SecurityExpressions Server User Guide
42
To create a new command notification:
1. Click Add New in the Notifications page.
2. Provide a Notification Name, a customized name of the notification to appear in the
table.
3. Select Command as the Type.
4. Type the Command to run, which may be a URL. Include the command Arguments. You
can pass variables to the command.
If the command is a program, programs expect dependent files to be in the \system32\
folder.
5. Click Add New.
Deleting Notifications
Click the Delete hyperlink for the notification that you want to remove. When you delete a
notification, you remove it from the database. A warning appears to remind you that you are
about to delete a record from the database. At this time, you can cancel the action or delete the
record.
Notification Variables
You can include the variables listed here in any text-entry setting in a notification.
%RESULTLINK% - URL of the results or report
%POLICY% - policy used to perform the audit
%DESCRIPTION% - description of the task that executed the audit, from the Description
box located in the Task Options and Scheduling dialog box's List tab
To learn more about the Task Options and Scheduling dialog box, check the
SecurityExpressions Console help.
%DATE% - the date this task ran
The following three variables will only return a value if statistics are available:
%COUNTPROBLEMS% - number of errors encountered during the audit
%COUNTRULES% - number of rules used to audit the machine list
%SCORE% - the overall score resulting from the audit
The following four variables will only return a value if the task only audited one system:
%IP% - IP address or name of the system being audited, depending which represents the
system in the machine list
%COMPUTER% - identical to the %IP% variable
%HOST% - identical to the %IP% variable
%GROUPPOSTURERESULT% - posture result of the system being audited
Example