Creating a message expression for a new CCS ESM check

You need to add a message expression for each message that the corresponding CCS ESM check generates.

To create a message expression

  1. In the Standards pane, right-click the section to which you want to add the new check and click Create Check.

  2. In the Specify Name and Target panel of the Check Builder, provide the necessary information and then click one of the following options:

    • Quick Check Builder

    • Advanced Check Builder

  3. Click Next.

  4. In the Create Expressions panel, create a message expression by performing the following steps:

    • In the Category drop-down list, select Message.

    • In the Field drop-down list, select Message String ID.

    • In the Operator drop-down list, select the != operator.

    • In the Value text box, select the message ID. For example, select ESM_DISABLED_ACCOUNT.

    See the Symantec_Enterprise_Security_Manager_Checks_Reference.chm for information on the messages that ESM checks generate. This file is located in the Documentation folder in the product disc.

  5. Click the plus sign (+) to add the recently created field expression to the Expression(s) list.

    By default, the new expressions are connected using the AND operator.

  6. Select the expression that you have created from the Expression(s) list box and click Advanced Settings. Alternatively, double-click the expression in the Expression(s) list.

    For every expression that you create on a Message entity, you must add data filters for module name and policy name.

    See Adding the policy name and the module name data filters for a new CCS ESM check.

More Information

Creating an ESM check