Quest® Security Guardian
December 17, 2024
These release notes provide information about Quest® Security Guardian deployments.
Quest® Security Guardian is an integrated On Demand solution that helps you keep the Active Directory domain(s) and Entra ID tenant(s) in your organization secure.
You can:
-
Identify Tier Zero objects in Active Directory.
-
Identify Privileged objects in Entra ID.
-
Certify that objects are indeed Tier Zero or Privileged and, when Quest Change Auditor version 7.4 is integrated, protect Active Directory Tier Zero objects against unauthorized or accidental modification or deletion.
-
Run pre-defined Security Assessments to identify vulnerabilities in Active Directory and Entra ID and create your own Assessments.
-
Investigate Findings for Tier Zero and Privileged objects, vulnerabilities identified through Assessments, and Critical Activity from On Demand Audit.
-
Have Findings forwarded to a SIEM tool and alerts sent to selected email recipients.
Security Guardian has added support for Entra ID objects in Microsoft 365 tenants, which includes Privileged object identification and certification, Security Assessments, and indicators for Findings in Security Guardian and On Demand Audit.
The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.
Assessment known issues
| Known Issue |
Issue ID |
|
Due to the complexity of the query, an Assessment can evaluate a maximum of 10,000 Tier Zero objects for a vulnerability. If this limit is surpassed, results will be marked as Inconclusive with the following message:
Syntax error: Query length (2162372) too large (max: 2097152) |
497529 |
The following lists the new features, enhancements and resolved issues by deployment.
Current Deployment
December 17, 2024
New Features
Security Guardian has added support for Entra ID objects in Microsoft 365 tenants, which includes Privileged object identification and certification. Security Assessments, and indicators for Findings in Security Guardian and On Demand Audit.
Previous Deployments
December 10, 2024
New Features
The following Active Directory Assessments have been added to Discoveries:
-
Lateral Movement
-
Privilege Escalation
Resolved Issues
| A performance improvement has been implemented for environments with a large volume of Tier Zero objects. |
530317 |
October 10, 2024
New Features
The following Active Directory vulnerabilities have been added to Discoveries:
-
Credential Access:
-
Privilege Escalation:
Enhancements
| MITRE ATT&CK TTPs have been added to Hygiene and Detected Indicators Findings Investigation pages. |
494070 |
| The reason(s) why an object is considered Tier Zero is displayed in object details and the Findings Investigation page for the object. |
479695 |
| In Assessment results for vulnerable computer and user objects, a column has been added to indicate whether the object is enabled or disabled. |
481991 |
August 15, 2024
Enhancements
| To prevent system overload from exceptionally large data sets, a maximum of 100,000 objects will be displayed in the Assessment Results Vulnerable Objects list. |
502873 |
August 1, 2024
New Features
You can export the complete Tier Zero objects list to a csv file, for sharing with stakeholder and security assessment engagements.
Enhancements
| To simplify the user experience, Am I Exposed? no longer displays on the Findings Investigation page. |
465773 |
July 02, 2024
New Features
The terminology for Indicator and Finding types has changed to better align with industry standards.
March 26, 2024
New Features
A Data Collections page has been added to Security Settings, which allows you to monitor Active Directory data collections within your organization. You can also:
