Creating a CCS ESM check by using the Advanced Check Builder option
You can create CCS ESM checks by using the Advanced Check Builder option.
To create a CCS ESM check by using the Advanced Check Builder option
In the Standards pane, right-click the section to which you want to add the new check and click Create Check.
In the Specify Name and Target Type panel of the Check Builder, enter the following information:
In the Name text box, type a name for the new check.
In the Description text box, type a description for the check. This field is optional.
From the Target Type drop-down list, expand the Enterprise Security Manager Platform node, and then click the type of ESM asset that you want to evaluate.
Click Advanced Check Builder.
In the Create a Precondition panel, enter the following details to narrow down the scope for targets that the check considers during evaluation. You can add multiple pre-conditions for a check or you may choose to skip the Create a Precondition panel. The information that you provide in the Create a Precondition panel are optional.
From the Category drop-down list, select the category of the ESM entity.
From the Field drop-down list, select the field for the category that you want the check to report on.
Click the Browse Fields icon to view the description of each field.
From the Operator drop-down list, select the operator.
From the Value drop-down list, select the value for the field that you have selected.
Click the Add icon to add the pre-condition to the Expressions list box.
You can see the name of the check formula that you create in the Formula box.
Double-click the evaluation condition and configure the advanced settings for the check expression and then Next.
In the Create Expressions panel, create a message expression by performing the following steps:
From the Category drop-down list, select a category for the ESM entity. For example, select ESM Message.
In the Field drop-down list, select a field for the ESM message entity that you want the check to report on. For example, select Message String ID.
From the Operator drop-down list, select the operator. For example, select !=.
From the Value text box, select a value for the specified value. For example, select ESM_DISABLED_ACCOUNT.
See the Symantec_Enterprise_Security_Manager_Checks_Reference.chm for information on the messages that ESM checks generate. This file is located in the Documentation folder in the product disc.
Click the Add icon to add the recently created check expression to the Expression(s) list.
By default, the new expressions are connected using the AND operator.
Add data filters for ESM module name and ESM policy name.
Do the following to add an error expression to the check that you want to create. The error expression checks if an ESM agent reports any error message.
Update the CCS Check formula so that the CCS check behaves as per the check execution rules.