Chat now with support
Chat mit Support

Security Guardian Current - User Guide

Introducing Quest Security Guardian Using the Dashboard Security Guardian Inteligence Tier Zero Objects Shields Up Protection Privileged Objects Assessments Findings Security Settings Appendix - Security Guardian Indicator Details Appendix - Data Collection Details

Viewing Details for an Assessed Vulnerability

When you select a Vulnerability from an Assessment's Results page, detail about the assessed vulnerability is displayed.

The left side of the page includes detailed information about the vulnerability as defined in the Discovery.

 

7 Day Assessment Trend

A graph depicts color-coded results over the past 7 days that the Assessment was run, as described below.

TIPS:

  • Select the Security Guardian Intelligence icon to review a summary of the vulnerability, including vulnerability trends, summary of key points, recommended remediation steps, and follow-up questions to support implementation.

  • You can click individual states in State Filtering so that only the states you want to focus on are displayed in the graph. (The Compliant Objects state is always hidden by default.)

  • Hover over the graph to display the number of vulnerable objects (if any) detected per day.

  • Click on an area of the graph to display details about that Assessment run in the list below.

Compliant objects
Vulnerable objects

Error

NOTE: An Error state indicates that an error occurred during data collection (for example, the server containing the objects to be evaluated could not be reached).

If an error occurred, the appropriate message displays.

Inconclusive

NOTE: An Inconclusive state indicates that data could not be collected for a non-error-related reason. The reason may be:

  • The scope of an Assessment includes Tier Zero or Privileged objects but no Tier Zero or Privileged objects were found.

  • An Assessment involves both Active Directory and Entra Id workloads, but both are not configured.

  • The number of Tier Zero or Privileged objects exceeded the maximum number (10,000) that could be evaluated,

  • Permissions were insufficient to collect the data.

  • The Assessment requires a Premium license, but the Organization has a free license.

If results were inconclusive for individual objects, hover over the icon for a description of the reason.

 

Below the graph is a list of the Vulnerable Objects (up to 100,000) found out of the total number of Assessed Objects for the selected area of the graph.

NOTES:

  • If a group is identified as vulnerable, all of the members of that group (including via nested groups) are included in the Vulnerable Objects total. Click the link to view the list of the affected objects.

  • If more than 100,000 vulnerable objects are returned, it is advisable to investigate why so many objects are found to be vulnerable. For example, all users may have been added to a group they don't belong in.

  • For User and Computer vulnerabilities, the column Is Account Enabled? is included, allowing you to prioritize enabled accounts when implementing a remediation.

  • For certain vulnerabilities, you can click the Principal Name or Display Name link to view detailed information about the object. This may include object properties, any affected Tier Zero objects, and group members (for group objects only).

 

To download the Vulnerable Objects list to a CSV file:

  • From the details page for the vulnerable objects, click Export to CSV.

The file will include all of the objects displayed in the Vulnerable Objects list.

Discoveries and Vulnerabilities

Discoveries are evaluated by Assessments to identify vulnerabilities in your organization's Active Directory and/or Entra ID. Security Guardian comes with several pre-defined Discoveries for Active Directory and Entra ID, and you can also create your own Discoveries.

 

Discoveries List

The Discoveries tab displays a list of all Discoveries, both pre-defined and user-created, for the organization along with the following information for each:

  • the Discovery Type (with a link to Discovery Details)

  • Created By either:

    • System (for a pre-defined Discovery provided by Quest)

      OR

    • User (for a user-created Discovery)

  • the In Assessment number

  • each Vulnerability in the Discovery

Pre-Defined Active Directory Discoveries

Quest Security Guardian comes with the following pre-defined Discoveries for Active Directory vulnerabilities.

NOTE: "System" displays in the Created By field of the Discoveries list when a Discovery type is pre-defined.

Discovery Type Description
Credential Access Techniques deployed by adversaries on systems and networks to steal usernames and credentials for re-use.
Defense Evasion Techniques used by adversaries to avoid detection. Evasion techniques include hiding malicious code within trusted processes and folders, encrypting or obfuscating adversary code, or disabling security software.
Discovery Techniques used by adversaries to obtain information about systems and networks that they are looking to exploit or use for their tactical advantage.
Initial Access Techniques used by adversaries to obtain a foothold within a network, such as targeted spear-phishing, exploiting vulnerabilities or configuration weaknesses in public-facing systems.
Lateral Movement Techniques that allow adversaries to move from one system to another within a network.
Persistence Techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access.
Privilege Escalation Techniques used by adversaries to gain higher-level privileges on a system, such as local administrator or root.
Reconnaissance Techniques used by adversaries to gain a thorough understanding and complete mapping of your environment for later use.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen