Adding the policy name and the module name data filters for a new CCS ESM check

You must add the policy name and the module name to the ESM check that you want to create.

To configure the advanced settings for a CCS ESM error message

  1. In the Standards pane, right-click the section to which you want to add the new check and click Create Check.

  2. In the Specify Name and Target panel of the Check Builder, provide the necessary information and then click one of the following options:

    • Quick Check Builder

    • Advanced Check Builder

  3. Click Next.

  4. In the Create Expression(s) panel, do the following:

    • In the Category drop-down list, click ESM Message.

    • In the Field drop-down list, click ESM Module Name.

    • Select the = operator and then select a module name from the Value drop-down list.

    • Click the plus (+) sign to add the expression to the Expression(s) list.

    • In the Expression(s) list, double-click the expression.

  5. In the Advanced Settings dialog box, do the following to add a data filter for the module name:

    • From the Field drop-down list, select ESM Module Name.

    • Select the = operator and then select a module name from the Value drop-down list. For example, select Account Integrity.

    • Click the plus sign (+) to add the expression.

  6. To add a data filter for policy name, do the following:

    • From the Field drop-down list, select ESM Policy.

    • Select the = operator and then type a policy name in the Value drop-down list. For example, type Security essentials W2K3MS v2.0.

      ESM policy names are case sensitive.

      The = operator is the only operator that ESM data collector supports for ESM policy data filter.

    • Click the plus sign (+) to add the expression.

  7. In the Specify the behavior for multiple filter statements area, click Return only the data which matches ALL of the filter statements. This option is mandatory to create a valid CCS ESM check.

  8. In the Specify behavior if multiple data items were evaluated against Evaluation Condition area, click ALL must meet the evaluation condition.

  9. In the Specify the expression outcome when no data items were found to evaluate against the Evaluation Condition area, click Unknown.

  10. Click OK.

More Information

Creating an ESM check