Symantec Security Information Manager 4.6 Administrator's Guide

Save this PDF as:

Size: px
Start display at page:

Download "Symantec Security Information Manager 4.6 Administrator's Guide"

Transcription

1 Symantec Security Information Manager 4.6 Administrator's Guide

2 Symantec Security Information Manager 4.6 Administrator's Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version 1.0 Legal Notice Copyright 2008 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party ( Third Party Programs ). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR and subject to restricted rights as defined in FAR Section "Commercial Computer Software - Restricted Rights" and DFARS , "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

3 Symantec Corporation Stevens Creek Blvd. Cupertino, CA

4 Technical Support Symantec Technical Support maintains support centers globally. Technical Support s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec s maintenance offerings include the following: A range of support options that give you the flexibility to select the right amount of service for any size organization Telephone and Web-based support that provides rapid response and up-to-the-minute information Upgrade assurance that delivers automatic software upgrade protection Global support that is available 24 hours a day, 7 days a week Advanced features, including Account Management Services For information about Symantec s Maintenance Programs, you can visit our Web site at the following URL: Contacting Technical Support Customers with a current maintenance agreement may access Technical Support information at the following URL: Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available: Product release level Hardware information Available memory, disk space, and NIC information Operating system

5 Version and patch level Network topology Router, gateway, and IP address information Problem description: Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes Licensing and registration Customer service If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: Customer service information is available at the following URL: Customer Service is available to assist with the following types of issues: Questions regarding product licensing or serialization Product registration updates, such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and maintenance contracts Information about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs or manuals

6 Maintenance agreement resources If you want to contact Symantec regarding an existing maintenance agreement, please contact the maintenance agreement administration team for your region as follows: Asia-Pacific and Japan Europe, Middle-East, and Africa North America and Latin America Additional enterprise services Symantec offers a comprehensive set of services that allow you to maximize your investment in Symantec products and to develop your knowledge, expertise, and global insight, which enable you to manage your business risks proactively. Enterprise services that are available include the following: Symantec Early Warning Solutions Managed Security Services Consulting Services Educational Services These solutions provide early warning of cyber attacks, comprehensive threat analysis, and countermeasures to prevent attacks before they occur. These services remove the burden of managing and monitoring security devices and events, ensuring rapid response to real threats. Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring, and management capabilities. Each is focused on establishing and maintaining the integrity and availability of your IT resources. Educational Services provide a full array of technical training, security education, security certification, and awareness communication programs. To access more information about Enterprise services, please visit our Web site at the following URL: Select your country or language from the site index.

7 Contents Technical Support... 4 Section 1 Product overview Chapter 1 Section 2 Introducing Symantec Security Information Manager About Symantec Security Information Manager What's new in Information Manager How Symantec Security Information Manager works About events, conclusions, and incidents Example: Information Manager automates incident management during a Blaster worm attack Incident identification Threat containment, eradication, and recovery Follow-up Where to find more information about Information Manager Managing roles, permissions, users, and organizational units Chapter 2 Managing roles and permissions Creating and managing roles About the administrator roles How to plan for role creation Creating a role Editing role properties Deleting a role Working with permissions About permissions Modifying permissions from the Permissions dialog box... 45

8 8 Contents Chapter 3 Managing users and user groups About managing users and passwords Customizable password policy Creating a new user Creating a user group Editing user properties Changing a user s password Specifying user business and contact information Managing role assignments and properties Managing user group assignments Specifying notification information Modifying user permissions Modifying a user group Deleting a user or a user group Chapter 4 Managing organizational units and computers About organizational units Managing organizational units Creating a new organizational unit Editing organizational unit properties About modifying organizational unit permissions Deleting an organizational unit Managing computers within organizational units Creating computers within organizational units Editing computer properties Distributing configurations to computers in an organizational unit Moving a computer to a different organizational unit Modifying computer permissions Deleting a computer from an organizational unit Section 3 Information Manager as a Service Provider Chapter 5 Configuring a Service Provider environment Service Provider overview Understanding a service provider environment from a client perspective Understanding a service provider environment from a service provider perspective... 88

9 Contents 9 Responding to a client incident Understanding Information Manager tickets in a Service Provider Master context Exporting incident information from the Client Incident viewer Setting up a Service Provider environment Configuring an instance of Information Manager as a Service Provider client Configuring an Information Manager appliance as a Service Provider Master Configuring service provider Client management accounts Synchronizing the Service Provider Master with client incidents Disconnecting a client from a Service Provider Master Section 4 Managing your correlation environment Chapter 6 Configuring the Correlation Manager About the Correlation Manager About the Correlation Manager Knowledge Base About the default rules set Working with the Lookup Tables window Creating a user-defined Lookup Table Importing Lookup Tables and records Enabling and disabling rules Creating a custom rule Chapter 7 Defining a rules strategy About defining a rules strategy About creating the right rule set for your business Chapter 8 Understanding rules components Understanding Correlation Rules About Rule conditions About Rule Types Event Criteria About the Event Count, Span, and Table Size rule settings About the Tracking Key and Conclusion Creation fields About the Correlate By and Resource fields

10 10 Contents Importing existing rules Chapter 9 Understanding event normalization About event normalization About normalization (.norm) files Chapter 10 Effects, Mechanisms, and Resources About Effects, Mechanisms, and Resources (EMR) About Effects values About Mechanisms values About Resources values EMR examples Chapter 11 Working with the Assets table About the Assets table How event correlation uses Assets table entries About CIA values in the Assets table Importing assets into the Assets table Searching, filtering, and sorting assets Visual identification of the IP addresses that are also on the IP Watchlist About vulnerability information in the Assets table About using a vulnerability scanner to populate Assets table About locked and unlocked assets in the Assets table Using the Assets table to help reduce false positives About filtering events based on the operating system About using CIA values to identify critical events About using Severity to identify events related to critical assets About using the Services tab About associating policies with assets to reduce false positives or escalate events to incidents Chapter 12 Collector-based event filtering and aggregation About collector-based event filtering and aggregation About identifying common events for collector-based filtering or aggregation About preparing to create collector-based rules Accessing event data in the Information Manager console Creating collector-based filtering and aggregation specifications Examples of collector-based filtering and aggregation rules

11 Contents 11 Filtering events generated by specific internal networks Filtering common firewall events Filtering common Symantec AntiVirus events Filtering or aggregating vulnerability assessment events Filtering Windows Event Log events Section 5 Configuration options Chapter 13 Configuring the appliance after installation About the Information Manager Web configuration interface Accessing the Security Information Manager Web configuration interface Changing network settings Specifying date and time settings Specifying a network time protocol server Changing the password for Linux accounts Shutting down and restarting the appliance Chapter 14 Chapter 15 Configuring Symantec Security Information Manager About configuring Symantec Security Information Manager Preventing new Symantec Event Agent connections Adding a policy Specifying networks Identifying critical systems Forwarding events to an Information Manager appliance About forwarding events to an Information Manager appliance About registering with a security directory Registering security products Registering with a security domain Forwarding events Chapter 16 Managing Global Intelligence Network content About managing Global Intelligence Network content Registering a Global Intelligence Network license Viewing Global Intelligence Network content status Receiving Global Intelligence Network content updates

12 12 Contents Chapter 17 Running LiveUpdate About running LiveUpdate Running LiveUpdate from the Information Manager Web configuration interface Chapter 18 Working with Symantec Security Information Manager Configurations Introducing the Symantec Security Information Manager configurations Manager configurations Increasing the minimum free disk space requirement in high logging volume situations Manager Components Configurations Modifying administrative settings Manager connection configurations Configuring Information Manager Directories Agent Connection Configurations Configuring Agent to Manager failover Agent configurations Managing the Manager Setting up blacklisting for logon failures Section 6 Managing appliance data Chapter 19 Managing the directory service About LDAP backup and restore Backing up the security directory Restoring the security directory Chapter 20 Maintaining the Symantec Security Information Manager database About data maintenance Checking database status About the health monitor service Backing up and restoring the database Enabling and scheduling automated backups Initiating a backup Restoring the database from a backup image Specifying a third-party backup solution About purging event summary and incident data

13 Contents 13 Adjusting parameters for daily automated purges Adjusting the thresholds for size-based purges Initiating a purge Reviewing maintenance history Section 7 Appendices Appendix A Ports used by Information Manager Ports used by Information Manager Appendix B Managing security certificates About managing security certificates Managing security certificate information for the appliance Index

14 14 Contents

15 Section 1 Product overview Introducing Symantec Security Information Manager

16 16

17 Chapter 1 Introducing Symantec Security Information Manager This chapter includes the following topics: About Symantec Security Information Manager How Symantec Security Information Manager works About events, conclusions, and incidents Example: Information Manager automates incident management during a Blaster worm attack Where to find more information about Information Manager About Symantec Security Information Manager Symantec Security Information Manager provides real-time event correlation and data archiving to protect against security threats and to preserve critical security data. Information Manager collects, analyzes, and archives information from security devices, critical applications, and services, such as the following: Firewalls Routers, switches, and VPNs Enterprise Antivirus Intrusion detection and intrusion prevention

18 18 Introducing Symantec Security Information Manager About Symantec Security Information Manager Vulnerability scanners Authentication servers Windows and UNIX system logs Information Manager provides the following features to help you recognize and respond to threats in your enterprise: Normalization and correlation of events from multiple vendors. Event archives to retain events in both their original (raw) and normalized formats. Distributed event filtering and aggregation to ensure that only relevant security events are correlated. Real-time security intelligence updates from Symantec Global Intelligence Network to keep you apprised of global threats and to let you correlate internal security activity with external threats. Customizable event correlation rules to let you fine-tune threat recognition and incident creation for your environment. Security incident creation, ticketing, tracking, and remediation for quick response to security threats. Information Manager prioritizes incidents based upon the security policies associated with the affected assets. A powerful event viewer that lets you easily mine large amounts of event data and identify the machines and users that are associated with each event. A console from which you can view all security incidents and drill down to the related event details, including affected targets, associated vulnerabilities, and recommended corrective actions. Pre-defined and customizable queries to help you demonstrate compliance with the security and data retention policies in your enterprise. What's new in Information Manager 4.6 Table 1-1 describes the new features and enhancements that are included with this release. Table 1-1 New features for Information Manager 4.6 Category Service Provider Description You can use Information Manager to provide remotely managed security services for multiple clients.

19 Introducing Symantec Security Information Manager About Symantec Security Information Manager 19 Table 1-1 Category New features for Information Manager 4.6 (continued) Description Installation enhancements Installation enhancements include the following: Information Manager can now be installed on any approved hardware that meets the supported system requirements. Both new and upgrade installations are supported. Customizable password policy Web configuration interface enhancements Password settings can be customized to meet or exceed the requirements of your password policy, to simplify alignment of privileged access policies with audit requirements. Web configuration has been enhanced with new options including a validation tool for verifying the integrity of event archives, the ability to conveniently download the event collector agent, and to upload system updates to the Information Manager appliance. Information Manager console system configuration enhancements System configuration options in the Information Manager console include the following: Event storage rules, support for multiple archives, and ordered lists of archives. Event forwarding rules with failover targets. Incident forwarding rules, that allow incidents to be forwarded to one or more Information Manager appliances. Service Provider master. You can configure Information Manager to be a Service Provider master that monitors forwarded incidents from other instances of Information Manager. Event tile enhancements Event tile enhancements in the Information Manager console include the following: Raw event data viewing. New activity templates: Network Activity, Raw Event, and All Events with customizable columns. Cross-archive query support with Role Based Access Control (RBAC). Event data is loaded dynamically. New options for relative filtering criteria. Regular expression (RegEx) searches of table view data. Unique value filtering. Parameterized queries.

20 20 Introducing Symantec Security Information Manager How Symantec Security Information Manager works Table 1-1 Category New features for Information Manager 4.6 (continued) Description Reporting tile enhancements Asset management enhancements Incident and workflow enhancements Reports can now be printed in landscape mode. You can customize the columns that are report-specific, and there are page and table query row limit controls. Enhancements to asset management include the following: The option to organize assets into groups. Additional options for bulk edit of multiple assets. Improved search and filtering options. A new Last Updated column. Visual identification of the IP addresses that are on an IP watchlist. Enhancements to incident management and workflow include the following: Attack diagrams, that provide a graphic display of the progress of an attack to facilitate quicker analysis and remediation. New incident state options. A globally visible incident status indicator that is updated as incidents are created. Remediation notes that can be applied to all of the incidents that are created by the same rule. Inclusion of Global Intelligence Network IP Watchlist data in the Incidents view. Support for importing lookup tables on the Rules tile. Intelligence tile enhancements If you have installed a Symantec Global Intelligence Network Threat Management System license, Information Manager includes Symantec Global Intelligence Network data on the Honeynet tab of the Intelligence tile. How Symantec Security Information Manager works Event collectors gather events from Symantec and third-party point products, such as firewalls, Intrusion Detection Services (IDS), and antivirus scanners. The events are filtered and aggregated, and the Information Manager agent forwards both the raw and the processed events to the Information Manager appliance. The agent is a Java application that provides secure communications between the event collectors and the Information Manager appliance.

21 Introducing Symantec Security Information Manager About events, conclusions, and incidents 21 The Information Manager appliance stores the event data in event archives and correlates the events with threat and asset information. If a security event triggers a correlation rule, Information Manager creates a security incident. The Information Manager appliance also contains the following components: A downloadable installation program for the Information Manager console. A relational database to store incidents, conclusions, assets, and rules. Event archives to store raw and normalized event data. An LDAP directory to store Information Manager deployment and configuration settings. About events, conclusions, and incidents Security products and operating systems generate many kinds of events. Some events are informational, such as a user logging on, and others may indicate a security threat, such as antivirus software being disabled. A conclusion occurs when one or more events match a correlation rule pattern. Information Manager normalizes events from multiple security products and looks for the patterns that indicate potential threats. An incident is the result of one or more conclusions that are identified as a type of an attack. There can be many conclusions that are mapped to a single incident. For example, if a single attacker causes a number of different patterns to be matched, those are grouped into a single incident. Similarly, if a vulnerability scan uncovers a computer that suffers from a number of different vulnerabilities, these are all grouped into a single incident. Or, if a number of different computers report the same virus, Information Manager creates a single outbreak incident. Example: Information Manager automates incident management during a Blaster worm attack Symantec Security Information Manager tracks the entire incident response cycle through the following phases: Incident identification Threat containment, eradication, and recovery Follow-up

22 22 Introducing Symantec Security Information Manager Example: Information Manager automates incident management during a Blaster worm attack Incident identification The Blaster worm attack begins with a series of sweeps to ports 135, 445, and Using the default rules, Information Manager detects each of these sweeps as suspicious, and creates a conclusion for each. At the same time, events from intrusion detection software such as Symantec IDS, lead to other conclusions that are related to the source IP address. Information Manager may also create further conclusions if the source IP address for the attack is on the IP watch list. This list is updated automatically to provide up-to-date protection from the computers that are known to be used in attacks. Based upon all of these conclusions that are related to the same IP address, Information Manager generates a security incident. A security analyst would find out about the new incident by alert, or while monitoring the Incidents tab in the Information Manager console. The incident contains all the information that the analyst needs to determine the source and target of the attack. Threat containment, eradication, and recovery When Information Manager alerts the security analyst about the incident, the analyst can use Information Manager to better understand the scope of the problem and to investigate eradication options. Information Manager facilitates the containment phase by providing the event data with the incident declaration. Rather than searching through countless log files, the analyst knows which events triggered the security incident, and which systems are affected. The incident also includes recommended corrective action from Symantec Global Intelligence Network Threat Management System. This information enables the security analyst to quickly identify the corrective actions. The analyst can now create a ticket that describes the tasks necessary to eradicate the threat. The ticket includes the incident information, the event details, and the recommended corrective actions. Ticket information can be made accessible to an external help desk by the Information Manager Web Service. Follow-up After the threat has passed, the analyst can further analyze the impact of the incident. The analyst can fine-tune the correlation rules, event filters, and firewall rules to prevent the threat from occurring again. The analysts can also mine the event archive data if necessary and create the reports that document the scope of the incident and the security team's efforts to resolve it.

23 Introducing Symantec Security Information Manager Where to find more information about Information Manager 23 Where to find more information about Information Manager For more information about Information Manager, visit the knowledge base that is available on the Symantec Technical Support Web site at: In the Security Management section of the Downloads page, you can obtain updated versions of the documentation, including the following: Symantec Security Information Manager Administrator's Guide Symantec Security Information Manager User's Guide

24 24 Introducing Symantec Security Information Manager Where to find more information about Information Manager

25 Section 2 Managing roles, permissions, users, and organizational units Managing roles and permissions Managing users and user groups Managing organizational units and computers

26 26

27 Chapter 2 Managing roles and permissions This chapter includes the following topics: Creating and managing roles Working with permissions Creating and managing roles A role is a group of access rights for a product in a domain. Users who are members of a role have access to the event viewing and management capabilities that are defined for that role. A user can be a member of more than one role. You create new roles in the Symantec Security Information Manager console. When you click Roles on the System page of the console, you can perform the following tasks: Creating a role Editing role properties Deleting a role Note: Only members of the SES Administrator role and the Domain Administrator role can add or modify roles. See About the administrator roles on page 27. About the administrator roles When you install Information Manager, the following default roles are created:

28 28 Managing roles and permissions Creating and managing roles SES Administrator Domain Administrator This role has full authority over all of the domains in the environment. This role has full authority over one specific domain in the environment. How to plan for role creation If you have only one domain, the rights of the SES Administrator role and the Domain Administrator role are the same. For example, if you have multiple domains, one for each geographic region of your company, each domain has a Domain Administrator. Members of this role can perform functions such as creating users and additional roles within that domain. The SES Administrator role can perform these functions for all of the domains that you configure. The default user, administrator, is also created when Information Manager is installed. The administrator is automatically a member of the SES Administrator and Domain Administrator roles. To access Information Manager for the first time, you must log on as this default user. You can add users to the administrator roles, but you cannot change any other characteristics of these roles. If a user is a member of the SES Administrator role, that user does not need to be assigned to any other roles. Because roles control user access, before you create roles you should plan carefully. You need to identify the tasks that are done in your security environment, and who performs them. The tasks determine the kinds of roles that you must create. The users who perform these tasks determine which users should be members of each role. Ask yourself the following questions: Who allocates responsibilities within your security environment? If these users need to create roles, they must be members of the Domain Administrator role. Who administers your security network by creating management objects such as users and organizational units? These users must be members of the roles that provide management access and the ability to access the System view. What products are installed, and who is responsible for configuring them? These users must be members of management roles for the products for which they are responsible. They may need access to the System page only. Who is responsible for monitoring events and incidents?

29 Managing roles and permissions Creating and managing roles 29 These users must be members of event viewing roles for the products for which they are responsible. Users who monitor events must have access to the Events page. Users who monitor incidents must have access to the Events page and the Incidents page. Who responds to problems and threats? These users must have access to the Events page and the Incidents page. Users who create and manage help desk tickets must also have access to the Tickets page. Table 2-1 lists the common roles in a security environment and the responsibilities that belong to each role. Table 2-1 Role name Typical roles and responsibilities Responsibilities Domain Administrator System Administrator Defines the user roles and role authority. Manages Information Manager. Verifies that events flow into the system and that the system functions normally. User Administrator Creates the correlation rules and collection filters. Performs the user and the device administration. Incident Manager Views all incidents, events, reports, and actions. Report Writer Views the incidents, events, and reports for assigned devices. Reviews and validates incident response. Provides the attestation of incident review and response by administrators to GAO and others. Report User Rule Editor Views the events and reports for assigned devices. Creates, edits, and deploys rules. For information about the access requirements of each role, see Table 2-2. Creating a role You create all roles using the Role Wizard in the Information Manager console. Only a user who is a member of the Domain Administrator role or the SES Administrator role can create roles. See How to plan for role creation on page 28.

30 30 Managing roles and permissions Creating and managing roles Note: If you create a role with permissions to all existing event archives, and you then later add additional archives, the new archives are not available to the pre-existing role. You must edit the role to see the new archives. To create a role 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then click Roles. 3 On the toolbar, click + (the plus icon). 4 In the first panel of the Role Wizard, click Next. 5 In the General panel, do the following, and then click Next: In the Role name text box, type a name for the role. In the Description text box, type a description of the role (optional). 6 In the Products panel, do one of the following actions: To give the role members access to all of the listed products, click Role members will have access to all products, and then click Next. To limit the role members' access to certain products, click Role members will have access to only the selected products. From the Products list, enable (check) at least one product, and then click Next. Symantec Security Information Manager is listed as one of the products, and is required in this panel. Consider the tasks that role members perform as you select products from the list. 7 In the SIM Permissions panel, do one of the following actions: To give role members all permissions that apply to Information Manager, click Enable all Permissions, and then click Next. To give role members a limited set of permissions, click Enable specific Permissions. From the permissions list, enable at least one permission, and then click Next. 8 In the Console Access Rights panel, do one of the following actions: To give role members the ability to see all parts of the Information Manager console, click Role members will have all console access rights, and then click Next.

31 Managing roles and permissions Creating and managing roles 31 To limit what role members can see when they display the console, click Role members will have only the selected console access rights. From the list, enable at least one console access right, and then click Next. See Modifying console access rights on page In the Organizational Units panel, do one of the following actions: To give role members access to all organizational units, click Role members will have access to all organizational units, and then click Next. To give role members access to specific organizational units, click Role members will have access to only the selected organizational units. In the organizational units tree, select at least one organizational unit to associate with this role, and then click Next. When you select an organizational unit that has additional organizational units below it, users of the role are given access to those organizational units as well. If you add an organizational unit to a role, users who are role members and who have event viewing access can see events generated by the security products that are installed on the computers that belong to that organizational unit. Role members can see events only from computers in the organizational units that have been added to their roles. 10 In the Appliances panel, do one of the following actions: To give role members access to all of the Information Manager appliances in your security environment, click Role members will have access to all appliances, and then click Next. To limit role members' access to certain appliances, click Role members will have access to only the selected appliances. In the appliances tree, select at least one appliance to associate with this role, and then click Next. Members of the role can modify configurations on the selected appliances. The role members can also view event archives that reside on the selected appliances. 11 In the Members panel, do one of the following actions: To add individual users to the role now, click Add Members. In the Find Users dialog box, add one or more users, and then click OK. In the Members panel, click Next. To add the users who are members of a specific User Group, click Add Members From Groups. In the Find User Groups dialog, add one or more user groups, and then click OK. The users that are associated with the

32 32 Managing roles and permissions Creating and managing roles groups you selected are added to the Members list. When you are finished, click Next. To continue without adding users to the role, click Next. You can add users to the role later by editing the role s properties. See Making a user a member of a role on page 33. You can assign users to a role only if you have already created those users. See Creating a new user on page In the Role Summary panel, review the information that you have specified, and then click Finish. The role properties that are created are shown in the list at the bottom of the panel. A green check mark next to a task indicates that it was successfully accomplished. 13 Click Close. Editing role properties After you create a role, you can modify it by editing its properties. For example, as you create new organizational units or users, you can add them to existing roles. You can edit the properties of a role by selecting the role in the right pane or from any dialog box that lets you display the role s properties. To edit role properties 1 On the System page, in the left pane of the Administration tab, navigate to the relevant domain, and then click Roles. 2 In the right pane, right-click the role that you want to edit, and select Properties. 3 Use the Editing Role Properties dialog box to make changes to the role. 4 To save changes and close the dialog box, click OK. For information about editing specific role properties, see any of the following sections: Making a user a member of a role Modifying console access rights Modifying product access Modifying SIM permissions Modifying access permissions in roles

33 Managing roles and permissions Creating and managing roles 33 Making a user a member of a role When a user logs on to Information Manager, the user s role membership determines his or her access to the various products and event data. You can assign a user to a role in the following ways: Assign each user individually to one or more roles. Assign users to groups, and then assign user groups to roles. When you assign a user group to a role, all of the users who are currently in the group are assigned to that role. However, if you later add more users to the user group, those users are not automatically added to the role. You must assign each user to the role individually. Note: Before you assign users and user groups to roles, you must create users and user groups in the Directory. See Creating a new user on page 52. To make a user a member of a role 1 On the System page, in the left pane of the Administration tab, navigate to the relevant domain, and then click Roles. 2 In the right pane, right-click the role that you want to edit, and then select Properties. 3 In the Editing Role Properties dialog box, in the left pane click Members. 4 Click Add Members. 5 In the Find Users dialog box, in the list of available users, click a user name (or Ctrl + click multiple user names), and then click Add. The user name appears in the Selected users list. You can also search for a particular user by entering the logon name, last name, or first name on the left side of the dialog box. Then click StartSearch. All of the users who meet the criteria you entered will appear in the available users list. 6 To view or edit the properties of a user, click the user name, and then click Properties. 7 In the User Properties dialog box, view or make changes to the properties, and then click OK. 8 In the Find Users dialog box, click OK. 9 In the Editing Role Properties dialog box, click OK.

34 34 Managing roles and permissions Creating and managing roles To make a user group a member of a role 1 On the System page, in the left pane of the Administration tab, navigate to the relevant domain, and then click Roles. 2 In the right pane, right-click the role that you want to edit, and then select Properties. 3 In the Editing Role Properties dialog box, in the left pane click Members. 4 Click Add Members From Groups. 5 In the Find User Groups dialog box, select the domain of the group from the dropdown list. 6 In the list of available user groups, click a user group name (or Ctrl + click multiple user names), and then click Add. The user group name appears in the Selected user groups list. 7 To view or edit the properties of a user group, click the user group name, and then click Properties. 8 In the User Group Properties dialog box, view or make changes to the properties, and then click OK. 9 In the Find User Groups dialog box, click OK. 10 In the Editing Role Properties dialog box, click OK. Modifying console access rights Console access rights control what users who are members of a role can see when they log on to the Information Manager console. You can modify the console access rights you assigned when you created a role. Console access rights make the various features of the console visible to role members when they log on. To modify console access rights 1 On the System page, in the left pane of the Administration tab, navigate to the relevant domain, and then click Roles. 2 In the right pane, right-click the role that you want to edit, and select Properties. 3 In the left pane click Console Access Rights. 4 Do one of the following actions: To give members of the role the ability to see all components of the Information Manager console, click Role members will have all console access rights.

35 Managing roles and permissions Creating and managing roles 35 To limit what members of the role can see when they display the Information Manager console, click Role members will have only the selectedconsoleaccessrights. From the list that appears, enable or disable console access rights as desired. The following table describes the tiles (that is, pages in the Information Manager console) that are available. Show Assets Tile Show Dashboard Tile Show Events Tile Show Incidents Tile Show Intelligence Tile Show Reports Tile Show Rules Tile Show Statistics Tile Show System Tile Show Tickets Tile Lets members view the Assets page in the console. Lets members view the Dashboard page in the console. Lets members view the Events page in the console. Lets members view the Incidents page in the console. Lets members view the Intelligence page in the console. Lets members view the Reports page in the console. Lets members view the Rules page in the console. Lets members view the Statistics page in the console. Lets members view the System page in the console. Lets members view the Tickets page in the console. Table 2-2 lists the console access rights that are needed by users who perform specific functions. 5 Click OK. Modifying product access The Products property lets you select the products to which role members have access. To modify product access 1 On the System page, in the left pane of the Administration tab, navigate to the relevant domain, and then click Roles. 2 In the right pane, right-click the role that you want to edit, and then select Properties. 3 In the left pane click Products. 4 Do one of the following actions:

36 36 Managing roles and permissions Creating and managing roles To give the role members access to all of the listed products, click Role members will have access to all products. To limit the role members' access to specified products, click Role members will have access to only the selected products. Enable (check) or disable (uncheck) access to individual products in the list. Consider the tasks that role members will perform as you select products from the list. Table 2-2 lists the product access that is needed by users who perform specific functions. 5 Click OK. Modifying SIM permissions Use the SIM Permissions property to enable or disable several types of Information Manager permissions that are assigned to a role. To modify SIM permissions 1 On the System page, in the left pane of the Administration tab, navigate to the relevant domain, and then click Roles. 2 In the right pane, right-click the role that you want to edit, and select Properties. 3 In the left pane click SIM Permissions. 4 Do one of the following actions: 5 Click OK. To assign all Information Manager permissions to the role, click Enable all Permissions. To limit the permissions assigned to the role, click Enable specific Permissions. Then click the check boxes as needed to enable or disable permissions for the role. Table 2-2 lists the permissions that are needed by users who perform specific functions. About the Bypass Event RBAC option When you create or modify a role, you can choose to enable the Bypass Event RBAC option. Bypass Event RBAC gives a role unrestricted access to all of the event archives for which a user has been granted access. When a user with this role performs an event query, the query bypasses any additional permission settings that are based on Organizational Unit, Domain, or Product settings, and returns a complete data set from the archives for which the user has been given

37 Managing roles and permissions Creating and managing roles 37 access. Enabling Bypass Event RBAC enhances query performance by reducing the set of permissions criteria against which the query must be processed. Modifying appliance access Use the Appliances property select the appliances to which role members have access. The selections for this property determine the appliances that the role members can see in the following console locations: The Testing tab on the Rules page, for use when testing a particular rule. The appliances and archives that are available for each query on the Events page. The Appliance Configurations tab on the System page. To modify appliance access 1 On the System page, in the left pane of the Administration tab, navigate to the relevant domain, and then click Roles. 2 In the right pane, right-click the role that you want to edit, and select Properties. 3 In the left pane click Appliances 4 Do one of the following actions: To give role members access to all Information Manager appliances in the network configuration, click Role members will have access to all appliances. To limit role members' access to certain appliances, click Role members will have access to only the selected appliances. In the appliances tree, select at least one appliance to associate with this role, and then click Next. Modifying access permissions in roles Roles include the permissions that determine the types of access (for example, Read and Delete) that role members have to objects that appear in the console. Role-specific permissions are assigned to the objects when you create each role. You can change the access permissions for the following types of objects: Container objects that were created when you installed Information Manager, such as organizational units. The new objects that you create within the container objects. When you view the properties of a role, you can see and modify the permissions for the role by selecting tabs in the Editing Role Properties dialog box.

38 38 Managing roles and permissions Creating and managing roles Warning: Permission modification is an advanced feature. You should customize permissions only if you have a clear understanding of how access control works. See Working with permissions on page 43. Table 2-2 describes the access requirements of typical enterprise security roles. Table 2-2 Access requirements for roles Role Products SIM permissions Console access Access permissions SES Administrator and Domain Administrator All All All None required System Administrator Information Manager Allow Asset Edits Move Computers Show Dashboard Tile Show Intelligence Tile Show Statistics Tile Read and Search on Public/System Query groups Show System Tile User Administrator All Allow Dashboard Auto Refresh Move Computers Allow Asset Edits Manage Networks Manage Policies Manage Services Show Assets Tile Show Dashboard Tile Show Intelligence Tile Show Rules Tile Show System Tile Read and Search on Public/System Query groups Read and Write on Users and User Groups Read and Write on Rules and Roles

39 Managing roles and permissions Creating and managing roles 39 Table 2-2 Access requirements for roles (continued) Role Products SIM permissions Console access Access permissions Incident Manager Information Manager Create Incidents Write My Incidents Write All Incidents Change Assignee and Team on My Incidents Change Assignee and Team on All Incidents Change Assignee/Team to self or own team on unassigned incidents Change Status My Incidents Change Status All Incidents Read My Incidents Show Assets Tile Show Dashboard Tile Show Events Tile Show Incidents Tile Show Intelligence Tile Show Reports Tile Show Tickets Tile Read All Incidents Read Unassigned Incidents Create new queries Create new reports Publish queries Publish reports Allow Dashboard Auto Refresh Move Computers Allow Asset Edits Manage Networks Manage Policies Manage Services

40 40 Managing roles and permissions Creating and managing roles Table 2-2 Access requirements for roles (continued) Role Products SIM permissions Console access Access permissions Report Writer Information Manager Write My Incidents Write All Incidents Change Assignee and Team on My Incidents Change Assignee and Team on All Incidents Change Assignee/Team to self or own team on unassigned incidents Change Status My Incidents Change Status All Incidents Read My Incidents Show Dashboard Tile Show Events Tile Show Incidents Tile Show Intelligence Tile Show Reports Tile Show Tickets Tile Read and Write on Public/System Query groups Read and Write on Report groups Read All Incidents Read Unassigned Incidents Create new queries Create new reports Publish queries Publish reports Allow Dashboard Auto Refresh Move Computers Allow Asset Edits Manage Networks Manage Policies Manage Services Report User Information Manager Create new queries Create new reports Allow Dashboard Auto Refresh Show Dashboard Tile Show Events Tile Show Reports Tile Read and Search on Public/System Query groups Read and Search on Report groups

41 Managing roles and permissions Creating and managing roles 41 Table 2-2 Access requirements for roles (continued) Role Products SIM permissions Console access Access permissions Rule Editor Information Manager Create new queries Show Events Tile Show Rules Tile Show Statistics Tile Read and Write on Rules and Roles Read and Search on Public/System Query groups Read and Search on Report groups Note: When you change a role s access permissions to a Public Query Group or a System Query Group, the role s database permissions may be incorrectly modified. If a user cannot view queries on the Events page, it may be because the user s role lacks the necessary database permissions. To correct this problem, do the following actions: Log on as a Domain Administrator or SES Administrator and open the Editing Role Properties dialog box for the user s role. On the DataStores tab, check the role s database permissions. If the role does not have both Read and Search permissions, add the missing permissions. See To modify permissions on page 41. To modify permissions 1 On the System page, in the left pane of the Administration tab, navigate to the relevant domain, and then click Roles. 2 In the right pane, right-click the role that you want to edit, and select Properties. 3 In the Editing Role Properties dialog box, in the left pane click the type of permissions that you want to modify. For example, to change the role members' directory permissions, choose Directories. 4 When you finish setting permissions, click OK. Examples of modifying permissions in roles You can modify permissions for the following purposes, among others: To hide a query group from members of a role When members of this role open the Query Chooser on the dashboard, they cannot see the restricted query group in the query tree. To hide all users from members of a role

42 42 Managing roles and permissions Creating and managing roles When members of this role view the System page, they do not see Users in the left pane. To prevent role members from adding and deleting user groups Role members can view and modify user groups, but they cannot add and delete user groups. To hide a query group from members of a role 1 On the System page, in the left pane of the Administration tab, navigate to the relevant domain, and then click Roles. 2 In the right pane, right-click the role that you want to restrict, and select Properties. 3 In the left pane click System Query Groups. 4 Click Add. 5 In the Find System Query Groups window, select Product Queries.Symantec Client Security, and then click Add. 6 Click OK. 7 On the Product Queries.Symantec Client Security row, uncheck Read and Search. 8 Click OK. Members of this role cannot view Symantec Client Security queries. That is, if a role member selects System Queries > Product Queries in the Query Chooser on the dashboard, the role member will not see Symantec Client Security in the tree. To hide all users from members of a role 1 On the System page, in the left pane of the Administration tab, navigate to the relevant domain, and then click Roles. 2 In the right pane, right-click the role that you want to restrict, and then select Properties. 3 In the left pane click Users. 4 Under Default permissions for all users, uncheck all permission types (for example, Read and Add). 5 Click OK. When role members view the System page, they cannot see Users in the left pane.

43 Managing roles and permissions Working with permissions 43 Deleting a role To prevent role members from adding and deleting user groups 1 On the System page, in the left pane of the Administration tab, navigate to the relevant domain, and then click Roles. 2 In the right pane, right-click the role that you want to restrict, and then select Properties. 3 In the left pane click User Groups. 4 On the top line of permissions, check Read, Write, and Search. Make sure that Add and Delete are not checked. 5 Click OK. Role members can view, search, and modify all user groups in the domain. They cannot create new user groups or delete user groups. You can delete roles when they are no longer in use. Before you delete a role, you can view the properties of the role to ensure that none of your users requires it. To delete a role 1 On the System page, in the left pane of the Administration tab, navigate to the relevant domain, and then click Roles. 2 In the right pane, right-click the role that you want to delete, and select Properties. 3 Review the role properties to make sure that no users require this role. 4 Click Cancel. 5 If you still want to delete the role, on the toolbar, click - (the minus icon). A message warns you that all members of the selected role will be removed. This means that users will no longer have access to the role. The user accounts will not be deleted. 6 In the confirmation dialog box, click Yes to delete the role. Working with permissions Permissions define the access that members of a role have to specific objects. Along with other role properties, permissions control what users can see and do when they log on to the Information Manager console.

44 44 Managing roles and permissions Working with permissions As with roles, you can work with permissions only if you are a member of the SES Administrator or Domain Administrator role. The permissions of objects are defined initially when you create roles and when you create new objects. You can then modify the permissions to fine-tune your roles. Warning: Permission modification is an advanced feature. You should customize permissions only if you have a clear understanding of how access control works in the security directory. About permissions Permissions are always associated with roles and are applied when a member of a role logs on to the console. Table 2-3 shows the permissions that role members can have to view and work with objects. Table 2-3 Permission Read Object permissions Description Lets the role members see the attributes of objects. Read must be enabled for the other access permissions to work. Write Add Delete Search Lets the role members modify objects. Lets the role members create a new child object within the selected container. Lets the role members delete objects. Lets the role members search the database or the security directory for objects. Search must be enabled for the other access permissions to work. For information about the access permissions of typical enterprise security roles, see Table 2-2. The following objects have permissions: Container objects Container objects are created when the DataStore (database) and Directory are installed. These objects contain all of the new objects that you create. In the console, container objects appear in the left pane of the Administration tab on the System page.

45 Managing roles and permissions Working with permissions 45 Examples of the container objects that have permissions are Users, Roles, and Organizational Units. Objects that you create within container objects When you create new objects to represent your security environment, they are stored within the container objects. On the System page, the objects that you create appear in the right pane when you select their container object in the left pane. For example, when you select Users in the left pane, the individual users that you have created within the Users container are displayed. These created objects are sometimes known as child or leaf objects. Propagation of permissions As you create new management objects, it is important to understand the relationship between the permissions of container objects and the permissions of the objects you create within these containers. In most cases, the permissions of a container object propagate to all new objects that you create within the container. When you create new objects on a role-by-role basis, the current permissions of the container object are propagated to the new objects. For example, in Role A, on the Users tab, you disable Write permission for the Users container. In Role B, you disable Delete permission for the Users container. When you create new users, members of Role A do not have Write permission, so they cannot modify the properties of the new users. Members of Role B do not have Delete permission, so they cannot delete the new users. Note: Most roles should have at least Read and Search permissions for all objects. These permissions allow role members to view information about the objects and perform searches for the objects. For example, if you enable Write access for a container object and disable Read access, the role members cannot modify the objects, because they cannot view the objects. Propagation occurs only when you create new objects. For example, you may create several users and assign them to Role A before you disable the Write permission in Role A. These permissions are not disabled for the original users unless you set them explicitly. Modifying permissions from the Permissions dialog box You can use the following methods to modify permissions: Edit the role using the Editing Role Properties dialog box.

46 46 Managing roles and permissions Working with permissions Use this method to modify permissions for several objects within one role. See Modifying access permissions in roles on page 37. You cannot edit the permissions of software products and their configurations through the Editing Role Properties dialog box. Use the Permissions dialog box for a particular object. Use this method to modify the permissions for a specific object within one or more roles. Note: Some objects do not have permissions. To modify permissions for a container object 1 On the System page, in the left pane of the Administration tab, navigate to the relevant domain. 2 In the left pane, right-click the container object (for example, Users) and select Permissions. In the Permissions dialog box, roles are listed if they have already been assigned to this object. Note that some container objects do not have permissions. 3 You may do any of the following: To modify permissions for this object within the listed roles, check (enable) or uncheck (disable) the permissions, as needed. You should not disable the Search permission. To add a role to this object, click Add. In the Find Roles dialog box, select a role, then click Add, and then click OK. The role you added appears in the Permissions dialog box, where you can then enable or disable its permissions. To remove a role, click the role name, and then click Remove. To edit a role s properties, click the role name, and then click Properties. 4 Click OK when you finish modifying permissions. To modify permissions for a created object 1 On the System page, in the left pane of the Administration tab, navigate to the relevant domain. 2 In the left pane, click the container object that contains the created object. For example, click Users.

47 Managing roles and permissions Working with permissions 47 3 In the right pane, right-click the object whose permissions you want to modify, and then select Permissions. In the Permissions dialog box, roles are listed if they have already been assigned to this object. Note that some created objects do not have permissions, such as Policies. 4 You may do any of the following actions: To modify permissions for this object within the listed roles, check (enable) or uncheck (disable) the permissions, as needed. You should not disable the Search permission. To add a role to this object, click Add. In the Find Roles dialog box, select a role, then click Add, and then click OK. The role you added appears in the Permissions dialog box, where you can then enable or disable its permissions. To remove a role, click the role name, and then click Remove. To edit a role s properties, click the role name, and then click Properties. 5 Click OK when you finish modifying permissions.

