Once the integration is configured, follow these steps to set up a job to monitor any change in compliance:
Log in to the of Secure Configuration Manager web console.
Click Assets > Policy Templates.
Click Monitor Templates, select one or more templates, then select Run Policy Templates.
Select one or more Endpoints, click Next.
Click Monitor, enter a Monitor job name, and Occurrence pattern.
Click Monitor.
Secure Configuration Manager deploys a corresponding Change Guardian policy to enable Change Guardian to monitor changes to attributes of the selected templates.
When Change Guardian detects a change event and forwards it to Secure Configuration Manager, it processes and notifies the change over email according to the occurrence pattern. If there is any change in the compliance status, it additionally sends as an out of compliance email alert. You can view the notification to identify the change in configuration and take appropriate action.
Certain configuration changes on endpoints or bulk import of GPOs may result in additional changes and subsequently more number of notifications.
NOTE:It is recommended to complete bulk GPO imports or configuration changes before you create jobs to monitor assets. Or, disable such jobs first and then make changes or import to avoid multiple system notifications.
For more information, see Automating Out-of-Compliance Notifications and Help in the Web console.
To monitor jobs in FIPS mode after the integration, you must have both Change Guardian and Secure Configuration Manager in FIPS mode. In addition, when both of these applications are in FIPS mode, you must also add each application’s certificate to the other application’s NSS Keystore.
For more information about configuring Secure Configuration Manager and Change Guardian in FIPS mode, see the following sections: