Chatta subito con l'assistenza
Chat con il supporto

Security Guardian Current - User Guide

Introducing Quest Security Guardian Using the Dashboard Tier Zero Objects Privileged Objects Assessments Findings Security Settings Appendix - Security Guardian Indicator Details

Creating a Discovery

You can create custom Discoveries based on pre-defined vulnerability templates.

NOTE: All of the available vulnerability templates are used in pre-defined Discoveries. You can refer to the Pre-defined Discoveries and Vulnerabilities for Active Directory and Entra ID sections for guidance when creating a new Discovery.

To create a Discovery:

  1. From the Discoveries list, click Create.

  2. Select a Workload (Active Directory or Entra ID).

  3. Enter a Discovery Type.

  4. Click Select Vulnerabilities to display a list of available vulnerability templates for the workload.

  5. Select each vulnerability template you want to add to the Discovery, then click Select.

  6. For each vulnerability added to the Discovery:

    1. Enter a Vulnerability Name.

    2. For Risk, enter the reason why the vulnerability is considered a risk. For Remediation, enter the recommendation for resolving the vulnerability.

      TIP: You can refer to Pre-defined Discoveries and Vulnerabilities for Active Directory and Entra ID for examples of Risk and Remediation text.

  7. If the vulnerability includes a Scope, specify the objects that you want the Assessment to evaluate. Use the information in the following table for guidance.

    NOTES:

    • If the Tier Zero or Privileged objects checkbox is selected, all applicable Tier Zero or Privileged objects, both those collected from the provider (Security Guardian or BloodHound Enterprise) and any that were manually-created, will be included in/excluded from the scope (depending on which option you select).

    • If a vulnerability pertains to a specific object or set of objects, the Scope section will be hidden. For example, if the vulnerability pertains to users, only Tier Zero users will be included. If the vulnerability pertains to a specific AD group, such as Built-In administrators, only that group will be included.

    Scope selection Description
    All {objects} All objects in the workload that are the applicable object type, including both Tier Zero/Privileged and non-Tier Zero/Non-Privileged objects.
    Select {objects} Only the objects you specify based on your selection criteria will be included. When finished, click Add Object to add the object (s) to the Selected {Object}s list. If you want to exclude individual objects within your selection (for example, you selected an AD group but want to exclude individual members from the scope), click Add Exceptions and enter the object(s) as you would if you were adding objects.
    All Except Selected {objects} Only the objects you specify based on your selection criteria will be excluded from the scope. You can add multiple objects, separated by semicolons. When finished, click Add Object to add the object (s)to the Selected {Object}s list.
  8. Click Save.

Viewing, Editing, and Deleting a Discovery

From the Discoveries list, you can view the details of a Discovery. You can also edit or delete a user-created Discovery. You can also change the scope of a pre-defined Discovery (if applicable) and, in a few cases, the What to find value. (Refer to the Pre-defined Discoveries and Vulnerabilities for Active Directory and Entra ID sections for specific Vulnerability templates.)

 

NOTE: You cannot delete pre-defined Discoveries and the option will be disabled.

To view a Discovery:

Click the Discovery Type link.

To edit a Discovery:

  1. Either:

    • In the Discoveries list, select the Discovery that you want to edit.

      OR

    • Open the Discovery that you want to edit.

  2. Click Edit.

  3. Update the Discovery as needed.

  4. Click Save.

To delete a user-created Discovery:

NOTE: Currently, you can only delete one Discovery at a time.

  1. Either:

    • In the Discoveries list, select the Discovery that you want to delete.

      OR

    • Open the Discovery that you want to delete.

  2. Click Delete.

You will be prompted to confirm the deletion.

Creating an Assessment

In addition to using the built-in Assessment provided by Quest, you can create your own Assessments based on available Discoveries.

To create an Assessment:

  1. From the All Assessments tab click Create.

  2. Select the Workload (Active Directory or Entra ID)

  3. Enter an Assessment Name and Description.

  4. If you want to Automatically add Discoveries as they are released by Quest, check this box.

    NOTE: If you check this box and all pre-defined Discoveries that are provided by Quest will be added to the Assessment as they become available.

  5. Click Select Discoveries to display a list of available Discoveries for the workload.

  6. Select each Discovery you want to add to the Assessment, then click Select.

  7. For Domains or Tenants (depending on the workload you selected), select the Active Directory domains or Entra ID tenants that you want to Run this Assessment for. Use the information in the following table for guidance.

    Option Steps to Complete
    Only selected domains
    OR
    Only selected tenants
    • Select Only selected domains or Only selected tenants from the drop-down.

    • Click Select Domains or Select Tenants and select each domain or tenant you want add to the Assessment, then click Select.

    The selected domain(s) or tenant(s) will display in the list.

    All except selected domains OR
    All selected tenants
    • Select All except selected domains or All except selected tenants from the drop-down.

    • Click Exclude Domains or Exclude Tenants

    • Select the domain(s) or tenant(s) you want to exclude from the Assessment.

    • Click Exclude.

    Excluded domains or tenants will display in the list. However, when you view the Assessment, all domains or tenants will display and those that are excluded are identified in the Status column.

    All domains

    OR

    All tenants

    Select All domains or All tenants.

    All domains or tenants configured for your organization will display in the list.

  8. Click Save.

Viewing, Editing, and Deleting an Assessment

From the All Assessments list, you view the details of an Assessment. You can also edit or delete a user-created Assessment.

NOTE: You cannot edit or delete a built-in Assessment, so the Edit and Delete options will be disabled.

To view an Assessment:

Click the Assessments link.

To edit a user-created Assessment:

  1. Either

    • ln the All Assessments list, select the Assessment that you want to edit.

      OR

    • Open the Assessment that you want to edit.

  2. Click Edit.

  3. Update the Assessment as needed.

  4. Click Save.

To delete a user-created Assessment:

NOTE: Currently, you can only delete one Assessment at a time

  1. Either

    • ln the All Assessments list, select the Assessment that you want to delete.

      OR

    • Open the Assessment that you want to delete.

  2. Click Delete.

You will be prompted to confirm the deletion.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione