect systems on the network using the following methods: DHCP, EVENTLOG, NAC,
self-service (for self-service audits).
A system matches this scope if the connection monitor used to connect to it matches the value
entered.
Device Type Scopes
Lets you indicate a kind of system to audit. Choices are Windows, UNIX, or Unknown.
A system matches this scope if it's the kind of system selected. Selecting Unknown includes all
systems.
IP Range Scopes
A system matches this scope if its IP address is in the range. Use - or : to indicate an IP range.
Ex.:192.168.10.1-62
Use / to indicate an IP range expressed using netmask length.
Ex.: 10.0.3.0/24
You can also enter single IP addresses.
Machine List Scopes
If your organization uses the console application and someone created one or more database
machine lists (also known as global machine lists) on it, you may use this scope. Type the names
of database machine lists from the console.
A system matches this scope if it's in the machine list.
If a global machine list has Windows Group Results Access restricted in the ML Access page,
the restrictions do not affect viewing audit results when a scope is a machine list scope. Only
the Windows Group Results Access setting for the scope applies.
Windows Domain Scopes
A system matches this scope if its fully qualified domain name matches the value entered. Type
domains in either Netbios (SYMANTEC) or DNS (symantec.com) format.
This scope only works if you are using the Active Directory connection monitor.
Notifications
Notifications
You can opt to receive email or program-output notifications when audits occur. Notifications
apply to Audit-On-Schedule or Audit-On-Connect results and each audit can have one or more
notification actions upon completion.
You may use notifications created in SecurityExpressions console in addition to the ones
created in SecurityExpressions server. This application lets you select notifications created in
both applications in the Schedules Tasks page and the Scopes page.
The Notifications table displays the notification Name, Type, and Values. From this page you
create an email or command notification that you can edit or delete.