Symantec Security Expressions Server Server User Manual


 
55
Audit-On-Schedule
What is Audit-on-Schedule?
Audit-on-Schedule is an auditing method that audits a group of systems at scheduled intervals.
You create a scheduled task that audits all systems in a machine list based on a policy. When the
audit is finished, the task can send notifications indicating the audit is done and where to view
audit results.
Use the following pages to configure Audit-on-Schedule:
Policies
Notifications
My Machine Lists
Scheduled Tasks
First create policies, notifications and machine lists to add to scheduled audit tasks. Then create a
task. Once the task is scheduled, it runs automatically
Policies
Policies Page
When you create a new policy, you assign a name and a policy file (.sif) to the policy. Note that
policies differ from policy files: a
policy
contains a designated
policy file
.
From the Policies page you create policies to define the audits. You also edit or delete existing
policies. If performing an Audit-on-Connect audit, you also set the run-time variables on the
Policies page.
Policies are saved to the database. If more than one person is editing the same policy at the
same time, the version saved last is the only version that will be stored.
Note that you can associate one or more policy files with specific conditions and the scope.
The Policies table displays available policies for the audits and policy configurations.
Policies Table
The Policies table displays available policies for the audits and policy configurations. The Policies
table consists of the following columns:
Column Description
Active If Yes, then apply the policy. If the policy is active, within
that Scope, the policy will be applied.
If No, the policy is not applied but will not be deleted.
Edit Make changes to this policy entry in the table.
Delete Remove this entry from the table.
Name Policy name as it is listed for selection when creating a
scope or scheduled task.