Chat now with support
Chat mit Support

Security Guardian Current - User Guide

Introducing Quest Security Guardian Audit
Configuring Audit Working with Audit
Using the Audit Dashboard Searching for specific event data (Quick Search) Working with critical activity Working with searches Working with alerts and notification templates Auditing Microsoft Entra Auditing Microsoft 365
Findings Tier Zero Objects Shields Up Protection (Prevention) Privileged Objects Managing Workload Identities Assessments Hybrid Audit Security Settings Appendix - Available Audit Search Columns and Filters Appendix - Security Guardian Indicator Details Appendix - Data Collection Details Documentation Roadmap

Logon Activity built in searches

Audit provides the following logon activity built in searches:

  • AD FS All Active Directory Federation Services sign-ins in the past 24 hours
  • AD FS All Failed Active Directory Federation Services sign-ins in the past 7 days
  • AD FS All Successful Active Directory Federation Services sign-ins in the past 24 hours
  • Logon Activity all authentication activity in the past 7 days
  • Logon Activity all excessive Kerberos ticket lifetime events in the past 30 days
  • Logon Activity all failed logon activity in the past 7 days
  • Logon Activity all interactive logon activity in the past 24 hours
  • Logon Activity all Kerberos authentication activity in the past 24 hours
  • Logon Activity all Kerberos service tickets created with unsafe encryption type in the past 30 days
  • Logon Activity all logon activity in the past 24 hours
  • Logon Activity all logon session activity in the past 24 hours
  • Logon Activity all NTLM version 1 logons in the past 7 days (Note: The associated event class is disabled by default in Change Auditor.)
  • Logon Activity all remote logon activity in the past 24 hours

Microsoft 365 built in searches

Security Guardian provides the following Microsoft 365 built-in searches that are based on the most common and complex requests for information

  • Email forwarding enabled in the past 7 days
  • Microsoft 365 activity from ad-hoc external recipients in the past 7 days
  • Microsoft 365 events from EXT Users in the past 7 days
  • Microsoft 365 events in the past 7 days
  • Microsoft 365 Exchange Online administrative cmdlets executed in the past 7 days
  • Microsoft 365 Exchange Online events in the past 7 days
  • Microsoft 365 Exchange Online mailbox events in the past 7 days
  • Microsoft 365 Exchange Online mailbox login activity in the past 24 hours
  • Microsoft 365 Exchange Online mailbox non-owner activity in the past 7 days
  • Microsoft 365 OneDrive for Business events in the past 7 days
  • Microsoft 365 OneDrive for Business file activity events in the past 7 days
  • Microsoft 365 OneDrive for Business folder activity events in the past 7 days
  • Microsoft 365 SharePoint Online events in the past 7 days
  • Microsoft 365 SharePoint Online file activity events in the past 7 days
  • Microsoft 365 SharePoint Online folder activity events in the past 7
  • OneDrive for Business and SharePoint Online anonymous link events in the past 180 days

On Demand Audit built in searches

Audit provides the following On Demand Audit built in searches:

  • All On Demand Audit configuration events in the past 30 days
  • All On Demand Audit events in the past 30 days
  • On Demand Audit notification template management events in the past 30 days
  • On Demand Audit alert ran events in the past 30 days
  • On Demand Audit alert rule management events in the past 30 days
  • On Demand Audit all shared search and shared category management events in the past 30 days

Teams built in searches

Audit provides the following Teams searches:

  • Teams app events in the past 7 days
  • Teams bot events in the past 7 days
  • Teams channel events in the past 7 days
  • Teams client configuration changes in the past 30 days
  • Teams connector events in the past 7 days
  • Teams events in the past 7 days
  • Teams guest access configuration changes in the past 30 days
  • Teams guest members added in the past 7 days
  • Teams member role changes in the past 7 days
  • Teams member changes in the past 7 days
  • Teams notification and feeds policy changes in the past 30 days
  • Teams organization setting changes in the past 30 days
  • Teams tab events in the past 7 days
  • Teams targeting policy changes in the past 30 days
  • Teams team created events in the past 30 days
  • Teams team deleted events in the past 30 days
  • Teams team setting changes in the past 7 days
  • Teams user sign-in events in the past 7 days
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen