Chat now with support
Chat mit Support

Security Guardian Current - User Guide

Introducing Quest Security Guardian Using the Dashboard Tier Zero Objects Assessments Findings Security Settings Appendix - Security Guardian Indicator Details

Creating an Assessment

In addition to using the built-in Assessment provided by Quest, you can create your own Assessments based on available Discoveries.

To create an Assessment:

  1. From the All Assessments tab click Create.

  2. Enter an Assessment Name and Description.

  3. If you want to Automatically add Discoveries as they are released by Quest, check this box.

    NOTE: If you check this box, all pre-defined Discoveries that are provided by Quest will be added to the Assessment as they become available.

  4. Click Select Discoveries to display a list of available Discoveries.

  5. Select each Discovery you want to add to the Assessment, then click Select.

  6. For Domains, select the Active Directory domains that you want to Run this Assessment for. Use the information in the following table for guidance.

    Option Steps to Complete
    Only selected domains

    • Select Only selected domains from the drop-down.

    • Click Select Domains, select the domains you want add to the Assessment, then click Select.

    The selected domain(s) will display in the list.

    All except selected domains

    • Select All except selected domains from the drop-down.

    • Click Exclude Domains.

    • Select the domain(s) you want to exclude from the Assessment.

    • Click Exclude.

    Excluded domains will display in the list. However, when you view the Assessment, all domains will display and those that are excluded are identified in the Status column.

    All domains

    Select All domains.

    All domains configured for your organization will display in the list.

  7. Click Save.

Viewing, Editing, and Deleting an Assessment

From the All Assessments list, you view the details of an Assessment. You can also edit or delete a user-created Assessment.

NOTE: You cannot edit or delete a built-in Assessment, so the Edit and Delete options will be disabled.

To view an Assessment:

Click the Assessments link.

To edit a user-created Assessment:

  1. Either

    • ln the All Assessments list, select the Assessment that you want to edit.

      OR

    • Open the Assessment that you want to edit.

  2. Click Edit.

  3. Update the Assessment as needed.

  4. Click Save.

To delete a user-created Assessment:

NOTE: Currently, you can only delete one Assessment at a time

  1. Either

    • ln the All Assessments list, select the Assessment that you want to delete.

      OR

    • Open the Assessment that you want to delete.

  2. Click Delete.

You will be prompted to confirm the deletion.

Assessment Results

You can access the link to results for an Assessment from the All Assessments list.

To access results for a selected Assessment:

Click the corresponding Active Directory domain name in the Link to Results column.

NOTE: You can only view Assessment results for one Active Directory domain at a time. If the Assessment was run on more than one domain, you can switch to a different domain from the drop-down in the upper right corner of the Results page for the Assessment.

The Results page for the Assessment is divided into sections:

 

The first section, Summary of Assessment Vulnerabilities, provides a summary of the last run of the selected Assessment, including:

  • the date and time the vulnerabilities within the Assessment were Assessed on

  • the date and time the data used to assess the vulnerabilities was Collected

    on.

    NOTE: These field display the signed-in user's local date and time.

Of the total number of Evaluated Vulnerabilities, a graph depicts color-coded results, as described below.

With Vulnerable Objects (n)
Without Vulnerable Objects (n)

With Inconclusive Results (n)

NOTE: An Inconclusive state indicates that data could not be collected for one or more objects being assessed for a non-error-related reason (for example, the scope of an Assessment includes Tier Zero objects but no Tier Zero objects were found, or permissions were insufficient to collect the data). Note that some vulnerabilities require additional permissions in order to be assessed.

The second section, Summary of Last 7 Days, shows the following information for the past seven days that the Assessment was run:

n Assessments in compliance
n Assessments with vulnerable objects
n Vulnerabilities found

 

The third section contains the list of evaluated vulnerabilities, which provides the following information:

  • the Discovery Type in which the vulnerability is defined

  • Created by either:

  • the Vulnerability name, which links to vulnerability-specific detail, including any objects the vulnerability was detected in

  • the date and time when the vulnerability was Last Detected

    NOTE: This field displays the signed-in user's local date and time.

  • the number of Vulnerable Objects found

    NOTE: icon indicates that an error occurred while the vulnerability was being evaluated.

  • the number of Inconclusive results

  • a graphical representation of the 7 Day Trend for the Vulnerability

    TIP: Hover over the line graph to see the number of vulnerabilities (if any) detected per day.

 

Viewing Detail for an Assessed Vulnerability

When you select a Vulnerability from an Assessment's Results page, detail about the assessed vulnerability is displayed.

The left side of the page includes detailed information about the vulnerability as defined in the Discovery.

7 Day Assessment Trend

A graph depicts color-coded results over the past 7 days that the Assessment was run, as described below.

TIPS:

  • You can click individual states in State Filtering so that only the states you want to focus on are displayed in the graph. (The Compliant Objects state is always hidden by default.)

  • Hover over the graph to display the number of vulnerable objects (if any) detected per day.

  • Click on an area of the graph to display details about that Assessment run in the list below.

Compliant objects
Vulnerable objects

Error

NOTE: An Error state indicates that an error occurred during data collection (for example, the server containing the objects to be evaluated could not be reached).

Inconclusive

NOTE: An Inconclusive state indicates that data could not be collected for a non-error-related reason (for example, the scope of an Assessment includes Tier Zero objects but no Tier Zero objects were found, or permissions were insufficient to collect the data).

Below the graph is information about the number of Vulnerable Objects found out of the total number of Assessed Objects for the selected area of the graph.

  • If vulnerabilities were detected, a list of vulnerable objects is displayed, which includes reason why each object is considered vulnerable

  • If results were inconclusive for an object, hover over the icon for a description of the reason.

  • If an error occurred, the appropriate message displays.

The Vulnerable Objects list can also be downloaded to a CSV file.

 

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen