MONITORING


Security probes
Create a security probe to assess the overall security of servers and databases in a domain. When a security probe finds a problematic database or server configuration, it generates an event. Do not set the severity levels for the Security -- Configuration probe; severity is assigned during runtime. The severity level is calculated during runtime based on the number of potential problems found. Severity level is a percentage-based score that is calculated for each Server document and Server Configuration document that is probed. The percentage breakdown and matching severity level is as follows:
PercentageSeverity level
0.00Normal
< = 50%Warning (low)
> 50% Warning (high)
The Best Practices probe reports on the first 25 Person documents that do not comply with the probe configuration settings. You can use the NOTES.INI setting DDM_SECPROBE_PERSONDOC_LIMIT=<NumberOfPersonDocsReported> to report on a maximum of 250 Person documents, or you can set it to report on less than the default 25 Person documents. The minimum setting is 0 (zero), in which case, no Person documents are reported but a summary report is generated indicating the number of Person documents that do not comply with the probe specification. The probe stops reporting at 25, or at a number of Person documents that you specify, but the probe continues to review the remaining Person documents.

This table contains the names and descriptions of the Security probes that you can define.
Security probe nameDescription
Security -- Best PracticesCompares a set of baseline security configuration settings to the same settings in a domain. This probe is a "Best Practices" security audit of the domain.

Note To create your own Best Practices probe, modify the security configuration settings on the Specifics tab.

Security -- ConfigurationCompares settings in a specific Server document to settings in a specified "good" Server document. Any discrepancy generates an event.
Security -- Database ACLMonitors the access control privileges that groups and individuals have in specified databases on the server running the probe. You designate the acceptable access levels on the Specifics tab.
Security -- Database ReviewReviews the security properties for a specified database and generates a report on the probe findings.
Security -- ReviewGenerates a report on the security settings specified in the Specifics tab of the Probe document. You have the option of selecting the "Directory Profile Note" and the "Security settings in my configuration document" options if you want the settings in those documents reviewed by the probe.
Related topics