Symantec Security Expressions Server User Manual

Page 45

Advertising
background image

Audit-On-Connect

37

blank.

Pass Notifications

Notifications to run when the Group Posture of an audit in

this scope is PASS. This value may be blank.

Fail Notifications

Notifications to run when the Group Posture of an audit in

this Scope is FAIL. This value may be blank.

Error Notifications

Notifications to run when the Group Posture of an audit in

this Scope is ERROR. This value may be blank.

Connection Error Notifications

Notifications to run when the Group Posture of an audit in

this Scope is CONN_ERROR. This value may be blank.

SE Console Notifications

Notifications from the console application to run when a

computer in this scope is detected. This value may be
blank.

Windows Group Results Access

Specify the Windows User Groups who can access results

from audits that used this scope, if you want to restrict

access to this scope's audit results. Displays "Everyone" if
the scope's audit results aren't restricted.

Deleting Scopes

To delete a scope, click the Delete hyperlink for the scope in the table. When you delete a

scope, you remove it from the database. A warning appears to remind you that you are about to

delete a record from the database. At this time, you can cancel the action or delete the record.

DNS Domain Name Scopes

A domain written in DNS format. You may use the * wild card to represent a range of system

names, as in "*.symantec.com".

A system matches this scope if its fully qualified domain name matches the value entered. You
can also use any valid shell expression to match against a target's fully qualified domain name. If

the server does not know the fully qualified name (typically from a reverse DNS lookup), then it

attempts to match the target's IP address against the shell expression.

Expression Scopes

You may use an expression to combine more than one scope type into one unified scope of

target systems. Use functions, Boolean operators and parentheses to construct your expression.

Function names are not case sensitive. You may use more than one line to enter an expression.

Unlike the other scopes, expression scopes can only accept one entry. Regardless of how

many lines long a scope is, all lines are treated as a single expression.

Example: (IPRANGE(12.2.1.0/24) || IPRANGE(11.2.1.0/20)) && !DOMAIN(symantec.com)

Supported Operators

Operator

Description

&& Logical

AND

|| Logical

OR

! Logical

NOT

Advertising
Popular Brands
Popular manuals