Certification is a means by which you can verify that any object identified by the Tier Zero provider or added manually by a user as Tier Zero qualifies as Tier Zero. Once certified, it will be used to establish a baseline for generating Findings for Indicators of Compromise and Indicators of Exposure.
By default, any object added as Tier Zero (which includes objects in the initial list collected by the Tier Zero provider), its status is Not Certified. This encourages you, as a Security Guardian administrator, to review each object for privileged account security risks.
|
|
EXCEPTION: Because they pose the highest security risk to your Active Directory environment, Tier Zero Domain objects identified by the Tier Zero provider (Security Guardian or BloodHound Enterprise) are certified automatically. |
You can certify one or multiple objects from the Tier Zero Objects list, or individually from the Investigate Finding page or within a New Tier Zero Object's Details view on the Dashboard.
It is strongly recommended that any manually-added Tier Zero objects that, after review, have not been certified as Tier Zero be removed.
|
|
Caution: Once a Tier Zero object has been certified, it cannot be uncertified. |
To certify Tier Zero objects from the Tier Zero list:
-
From the Tier Zero list, select the object(s) you want to certify.
-
Click Certify Tier Zero.
To certify a Tier Zero object from the Findings Investigation page:
Click Certify Tier Zero Object.
You will be prompted to confirm the certification. The confirmation dialog also includes a check box that allows you to dismiss the Finding at the same time.
|
|
NOTE: Once a Tier Zero object has been certified, it will no longer display in the New Tier Zero Objects tile on the Dashboard. |