Creating an Assessment
In addition to using the built-in Assessment provided by Quest, you can create your own Assessments based on available Discoveries.
To create an Assessment:
-
From the All Assessments tab click Create.
-
Select the Workload (Active Directory or Entra ID)
-
Enter an Assessment Name and Description.
-
If you want to Automatically add Discoveries as they are released by Quest, check this box.
|
|
NOTE: If you check this box and all pre-defined Discoveries that are provided by Quest will be added to the Assessment as they become available. |
-
Click Select Discoveries to display a list of available Discoveries for the workload.
-
Select each Discovery you want to add to the Assessment, then click Select.
-
For Domains or Tenants (depending on the workload you selected), select the Active Directory domains or Entra ID tenants that you want to Run this Assessment for. Use the information in the following table for guidance.
Only selected domains
OR
Only selected tenants |
-
Select Only selected domains or Only selected tenants from the drop-down.
-
Click Select Domains or Select Tenants and select each domain or tenant you want add to the Assessment, then click Select.
The selected domain(s) or tenant(s) will display in the list. |
All except selected domains OR
All selected tenants |
-
Select All except selected domains or All except selected tenants from the drop-down.
-
Click Exclude Domains or Exclude Tenants
-
Select the domain(s) or tenant(s) you want to exclude from the Assessment.
-
Click Exclude.
Excluded domains or tenants will display in the list. However, when you view the Assessment, all domains or tenants will display and those that are excluded are identified in the Status column. |
|
All domains
OR
All tenants |
Select All domains or All tenants.
All domains or tenants configured for your organization will display in the list. |
-
Click Save.
Viewing, Editing, and Deleting an Assessment
From the All Assessments list, you view the details of an Assessment. You can also edit or delete a user-created Assessment.
|
|
NOTE: You cannot edit or delete a built-in Assessment, so the Edit and Delete options will be disabled. |
To view an Assessment:
Click the Assessments link.
To edit a user-created Assessment:
-
Either
-
ln the All Assessments list, select the Assessment that you want to edit.
OR
-
Open the Assessment that you want to edit.
-
Click Edit.
-
Update the Assessment as needed.
-
Click Save.
To delete a user-created Assessment:
|
|
NOTE: Currently, you can only delete one Assessment at a time |
-
Either
-
ln the All Assessments list, select the Assessment that you want to delete.
OR
-
Open the Assessment that you want to delete.
-
Click Delete.
You will be prompted to confirm the deletion.
Assessment Results
You can access the results of an Assessment from the All Assessments list.
To access results for a selected Assessment:
Click the corresponding Active Directory domain name or Entra ID tenant name in the Link to Results column
|
|
NOTE: You can only view Assessment results for one Active Directory domain or Entra ID tenant at a time. If the Assessment was run on more than one, you can switch to a different domain or tenant from the drop-down in the upper right corner of the Results page for the Assessment. |
The Results page for the Assessment is divided into sections:
The first section, Summary of Assessment Vulnerabilities, provides a summary of the last run of the selected Assessment, including:
-
the date and time the vulnerabilities within the Assessment were Assessed on
-
the date and time the data used to assess the vulnerabilities was Collected on.
NOTE: These fields display the signed-in user's local date and time.
Of the total number of Evaluated Vulnerabilities, a graph depicts color-coded results, as described below.
The second section, Summary of Last 7 Days, shows the following information for the past seven days that the Assessment was run:
| n |
 |
Assessments in compliance |
| n |
 |
Assessments with vulnerable objects |
| n |
 |
Vulnerabilities found |
The third section contains the list of evaluated vulnerabilities, which provides the following information:
-
the Discovery Type in which the vulnerability is defined
-
the Vulnerability name, which links to vulnerability-specific detail, including any objects the vulnerability was detected in
-
the date and time when the vulnerability was Last Detected
|
|
NOTE: This field displays the signed-in user's local date and time. |
-
the number of Vulnerable Objects found
|
|
NOTE: A  icon indicates that an error occurred while the vulnerability was being evaluated. |
-
the number of Inconclusive results
- Created by either:
-
a graphical representation of the 7 Day Trend for the Vulnerability
|
|
TIP: Hover over the line graph to see the number of vulnerabilities (if any) detected per day. |
Viewing Detail for an Assessed Vulnerability
When you select a Vulnerability from an Assessment's Results page, detail about the assessed vulnerability is displayed.
The left side of the page includes detailed information about the vulnerability as defined in the Discovery.
7 Day Assessment Trend
A graph depicts color-coded results over the past 7 days that the Assessment was run, as described below.
|
|
TIPS:
-
You can click individual states in State Filtering so that only the states you want to focus on are displayed in the graph. (The Compliant Objects state is always hidden by default.)
-
Hover over the graph to display the number of vulnerable objects (if any) detected per day.
-
Click on an area of the graph to display details about that Assessment run in the list below. |
 |
Compliant objects |
 |
Vulnerable objects |
 |
Error
|
|
NOTE: An Error state indicates that an error occurred during data collection (for example, the server containing the objects to be evaluated could not be reached).
If an error occurred, the appropriate message displays. | |
 |
Inconclusive
|
|
NOTE: An Inconclusive state indicates that data could not be collected for a non-error-related reason. The reason may be:
-
The scope of an Assessment includes Tier Zero or Privileged objects but no Tier Zero or Privileged objects were found.
-
An Assessment involves both Active Directory and Entra Id workloads, but both are not configured.
-
The number of Tier Zero or Privileged objects exceeded the maximum number (10,000) that could be evaluated,
-
Permissions were insufficient to collect the data).
-
The Assessment requires a Premium license, but the Organization has a free license
If results were inconclusive for individual objects, hover over the  icon for a description of the reason. | |
Below the graph a list of the Vulnerable Objects (up to 100,000) found out of the total number of Assessed Objects for the selected area of the graph.
|
|
NOTEs:
-
If a group is identified as vulnerable, all of the members of that group (including via nested groups) are included in the Vulnerable Objects total. Click the link to view the list of the affected objects.
-
If more than 100,000 vulnerable objects are returned, it is advisable to investigate why so many objects are found to be vulnerable. For example, all users may have been added to a group they don't belong in.
-
For User and Computer vulnerabilities, the column Is Account Enabled? is included, allowing you to prioritize enabled accounts when implementing a remediation. |
To download the Vulnerable Objects list to a CSV file:
From the details page for the vulnerable objects, click Export to CSV.
The file will include all of the objects displayed in the Vulnerable Objects list.
