Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Security Guardian Current - User Guide

Introducing Quest Security Guardian Audit
Configuring Audit Working with Audit
Using the Audit Dashboard Searching for specific event data (Quick Search) Working with critical activity Working with searches Working with alerts and notification templates Auditing Microsoft Entra Auditing Microsoft 365
Findings Tier Zero Objects Shields Up Protection (Prevention) Privileged Objects Managing Workload Identities Assessments Hybrid Audit Security Settings Appendix - Available Audit Search Columns and Filters Appendix - Security Guardian Indicator Details Appendix - Data Collection Details Documentation Roadmap

Active Directory Data Collection Details

Object Attribute/Object Notes
nTDSService

canonicalName

cn

DistinguishedName

dSHeuristics

name

objectGUID

  
certificateTemplate

canonicalName

cn

distinguishedName

name

NTSecurityDescriptor

objectGuid

msPKI-Certificate-Name-Flag

msPKI-Enrollment-Flag

msPKI-Minimal-Key-Size

msPKI-RA-Signature

pKI-ExtendedKeyUsage

  
certificationAuthority

canonicalName

CN

distinguishedName

objectGuid

name

NTSecurityDescriptor

  
Computer

canonicalName

cn

description

displayName

distinguishedName

dnsHostName

GPLink

GPOptions

lastLogonTimeStamp

msDS-AllowedToActOnBehalfOfOtherIdentity

msDS-NeverRevealGroup msDS-RevealOnDemandGroup

msDS-SupersededManagedAccountLink

msDS-SupersededServiceAccountState name

NTSecurityDescriptor

objectGuid

objectSid

operatingSystem operatingSystemServicePack

operatingSystemVersion

primaryGroupId

pwdLastSet

samAccountName

serverReferenceBL

userAccountControl userPrincipalName

*IsSMB1Enabled

*IsSpoolerEnabled

* Collection of this data requires Administrator membership on the target computers:

  • IsSMB1Enabled

True/False - Indicates if the target computer object has Server Message Block version 1 (SMBv1) enabled

  • IsSpoolerEnabled

    True/False - Indicates if the target Domain Controller has the Print Spooler service is set to non-disabled state

Container

canonicalName

cN

distinguishedName

name

nTSecurityDescriptor

objectGUID

objectClass

  
dnsZone

canonicalName

cN

distinguishedName

name

objectGuid

*SetIsUnsecuredDynamicUpdateAllowed

* Collection of this data requires Administrator membership on the Domain Controller:

  • SetIsUnsecuredDynamicUpdateAllowed

True/False - Indicates if the target DNS Zone is set to allow Nonsecure updates

Domain

canonicalName

distinguishedName

gPLink gPOptions

ms-DS-MachineAccountQuota

msDS-Behavior-Version

name nTSecurityDescriptor

objectGUID

objectSID

  
domainDNS

canonicalName

cN maxPwdAge

minPwdLength

name

objectGUID

pwdHistoryLength

pwdProperties

  
controlAccessRight

canonicalName

cN

displayName

distinguishedName

name

objectGUID

rightsGUID

validAccesses

  
foreignSecurityPrincipal

canonicalName

cN

description

distinguishedName

memberOf

msDS-PrincipalName

name nTSecurityDescriptor

objectGUID

objectSID

  
groupPolicyContainer

canonicalName

cN

displayName

distinguishedName

gPCFileSysPath

name

nTSecurityDescriptor

objectGUID

  
Group policy settings

allowAdministratorLockout

clearTextPassword

SeDenyInteractiveLogonRight

SeDenyInteractiveLogonRight

SeInteractiveLogonRight

SeMachineAccountPrivilege

SeRemoteInteractiveLogonRight

securityLevel

  
Group policy scheduled tasks *Group Policy Scheduled Tasks * Collects all scheduled tasks found specified in GPOs Computer + User configuration. Located under Preferences | Control Panel Settings | Scheduled Tasks
Group

canonicalName

cN

description

displayName

distinguishedName

groupType

iSCriticalSystemObject

member

memberOf

name

nTSecurityDescriptor

objectGUID

objectSID

primaryGroupToken

sAMAccountName

sIDHistory

  
organizationalUnit

canonicalName

distinguishedName

name

cN

nTSecurityDescriptor

objectGUID

gPLink

gPOptions

  
ms-Kds-Prov-RootKey

canonicalName

cN

distinguishedName

came

nTSecurityDescriptor

objectGUID

  
Schema

allowedAttributes

canonicalName

cN

distinguishedName

lDAPDisplayName

name objectClass

objectGUID

schemaIDGUID

  
Secret

canonicalName

cN

distinguishedName

name

nTSecurityDescriptor

objectGUID

  
msDS-DelegatedManagedServiceAccount

canonicalName

cN

description

displayName

distinguishedName

msDS-DelegatedMSAState

msDS-SupersededManagedAccountLink

msDS-SupersededServiceAccountState

msDS-GroupMSAMembership

msDS-ManagedAccountPrecededByLinkname

nTSecurityDescriptor

objectGUID

objectSID

pwdLastSet

sAMAccountName

userPrincipalName

  
msDS-GroupManagedServiceAccount

canonicalName

cN

description

displayName

distinguishedName

msDS-DelegatedMSAState

msDS-SupersededManagedAccountLink

msDS-SupersededServiceAccountState

msDS-GroupMSAMembership

msDS-ManagedAccountPrecededByLink

name

nTSecurityDescriptor

objectGUID

objectSID

pwdLastSet

sAMAccountName

userPrincipalName

  
msDS-ManagedServiceAccount

canonicalName

cN

description

displayName

distinguishedName

msDS-DelegatedMSAState

mSDS-SupersededManagedAccountLink

mSDS-SupersededServiceAccountState

mSDS-GroupMSAMembership

mSDS-ManagedAccountPrecededByLink

name

nTSecurityDescriptor

objectGUID

objectSID

pwdLastSet

sAMAccountName

userPrincipalName

  
Site

canonicalName

cN

distinguishedName

gpPLink

gPOptions

name

nTSecurityDescriptor

objectGUID

  
siteServer

distinguishedName

objectGuid

serverReference

  
trustedDomain

canonicalName

cN

distinguishedName

name

objectGUID

msDS-SupportedEncryptionTypes

trustAttributes

trustDirection

trustPartner

trustType

  
User

adminCount

canonicalName

cN

description

displayName

distinguishedName

lastLogonTimestamp

msDS-AllowedToActOnBehalfOfOtherIdentity

msDS-AllowedToDelegateTo

msDS-SupersededManagedAccountLink

msDS-SupersededServiceAccountState

name

nTSecurityDescriptor

objectGUID

objectSID

primaryGroupID

pwdLastSet

sAMAccountName

servicePrincipalName

sIDHistory

userAccountControl

userPrincipalName

  

