First Assessment Notification Email
If email is configured for Security Guardian, after the first Assessment is completed for the organization, a notification email is sent which includes the total number of the following:
-
Findings without vulnerable objects
-
Findings with vulnerable objects
-
Findings with inconclusive results
-
Findings that returned an error
|
NOTE: This notification applies only for the first Assessment that is completed for an organization. If email is configured after the first Assessment has run, a notification will not be sent. Subsequent emails will be sent advising that the Assessment has been completed and vulnerable objects have grown in scope. |
Built-in Assessments
Security Guardian includes a built-in Assessment, Active Directory Security Assessment. It contains all pre-defined Discoveries provided by Quest and is run on all domains configured in On Demand for your organization.
Pre-defined Discoveries are added automatically to this Assessment as they are released by Quest.
|
NOTE: A built-in Assessment cannot be edited or deleted. |
All Assessments List
The All Assessments tab displays a list of all Assessments (both built-in and user-created) for the organization along with the following information for each:
-
the Assessment name (with a link to Assessment Details)
-
the Active Directory domain containing the assessed objects (with the option to Link to Results)
-
Created By either:
-
the Status of the Assessment:
|
Configuration Required
|
NOTE: This status is used to indicate the absence of an Active Directory domain in On Demand for the organization. This may be because:
-
A domain has not yet been added to On Demand, which will prevent the built-in Assessment from running.
-
The domain selected for the Assessment has since been removed from On Demand.
-
When the Assessment was created, all available domains were excluded. |
|
|
Agent Required (See Configuring Additional Components -Hybrid Agent) |
|
No Data Collected |
|
No Vulnerabilities Found |
|
n Vulnerabilities Found |
Discoveries and Vulnerabilities
Discoveries are evaluated by Assessments to identify vulnerabilities in your organization's Active Directory. Security Guardian comes with several pre-defined Discoveries and you can also create your own Discoveries.
Additional permission required for specific vulnerabilities
In addition to the permissions required for the hybrid agent, the service account (which the Collect Active Directory object data action uses) must be a member of the Domain Admins group for the following pre-defined vulnerabilities and any vulnerabilities created using the same template.
For the vulnerability gMSA root key access, the account must be a member of the Domain Admins or Enterprise Admins group.
If the required permission is not granted, Assessment results for these vulnerabilities will return as Inconclusive.