48 48 Managing roles and permissions Working with permissions

49 Chapter 3 Managing users and user groups This chapter includes the following topics: About managing users and passwords Customizable password policy Creating a new user Creating a user group Editing user properties Modifying user permissions Modifying a user group Deleting a user or a user group About managing users and passwords The Symantec Security Information Manager appliance uses accounts from Linux and the IBM DB2 Service. Both types of accounts use the password that is specified during installation. The default password is password. By default, the installation program creates these Linux accounts: root simuser sesuser default Linux administrative account used by the Information Manager text console process used by the http and the Tomcat processes

50 50 Managing users and user groups About managing users and passwords db2admin dasusr1 symcmgmt used by the database process used for the DB2 Admin Tools database used by the database process Warning: For security, change the Linux passwords periodically, according to your company's security policy. The password for all Linux accounts must be changed using the Change Password option from the Information Manager Web configuration interface. Do not change these account passwords or permissions by standard Linux commands as it may result in errors with appliance operation. Generally, you should not need to create new Linux accounts; however, you may want to create an account with limited permissions to a file share to allow a user or process to copy database and directory service backups. See your Linux documentation for information on how to create Linux accounts. See the Symantec Security Information Manager Installation Guide for information on how to change the password for the Linux accounts. By default, the installation program also creates the Administrator account in the directory service. This account is used for logging in to the Information Manager console and Information Manager Web configuration interface initially. With the proper permissions, you can also create new directory service accounts for users who will use the Information Manager console and Information Manager Web configuration interface. Directory service accounts are for the administrators of your security products, contacts for notifications, or both. Users who are administrators are members of the roles that define their administrative permissions. Users who only receive notifications do not have to be members of a role. When you select Users from the Administration tab on the System page, you can do the following tasks: Creating a new user Editing user properties Modifying user permissions Deleting a user or a user group The Administration tab also lets you create, modify, and delete user groups: Creating a user group Modifying a user group

51 Managing users and user groups Customizable password policy 51 Deleting a user or a user group Customizable password policy Information Manager includes the ability to enforce strong password requirements for all users. As an administrator, you can customize the password policy for Information Manager to match the password standards that apply to your environment. You must provide the LDAP cn=root password to change the password settings. When you change the password policy, any users who have existing passwords that are not in compliance with the new policy are prompted to change their password at the next log on. Note: When you enable the EAL4 password policy and a user locks their account the same day that they change it, you cannot reset the password for 24 hours. This is a result of the "Minimum time between password changes (seconds):" value being defined as 24 hours in the EAL4 password policy. This behavior is expected due to the strict EAL4 password policy definition. If this behavior is not desired, you can choose the Custom password policy option, change the Minimum time between password changes (seconds): setting to a lower value, and save the configuration. The Password Management User Password Settings table includes the following selectable columns: Default EAL4 Custom The default settings used by Information Manager. The settings that comply with Evaluation Assurance Level 4 (EAL4) standards. User-defined settings. Note that if you choose this column but do not change any settings, clicking Save reverts to the policy that was previously enabled. To change the Information Manager password policy 1 Log into the Information Manager Web Configuration interface using administrator credentials, and click Password Management. 2 In the LDAP cn=root password field, type the password, and then click Enter admin mode.

52 52 Managing users and user groups Creating a new user 3 In the password settings tables, choose the type of password management you would like to use. If you choose Custom, configure each option, and place a check in the Password policy enabled: checkbox. 4 Click Save. Creating a new user Use the Create a new User wizard to create a user. The wizard prompts you for the required information that the user needs to log on to Symantec Security Information Manager. It also lets you specify notification information, permissions, and other user properties. The Create a new User wizard is designed for flexibility and to provide multiple ways to collect information. You can supply all pertinent user information at the time that you create the user; alternatively, you can provide only the required information and add more information later by editing the user s properties. See Editing user properties on page 55. To create a new user 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then click Users. 3 On the toolbar, click + (the plus icon). 4 In the first panel of the Create a new User wizard, click Next. 5 In the General panel, do the following, and then click Next: Logon name Last name First name Type the logon name for the new user. Type the user s last name. Type the user s first name. The other fields on this panel are optional. 6 In the Password panel, type a password in the Password text box and type the same characters in the Confirm password box. Then click Next. The password that you choose must comply with the policy settings chosen by the administrator. The password is case sensitive. Green check marks under Password rules indicate that your password meets the requirements.

53 Managing users and user groups Creating a user group 53 7 In the Business panel, specify business information for the user (optional), and then click Next. See Specifying user business and contact information on page In the Contact Information panel, specify contact information for the user (optional), and then click Next. 9 In the Notifications panel, specify addresses and pager numbers for the user, and times when those contacts can be used for notifications (optional). See Specifying notification information on page In the Roles panel, you can assign the user to one or more roles that define the user s permissions. You can also assign or change a user's roles later. See Managing role assignments and properties on page 56. Note that you must create roles before you can assign users to roles. If no roles appear on the Find Roles panel, you have not yet created any roles. See Creating a role on page In the User Groups panel, you can assign the user to one or more user groups. You can also assign users to groups later. See Managing user group assignments on page 57. Note that you must create user groups before you can assign users to groups. If no groups appear on the Find User Groups panel, you have not yet created any groups. See Creating a user group on page In the User Summary panel, review the information that you have specified, and then click Finish. The user properties that are created are shown in the task status list at the bottom of the panel. A green check mark next to a task indicates that it was successfully accomplished. 13 Click Close. Creating a user group After you create users, you can assign them to groups. User groups are particularly useful when you have large numbers of users who need to have the same system roles. You can assign an entire user group to a role, and all of the users in the group will have the rights and permissions that are assigned to that role. Another

54 54 Managing users and user groups Creating a user group reason to implement user groups is to facilitate the auto-assignment of incidents, using correlation rules. The Create a new User Group wizard enables you to create user groups and add users to the groups. You can assign users at the time you create a group, or you can add users to the group later. Note: If you create a user group, and then assign it to a role, all of the users who are currently in the group are assigned to that role. However, if you later add more users to the user group, those users are not automatically added to the role. You must assign each user to the role individually. To create a user group 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then click User Groups. 3 On the toolbar, click + (the plus icon). 4 In the first panel of the Create a new User Group wizard, click Next. 5 In the General panel, type a name and (optional) description for the user group, and then click Next. 6 In the Members panel, click Add. In the Find Users dialog box, the Available users list shows all users for the domain, up to the number of users indicated by the Maximum search count text box. 7 Select one or more users from the Available users list, and then click Add. The users appear in the Selected users list. 8 If you want to review information about a specific user, click the user name, and then click Properties. You can view or change the user's properties, and then click OK. 9 When you finish adding users to the group, click OK. 10 In the Members panel, click Next. 11 In the User Group Summary panel, click Finish. The user group properties that are created are shown in the task status list at the bottom of the panel. A green check mark next to a task indicates that it was successfully accomplished. 12 Click Close.

55 Managing users and user groups Editing user properties 55 Editing user properties After you create a user, you can edit the user properties to perform the following tasks: Changing a user s password Changing a user s password Specifying user business and contact information Managing role assignments and properties Managing user group assignments Specifying notification information Passwords can be changed in the following ways: Users can change their own passwords by using the Change Password option on the Tools menu in the Information Manager console. Administrators can change a user s password by editing the user s properties. To change a user s password 1 On the System page Administration tab, in the left pane, navigate to the relevant domain, and then click Users. 2 In the right pane, right-click the user whose password you want to change, and then select Properties. 3 In the User Properties dialog box, on the Password tab, in the Password text box, type a new password. The password that you choose must comply with the policy settings that are chosen by the administrator. 4 In the Confirm password text box, type the password again to confirm it. 5 Click OK. Specifying user business and contact information In the User Properties dialog box, the Business tab and Contact Information tab let you supply detailed information about the user. You can specify this information when you create a user or by editing an existing user s properties. The choice of a preferred language is particularly important. The preferred language controls the format of currency, date, time, and the use of numerical separators when the user is logged into the Information Manager console.

56 56 Managing users and user groups Editing user properties To specify user business and contact information 1 On the System page Administration tab, in the left pane, navigate to the relevant domain, and then click Users. 2 In the right pane, right-click the user whose information you want to change, and then select Properties. 3 In the User Properties dialog box, on the Business tab, type the business information for the user. 4 To specify the user s preferred language, in the Preferred language drop-down list, select a language. 5 To identify the user s manager, click the browse button (...) next to the Manager text box to display the Find Users dialog box. The manager must exist as a user in the database. 6 In the Find Users dialog box, select the user who is the manager, and then click OK. The Available users list shows all users for the domain, up to the number of users that are indicated by the Maximum search count text box. 7 To identify the user s administrative assistant, click the browse button (...) next to the Administrative assistant text box. In the Find Users dialog box, select the administrative assistant. The administrative assistant must exist as a user in the database. 8 On the Contact Information tab, type the contact information for the user. 9 Click OK. Managing role assignments and properties The roles that a user is assigned define the user s administrative permissions in the console. Roles are product-specific and are created as one or both of the following: Roles that allow the management of policies and configurations for a product Users who are members of these roles can change the security configurations of an integrated product and distribute them to specific computers and organizational units. Roles that allow the viewing of the events that are generated by a product Users who are members of these roles can view alerts and events for a product, and create alerts and customized reports.

57 Managing users and user groups Editing user properties 57 Note: You must be a member of the Domain Administrator role to make a user a member of a role. Also, the role must exist in the database before you can add a user to the role. See Creating a role on page 29. To manage role assignments and properties 1 On the System page Administration tab, in the left pane, navigate to the relevant domain, and then click Users. 2 In the right pane, right-click the user whose information you want to change, and then select Properties. 3 In the User Properties dialog box, on the Roles tab, click Add. 4 In the Find Roles dialog box, from the Look in drop-down list, select the domain in which to find the role. Users can have access to roles in multiple domains. 5 In the Available roles list, select one or more roles, and then click Add. The Find Roles dialog box displays a list of roles only if you are a member of the Domain Administrator role. 6 Click OK. 7 To remove a user from a role, click the role name and then click Remove. This action does not remove the role from the database. 8 To view or edit the properties of a role, click the role name and then click Properties. 9 Use the Editing Role Properties dialog box to make changes to the role, if you want. See Editing role properties on page Click OK until you return to the System page. Managing user group assignments You can modify the composition of a user group by adding users to the group and removing users from the group. You can also view and modify user group properties. You can manage user group assignments in the following ways: Manage one user's assignment by adding to or removing from one or more user groups.

58 58 Managing users and user groups Editing user properties Manage a single user group by adding or removing multiple users at one time. To manage a single user's user group assignments 1 On the System page Administration tab, in the left pane, navigate to the relevant domain, and then click Users. 2 In the right pane, right-click the user whose user group assignment you want to manage, and then select Properties. 3 In the User Properties dialog box, on the User Groups tab, click Add. 4 In the Find User Groups dialog box, from the Look in drop-down list, select the domain in which to find the user group. 5 In the Available user groups list, select one or more user groups, and then click Add. The user groups that you selected appear in the Selected user groups list. 6 Click OK. 7 To remove a user from a user group, click the user group name and then click Remove. This action does not remove the user group from the database. 8 To view or edit the properties of a user group, click the user group name and then click Properties. 9 Use the User Group Properties dialog box to make changes to the user group, if you want. For example, you can add members to the group and remove users from the group. 10 Click OK until you return to the System page. To manage multiple users' user group assignments 1 On the System page Administration tab, in the left pane, navigate to the relevant domain, and then click User Groups. 2 In the right pane, right-click the user group whose membership you want to manage, and then select Properties. 3 In the User Group Properties dialog box, on the Members tab, click Add. 4 In the Find Users dialog box, from the Look in drop-down list, select the domain in which to find the users. 5 In the Available users list, select one or more users, and then click Add. The users that you selected appear in the Selected users list. 6 Click OK.

59 Managing users and user groups Editing user properties 59 7 To remove a user from a user group, click the user name and then click Remove. This action does not remove the user from the database. 8 To view or edit the user's properties, click the user name and then click Properties. 9 Use the User Properties dialog box to make changes to the user, if you want. 10 Click OK until you return to the System page. Specifying notification information When you create custom correlation rules, you can identify users to notify when particular incidents or alerts occur. See Creating a custom rule on page 108. For each user, you can specify the addresses and pager numbers that are used to send these notifications. You can also specify when the user is notified. For example, you can specify one address to be used Monday through Friday from 8:00 A.M. to 5:00 P.M., and a pager to be used during off-hours, namely, Saturday and Sunday, and Monday through Friday after 5 P.M. You can specify the following: addresses Pager numbers The day and the time ranges when the contact method can be used to send a user notifications of alerts The combined number of addresses and pager numbers cannot exceed five. To specify a user s address 1 On the System page Administration tab, in the left pane, navigate to the relevant domain, and then click Users. 2 In the right pane, right-click the user whose address you want to change, and then select Properties. 3 In the User Properties dialog box, on the Notifications tab, in the drop-down list, click . 4 Click Add. 5 In the dialog box, in the address text box, type an address.

60 60 Managing users and user groups Editing user properties 6 If the user receives on a device with a small screen, such as a handheld device, check Send shortened message. This option sends an abbreviated message that is easier to read. 7 Click OK. 8 Specify notification times if desired. 9 Do any of the following: To add additional addresses, repeat steps 4 through 8. To edit an existing address, click it and then click Properties. To remove an existing address, click it and then click Delete. 10 When you finish, click OK. To specify a user s pager number 1 On the System page Administration tab, in the left pane, navigate to the relevant domain, and then click Users. 2 In the right pane, right-click the user whose pager number you want to change, and then select Properties. 3 In the User Properties dialog box, on the Notifications tab, in the drop-down list, click Pager. 4 Click Add. 5 In the Pager dialog box, in the Number text box, type a pager number. 6 In the Notification service drop-down list, select the notification service to use. If you do not see the service that you want to select, you can add it using the Notification Services node in the left pane of the System page. 7 Click OK. 8 Specify notification times if desired. See To specify notification times on page Do any of the following: To add more pager numbers, repeat steps 4 through 8. To edit an existing pager number, click it and then click Properties. To remove an existing pager number, click it and then click Delete. 10 Click OK.

61 Managing users and user groups Modifying user permissions 61 To specify notification times 1 In the User Properties dialog box, on the Notifications tab, click an address or pager number. 2 Using the Day controls, check the days when the contact method can be used to contact the user. 3 Using the From and To controls, specify the range of time when the contact method can be used. 4 Repeat these steps to establish notification times for other addresses and pager numbers. 5 When you finish, click OK. Modifying user permissions When you create a role, permissions are assigned for each user with regard to that role. These permissions control whether role members who log on to the console can view, modify, or delete the user. You can modify these permissions in the following ways: By displaying and editing the roles that contain the permissions. See Modifying access permissions in roles on page 37. By displaying the Permissions dialog for the User container object or an individual user. See Modifying permissions from the Permissions dialog box on page 45. Note: To modify permissions, you must be logged on as a member of the Domain Administrator role. Modifying a user group You can modify a user group by adding and removing members, and by changing the user group name and description. You can also modify individual group members' properties. To modify a user group 1 On the System page Administration tab, in the left pane, navigate to the relevant domain, and then click User Groups. 2 In the right pane, right-click the user group that you want to modify, and then click Properties.

62 62 Managing users and user groups Deleting a user or a user group 3 On the General tab, you can add or change the user group's name and description. 4 On the Members tab, you can do the following: Add members Click Add. In the Find Users dialog box, select one or more users from the Available users list, and then click Add. When you finish adding members, click OK. Remove members Select the member name, and then click Remove. When you finish removing members, click OK. Modify a member's properties Select the member name, and then click Properties. In the User Properties dialog box, use the tabs to modify the properties of individual user group members. When you finish modifying properties, click OK. 5 Click OK. Deleting a user or a user group You can delete users who are no longer participants in your security network. You can also delete the user groups that are no longer needed. To delete a user or a user group 1 On the System page Administration tab, in the left pane, navigate to the relevant domain, and then click Users or User Groups. 2 In the right pane, right-click the user or the user group that you want to delete, and then click Delete. 3 In the confirmation dialog box, click Yes.

63 Chapter 4 Managing organizational units and computers This chapter includes the following topics: About organizational units Managing organizational units Managing computers within organizational units About organizational units Organizational units are a useful way to structure your security environment in Symantec Security Information Manager. Before you create organizational units, it is important that you understand your security network and create a security plan. Organizational units let you group the computers and appliances that you manage. You can then add configurations for the Information Manager components that may be installed on those computers. This enables the distribution of the configurations to all computers and appliances in the organizational unit. Managing organizational units On the Administration tab of the System page, when you select Organizational Units, you can perform the following tasks: Creating a new organizational unit Editing organizational unit properties About modifying organizational unit permissions

64 64 Managing organizational units and computers Managing organizational units Deleting an organizational unit Distributing configurations to computers in an organizational unit Creating a new organizational unit Organizational units are logical groupings. You can create them to organize computers that are in the same physical location or belong to structural groups within your corporation, such as divisions or task groups. However, it is not required that an organizational unit reflect these relationships. You can create all the organizational units that you require at a single level, or you can create a hierarchy of nested organizational units. The combined maximum length of the distinguished name of an organizational unit should be no longer than 170 bytes. Keep in mind that some characters, such as accented characters or Japanese characters, take more space to store. Since the distinguished name of an organizational unit is a concatenation of the names above it in the hierarchy, nesting organizational units with long names can exceed this limit. A screen message informs you if you exceed the limit. To create a new organizational unit 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then click Organizational Units. 3 Do one of the following: To create a new organizational unit at the top level of the tree, click + (the plus icon) on the toolbar. Go to step 4. To create a new organizational unit within an existing organizational unit, expand the organizational unit tree and select the desired level. Then click + (the plus icon) on the toolbar. Go to step 3. 4 In the Computer or Organizational Unit dialog box, click Organizational Unit, and then click OK. 5 In the first panel of the Create a new Organizational Unit wizard, click Next. 6 In the General panel, do the following: In the Organizational Unit name text box, type a name for the organizational unit. In the Description text box, type a description of the organizational unit (optional). 7 Click Next.

65 Managing organizational units and computers Managing organizational units 65 8 In the Organizational Unit Summary panel, review the information that you have specified, and then click Finish. 9 Click Close. Determining organizational unit name length Information Manager imposes limits on the length of the name of an organizational unit and on the total length of the distinguished name that is stored in the security directory. These limits become important when you nest organizational units. The distinguished name for a nested organizational unit includes the following: The name you give the organizational unit when you create it The names of each organizational unit above it in the hierarchy The name of the top node in the organizational unit tree The name of the domain within which you create the organizational unit hierarchy Additional bytes of overhead You can view the distinguished name of an organizational unit by looking at the organizational unit s properties. The maximum length of the name you assign in the Create a new Organizational Unit wizard is 64 UTF-8 bytes. For the Roman character set, this means that the name cannot exceed 64 characters. Some characters take more space to store. For example, accented characters take 2 bytes to store, and Japanese characters take 3 to 4 bytes to store. When these characters are used, fewer characters are allowed in the name. Because Information Manager adds additional information for internal use to the distinguished name, the maximum recommended length of the distinguished name of an organizational unit in the security directory is 170 bytes. If a distinguished name is longer than 256 characters, serious performance issues occur. Table 4-1 describes how to calculate the UTF-8 byte length of the distinguished name of the organizational unit.

66 66 Managing organizational units and computers Managing organizational units Table 4-1 Name string Calculating organizational unit name length Formula and example Domain name length sum(4+domain component name length) + 17 bytes Example: usa.ses 4 + length(usa) + 4 +length(ses) + 17 bytes overhead or = 31 bytes Organizational unit (OU) name length sum(4 + OU name length) + domain name length + 13 bytes For example: Paris OU under the Sales OU in the usa.ses domain 4 + length(paris) length(sales) + domain name length + 13 bytes overhead or = 53 bytes Editing organizational unit properties You can modify an existing organizational unit's description. You cannot change the name or distinguished name of the organizational unit. To edit organizational unit properties 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then expand the Organizational Units navigation tree. 3 Right-click the name of the organizational unit that you want to edit, and then click Properties. 4 In the Organizational Unit Properties dialog box, change the description. 5 When you finish, click OK. About modifying organizational unit permissions When you create a role, permissions are assigned for each organizational unit with regard to that role. These permissions control whether role members who log on to the Information Manager console can view, modify, or delete the organizational unit. You can modify these permissions in the following ways:

67 Managing organizational units and computers Managing computers within organizational units 67 By displaying and editing the roles that contain the permissions. See Modifying access permissions in roles on page 37. By displaying the Permissions dialog for the Organizational Unit container object or an individual organizational unit. See Modifying permissions from the Permissions dialog box on page 45. Note: To modify permissions, you must be logged on as a member of the SES Administrator role or the Domain Administrator role. Deleting an organizational unit Before you can delete an organizational unit, you must move or delete all computers that belong to the organizational unit. See Moving a computer to a different organizational unit on page 80. See Deleting a computer from an organizational unit on page 81. Note: When you delete an organizational unit, all of the organizational units that are below it in the navigational structure are also deleted. To delete an organizational unit 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then expand the Organizational Units navigation tree. 3 Right-click the name of the organizational unit that you want to delete, and then click Delete. 4 To confirm that you want to delete the organizational unit and its subgroups, click Yes. Managing computers within organizational units Organizational units contain computer objects that represent the computers that run your security products. Note: The term "computer" covers a variety of equipment, from traditional desktop computers, to appliances and handheld devices. In the context of the Information Manager console, a computer is any machine that you manage as part of your enterprise security environment.

68 68 Managing organizational units and computers Managing computers within organizational units Computers are placed in organizational units in the following ways: When an agent is installed When you install a collector on a computer, an agent is installed on the computer. It is represented in the Information Manager console as a computer within an organizational unit. In some cases, you can specify the organizational unit for the computer when the agent is installed. If an organizational unit is not specified, the computer is placed in the Default organizational unit. When you create the computer using the Create a new Computer wizard You can use this method to create computers for security products that do not install agents. Note: Do not create a computer using the wizard if you plan to install an Agent on the computer at a later time. If you do, a duplicate instance of the computer will be added to the security directory. A computer can belong to only one organizational unit at a time; however, depending on the requirements of your network, you can easily move computers from one organizational unit to another. When you select a computer in the right pane, you can perform the following tasks: Creating computers within organizational units Editing computer properties Distributing configurations to computers in an organizational unit Moving a computer to a different organizational unit Modifying computer permissions Deleting a computer from an organizational unit Creating computers within organizational units Computers are defined in the security directory as part of the organizational units in which you create them. If you delete a computer from an organizational unit, it is permanently removed from the security directory. To create a computer within an organizational unit 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then expand the Organizational Units navigation tree.

69 Managing organizational units and computers Managing computers within organizational units 69 3 Right-click the name of the organization unit, and then click New>Computer. 4 In the first panel of the Create a new Computer wizard, click Next. 5 In the General panel, do the following, and then click Next: In the Computer name text box, type the computer name. In the Description text box, type a description (optional). 6 In the Information panel, do one of the following: Type information in some or all of the optional text boxes, and then click Next. Click Next. You can supply the information later by editing the computer s properties. 7 In the Identification panel, do one of the following: Provide the host name, IP addresses, and MAC addresses of the computer now, and then click Next. Click Next. You can provide the identification information later by editing the computer s properties. 8 In the Configurations panel, do one of the following: To directly associate configurations with the computer now, click Add. When you are finished, click Next. Click Next. You can add configurations later by editing the computer s properties. 9 In the Computer summary panel, review the information that you have specified, and then click Finish. 10 Click Close. Editing computer properties The computer properties that you can view and change depend on whether an agent is installed on the computer. If the computer has an agent, you can associate configurations with the computer and view the services that are running on the computer. However, you cannot change the identification information for the computer. See Editing a computer that has an agent on page 70. See Viewing the services that are running on a computer on page 77.

70 70 Managing organizational units and computers Managing computers within organizational units If the computer does not have an agent, you can edit the network identification information for the computer. However, you cannot view services that are running on the computer. See Editing a computer that does not have an agent on page 71. See Providing identification information for a computer on page 72. Editing a computer that has an agent When a computer has an agent installed, much of the identification information about the computer is captured as a result of the installation of the agent. You can learn a lot about the computer by viewing the information that is provided by the agent. This information includes the state of the services that are running on the computer and the computer s heartbeat status. You can also specify configurations to be associated with the computer. If the computer is a Information Manager appliance, you can add access to other domains. To edit a computer that has an agent 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then expand the Organizational Units navigation tree. 3 Click the name of the organizational unit that contains the computer to be edited. 4 In the right pane, right-click the name of the computer, and then click Properties. 5 In the Computer Properties dialog box, on the General tab, you can type a new description. 6 On the Information tab, you can modify the Primary Owner and Owner contact information text boxes. The rest of the information is supplied by the agent installation. 7 On the Configurations tab, do any of the following: To directly associate configurations with the computer, click Add. See Associating configurations directly with a computer on page 76. To remove a configuration, select it, and then click Remove. To view a configuration s properties, select it, and then click Properties. See Agent configurations on page 210.

71 Managing organizational units and computers Managing computers within organizational units 71 8 On the Domain Access tab, you can add or remove domain access for the Information Manager appliance. See Adding domain access to an Information Manager appliance on page 78. You can do this only if the computer is an Information Manager appliance and you are logged on as a SES Administrator or a Domain Administrator. 9 You can view information on any of the following tabs: On the Identification tab, view the host name, IP addresses, and MAC addresses of the computer. On the Services tab, view information about the services that are running on the computer. See Viewing the services that are running on a computer on page 77. On the Heartbeat Monitor tab, view the heartbeat status of the services that are running on the computer. 10 Click OK. Editing a computer that does not have an agent When you create a computer using the Create a New Computer wizard, you can modify most of the computer s properties. Services are reported only if an agent is installed on the computer. To edit a computer that does not have an agent 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then expand the Organizational Units navigation tree. 3 Click the name of the organizational unit that contains the computer to be edited. 4 In the right pane, right-click the name of the computer, and then click Properties. 5 In the Computer Properties dialog box, on the General tab, you can type a new description. 6 On the Information tab, modify the text boxes as desired. To enable the Other OS text box, select OTHER from the Operating system type drop-down list. 7 On the Identification tab, change the host name and add or remove IP addresses and MAC addresses, as desired. See Providing identification information for a computer on page 72.

72 72 Managing organizational units and computers Managing computers within organizational units 8 On the Configurations tab, do any of the following: To directly associate configurations with the computer, click Add. See Associating configurations directly with a computer on page 76. To remove a configuration, select it, and then click Remove. To view a configuration s properties, select it, and then click Properties. See Agent configurations on page On the Services tab, view information about the services that are running on the computer. See Viewing the services that are running on a computer on page On the Heartbeat Monitor tab, view the heartbeat status of the services that are running on the computer. 11 Click OK. Providing identification information for a computer After you create a computer using the Create a new Computer wizard, you can provide the network identification information for the computer by editing its properties. When you create a computer by installing a collector, the identification information is supplied automatically by the installation. To provide identification information for a computer 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then expand the Organizational Units navigation tree. 3 Click the name of the organizational unit that contains the computer to be edited. 4 In the right pane, right-click the name of the computer, and then click Properties. 5 In the Computer Properties dialog box, on the Identification tab, in the Host name text box, type a fully qualified domain name or DNS hostname. 6 To add an IP address, under IP addresses, click Add. 7 In the IP addresses dialog box, type the IP address of the computer, and then click OK. 8 If the computer has multiple network interface cards, repeat steps 6 and 7 for each IP address.

73 Managing organizational units and computers Managing computers within organizational units 73 9 To add a MAC address, under MAC addresses, click Add. 10 In the MAC addresses dialog box, type the MAC address of the computer, and then click OK. The MAC address must consist of six hexadecimal pairs. 11 If the computer has multiple network interface cards, repeat steps 9 and 10 for each MAC address. 12 Click OK. Using the Visualizer The Visualizer provides a convenient way to view your Symantec Security Information Manager environment, including the computers that are assigned to organizational units. You can use it to monitor EPS rates and CPU usage on your network devices. You can also view and modify properties of elements such as Information Manager appliances and agents. About the Visualizer The Visualizer provides a graphical view of your Information Manager environment. When you click the Visualizer tab on the System page, you will see a set of icons that represent such elements as correlation appliances, collection appliances, agents, and directories. The Icons tab in the Legend pane illustrates and defines each type of icon that can appear in the diagram. Colored lines join elements to indicate the nature of their interactions. For example, a green line appears between an appliance and its event archive. A blue line indicates that event forwarding is configured between a collection appliance and the correlation appliance, and the arrow shows the direction in which the event data flows. To see an explanation of each color, click the Edges tab in the Legend pane. You can place the icons where you want them by dragging them with the mouse. The associated text moves with the icon. You can also move the text to a different position relative to its icon. Click and hold the mouse over the text, and then move the mouse. Empty text boxes appear on each side of the icon. Drag the text into one of the boxes and release the mouse. The toolbar includes tools to help you examine the graphic. These tools are defined in Table 4-2.

74 74 Managing organizational units and computers Managing computers within organizational units Table 4-2 Tool Layout menu Refresh Zoom in Zoom out Zoom selected Fit to window Save as Print Table view Visualizer tools Purpose Use this drop-down menu to select a display format, such as Organic or Circular. Click the Refresh icon to update the display after you make configuration changes. For example, after you add a collector, clicking Refresh to will re-draw the diagram and show a new icon for the added collector. Enlarge the diagram. Make the diagram smaller. Select a portion of the diagram by clicking the mouse and dragging a box around the desired area. Then click the Zoom selected icon to enlarge the area that you selected. This option returns the diagram to its original size, to fit the entire diagram in the right pane of the System page. This option lets you save the information in the diagram as an XML file. Symantec Technical Support may request this file to assist in troubleshooting. This option lets you print the diagram. On the Print Options dialog, you can select the height (Poster Rows) and width (Poster Columns) if you are printing a very large diagram. The default setting (1 poster row and 1 poster column) prints the entire diagram on a single page. This option displays a table with one row for each element that is involved in processing events. The table dynamically displays such information as events per second (EPS) and the total number of events that have been processed by the element since it was last started. A green check mark means that the element is running; a red X means that the element is not responding. The colored dots that appear next to some elements indicate the activity level of these elements. Some dots reflect the volume of events per second (EPS), and other dots reflect the percentage of appliance CPU in use. The meaning of each color is explained below. EPS Green = less than or equal to 2.5 K Yellow = 2.5 K to 5 K Red = greater than 5 K

75 Managing organizational units and computers Managing computers within organizational units 75 CPU usage Green = less than 60% Yellow = 60% to 80% Red = greater than 80% Viewing and modifying element properties You can view the properties of many of the elements in the Visualizer diagram. You can also modify some of these properties. The same properties are also accessible through other tabs on the System page. You use these tabs to add and delete elements, such as collectors. After you add an element, you distribute it, which makes the element appear in the Visualizer. Table 4-3 explains how to access each of the element categories on other System page tabs. Table 4-3 Category Computers Accessing element properties on System page tabs How to access This category includes appliances, agents, and collectors. Select Administration tab > Organizational Units. Select an organizational unit. In the list in the right pane, double-click the name of a computer. A dialog box displays the computer's properties. For more information about modifying these properties and about adding new computers, see the section on organizational units. Directories Select Administration tab > Directories. In the list in the right pane, double-click the name of a directory. A dialog box displays the directory's properties. Products This category includes products such as collectors and firewalls. Select Product Configurations tab. In the left pane, click the name of a product. The right pane displays the product's properties.

76 76 Managing organizational units and computers Managing computers within organizational units To view and modify element properties 1 On the System page of the Information Manager console, click the Visualizer tab. 2 Right-click on an icon in the diagram, and then click Properties. A dialog box displays a set of tabs that let you access the element's properties. The displayed properties depend on the type of element that you selected. For example, a collection appliance has different properties than an agent. 3 View and modify any of the available properties in the dialog box, using the tabs to navigate through the properties. 4 When you finish viewing and modifying properties, click OK. Associating configurations directly with a computer The behavior of Information Manager components is controlled by the configurations. To distribute configurations, you can associate a configuration with a computer. You can then distribute the configuration, either immediately or at a later date, depending on your needs. To associate configurations directly with the computer 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then expand the Organizational Units navigation tree. 3 Click the name of the organizational unit that contains the computer that you want to edit. 4 In the right pane, right-click the name of the computer, and then click Properties. 5 In the Computer Properties dialog box, on the Configurations tab, click Add. 6 In the Find Configurations dialog box, in the Look-in drop-down list, select the product whose configurations you want to associate with the organizational unit. The configurations are displayed in the Available configurations list. 7 In the Available configurations list, select a configuration, and then click Add. The selected configuration is listed in the Selected configuration list. If the computer already contains a configuration, and you now select a different configuration, the new configuration replaces the old one.

77 Managing organizational units and computers Managing computers within organizational units 77 8 To select a configuration for a different product, repeat steps 6 and 7. 9 When you finish adding configurations, click OK. 10 In the Organizational Unit Properties dialog box, do any of the following: To remove a configuration, select it, and then click Remove. To view a configuration s properties, select it, and then click Properties. 11 Click OK. Viewing the services that are running on a computer You can view information about the services that are running on a computer, such as what configurations are in use, and whether the configurations are up to date. To view the services that are running on a computer 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then expand the Organizational Units navigation tree. 3 In the left pane, select the organizational unit that contains the computer whose services you want to view. 4 In the right pane, right-click the computer name, and then click Properties. 5 In the Computer Properties dialog box, on the Services tab, review the In Sync column to determine whether the correct configurations are being used. If the value for a specific service is Yes, the current configuration and the expected configuration are synchronized, that is, they are identical. If the value for a specific service is No, the configurations are not synchronized. Double-click the row to view the information on the Configuration tab of the Service Properties dialog box. You may need to distribute the latest configurations to this computer. See step 6. If this field is blank, it is probably because the service is not configurable. Check the Configurable column; if the value is No, the In Sync field is always blank. 6 You may do either of the following: In the Computer Properties dialog box, to notify the computer that it should download new configurations, click Distribute. Then click Yes to confirm your intention to distribute configurations.

78 78 Managing organizational units and computers Managing computers within organizational units To refresh the Computer Properties dialog box display, click Refresh. 7 When you finish, click OK. Adding domain access to an Information Manager appliance By default, a computer has access to the domain in which it was created. If the computer is an Information Manager appliance, you can give it access to more than one domain. The following are examples of when you should grant domain access to an Information Manager appliance: If you create an alert configuration and add notification to users in another domain, you must give each Information Manager appliance in your top domain access to this domain so that it can do directory lookups. If you want to deploy Information Manager appliance extensions across domains, you must ensure that the Information Manager appliances in each domain have access to each other. If you monitor heartbeat for Information Manager appliances across domains, you must configure the Information Manager appliances in both the local and the remote domain to have access to each other. This is because the master heartbeat machines in different domains contact each other to share heartbeat information across domains. To add domain access to an Information Manager appliance 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then expand the Organizational Units navigation tree. 3 In the left pane, select the organizational unit that contains the desired appliance. 4 In the right pane, right-click the appliance name, and then click Properties. 5 In the Computer Properties dialog box, on the Domain Access tab, click Add. 6 In the Find Domains dialog box, do the following: In the Available domains list, select one or more domains. Click Add. The domains appear in the Selected domains list. Click OK. 7 In the Computer Properties dialog box, on the Domain Access tab, do any of the following, as needed:

79 Managing organizational units and computers Managing computers within organizational units 79 To remove a domain, select it, and then click Remove. You cannot remove domain access to the domain in which the computer resides. To view a domain s properties, select it, and then click Properties. 8 Click OK. Distributing configurations to computers in an organizational unit Information Manager includes a Distribute option, which sends a message to the computers in the organizational unit to check for new configurations. When a computer receives this message, it contacts Information Manager to request a download of the configurations. Using the Distribute feature is optional. When you change a product configuration or move a computer to a different organizational unit, the change is distributed when you click Save. There are the following ways to distribute configurations to computers in an organizational unit: You can distribute the configurations that are associated with an organizational unit to all computers that belong to the organizational unit. You can select specific computers to receive the latest configurations. Note: The timing of configuration distribution varies depending on the amount of Information Manager traffic. To distribute configurations to all computers in an organizational unit 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then expand the Organizational Units navigation tree. 3 Right-click the name of the organizational unit to which you want to distribute configurations, and then click Distribute. To distribute configurations to selected computers in an organizational unit 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then expand the Organizational Units navigation tree. 3 In the left pane, select the organizational unit that contains the computer or computers to which you want to distribute configurations.

80 80 Managing organizational units and computers Managing computers within organizational units 4 In the right pane, select only those computers that you want to notify. 5 Right-click on the selected computers, and then click Distribute. 6 To confirm your intention to distribute configurations, click Yes. Moving a computer to a different organizational unit Although a computer can only belong to one organizational unit, you can move computers from one organizational unit to another. Warning: Before you move a computer, make sure that moving computers is supported by the security products that you are managing. To move a computer to a different organizational unit 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then expand the Organizational Units navigation tree. 3 In the left pane, select the organizational unit that contains the computer or computers that you want to move. 4 In the right pane, right-click a computer, and then click Move. You may select multiple computers if you want to move all of them to the same organizational unit. 5 To confirm that you want to move the computers, click Yes. 6 In the Find Organizational Units dialog box, select the organizational unit to which you want to move the computers, and then click OK. 7 To verify that the move was successful, in the left pane, select the organizational unit to which you moved the computers. Look at the right pane to see if the computers that you moved are now in the list. Modifying computer permissions If you move a computer that is an Information Manager appliance, you may have to log on again before you will see the computer in the organizational unit. Agents that connect to the Information Manager appliance may need to be restarted. When you create a role, permissions are assigned for each computer with regard to that role. These permissions control whether role members who log on to the Information Manager console can view, modify, or move the computer.

81 Managing organizational units and computers Managing computers within organizational units 81 To modify the permissions for a computer, you must display the Permissions dialog for the computer. You cannot modify permissions for computers using the Role Properties dialog box. See Modifying permissions from the Permissions dialog box on page 45. Note: To modify permissions, you must be logged on as a member of the Domain Administrator role. Deleting a computer from an organizational unit If you want to delete an organizational unit, you must first remove any computers within the organizational unit by moving them or deleting them. You may also want to delete a computer that you no longer want to have under Information Manager management. If the computer was created by installing an agent as part of a security product installation, you should uninstall the security product before you delete the computer. See Creating computers within organizational units on page 68. Deleting a computer from an organizational unit removes it from the security directory. Warning: Be aware that if you delete a computer that is an Information Manager appliance, you cannot add it to an organizational unit again without first doing some extra steps. To restore a deleted appliance to the security directory, you must either re-register the deleted appliance with the security directory in which it was previously registered or re-install the Information Manager appliance. To delete a computer from an organizational unit 1 In the Information Manager console, click System. 2 On the Administration tab, in the left pane, navigate to the relevant domain, and then expand the Organizational Units navigation tree. 3 In the left pane, select the organizational unit that contains the computer that you want to delete. 4 In the right pane, right-click the computer name, and then click Delete. 5 To confirm your intention to delete the computer from the organizational unit, click Yes.

82 82 Managing organizational units and computers Managing computers within organizational units

83 Section 3 Information Manager as a Service Provider Configuring a Service Provider environment

84 84

85 Chapter 5 Configuring a Service Provider environment This chapter includes the following topics: Service Provider overview Responding to a client incident Setting up a Service Provider environment Disconnecting a client from a Service Provider Master Service Provider overview Information Manager can be used to offer security incident management services to multiple business clients and physical locations. In a service provider context, Information Manager can be used to gather, correlate, monitor, and initiate resolution of security incidents in real time. An instance of Information Manager that is configured as a service provider can also create and work with tickets, as well as generate and deliver custom reports. Using Information Manager in a service provider context has the following minimum requirements: For a service provider client, at least one instance of Information Manager must be configured to monitor and correlate security events, and then forward the resulting incidents. A copy of the incidents that are created at the client correlation appliance is forwarded to the Service Provider Master. For a service provider, at least one instance of Information Manager must be configured as a Service Provider Master. The Service Provider Master receives a copy of incident data that the client appliance(s) forwards. Using the Information Manager console, a Service Provider Master provides a centralized

86 86 Configuring a Service Provider environment Service Provider overview view of all of the incidents that are generated by each client. If the service provider uses more than one Information Manager Service Provider Master to manage clients, each Service Provider Master operates independently from any other Service Provider appliances. Note: If you use an instance of Information Manager as a Service Provider Master, you should use an additional instance of Information Manager to manage security for the Service Provider Master. A Service Provider Master should forward its own security events to another instance of Information Manager for correlation and incident management. This instance of Information Manager can be closer to the minimum requirements for instances of Information Manager if it is dedicated primarily to event correlation for the Service Provider Master. Figure 5-1 displays a conceptual overview of the relationship between multiple clients that use instances of Information Manager and an incident management service that uses a Service Provider Master appliance. Each client maintains their own event and incident management policies and topologies; the only requirement is that the client configure the primary correlation appliance to forward to the Service Provider Master any incidents that are generated.

87 Configuring a Service Provider environment Service Provider overview 87 Figure 5-1 Service Provider examples Note: In some client environments, a secondary correlation appliance can be set up for data redundancy. The secondary correlation appliance can also be configured as a Service Provider client that forwards incident data to the Service Provider Master. From the Service Provider Master perspective, these two appliances are completely independent of each other. If there are multiple correlation appliances for a single client, each appliance uses its own domain information. Understanding a service provider environment from a client perspective When a client uses the services of an Information Manager service provider, the client environment is configured as a completely autonomous Information Manager solution. All raw event data is gathered, stored, managed, and correlated within

Symantec Security Information Manager 4.5 Administrator's Guide

Symantec Security Information Manager 4.5 Administrator's Guide Symantec Security Information Manager 4.5 Administrator's Guide Symantec Security Information Manager 4.5 Administrator's Guide The software described in this book is furnished under a license agreement

More information

Symantec Security Information Manager 4.8 Release Notes

Symantec Security Information Manager 4.8 Release Notes Symantec Security Information Manager 4.8 Release Notes Symantec Security Information Manager 4.8 Release Notes The software described in this book is furnished under a license agreement and may be used

More information

Symantec Critical System Protection Agent Event Viewer Guide

Symantec Critical System Protection Agent Event Viewer Guide Symantec Critical System Protection Agent Event Viewer Guide Symantec Critical System Protection The software described in this book is furnished under a license agreement and may be used only in accordance

More information

Symantec Security Information Manager 4.7.4 Administrator Guide

Symantec Security Information Manager 4.7.4 Administrator Guide Symantec Security Information Manager 4.7.4 Administrator Guide Symantec Security Information Manager 4.7.4 Administrator Guide The software described in this book is furnished under a license agreement

More information

Symantec Critical System Protection Configuration Monitoring Edition Release Notes

Symantec Critical System Protection Configuration Monitoring Edition Release Notes Symantec Critical System Protection Configuration Monitoring Edition Release Notes Symantec Critical System Protection Configuration Monitoring Edition Release Notes The software described in this book

More information

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference Symantec Event Collector 4.3 for Microsoft Windows Quick Reference Symantec Event Collector for Microsoft Windows Quick Reference The software described in this book is furnished under a license agreement

More information

Symantec Security Information Manager - Best Practices for Selective Backup and Restore

Symantec Security Information Manager - Best Practices for Selective Backup and Restore Symantec Security Information Manager - Best Practices for Selective Backup and Restore Symantec Security Information Manager - Best practices for selective backup and restore The software described in

More information

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Symantec Backup Exec System Recovery Granular Restore Option User's Guide Symantec Backup Exec System Recovery Granular Restore Option User's Guide Symantec Backup Exec System Recovery Granular Restore Option User's Guide The software described in this book is furnished under

More information

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide The software described in this book is furnished

More information

Symantec Critical System Protection Agent Event Viewer Guide

Symantec Critical System Protection Agent Event Viewer Guide Symantec Critical System Protection Agent Event Viewer Guide Symantec Critical System Protection Agent Event Viewer Guide The software described in this book is furnished under a license agreement and

More information

Symantec LiveUpdate Administrator. Getting Started Guide

Symantec LiveUpdate Administrator. Getting Started Guide Symantec LiveUpdate Administrator Getting Started Guide Symantec LiveUpdate Administrator Getting Started Guide The software described in this book is furnished under a license agreement and may be used

More information

Symantec Enterprise Security Manager Modules for Sybase Adaptive Server Enterprise Release Notes 3.1.0

Symantec Enterprise Security Manager Modules for Sybase Adaptive Server Enterprise Release Notes 3.1.0 Symantec Enterprise Security Manager Modules for Sybase Adaptive Server Enterprise Release Notes 3.1.0 Release 3.1.0 for Symantec ESM 6.5.x and 9.0.1 Symantec Enterprise Security Manager Modules for Sybase

More information

Symantec Event Collector for Kiwi Syslog Daemon version 3.7 Quick Reference

Symantec Event Collector for Kiwi Syslog Daemon version 3.7 Quick Reference Symantec Event Collector for Kiwi Syslog Daemon version 3.7 Quick Reference Symantec Event Collector for Kiwi Syslog Daemon Quick Reference The software described in this book is furnished under a license

More information

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide Legal Notice Copyright 2006 Symantec Corporation. All rights reserved. Federal acquisitions: Commercial Software - Government

More information

Veritas Cluster Server Application Note: High Availability for BlackBerry Enterprise Server

Veritas Cluster Server Application Note: High Availability for BlackBerry Enterprise Server Veritas Cluster Server Application Note: High Availability for BlackBerry Enterprise Server Windows Server 2003, Windows Server 2008 5.1 Service Pack 1 Veritas Cluster Server Application Note: High Availability

More information

Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide

Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide The software described in this book is furnished under

More information

Symantec Security Information Manager 4.8 User Guide

Symantec Security Information Manager 4.8 User Guide Symantec Security Information Manager 4.8 User Guide Symantec Security Information Manager User Guide The software described in this book is furnished under a license agreement and may be used only in

More information

Symantec Protection Center Enterprise 3.0. Release Notes

Symantec Protection Center Enterprise 3.0. Release Notes Symantec Protection Center Enterprise 3.0 Release Notes Symantec Protection Center Enterprise 3.0 Release Notes The software described in this book is furnished under a license agreement and may be used

More information

Symantec Mobile Management for Configuration Manager

Symantec Mobile Management for Configuration Manager Symantec Mobile Management for Configuration Manager Replication Services Installation Guide 7.5 Symantec Mobile Management for Configuration Manager: Replication Services Installation Guide The software

More information

Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc

Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc The software described

More information

Veritas Cluster Server Getting Started Guide

Veritas Cluster Server Getting Started Guide Veritas Cluster Server Getting Started Guide Windows Server 2003, Windows Server 2008 5.1 Service Pack 2 21101490 Veritas Cluster Server Getting Started Guide The software described in this book is furnished

More information

Symantec NetBackup Desktop and Laptop Option README. Release 6.1 MP7

Symantec NetBackup Desktop and Laptop Option README. Release 6.1 MP7 TM Symantec NetBackup Desktop and Laptop Option README Release 6.1 MP7 2 The software described in this document is furnished under a license agreement and may be used only in accordance with the terms

More information

Veritas Operations Manager Package Anomaly Add-on User's Guide 4.1

Veritas Operations Manager Package Anomaly Add-on User's Guide 4.1 Veritas Operations Manager Package Anomaly Add-on User's Guide 4.1 November 2011 Veritas Operations Manager Package Anomaly Add-on User's Guide The software described in this book is furnished under a

More information

Symantec Enterprise Security Manager Oracle Database Modules Release Notes. Version: 5.4

Symantec Enterprise Security Manager Oracle Database Modules Release Notes. Version: 5.4 Symantec Enterprise Security Manager Oracle Database Modules Release Notes Version: 5.4 Symantec Enterprise Security Manager Oracle Database Modules Release Notes The software described in this book is

More information

Symantec Client Firewall Policy Migration Guide

Symantec Client Firewall Policy Migration Guide Symantec Client Firewall Policy Migration Guide Symantec Client Firewall Policy Migration Guide The software described in this book is furnished under a license agreement and may be used only in accordance

More information

Veritas Operations Manager LDom Capacity Management Add-on User's Guide 4.1

Veritas Operations Manager LDom Capacity Management Add-on User's Guide 4.1 Veritas Operations Manager LDom Capacity Management Add-on User's Guide 4.1 November 2011 Veritas Operations Manager LDom Capacity Management Add-on User's Guide The software described in this book is

More information

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide Altiris IT Analytics Solution 7.1 from Symantec User Guide The software described in this book is furnished under a license agreement and

More information

Symantec Response Assessment module Installation Guide. Version 9.0

Symantec Response Assessment module Installation Guide. Version 9.0 Symantec Response Assessment module Installation Guide Version 9.0 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

More information

Symantec NetBackup OpenStorage Solutions Guide for Disk

Symantec NetBackup OpenStorage Solutions Guide for Disk Symantec NetBackup OpenStorage Solutions Guide for Disk UNIX, Windows, Linux Release 7.6 Symantec NetBackup OpenStorage Solutions Guide for Disk The software described in this book is furnished under a

More information

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide The software described in this book is furnished

More information

Symantec Endpoint Protection Shared Insight Cache User Guide

Symantec Endpoint Protection Shared Insight Cache User Guide Symantec Endpoint Protection Shared Insight Cache User Guide Symantec Endpoint Protection Shared Insight Cache User Guide The software described in this book is furnished under a license agreement and

More information

Symantec Mobile Security Manager Administration Guide

Symantec Mobile Security Manager Administration Guide Symantec Mobile Security Manager Administration Guide Symantec Mobile Security Manager The software described in this book is furnished under a license agreement and may be used only in accordance with

More information

Symantec System Recovery 2013 Management Solution Administrator's Guide

Symantec System Recovery 2013 Management Solution Administrator's Guide Symantec System Recovery 2013 Management Solution Administrator's Guide Symantec System Recovery 2013 Management Solution Administrator's Guide The software described in this book is furnished under a

More information

Symantec Event Collector for Cisco NetFlow version 3.7 Quick Reference

Symantec Event Collector for Cisco NetFlow version 3.7 Quick Reference Symantec Event Collector for Cisco NetFlow version 3.7 Quick Reference Symantec Event Collector for Cisco NetFlow Quick Reference The software described in this book is furnished under a license agreement

More information

Symantec NetBackup Backup, Archive, and Restore Getting Started Guide. Release 7.5

Symantec NetBackup Backup, Archive, and Restore Getting Started Guide. Release 7.5 Symantec NetBackup Backup, Archive, and Restore Getting Started Guide Release 7.5 Symantec NetBackup Backup, Archive, and Restore Getting Started Guide The software described in this book is furnished

More information

Symantec Data Center Security: Server Advanced v6.0. Agent Guide

Symantec Data Center Security: Server Advanced v6.0. Agent Guide Symantec Data Center Security: Server Advanced v6.0 Agent Guide Symantec Data Center Security: Server Advanced Agent Guide The software described in this book is furnished under a license agreement and

More information

Symantec Security Information Manager 4.7.4 Release Notes

Symantec Security Information Manager 4.7.4 Release Notes Symantec Security Information Manager 4.7.4 Release Notes Symantec Security Information Manager 4.7.4 Release Notes The software described in this book is furnished under a license agreement and may be

More information

Symantec Enterprise Security Manager Patch Policy Release Notes

Symantec Enterprise Security Manager Patch Policy Release Notes Symantec Enterprise Security Manager Patch Policy Release Notes Symantec Enterprise Security Manager Patch Policy Release Notes The software described in this book is furnished under a license agreement

More information

Backup Exec Cloud Storage for Nirvanix Installation Guide. Release 2.0

Backup Exec Cloud Storage for Nirvanix Installation Guide. Release 2.0 Backup Exec Cloud Storage for Nirvanix Installation Guide Release 2.0 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the

More information

Symantec Virtual Machine Management 7.1 User Guide

Symantec Virtual Machine Management 7.1 User Guide Symantec Virtual Machine Management 7.1 User Guide Symantec Virtual Machine Management 7.1 User Guide The software described in this book is furnished under a license agreement and may be used only in

More information

Altiris Asset Management Suite 7.1 from Symantec User Guide

Altiris Asset Management Suite 7.1 from Symantec User Guide Altiris Asset Management Suite 7.1 from Symantec User Guide Altiris Asset Management Suite 7.1 from Symantec User Guide The software described in this book is furnished under a license agreement and may

More information

Symantec Security Information Manager 4.7.4 User Guide

Symantec Security Information Manager 4.7.4 User Guide Symantec Security Information Manager 4.7.4 User Guide Symantec Security Information Manager 4.7.4 User Guide The software described in this book is furnished under a license agreement and may be used

More information

Symantec Mobile Management 7.2 MR1Quick-start Guide

Symantec Mobile Management 7.2 MR1Quick-start Guide Symantec Mobile Management 7.2 MR1Quick-start Guide Symantec Mobile Management 7.2 MR1 Quick-start Guide The software described in this book is furnished under a license agreement and may be used only

More information

Symantec Security Information Manager 4.5 Installation Guide

Symantec Security Information Manager 4.5 Installation Guide Symantec Security Information Manager 4.5 Installation Guide PN: 10912602 Symantec Security Information Manager 4.5 Installation Guide The software described in this book is furnished under a license agreement

More information

Configuring Symantec AntiVirus for NetApp Storage system

Configuring Symantec AntiVirus for NetApp Storage system Configuring Symantec AntiVirus for NetApp Storage system Configuring Symantec AntiVirus for NetApp Storage system The software described in this book is furnished under a license agreement and may be used

More information

Email Encryption. Administrator Guide

Email Encryption. Administrator Guide Email Encryption Administrator Guide Email Encryption Administrator Guide Documentation version: 1.0 Legal Notice Copyright 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo,

More information

Altiris Asset Management Suite 7.1 SP2 from Symantec User Guide

Altiris Asset Management Suite 7.1 SP2 from Symantec User Guide Altiris Asset Management Suite 7.1 SP2 from Symantec User Guide Altiris Asset Management Suite 7.1 SP2 from Symantec User Guide The software described in this book is furnished under a license agreement

More information

Symantec NetBackup Vault Operator's Guide

Symantec NetBackup Vault Operator's Guide Symantec NetBackup Vault Operator's Guide UNIX, Windows, and Linux Release 7.5 Symantec NetBackup Vault Operator's Guide The software described in this book is furnished under a license agreement and may

More information

Symantec Protection Engine for Cloud Services 7.0 Release Notes

Symantec Protection Engine for Cloud Services 7.0 Release Notes Symantec Protection Engine for Cloud Services 7.0 Release Notes Symantec Protection Engine for Cloud Services Release Notes The software described in this book is furnished under a license agreement and

More information

Symantec System Recovery 2011 Management Solution Administrator's Guide

Symantec System Recovery 2011 Management Solution Administrator's Guide Symantec System Recovery 2011 Management Solution Administrator's Guide Symantec System Recovery 2011 Management Solution Administrator's Guide The software described in this book is furnished under a

More information

Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide

Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide Altiris Patch Management Solution for Windows 7.5 SP1 from Symantec User Guide The software described in this book is

More information

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide for Windows Release 7.5 Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide The software described in this

More information

Symantec Security Information Manager 4.5 Reporting Guide

Symantec Security Information Manager 4.5 Reporting Guide Symantec Information Manager 4.5 Reporting Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation

More information

Symantec ApplicationHA agent for SharePoint Server 2010 Configuration Guide

Symantec ApplicationHA agent for SharePoint Server 2010 Configuration Guide Symantec ApplicationHA agent for SharePoint Server 2010 Configuration Guide Windows on Hyper-V 6.1 February 2014 Symantec ApplicationHA agent for SharePoint Server 2010 Configuration Guide The software

More information

Symantec NetBackup for Lotus Notes Administrator's Guide

Symantec NetBackup for Lotus Notes Administrator's Guide Symantec NetBackup for Lotus Notes Administrator's Guide for UNIX, Windows, and Linux Release 7.5 Symantec NetBackup for Lotus Notes Administrator's Guide The software described in this book is furnished

More information

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide for Windows Release 7.6 Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide The software described in this

More information

Altiris Patch Management Solution for Windows 7.1 SP2 from Symantec User Guide

Altiris Patch Management Solution for Windows 7.1 SP2 from Symantec User Guide Altiris Patch Management Solution for Windows 7.1 SP2 from Symantec User Guide Altiris Patch Management Solution for Windows 7.1 SP2 from Symantec User Guide The software described in this book is furnished

More information

Symantec ApplicationHA agent for Microsoft Exchange 2010 Configuration Guide

Symantec ApplicationHA agent for Microsoft Exchange 2010 Configuration Guide Symantec ApplicationHA agent for Microsoft Exchange 2010 Configuration Guide Windows on Hyper-V 6.1 February 2014 Symantec ApplicationHA agent for Microsoft Exchange 2010 Configuration Guide The software

More information

Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide

Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide Windows Server 2003, Windows Server 2008 and 2008 R2 6.0 September 2011 Symantec ApplicationHA Agent for

More information

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide The software described in this book is furnished

More information

Veritas Operations Manager Release Notes. 3.0 Rolling Patch 1

Veritas Operations Manager Release Notes. 3.0 Rolling Patch 1 Veritas Operations Manager Release Notes 3.0 Rolling Patch 1 Veritas Operations Manager Release Notes The software described in this book is furnished under a license agreement and may be used only in

More information

Veritas Operations Manager Advanced 5.0 HSCL Pack 1 Release Notes

Veritas Operations Manager Advanced 5.0 HSCL Pack 1 Release Notes Veritas Operations Manager Advanced 5.0 HSCL Pack 1 Release Notes November 2012 Veritas Operations Manager Advanced Release Notes The software described in this book is furnished under a license agreement

More information

Symantec Protection for SharePoint Servers 6.0.4 Implementation Guide

Symantec Protection for SharePoint Servers 6.0.4 Implementation Guide Symantec Protection for SharePoint Servers 6.0.4 Implementation Guide for Microsoft SharePoint 2003/2007 Symantec Protection for SharePoint Servers Implementation Guide The software described in this book

More information

Symantec ApplicationHA agent for Internet Information Services Configuration Guide

Symantec ApplicationHA agent for Internet Information Services Configuration Guide Symantec ApplicationHA agent for Internet Information Services Configuration Guide Windows on Hyper-V 6.1 February 2014 Symantec ApplicationHA agent for Internet Information Services Configuration Guide

More information

Symantec Critical System Protection 5.2.9 Agent Guide

Symantec Critical System Protection 5.2.9 Agent Guide Symantec Critical System Protection 5.2.9 Agent Guide Symantec Critical System Protection Agent Guide The software described in this book is furnished under a license agreement and may be used only in

More information

Symantec Management Platform Installation Guide. Version 7.0

Symantec Management Platform Installation Guide. Version 7.0 Symantec Management Platform Installation Guide Version 7.0 Symantec Management Platform Installation Guide The software described in this book is furnished under a license agreement and may be used only

More information

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide Symantec Database Security and Audit 3100 Series Appliance Getting Started Guide Symantec Database Security and Audit 3100 Series Getting Started Guide The software described in this book is furnished

More information

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Windows Server 2003, Windows Server 2008 5.1 Service Pack 1 Veritas Cluster Server Database Agent for Microsoft SQL Configuration

More information

Symantec Secure Email Proxy Administration Guide

Symantec Secure Email Proxy Administration Guide Symantec Secure Email Proxy Administration Guide Documentation version: 4.4 (2) Legal Notice Copyright 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo

More information

Recovering Encrypted Disks Using Windows Preinstallation Environment. Technical Note

Recovering Encrypted Disks Using Windows Preinstallation Environment. Technical Note Recovering Encrypted Disks Using Windows Preinstallation Environment Technical Note Preface Documentation version Documentation version: 11.0, Release Date: Legal Notice Copyright Symantec Corporation.

More information

Symantec Enterprise Vault Technical Note

Symantec Enterprise Vault Technical Note Symantec Enterprise Vault Technical Note Configuring Internal and External WebApp URLs for OWA 2007 SP4 and later Symantec Enterprise Vault: Configuring Internal and External WebApp URLs for OWA The software

More information

Altiris Monitor Solution for Servers 7.5 from Symantec User Guide

Altiris Monitor Solution for Servers 7.5 from Symantec User Guide Altiris Monitor Solution for Servers 7.5 from Symantec User Guide Altiris Monitor Solution for Servers 7.5 from Symantec User Guide The software described in this book is furnished under a license agreement

More information

Symantec Enterprise Security Manager Modules. Release Notes

Symantec Enterprise Security Manager Modules. Release Notes Symantec Enterprise Security Manager Modules for MS SQL Server Databases Release Notes Release 4.1 for Symantec ESM 9.0.x and 10.0 For Windows 2000/2008 and Windows Server 2003 Symantec Enterprise Security

More information

Symantec Event Collector 3.6 for Blue Coat Proxy Quick Reference

Symantec Event Collector 3.6 for Blue Coat Proxy Quick Reference Symantec Event Collector 3.6 for Blue Coat Proxy Quick Reference Symantec Event Collector for Blue Coat Proxy Quick Reference The software described in this book is furnished under a license agreement

More information

Symantec Event Collector 4.3 for SNARE for Windows Quick Reference

Symantec Event Collector 4.3 for SNARE for Windows Quick Reference Symantec Event Collector 4.3 for SNARE for Windows Quick Reference Symantec Event Collector for SNARE for Windows Quick Reference The software described in this book is furnished under a license agreement

More information

Symantec AntiVirus Corporate Edition Administrator's Guide

Symantec AntiVirus Corporate Edition Administrator's Guide Symantec AntiVirus Corporate Edition Administrator's Guide Symantec AntiVirus Corporate Edition Administrator's Guide The software described in this book is furnished under a license agreement and may

More information

Symantec NetBackup for DB2 Administrator's Guide

Symantec NetBackup for DB2 Administrator's Guide Symantec NetBackup for DB2 Administrator's Guide UNIX, Windows, and Linux Release 7.5 Symantec NetBackup for DB2 Administrator's Guide The software described in this book is furnished under a license agreement

More information

Altiris Monitor Solution for Servers 7.1 SP1from Symantec User Guide

Altiris Monitor Solution for Servers 7.1 SP1from Symantec User Guide Altiris Monitor Solution for Servers 7.1 SP1from Symantec User Guide Altiris Monitor Solution for Servers 7.1 SP1from Symantec User Guide The software described in this book is furnished under a license

More information

Veritas Cluster Server Library Management Pack Guide for Microsoft System Center Operations Manager 2007

Veritas Cluster Server Library Management Pack Guide for Microsoft System Center Operations Manager 2007 Veritas Cluster Server Library Management Pack Guide for Microsoft System Center Operations Manager 2007 Windows Server 2003, Windows Server 2008 VCS Library Management Pack Veritas Cluster Server Library

More information

Symantec NetBackup AdvancedDisk Storage Solutions Guide. Release 7.5

Symantec NetBackup AdvancedDisk Storage Solutions Guide. Release 7.5 Symantec NetBackup AdvancedDisk Storage Solutions Guide Release 7.5 21220064 Symantec NetBackup AdvancedDisk Storage Solutions Guide The software described in this book is furnished under a license agreement

More information

Configuring Symantec Protection Engine for Network Attached Storage 7.5 for NetApp Data ONTAP

Configuring Symantec Protection Engine for Network Attached Storage 7.5 for NetApp Data ONTAP Configuring Symantec Protection Engine for Network Attached Storage 7.5 for NetApp Data ONTAP Configuring Symantec Protection Engine for Network Attached Storage 7.5 for NetApp Data ONTAP. The software

More information

Symantec Endpoint Protection Small Business Edition 12.1.2 Installation and Administration Guide

Symantec Endpoint Protection Small Business Edition 12.1.2 Installation and Administration Guide Symantec Endpoint Protection Small Business Edition 12.1.2 Installation and Administration Guide Symantec Endpoint Protection Small Business Edition Installation and Administration Guide The software described

More information

Symantec Asset Management Suite 7.5 powered by Altiris technology User Guide

Symantec Asset Management Suite 7.5 powered by Altiris technology User Guide Symantec Asset Management Suite 7.5 powered by Altiris technology User Guide Symantec Asset Management Suite 7.5 powered by Altiris technology User Guide The software described in this book is furnished

More information

Symantec Security Information Manager 4.5 Deployment Planning Guide

Symantec Security Information Manager 4.5 Deployment Planning Guide Symantec Security Information Manager 4.5 Deployment Planning Guide Symantec Security Information Manager 4.5 Deployment Planning Guide The software described in this book is furnished under a license

More information

Symantec AntiVirus Corporate Edition Patch Update

Symantec AntiVirus Corporate Edition Patch Update Symantec AntiVirus Corporate Edition Patch Update Symantec AntiVirus Corporate Edition Update Documentation version 10.0.1.1007 Copyright 2005 Symantec Corporation. All rights reserved. Symantec, the Symantec

More information

Symantec Storage Foundation and High Availability Solutions Microsoft Clustering Solutions Guide for Microsoft SQL Server

Symantec Storage Foundation and High Availability Solutions Microsoft Clustering Solutions Guide for Microsoft SQL Server Symantec Storage Foundation and High Availability Solutions Microsoft Clustering Solutions Guide for Microsoft SQL Server Windows 6.1 February 2014 Symantec Storage Foundation and High Availability Solutions

More information

Client Guide for Symantec Endpoint Protection and Symantec Network Access Control

Client Guide for Symantec Endpoint Protection and Symantec Network Access Control Client Guide for Symantec Endpoint Protection and Symantec Network Access Control Client Guide for Symantec Endpoint Protection and Symantec Network Access Control The software described in this book is

More information

Symantec NetBackup for Enterprise Vault Agent Administrator's Guide

Symantec NetBackup for Enterprise Vault Agent Administrator's Guide Symantec NetBackup for Enterprise Vault Agent Administrator's Guide for Windows Release 7.6 The software described in this book is furnished under a license agreement and may be used only in accordance

More information

Symantec Endpoint Protection Integration Component 7.5 Release Notes

Symantec Endpoint Protection Integration Component 7.5 Release Notes Symantec Endpoint Protection Integration Component 7.5 Release Notes Symantec Endpoint Protection Integration Component 7.5 Release Notes Legal Notice Copyright 2013 Symantec Corporation. All rights reserved.

More information

Veritas Storage Foundation Scalable File Server Replication Guide 5.5

Veritas Storage Foundation Scalable File Server Replication Guide 5.5 Veritas Storage Foundation Scalable File Server Replication Guide 5.5 Veritas Storage Foundation Scalable File Server Replication Guide The software described in this book is furnished under a license

More information

Symantec NetBackup PureDisk Deduplication Option Guide

Symantec NetBackup PureDisk Deduplication Option Guide Symantec NetBackup PureDisk Deduplication Option Guide Windows, Linux, and UNIX Release 6.6.5 Revision 1 The software described in this book is furnished under a license agreement and may be used only

More information

Symantec Enterprise Vault

Symantec Enterprise Vault Symantec Enterprise Vault Reporting 10.0 Symantec Enterprise Vault: Reporting The software described in this book is furnished under a license agreement and may be used only in accordance with the terms

More information

Symantec Endpoint Protection Getting Started Guide

Symantec Endpoint Protection Getting Started Guide Symantec Endpoint Protection Getting Started Guide 12167130 Symantec Endpoint Protection Getting Started Guide The software described in this book is furnished under a license agreement and may be used

More information

Symantec Endpoint Protection Getting Started Guide

Symantec Endpoint Protection Getting Started Guide Symantec Endpoint Protection Getting Started Guide 13740352 Symantec Endpoint Protection Getting Started Guide The software described in this book is furnished under a license agreement and may be used

More information

NetBackup Backup, Archive, and Restore Getting Started Guide

NetBackup Backup, Archive, and Restore Getting Started Guide NetBackup Backup, Archive, and Restore Getting Started Guide UNIX, Windows, and Linux Release 6.5 Veritas NetBackup Backup, Archive, and Restore Getting Started Guide Copyright 2007 Symantec Corporation.

More information

Symantec Endpoint Protection and Symantec Network Access Control Client Guide

Symantec Endpoint Protection and Symantec Network Access Control Client Guide Symantec Endpoint Protection and Symantec Network Access Control Client Guide Symantec Endpoint Protection and Symantec Network Access Control Client Guide The software described in this book is furnished

More information

Symantec Endpoint Protection Small Business Edition Client Guide

Symantec Endpoint Protection Small Business Edition Client Guide Symantec Endpoint Protection Small Business Edition Client Guide Symantec Endpoint Protection Small Business Edition Client Guide The software described in this book is furnished under a license agreement

More information

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Windows 2000, Windows Server 2003 5.0 11293743 Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Copyright

More information

Symantec NetBackup for Hyper-V Administrator's Guide. Release 7.5

Symantec NetBackup for Hyper-V Administrator's Guide. Release 7.5 Symantec NetBackup for Hyper-V Administrator's Guide Release 7.5 21220062 Symantec NetBackup for Hyper-V Guide The software described in this book is furnished under a license agreement and may be used

More information

Symantec Event Collectors Integration Guide for Symantec Security Information Manager 4.7

Symantec Event Collectors Integration Guide for Symantec Security Information Manager 4.7 Symantec Event Collectors Integration Guide for Symantec Security Information Manager 4.7 Symantec Event Collectors Integration Guide for Symantec Security Information Manager 4.7 The software described

More information