Symantec Security Expressions Server User Manual

SecurityExpressions Server User Guide

42

To create a new command notification:

1. Click Add New in the Notifications page.
2. Provide a Notification Name, a customized name of the notification to appear in the

table.

3. Select Command as the Type.
4. Type the Command to run, which may be a URL. Include the command Arguments. You

can pass variables to the command.

If the command is a program, programs expect dependent files to be in the \system32\

folder.

5.

Click Add New.

Deleting Notifications

Click the Delete hyperlink for the notification that you want to remove. When you delete a

notification, you remove it from the database. A warning appears to remind you that you are
about to delete a record from the database. At this time, you can cancel the action or delete the

record.

Notification Variables

You can include the variables listed here in any text-entry setting in a notification.

%RESULTLINK% - URL of the results or report

%POLICY% - policy used to perform the audit

%DESCRIPTION% - description of the task that executed the audit, from the Description

box located in the Task Options and Scheduling dialog box's List tab

To learn more about the Task Options and Scheduling dialog box, check the

SecurityExpressions Console help.

%DATE% - the date this task ran

The following three variables will only return a value if statistics are available:

%COUNTPROBLEMS% - number of errors encountered during the audit

%COUNTRULES% - number of rules used to audit the machine list

%SCORE% - the overall score resulting from the audit

The following four variables will only return a value if the task only audited one system:

%IP% - IP address or name of the system being audited, depending which represents the

system in the machine list

%COMPUTER% - identical to the %IP% variable

%HOST% - identical to the %IP% variable

%GROUPPOSTURERESULT% - posture result of the system being audited

Example