Select Assess > Security Checks
Secure Configuration Manager provides hundreds of built-in security checks to ensure policy compliance. A security check is a query that an agent performs on an endpoint to test for potential vulnerabilities in the endpoint’s configuration settings, such as who has user privileges for an Oracle database.
For more information about this software product, see the NetIQ Secure Configuration Manager documentation.
You can run one or more security checks against one or more endpoints or groups.
Select Assess > Security Checks.
Select the security checks that you want to run, then click Run Security Check.
Select the endpoints or groups that you want to assess, then click Next.
(Conditional) For security checks with user-definable parameters, specify values or apply a saved list of values.
For more information, see Specify Values for User-Definable Parameters.
Click Next.
(Optional) Modify the default values for the severity range if they do not suit your environment.
For more information, see Modify the Severity Range for a Security Check.
(Optional) Specify whether you want to send notifications about the results of the assessment to individual email accounts and to a change management system.
For more information, see Email Notifications about Assessment Results.
You can also start a security check run from Manage > Endpoints, then click Run Security Check.
Some security checks include user-definable parameters so you can customize the security check for each particular run. For example, the AD Group Changes Within X Days security check looks for changes made to the AD group within a user-specified number of days.
Most parameters have a default value. In the AD Group Changes Within X Days security check, the default value is 14 days. However, some parameters are mandatory but do not have default values. When this occurs, the console prompts you to specify a value before you can run the security check. For some parameters, you can also create and apply a saved list of values.
You can specify parameter values in one of the following ways:
Select the security check then deselect Use default values. Modify the values as desired.
Click ... > Show checks with missing mandatory fields, then select each security check to specify the values.
The console prompts you when one of the displayed security checks requires you to specify mandatory values. However, the console displays no more than 10 of your selected security checks at a time. If you are running more than 10 security checks, click through the full list to ensure that you specify all mandatory values.
Many security checks return a set of results containing multiple rows of data. To simplify the returned results, you can exclude or include some values by using a saved list. Saved lists are lists of values that you can reuse in security checks as a filter. Saved lists can include values such as user names, file names, registry keys, ports, or services.
You can apply a saved list to any user-definable parameter in a security check.
On the Run Security Checks > Parameters page, select the check where you want to apply a saved list.
For the parameter that will use the saved list, click Add a saved list.
Specify one or more saved lists, then click Apply.
For more information, see Including or Excluding Values in a Security Check Parameter.
Secure Configuration Manager saves the check results in a report - one report per security check. To help you resolve vulnerabilities, the report lists the expected value for each security check versus the actual value found on the endpoint.
For more information, see Using Assessment Reports to Identify Risks and Vulnerabilities.
If you regularly run several security checks as a group, you might want to create a custom policy template for those security checks. For more information, see the Administrator's Guide for NetIQ Secure Configuration Manager.
For trademark and copyright information, see Legal Notice.