Certification is a means by which you can verify that any object identified by the Tier Zero provider or added manually by a user as Tier Zero qualifies as Tier Zero. Once certified, it will be used to establish a baseline for generating Findings for Detected and Hygiene Indicators.

By default, when an object is added as Tier Zero (which includes objects in the initial list collected by the Tier Zero provider), its status is Not Certified. This encourages you, as a Security Guardian administrator, to review each object for Tier Zero account security risks.

EXCEPTION: Because they pose the highest security risk to your Active Directory environment, Tier Zero Domain objects identified by the Tier Zero provider (Security Guardian or BloodHound Enterprise) are certified automatically and cannot be uncertified.

You can certify one or multiple objects from the Tier Zero Objects list, or individually from the Investigate Finding page or within an Uncertified Tier Zero Object's Details view on the Dashboard.

It is strongly recommended that any manually-added Tier Zero objects that, after review, have not been certified as Tier Zero be removed.

You can also uncertify any Tier Zero object, except a Domain object, that has been previously certified from the Tier Zero Objects list.

To certify Tier Zero objects from the Tier Zero Objects list:

  1. Select the object(s) you want to certify.

  2. Click Certify Tier Zero.

To certify a Tier Zero object from the Findings Investigation page:

Click Certify Tier Zero Object.

You will be prompted to confirm the certification. The confirmation dialog also includes a check box that allows you to dismiss the Finding at the same time.

NOTE: Once a Tier Zero object has been certified, it will no longer display in the Uncertified Tier Zero Objects tile on the Dashboard.

To uncertify a Tier Zero Object from the Tier Zero Objects list:

  1. Select the object you want to uncertify.

NOTE: Only one certified object can be uncertified at a time. If more than one object is selected, or if a Domain object is selected, the option to uncertify will not be available.

  1. Click Uncertify Tier Zero.