Microsoft Entra ID Data Collection Details

Object Attribute/Object
Application

AppId

CreatedDateTime

DeletedDateTime

DisplayName

Id

IdentifierUris

KeyCredentials

Owners

PasswordCredentials

VerifiedPublisher

Authorization Policy

AllowedToUseSSPR

DefaultUserRolePermissions

DisplayName

Id

Conditional Access Policy

ApplicationsIncludeApplications

ConditionalAccessPolicyIncludeUser

ConditionalAccessPolicyExcludeUser

ConditionalAccessPolicyIncludeGroup

ConditionalAccessPolicyExcludeGroup

ConditionalAccessPolicyIncludeRole

ConditionalAccessPolicyExcludeRole

ConditionsClientAppTypes

ConditionsSignInRiskLevels

ConditionsUserRiskLevels

CreatedDateTime DisplayName

GrantControlsBuiltInControls

GrantControlsOperator

Id

ModifiedDateTime

SessionControlsContinuousAccessEvaluation

SessionControlsSecureSignInSessionIsEnabled

SessionControlsSignInFrequencyAuthenticationType

SessionControlsSignInFrequencyFrequencyInterval

SessionControlsSignInFrequencyIsEnabled

State

TemplateId

Contact

DisplayName

GivenName

Id

JobTitle Mail

OnPremisesLastSyncDateTime

OnPremisesSyncEnabled Surname

Device

AccountEnabled

ApproximateLastSignInDateTime

ComplianceExpirationDateTime

CreatedDateTime

DeletedDateTime

DeviceCategory

DeviceId

DisplayName

DomainName

Id

IsCompliant

OnPremisesLastSyncDateTime

OnPremisesSecurityIdentifier

OnPremisesSyncEnabled

OperatingSystem

OperatingSystemVersion

RegistrationDateTime

TrustType

Directory Role

Description

DirectoryRoleMember

DisplayName

Id

IsBuiltIn

IsEnabled

IsPrivileged

Members

RoleTemplateId

Group

CreatedDateTime

DeletedDateTime

Description

DisplayName

ExpirationDateTime

Members

Owners

GroupTypes

Id

Mail

MailEnabled

OnPremisesDomainName

OnPremisesLastSyncDateTime

OnPremisesNetBiosName

OnPremisesSamAccountName

OnPremisesSecurityIdentifier

OnPremisesSyncEnabled

PreferredLanguage

RenewedDateTime

SecurityIdentifier

Visibility

MS Authenticator Policy

ExcludeTarget

FeatureSettings

Id

IncludeTarget

State

Organization

BusinessPhones

City

Country

CountryLetterCode

CreatedDateTime

DefaultUsageLocation

DeletedDateTime

DisplayName

Id

IsMultipleDataLocationsForServicesEnabled

OnPremisesLastPasswordSyncDateTime

OnPremisesLastSyncDateTime

OnPremisesSyncEnabled

PostalCode

PreferredLanguage

State

Street

TechnicalNotificationMails

TenantType

Security Defaults Policy

Description

DisplayName

Id

IsEnabled

Service Principal

AccountEnabled

AlternativeNames

AppDescription

AppDisplayName

AppId

ApplicationAuthenticationClientSignInActivity

ApplicationAuthenticationResourceSignInActivity

ApplicationTemplateId

AppOwnerOrganizationId

AppRoleAssignmentRequired

CreatedDateTime

DelegatedClientSignInActivity

DelegatedResourceSignInActivity

DeletedDateTime

Description

DisabledByMicrosoftStatus

DisplayName

Id

KeyCredentials

LastSignInActivity

Owners

PasswordCredentials

ServicePrincipalType

SignInAudience

Tags

Service Principal Permissions

ConsentType

PermissionDisplayName(AppRole displayName)

PermissionType

PermissionValue(AppRole value)

ResourceDisplayName

ServicePrincipalId

User

AccountEnabled

BusinessPhones

DisplayName

ExternalUserState

GivenName

Id

JobTitle

LastPasswordChangeDateTime

LastSignInDateTime

Mail

OnPremisesDomainName

OnPremisesLastSyncDateTime

OnPremisesSamAccountName

OnPremisesSecurityIdentifier

OnPremisesSyncEnabled

SecurityIdentifier

SignInActivity

Surname

UserPrincipalName

UserType

User Registration Details

Id

IsAdmin

IsMFARegistered

MethodsRegistered

UserDisplayName

UserPrincipalName

UserType

Documentation Roadmap

The On Demand Global Settings User Guide contains the documentation for tasks that apply to all On Demand modules. This includes:

  • Signing up for Quest On Demand
  • Managing Organizations and Regions
  • Tenant Management
  • Configuration settings (Permissions and subscription information)
  • Audit logs

Each management module, such as Security Guardian contains its own user guide and release notes that contain the following module -specific content:

  • The Release Notes contain a release history and details new features, resolved issues, and known issues.
  • The User Guide contains descriptions and procedures for the tasks you can perform with the management tool.

Additional resources

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation