Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide

8.3.8 Checking history of judgments and actions for a client

An administrator can use the PC List window to check by GUI the history of judgments and actions for a selected client, and output the history as a CSV file.

Organization of this subsection

(1) Checking the client's history of judgments and actions in the GUI

(2) Outputting the client's history of judgments and actions as a CSV file

(1) Checking the client's history of judgments and actions in the GUI

Judgment and action history is displayed in the History of Judgments and Actions window by clicking the History of judgments and actions button in the PC Security Level Details window.

Figure 8-12 History of Judgments and Actions window

The following table describes the items displayed in the History of Judgments and Actions window.

Table 8-10 Items displayed in the History of Judgments and Actions window

No. Item Description

1 Trigger for judgment and action^#1 The timing at which a client security level is judged and an action is implemented.
Inventory information collection, Administrator indication, Judgment command execution, Action command, or Network control command is displayed.

2 PC security level PC security level. Safe, Unknown, Caution, Warning, Danger, Not applicable, or Not yet judged is displayed.
In the PC List window, when an administrator clicks the Message, Permit, or Refuse button to implement an action, the PC security level of the previous history is inherited and displayed.

3 PC security level judgment date Date when the PC security level was judged.
This is displayed in YYYY/MM/DD hh:mm:ss format.
In the PC List window, when an administrator clicks the Message, Permit, or Refuse button to implement an action, nothing is displayed.

4 Email notification^#2 Displays the results of actions implemented to perform administrator email notification. If nothing is displayed, no action was implemented to notify the administrator by email.

5 Message notification^#3 Displays the results of actions implemented to perform message notification to the client user. If nothing is displayed, no action was implemented to notify the user by message.

6 Permit connection^#4 Displays the results of permitting a client network connection. If nothing is displayed, no action was implemented to permit the client network connection.

7 Refuse connection^#4 Displays the results of refusing a client network connection. If nothing is displayed, no action was implemented to refuse the client network connection.

8 Action name The user-defined action name set for the action policy.

9 Action result^#5 The result of implementing the user-defined action.
If nothing is displayed, no user-defined action was implemented.

10 Action date Date when the action was implemented.
This is displayed in YYYY/MM/DD hh:mm:ss format.

11 Judgment policy Name of the judgment policy used to judge the PC security level.

12 Action policy Name of the action policy used to implement actions according to the security level judgment results.

#1

Judgment of the security level and implementation of an action are triggered by one of the following:

Inventory information collection
When the client inventory information collected by JP1/Software Distribution is updated, the security level is automatically judged, and an action is implemented according to the security level judgment results.

Administrator indication
In the PC list window of the Client Security Management window, an administrator specifies a client, and then judges the security level or implements an action.

Judgment command execution
When an administrator executes the security level judgment command (cscjudge), the security level is judged and an action is implemented according to the security level judgment results.

Action command
When an administrator executes the action command (cscaction), an action is implemented according to the security level judgment results.

Network connection control command
When an administrator executes the network control command (cscnetctrl), client network connections are permitted or an emergency denial is enforced.

#2

If Notify the administrator by email is selected for an action policy setting and processing is successful, Passed is displayed. If processing fails, Failed is displayed.

#3

If Send message to user is selected for an action policy setting, or an administrator uses the PC List window to perform Message notification, and processing is successful, Passed is displayed. If processing fails, Failed is displayed.

#4

If Control network connection is selected for an action policy setting or an administrator uses the PC List window to perform network control, and the network permission or denial is successful, Passed is displayed. If permission or denial fails, Failed is displayed.
Note that if a client has more than one MAC address, Failed is displayed if network control fails for even one of those MAC addresses.

If Network connection control command is displayed for Trigger for judgment and action, and Passed is displayed for Refuse connection, this means that the status of the network connection is Refuse in the emergency.

If Network connection control command or Administrator indication is displayed for Trigger for judgment and action, and Passed is displayed for Permit connection, this means that the network connection is no longer in Refuse in the emergency status.

If Inventory information collection is displayed for Trigger for judgment and action, and Permit connection is blank, this means one of the following:
There is no setting in the action policy for permitting network connections.
Because the status of the network connection is Refuse in the emergency, network connection permission based on the security level judgment result was ignored.

#5

When Action for the user definition is selected for an action policy setting, or when an administrator uses the PC List window to perform a user-defined action, Passed is displayed if the action is successful. If the action fails, Failed is displayed.

Note that the default number of results displayed in the History of Judgments and Actions window is 20. To change this number, in the JP1/CSC - Manager setup window, change Number of history preservation generations. For details about the JP1 /CSC - Manager setup window, see 5.4.3 Setting up JP1/CSC - Manager.

No.	Item	Description
1	Trigger for judgment and action^#1	The timing at which a client security level is judged and an action is implemented. Inventory information collection, Administrator indication, Judgment command execution, Action command, or Network control command is displayed.
2	PC security level	PC security level. Safe, Unknown, Caution, Warning, Danger, Not applicable, or Not yet judged is displayed. In the PC List window, when an administrator clicks the Message, Permit, or Refuse button to implement an action, the PC security level of the previous history is inherited and displayed.
3	PC security level judgment date	Date when the PC security level was judged. This is displayed in YYYY/MM/DD hh:mm:ss format. In the PC List window, when an administrator clicks the Message, Permit, or Refuse button to implement an action, nothing is displayed.
4	Email notification^#2	Displays the results of actions implemented to perform administrator email notification. If nothing is displayed, no action was implemented to notify the administrator by email.
5	Message notification^#3	Displays the results of actions implemented to perform message notification to the client user. If nothing is displayed, no action was implemented to notify the user by message.
6	Permit connection^#4	Displays the results of permitting a client network connection. If nothing is displayed, no action was implemented to permit the client network connection.
7	Refuse connection^#4	Displays the results of refusing a client network connection. If nothing is displayed, no action was implemented to refuse the client network connection.
8	Action name	The user-defined action name set for the action policy.
9	Action result^#5	The result of implementing the user-defined action. If nothing is displayed, no user-defined action was implemented.
10	Action date	Date when the action was implemented. This is displayed in YYYY/MM/DD hh:mm:ss format.
11	Judgment policy	Name of the judgment policy used to judge the PC security level.
12	Action policy	Name of the action policy used to implement actions according to the security level judgment results.

(2) Outputting the client's history of judgments and actions as a CSV file

Judgment and action history for a client is displayed in the History CSV Output window by clicking the CSV button in the History of Judgments and Actions window.

Figure 8-13 History CSV Output window

[Contents][Back][Next]

[Trademarks]

All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated