Symantec Security Expressions Server User manual

SecurityExpressions Server User

Guide

iii

Table Of Contents

Contacting Us......................................................................................................................1

Technical Support ................................................................................................................3

Contacting Technical Support............................................................................................. 3

Other Products.....................................................................................................................5

SecurityExpressions Console.............................................................................................. 5

Overview.............................................................................................................................7

About SecurityExpressions Audit & Compliance Server .........................................................7

Self-Service Audit.................................................................................................................9

What is Self-Service Auditing?............................................................................................9

Self-Service Audit Agreement.............................................................................................9

How to Audit your Local Computer..................................................................................... 9

Configure Servers............................................................................................................... 11

About Server Configuration.............................................................................................. 11

Local Server Settings....................................................................................................... 11

About User Roles............................................................................................................ 11

Pages with Role Settings.............................................................................................. 11

Viewing Audit Results................................................................................................... 12

Setup Page .................................................................................................................... 12

Database Connection................................................................................................... 12

Secure Connection....................................................................................................... 13

Credential Store User................................................................................................... 14

Creating Credential Stores............................................................................................ 14

SecurityExpressions Console Credential Stores ............................................................... 15

Software Registration................................................................................................... 15

Site Preferences .......................................................................................................... 15

Other Servers Local Settings......................................................................................... 16

Page Access................................................................................................................... 16

Item Rights.................................................................................................................... 17

Global Machine List Access: User Roles............................................................................. 17

SecurityExpressions Server User Guide

Policy File Library............................................................................................................ 18

Library Synchronization................................................................................................ 18

About Policy Files............................................................................................................ 19

How System Scores are Calculated................................................................................... 19

Example ..................................................................................................................... 20

Target Options ............................................................................................................... 20

Agent & Service Configuration ...................................................................................... 20

SSH Agent Authentication............................................................................................. 21

Database Cleanup........................................................................................................... 22

Event Log Settings....................................................................................................... 22

Audit Data Cleanup Tasks............................................................................................. 22

Self-Service Audit Agreement........................................................................................... 24

Agent Downloads............................................................................................................ 24

Site Preferences.............................................................................................................. 24

Audit-On-Connect .............................................................................................................. 27

What is Audit-on-Connect? .............................................................................................. 27

Policies .......................................................................................................................... 27

Policies Page............................................................................................................... 27

Policies Table.............................................................................................................. 27

Adding Policies............................................................................................................ 29

Editing Policies............................................................................................................ 30

Deleting Policies.......................................................................................................... 31

Configuring with Run-Time Policy Variables.................................................................... 31

Scopes........................................................................................................................... 33

Scopes ....................................................................................................................... 33

Scopes Table............................................................................................................... 36

Deleting Scopes........................................................................................................... 37

DNS Domain Name Scopes........................................................................................... 37

Expression Scopes....................................................................................................... 37

Org Unit Scopes .......................................................................................................... 38

Detection Method Scopes............................................................................................. 38

Table Of Contents

Device Type Scopes..................................................................................................... 39

IP Range Scopes ......................................................................................................... 39

Machine List Scopes..................................................................................................... 39

Windows Domain Scopes ............................................................................................. 39

Notifications................................................................................................................... 39

Notifications................................................................................................................ 39

Creating New Email Notifications................................................................................... 41

Creating New Command Notifications............................................................................ 41

Deleting Notifications................................................................................................... 42

Notification Variables ................................................................................................... 42

Exceptions ..................................................................................................................... 43

Exceptions.................................................................................................................. 43

Deleting Exceptions ..................................................................................................... 44

Connection Monitors ....................................................................................................... 44

Connection Monitors.................................................................................................... 44

Configuring Connection Monitors................................................................................... 45

Enabling Connection Monitors....................................................................................... 45

Connection Monitor Configuration File ........................................................................... 46

Processing the Configuration File .................................................................................. 48

Configuration File Syntax.............................................................................................. 48

Network......................................................................................................................... 49

Slow Links .................................................................................................................. 49

Trace Route Information.............................................................................................. 50

Network Admissions Control......................................................................................... 50

Audit on Connect Tracing ................................................................................................ 52

Audit on Connect Tracing............................................................................................. 52

Audit-On-Schedule............................................................................................................. 55

What is Audit-on-Schedule?............................................................................................. 55

Policies .......................................................................................................................... 55

Policies Page............................................................................................................... 55

Policies Table.............................................................................................................. 55

SecurityExpressions Server User Guide

Adding Policies............................................................................................................ 57

Editing Policies............................................................................................................ 58

Deleting Policies.......................................................................................................... 59

Configuring with Run-Time Policy Variables.................................................................... 59

Notifications................................................................................................................... 61

Notifications................................................................................................................ 61

Creating New Command Notifications............................................................................ 62

Creating New Email Notifications................................................................................... 63

Deleting Notifications................................................................................................... 63

Notification Variables ................................................................................................... 63

My Machine Lists ............................................................................................................ 64

My Machine Lists......................................................................................................... 64

Adding Machine Lists ................................................................................................... 65

Editing Machine Lists ................................................................................................... 65

Deleting Machine Lists ................................................................................................. 66

Editing Global Machine Lists ......................................................................................... 66

Scheduled Tasks............................................................................................................. 66

Scheduled Tasks.......................................................................................................... 66

Adding Scheduled Tasks............................................................................................... 67

Editing Scheduled Tasks............................................................................................... 71

Deleting Scheduled Tasks............................................................................................. 75

View Audit-On-Connect Activity........................................................................................... 77

Browse Audit-On-Connect Activity .................................................................................... 77

Audit-On-Connect Activity Table.................................................................................... 77

Adding a New Audit-On-Connect Report Profile .............................................................. 77

Editing Report Profiles.................................................................................................. 78

Deleting Report Profiles................................................................................................ 78

Audit-On-Connect Error Log Report.................................................................................. 79

Audit-On-Connect Exceptions Report................................................................................ 79

View Audit Results ............................................................................................................. 81

Browse Audit Results....................................................................................................... 81

Table Of Contents

vii

Adding a New Audit Results Report Profile..................................................................... 81

Editing Audit Report Results Profiles.............................................................................. 83

Deleting Audit Report Results Profiles............................................................................ 83

Scheduled Audits Log Report ........................................................................................... 83

Adding Custom Reports to the Server Application .............................................................. 83

Glossary............................................................................................................................ 85

Index................................................................................................................................ 87

Contacting Us

Symantec Corporation

20330 Stevens Creek Blvd.

Cupertino, CA 95014 USA

http://www.symantec.com

Technical Support

This manual suits for next models

Table of contents

Other Symantec Server manuals

Symantec

Symantec NetBackup 5200 Series User manual

Symantec

Symantec Backup Exec 3600 R2 User manual

Symantec

Symantec Veritas Solaris User manual

Symantec

Symantec Veritas Cluster Server One User manual

Symantec

Symantec NetBackup 5330 User manual

Symantec

Symantec NetBackup 5200 Series Instructions for use

Symantec

Symantec Veritas Cluster Server One User manual

Popular Server manuals by other brands

HP AlphaServer ES47 Cli reference manual

Dell

Dell PowerEdge R410 Getting started

PowerNAS

PowerNAS CMA quick start guide

Supero

Supero FatTwin F617R3-FT user manual

MSI

MSI P1-109N-L70 user manual

Dell

Dell PowerEdge XE9640 Installation and service manual

Dell

Dell PS4100 Hardware

EtroVISION

EtroVISION EV3151 user manual

NEC

NEC Express5800/T110j System configuration guide

HP ProLiant Gen9 user guide

Compaq

Compaq ProLiant 3000 Maintenance and service guide

Dell

Dell PowerEdge 3YPMN Getting started guide

iRobo

iRobo IPC2U user manual

Nortel

Nortel 1000 Con?guration guide user manual

Asus

Asus AP7500 Hardware reference guide

Avid Technology

Avid Technology AirSpeed 5000 manual

HP Integrity rx2600 overview

Milestone

Milestone Husky IVO 350T Getting started