McAfee PASCDE-AB-IA Product Guide - Page 41
Benchmark profiles and their effect on audits, Considerations for including systems in an audit
View all McAfee PASCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 41 highlights
Creating and managing audits Audits and how they work You can create or edit an audit so that it retains audit or Findings information for a different period of time than is specified in the global system settings. Benchmark profiles and their effect on audits Audits have benchmarks assigned to them. Many benchmarks contain profiles, which are named sets of selected groups, rules, and values targeted toward different computer system configurations and threat risks. A profile can: • Enable or disable one or more groups • Enable or disable one or more rules • Change the variables that are used within a rule, such as the minimum password length Profiles are normally designed to apply to a particular set of systems. For example, a benchmark could contain two profiles, one for Windows and one for UNIX. As another example, a benchmark might contain High Security, Medium Security, and Low Security profiles. Selecting a profile should be based upon the risk of the systems being audited. Systems containing customer credit card information are a greater threat to an organization if the data is compromised than does a system used to create company newsletters. Considerations for including systems in an audit Audits can be designed for a specific computer system configuration, and McAfee Policy Auditor allows you to include or exclude systems from an audit based on a number of system characteristics. McAfee Policy Auditor allows you to exclude one or more managed systems based on system name, IP address, MAC address, or user name. Including systems in an audit McAfee Policy Auditor provides two methods for including systems in an audit. The first method allows you to include managed systems by specifying System Tree and Tags: • Add System - A managed system as defined by system name, IP address, MAC address, or user name • Add Group - A group defined in the ePO System Tree • Add Tag - Systems that have been tagged in the ePO System Tree, such as server, workstation, or laptop. The second method allows you to include managed systems by specifying Criteria. Criteria is defined by selecting properties and using comparison operators and values to represent managed systems. You can select one or more criteria. Benchmark labels and how they are used Labels classify a benchmark to aid in searches. Each benchmark can have multiple labels assigned to it. Labels can describe the programmatic use of a benchmark, such as applying a label of MNAC to a benchmark designed for the McAfee Network Access System extension. Labels can also describe the function of a benchmark, such as applying a label of SOX to a benchmark that tests compliance with the Sarbanes-Oxley standard. Labels are applied with the McAfee Benchmark Editor extension or are contained in McAfee-supplied benchmarks. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6 41