Symantec Security Expressions Server User Manual
Page 69
Audit-On-Schedule
61
modifications. This rule may require synchronization between the database and the policy file. To
synchronize the database and the new file, save the policy file in the database with a new name
with new parameters for the .CONFIGURE rule, if previously saved in the database.
Notifications
Notifications
You can opt to receive email or program-output notifications when audits occur. Notifications
apply to Audit-On-Schedule or Audit-On-Connect results and each audit can have one or more
notification actions upon completion.
You may use notifications created in SecurityExpressions console in addition to the ones
created in SecurityExpressions server. This application lets you select notifications created in
both applications in the Schedules Tasks page and the Scopes page.
The Notifications table displays the notification Name, Type, and Values. From this page you
create an email or command notification that you can edit or delete.
Creating New Command Notifications
To create a new command notification:
1. Click Add New.
2. Provide a Notification Name, a customized name of the notification to appear in the
table.
3. Select Command as the Type.
4. Type the Command to run, which may be a URL. Include the command Arguments. You
can pass variables to the command.
If the command is a program, programs expect dependent files to be in the \system32\
folder.
5.
Click Add New.
Creating New Email Notifications
When you create an email notification, you must identify the SMTP email server and the address
from which the email should be sent.
To create a new email notification:
1. Click Add New.
2. Provide a Notification Name, a customized name of the notification to appear in the
table.
3. Select Email as the Type.
4. Complete the following email information:
To – person receiving the notification. This address appears as the Value in the table. Or
Select allows you to select a previously entered email address.
Subject – Notification topic. Or Select allows you to select a previously entered subject.
Message – Text of the email notification, including variables.
Examples: An audit has finished: %COMPUTER%