Chatee ahora con Soporte
Chat con el soporte

Security Guardian Current - User Guide

Introducing Quest Security Guardian Audit
Configuring Audit Working with Audit
Using the Audit Dashboard Searching for specific event data (Quick Search) Working with critical activity Working with searches Working with alerts and notification templates Auditing Microsoft Entra Auditing Microsoft 365
Findings Tier Zero Objects Shields Up Protection (Prevention) Privileged Objects Managing Workload Identities Assessments Hybrid Audit Security Settings Appendix - Available Audit Search Columns and Filters Appendix - Security Guardian Indicator Details Appendix - Data Collection Details Documentation Roadmap

Viewing Assessment Summary Information

The Assessment Summary is an AI-generated report that analyzes your organization’s assessment data to identify patterns and provide a clear, high-level overview of results. The summary reflects the assessments you’ve selected and includes all related domains and tenants.

The report includes the following sections:

  • Summary Overview

  • Key Findings

  • Assessment Workload Details – including discovered objects and vulnerabilities

  • Affected Workloads

  • Violations by Vulnerability Type

  • Violations by Workload Type

  • Collection History

  • Assessment History

NOTE: The Summary Report is powered by AI and may display differently each time it is generated.

To view Assessment Summary information:

  1. From the left navigation menu, choose Security | Assessments.

  2. ln the All Assessments list, do one of the following:

    • Select the checkbox next to Active Directory Security Assessment and/or Entra ID Security Assessment, then click Assessment Summary.

      OR

    • Select the desired domain or tenant, then click Assessment Summary.

  3. Click the Technical Summary button to generate the report.

  4. You can ask questions about the results or request changes to the summary format. For example, “Can you tell me more about the AD vulnerabilities?” Type your question or instruction in the provided text box and click Send.

  5. Use the Print or Copy options to save or share the report.

 

Assessment Results

You can access the results of an Assessment from the All Assessments list.

NOTE: You can only view Assessment results for one Active Directory domain or Entra ID tenant at a time. If the Assessment was run on more than one, you can switch to a different domain or tenant from the drop-down in the upper right corner of the Results page for the Assessment.

To access results for a selected Assessment: 

  • Click the corresponding Active Directory domain name or Entra ID tenant name in the Link to Results column.

The Results page for the Assessment provides the following information:

 

Summary of Assessment Vulnerabilities

From here you can access a summary of the last run of the selected Assessment, including:

  • the date and time the vulnerabilities within the Assessment were Assessed on
  • the date and time the data used to assess the vulnerabilities was Collected on.

NOTE: These fields display the signed-in user's local date and time.

 

Of the total number of Evaluated Vulnerabilities, a graph depicts color-coded results, as described below.

With Vulnerable Objects (n)
Without Vulnerable Objects (n)

With Inconclusive Results (n)

Summary of Last 7 Days

The summary shows the following information for the past seven days that the Assessment was run:

n Assessments in compliance
n Assessments with vulnerable objects
n Vulnerabilities found

 

Assessment Summary

The summary will reflect the specific assessment and the domain and tenant results currently being viewed.

 

Assessment Trends

Select the Assessment Trends tab to monitor assessments results over time to understand how vulnerabilities change across recent days (7, 30, 60, or 90), weeks (26, 52, or 78), or months (12, 24, 36, or 48) and filter the view to focus on all vulnerabilities or vulnerable objects.

Interacting with the chart:

  • Hover over a point to view the exact value for that date.
  • Show/Hide series: Click a legend item (such as Avg. Failed Vulnerabilities) to toggle that line on or off. This helps focus on a single series without clutter.

Read common patterns

  • High red line with flat gray/yellow: Many items evaluated, few failures or inconclusives—generally positive.
  • Rising gray line: Failures are increasing—investigate recent configuration changes or new findings.
  • Rising yellow line: Inconclusive results are increasing—review assessment prerequisites.

 

Evaluated Vulnerabilities

A list of evaluated vulnerabilities, which provides the following information:

  • Discovery Type in which the vulnerability is defined

  • Vulnerability name, which links to vulnerability-specific detail, including any objects the vulnerability was detected in.

  • Security Guardian Intelligence: Click the Security Guardian Intelligence icon next to the vulnerability to view a detailed summary, including recent trends, key highlights, recommended remediation steps, and suggested follow-up questions to support further investigation.

  • Date and time when the vulnerability was Last Detected

    NOTE: This field displays the signed-in user's local date and time.

  • Number of Vulnerable Objects found

    NOTE: icon indicates that an error occurred while the vulnerability was being evaluated.

  • Number of Inconclusive results

  • Created by either:

    • System (for pre-defined Discoveries and Vulnerabilities)

    • User (for user-created Discoveries and Vulnerabilities)

  • a graphical representation of the 7 Day Trend for the Vulnerability

    TIP: Hover over the line graph to see the number of vulnerabilities (if any) detected per day.

 

Viewing Details for an Assessed Vulnerability

When you select a Vulnerability from an Assessment's Results page, detail about the assessed vulnerability is displayed. The left side of the page includes detailed information about the vulnerability as defined in the Discovery.

 

Assessment Trend

A graph depicts color-coded results over the past days, weeks, or months that the Assessment was run.

The default value is the past 7 days. You can, however, select to view the trends by day (7, 30, 60, or 90), by weeks (26, 52, or 78), or by months (12, 24, 36, or 48). When the selected range is greater than 7 days, the chart shows average values for the chosen time unit (such as day, week, or month), and the grid below does not display individual vulnerable objects. The trending information presented is per Vulnerability.

Compliant objects
Vulnerable objects

Error

NOTE: An Error state indicates that an error occurred during data collection (for example, the server containing the objects to be evaluated could not be reached).

If an error occurred, the appropriate message displays.

Inconclusive

NOTE: An Inconclusive state indicates that data could not be collected for a non-error-related reason. The reason may be:

  • The scope of an Assessment includes Tier Zero or Privileged objects but no Tier Zero or Privileged objects were found.

  • An Assessment involves both Active Directory and Entra Id workloads, but both are not configured.

  • The number of Tier Zero or Privileged objects exceeded the maximum number (10,000) that could be evaluated,

  • Permissions were insufficient to collect the data.

  • The Assessment requires a Premium license, but the Organization has a free license.

If results were inconclusive for individual objects, hover over the icon for a description of the reason.

TIPS:

  • Select the Security Guardian Intelligence icon to view a summary of the vulnerability. The summary includes trend information, key points, recommended remediation steps, and follow‑up questions to help with implementation.
  • Use State Filtering to show only the states you want to focus on in the graph. (Note: The Compliant Objects state is always hidden by default.)
  • Hover over the graph to see the number of vulnerable objects detected for each day.
  • Click on an area of the graph to display details about that Assessment.

Below the graph is a list of the Vulnerable Objects (up to 100,000) found out of the total number of Assessed Objects for the selected area of the graph.

NOTES:

  • If a group is identified as vulnerable, all of the members of that group (including via nested groups) are included in the Vulnerable Objects total. Click the link to view the list of the affected objects.

  • If more than 100,000 vulnerable objects are returned, it is advisable to investigate why so many objects are found to be vulnerable. For example, all users may have been added to a group they don't belong in.

  • For User and Computer vulnerabilities, the column Is Account Enabled? is included, allowing you to prioritize enabled accounts when implementing a remediation.

  • For certain vulnerabilities, you can click the Principal Name or Display Name link to view detailed information about the object. This may include object properties, any affected Tier Zero objects, and group members (for group objects only).

 

To download the Vulnerable Objects list to a CSV file:

  • From the details page for the vulnerable objects, click Export to CSV.

The file will include all of the objects displayed in the Vulnerable Objects list.

Discoveries and Vulnerabilities

Discoveries are evaluated by Assessments to identify vulnerabilities in your organization's Active Directory and/or Entra ID. Security Guardian comes with several pre-defined Discoveries for Active Directory and Entra ID, and you can also create your own Discoveries.

 

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación