Many security checks in Secure Configuration Manager return a set of results containing multiple rows of data. When you run a policy template with many security checks, the resulting list of returned rows can be difficult to review. If you want to exclude some values from the returned results, use a saved list. Saved lists are lists of values that you can reuse in security checks as a filter or exclusion list. Saved lists can include values such as user names, file names, registry keys, ports, or services. For example, administrators often exclude user accounts such as SYS, SYSDBA, sa, and root from security checks. You can create a saved list that includes these user accounts, and use the saved list to filter the user accounts from the security check results. You can also have a list of values you want to include in checks, such as a specific list of files and directories.
NOTE:Saved lists do not support wildcard characters.
You can use any saved list you create in any security check that provides an Exclusion List or Inclusion List parameter. As you update your inventory and security policies, you can revise the saved lists used in your security checks. You cannot delete saved lists that are part of a security check. Refer to the following table when assigning permissions to console users who work with saved lists.
|
User activity |
Required permission |
|---|---|
|
Create a saved list |
New Saved List |
|
Edit a saved list |
Edit Saved List |
|
Delete a saved list |
Delete Saved List |
|
Import a saved list |
Import Saved List |
|
Export a saved list |
Export Saved List |
You can use saved lists to exclude or include values from existing security checks when you run those checks. If you have values in an exclusion or inclusion list that you entered in a previous version of Secure Configuration Manager, you can easily migrate those values to be part of a saved list.
When you run a security check, you can apply a saved list to any user-definable parameter in the security check, as long as the saved list’s values match the parameter requirements. The Web console supports all saved lists that you create or import into the Windows console.
For more information about creating, modifying, and applying saved lists, see the Help in the Web console.
In the left pane, click Security Knowledge.
In the Security Knowledge tree pane, expand Security Checks > NetIQ Checks.
Expand the platform folder and select the category folder that contains the check that you want to run.
In the content pane, right-click the security check that you want to run, and then click Run Security Check.
In the Parameters window, click Exclusion List or Inclusion List, depending on the security check.
Type the name of the saved list or click the button at the end of the Exclusion List or Inclusion List line.
Select the saved list whose entries you want to exclude from or include in the security check.
Follow the instructions in the wizard to run the report.
Available only in the Windows console.
You can import saved lists to use in Secure Configuration Manager. If a saved list with the same name already exists, Secure Configuration Manager gives you the option to overwrite the existing saved list. For example, your organization might have a technical security specification that includes a list of files to secure through appropriate file permissions. You can create a saved list by copying the list of files from the technical specification to a text file, and then importing the text file.
To import a saved list, your console user account needs the Import Saved List permission. For more information, see Managing Permissions.
In the left pane, click Exception Management.
In the Exception Management tree pane, right-click Saved Lists, and then click Import.
Select the saved list file you want to import and click Open.
Available only in the Windows console
After you have created saved lists, you can export those saved lists as XML-formatted files with an .slt extension. For example, you can run a report of powerful users and export the list to a file. You can then create a saved list to use the powerful users in other queries as either an inclusion or exclusion list.
To export a saved list, your console user account needs the Export Saved List permission. For more information, see Managing Permissions.
In the left pane, click Exception Management.
In the Exception Management tree pane, select Saved Lists.
Right-click the saved list that you want to export, and then click Export.
Enter a file name for the saved list and click Save.