Chatta subito con l'assistenza
Chat con il supporto

Security Guardian Current - User Guide

Introducing Quest Security Guardian Audit
Configuring Audit Working with Audit
Using the Audit Dashboard Searching for specific event data (Quick Search) Working with critical activity Working with searches Working with alerts and notification templates Auditing Microsoft Entra Auditing Microsoft 365
Findings Tier Zero Objects Shields Up Protection (Prevention) Privileged Objects Managing Workload Identities Assessments Hybrid Audit Security Settings Appendix - Available Audit Search Columns and Filters Appendix - Security Guardian Indicator Details Appendix - Data Collection Details Documentation Roadmap

Reloading Workload Identities

The Reload Identity feature allows administrators to refresh the details of selected service principals from Entra ID without waiting for a full data collection cycle. This ensures that recent changes in Entra ID are immediately reflected in Security Guardian.

Best Practices

  • Use Reload Identity after making changes in Entra ID to ensure data accuracy.

  • Avoid frequent reloads for large selections to minimize API load.

  • Monitor Last Reloaded timestamps for auditing and troubleshooting.

To reload workload identity properties:

  1. Navigate to Security | Workload Identities.

  2. Select up to 10 service principals from the list.

  3. Click Reload Identity in the toolbar.

  4. Click Reload Now to collect and view latest property values for the selected workload identities.

Assessments

Assessments are a set of Discoveries that are evaluated against collected data to identify vulnerabilities in your organization's Active Directory domains and Entra ID tenants. They run automatically once added, and then run periodically, depending on how often data is collected. This allows you to identify which objects within scope contain vulnerabilities that require further investigation and remediation.

To access Assessments functionality:

From the left navigation menu, choose Security | Assessments.

First Assessment Notification Email

If email is configured for Security Guardian, after the first Assessment is completed for the organization, a notification email is sent which includes the total number of the following:

  • Findings without vulnerable objects

  • Findings with vulnerable objects

  • Findings with inconclusive results

  • Findings that returned an error

NOTE: This notification applies only for the first Assessment that is completed for an organization. If email is configured after the first Assessment has run, a notification will not be sent. Subsequent emails will be sent advising that the Assessment has been completed and vulnerable objects have grown in scope.

 

Built-in Assessments

Security Guardian includes built-in Security Assessments for Active Directory and/or Entra ID. They contain all pre-defined Discoveries provided by Quest and are run on all domains and/or tenants configured in On Demand for your organization.

NOTE: If no domains or tenants are configured for data collection, the status message Configuration Required will display in the All Assessments list.

Pre-defined Discoveries are added automatically to Assessments as they are released by Quest.

NOTE: Built-in Assessments cannot be edited or deleted.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione