Discoveries are evaluated by Assessments to identify vulnerabilities in your organization's Active Directory and/or Entra ID. Security Guardian comes with several pre-defined Discoveries for Active Directory and Entra ID, and you can also create your own Discoveries.
The Discoveries tab displays a list of all Discoveries, both pre-defined and user-created, for the organization along with the following information for each:
the Discovery Type (with a link to Discovery Details)
Created By either:
System (for a pre-defined Discovery provided by Quest)
OR
User (for a user-created Discovery)
the In Assessment number
each Vulnerability in the Discovery
Quest Security Guardian comes with the following pre-defined Discoveries for Active Directory vulnerabilities.
|
|
NOTE: "System" displays in the Created By field of the Discoveries list when a Discovery type is pre-defined. |
| Discovery Type | Description |
|---|---|
| Credential Access | Techniques deployed by adversaries on systems and networks to steal usernames and credentials for re-use. |
| Defense Evasion | Techniques used by adversaries to avoid detection. Evasion techniques include hiding malicious code within trusted processes and folders, encrypting or obfuscating adversary code, or disabling security software. |
| Discovery | Techniques used by adversaries to obtain information about systems and networks that they are looking to exploit or use for their tactical advantage. |
| Initial Access | Techniques used by adversaries to obtain a foothold within a network, such as targeted spear-phishing, exploiting vulnerabilities or configuration weaknesses in public-facing systems. |
| Lateral Movement | Techniques that allow adversaries to move from one system to another within a network. |
| Persistence | Techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. |
| Privilege Escalation | Techniques used by adversaries to gain higher-level privileges on a system, such as local administrator or root. |
| Reconnaissance | Techniques used by adversaries to gain a thorough understanding and complete mapping of your environment for later use. |
In addition to the permissions required for the hybrid agent, the service account (which the Collect Active Directory object data action uses) must be a member of the Domain Admins group for the following pre-defined vulnerabilities and any vulnerabilities created using the same template.
Domain Controller is running SMBv1 protocol
Printer Spooler service is enabled on a domain controller
DNS zone configuration allows anonymous record updates
For the vulnerability gMSA root key access, the account must be a member of the Domain Admins or Enterprise Admins group.
If the required permission is not granted, Assessment results for these vulnerabilities will return as Inconclusive.
© ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center
