View audit results – Symantec Security Expressions Server User Manual

81

View Audit Results

Browse Audit Results

This page shows audit results in the form of reports. It features results from almost all kinds of

auditing methods, including:

• Audit-on-Schedule

• Audit-on-Connect

• self-service audits based on multiple policy files and Audit-on-Connect scopes

• audits performed on any consoles connected to the same database as the server

application

SecurityExpressions Audit & Compliance Server dynamically generates reports based on pre-

configured report profiles. Clicking a hyperlink drills down to a new page with a report showing
all of the policy files and the individual policy file posture result used during the audit of the

device. Additionally you can drill down by policy file to the audit detail for that audit. When

browsing audit data, you may view it but cannot modify it.

When you first browse Audit-On-Schedule activity, a table appears with Audit-On-Schedule pre-

configured reports and any previously created user-defined reports. SecurityExpressions Audit &

Compliance Server provides one Audit-On-Schedule pre-configured report, which is a status
report over 30 days, plus one additional standard report called Scheduled Audits Log.

Once you have created a report profile, you can drill down into the details of the report. Click

Show to begin to see the which device was audited, by whom, the policy file used for the audit,

and the results. Clicking Details from this Audit List displays the audit report with greater details.

For example, you can see the status and priority for each rule.

Only the machine lists, policies, scheduled tasks, and scopes (when viewing Audit-on-Connect

results) to which you have Use access rights appear for selection. Access rights are set in the
Windows Group Access options on the My Machine Lists page, ML Access page, Policies page,

Scheduled Tasks page, and Scopes page. If you can't find a machine list, policy, scheduled task,

or scope you need to use, ask the item's creator or administrator to add you to one of the

Windows User Groups with Use access rights to it.

Furthermore, reports only display audit results involving scopes to which you have View access

rights, policies to which you have Result access rights, and machine list members audited using
machine lists to which you have Result access rights.

Adding a New Audit Results Report Profile

Creating a new report profile defines a report filter and what appears in each report.

1. Click the New button to display report-profile options.
2. Type a Report Name and a short report Description.
3. Select a report type and then define filters that cause only certain audit results that meet

your criteria to display in the report.

The filter options available depend on the report type you select.