Chatta subito con l'assistenza
Chat con il supporto

Security Guardian Current - User Guide

Introducing Quest Security Guardian Using the Dashboard Security Guardian Inteligence Tier Zero Objects Shields Up Protection Privileged Objects Assessments Findings Security Settings Appendix - Security Guardian Indicator Details Appendix - Data Collection Details

Override Access for Protected Objects

You can grant specific Active Directory users, groups, or computers permission to access objects protected by Shields Up. This allows for controlled exceptions during a Shields Up activation, ensuring that essential accounts retain access to critical resources.

Removing an object from the Override Access list revokes its ability to access protected Tier Zero and system resources when Shields Up is enabled.

To override access:

  1. From the left navigation menu, choose Security | Prevention.

  2. Select the Shields Up tab.

  3. Click the Add Override Access button in the action bar or select a protected domain.

  4. From the Add Override Access flyout, enter Active Directory users, groups, or computers that should be allowed to access protected objects while Shields Up is active. Selecting an object will add it to the grid.

  5. Use the Remove button to delete entries from the grid.

  6. Click Save to confirm your selections.

To remove override access:

  1. From the left navigation menu, choose Security | Prevention.

  2. Select the Shields Up tab.

  3. Select a domain.

  4. From the domain details, select the required user, computer, or group and select Remove.

  5. Select Remove Override Access to confirms the action and revoke the override access.

 

Privileged Objects

Privileged objects are the most critical assets within Microsoft Entra ID. Within the Microsoft enterprise access model, Privileged objects in Entra ID include permissions that can delegate management of resources, modify credentials, authentication or authorization policies, and access restricted data.

Security Guardian supports the following Privileged types:

  • Groups

  • Roles

  • Service Principals

  • Tenants

  • Users

The Privileged Objects provider (Security Guardian or BloodHound Enterprise), identifies Entra ID Privileged objects within the Microsoft 365 tenant(s). These objects are then collected and displayed in Security Guardian.

Privileged Objects List

The Privileged Objects list displays all of the Privileged objects that have been collected by the Privileged objects provider (Security Guardian or BloodHound Enterprise) as well as any that have been manually-added by users.

NOTE: If BloodHound Enterprise is configured and you see the message No New Privileged Objects, check the BloodHound Enterprise Configuration Status from within On Demand Audit. Review the configuration connection message details to determine whether the connection to SpecterOps has been successful. Review the Last Configuration Received, Next Configuration Synchronization, and the status of the configuration.

 

To access the Privileged Objects list:

From the On Demand left navigation menu, choose Security | Privileged Objects. The following information displays for each Privileged object:

  • Display Name

  • Principal Name

  • Tenant

  • Object Type

  • Date Added

    NOTE: This field displays the signed-in user's local date and time.

  • Added By (Security Guardian, BloodHound Enterprise, or User)

  • Certification Status

NOTE: If you click the Filter button, you can filter displayed results by any one of these criteria.

From the Privileged Objects list, you can:

Viewing Privileged Object Details

To view a Privileged object's details:

From the Dashboard Uncertified Privileged Objects tile or from the Privileged Objects list, click the object's Display Name.

The following Object Properties are identified for the selected Privileged object:

  • Certification Status

  • Added By (Security Guardian, BloodHound Enterprise or User)

  • Display Name

  • Object ID

  • Object Type

  • Principal Name, Tenant, and Tenant ID (for Tenant objects)

  • Service Principal type (for Service Principal objects)

  		•

    NOTE: This field may be populated only if On Premises Sych is enabled.

  • Role Template ID (for Role objects)

  • User Type (for User objects)

  • Security Identified (for Group objects)

  • Principal Name

  • On Premises Name (for User and Group objects, if On Premises Synch is enabled)

  • On Premises SID for User and Group objects, if On Premises Synch is enabled)

  • On Premises Domain (for User and Group objects, if On Premises Synch is enabled)

  • Date Added

    NOTE: This field displays the signed-in user's local date and time.

  • Information Last Updated

Below the object properties are one or more object-specific sections:

For Tenants: Objects with control of <tenant_name>

For Roles: Active Assignments

For Service Principals and Users:

  • Objects <object_name> can control

  • Objects with control of <object_ name>

  • Roles

For groups:

  • Member of

  • Object with control of <group name>

  • Roles

Why Privileged?

This section provides the reason why the object is considered Privileged. If the object was added by the provider (Security Guardian or Bloodhound Enterprise), the reason is returned by the provider. If the object was manually added by a user, the reason is "Manually added as Tier Zero" or "manually added as Privileged" by <user_principal_that_added_object>".

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione