Symantec Security Expressions Server User Manual

Page 46

Advertising
background image

SecurityExpressions Server User Guide

38

Supported Functions

Function

Argument

Description

iprange

a valid IP range

Returns TRUE if the target

computer is a member of the IP

range.

domain

a windows domain in Netbios or

DNS format

Returns TRUE if the target

computer is a member of the

windows domain.

machinelist

a database machine list created

using the console application

Returns TRUE if the target is a

member of the machine list.

devicetype

a valid device type

Returns TRUE if the target is the

type of device specified.

fqdnmatch

a shell expression

Returns TRUE if the target’s full

qualified domain name matches
the shell expression.

ou

the name of an OU in Microsoft

shorthand, and optionally an LDAP

URL specifying what directory and

credentials should be queried

Returns TRUE if the target is a

member of the organizational

unit.

detectionmethod a

method

for detecting systems on

the network

Returns TRUE if the target was
detected on the network using

this method.

aocserver

a shell expression

Returns TRUE if the server

processing the connection event

matches the shell expression.

Org Unit Scopes

Also known as an OU, a system's organizational unit is listed in the domain controller. The

software searches OUs in order to find Active-Directory computer accounts. OU searches begin at

the directory’s default naming context.

Use Microsoft shorthand notation to type OUs. You do not need to type OUs in a case-sensitive
manner. For example, the Active Directory DN of “ou=A,ou=B,dc=symantec,dc=com” would be

entered as “B/A.” If your computer accounts are located in Active Directory's default location of

"cn=computers,dc=symantec,dc=com," you can simply enter "computers" to search for all

computer accounts.

If you're running the server application on a system that's not a member of an Active

Directory domain, you'll need to override the directory, protocol and login credentials to the

directory by specifying an LDAP URL as the first OU. The syntax is

"ldap://[user:password@]host[:port].” The User can be in Microsoft format such as

"[email protected]” or in standard LDAP format such as "cn=user,dc=symantec,dc=com."

A system matches this scope if its Active-Directory computer account matches the value entered.

Detection Method Scopes

Advertising
Popular Brands
Popular manuals