Security Guardian Current

Security Guardian Current - Release Notes

Table of Contents

Release Notes

New Features Incident response management System Requirements Product licensing Third Party Contributions

Configuring Additional Components

Additional components need to be configured to make Security Guardian fully functional.

To configure additional components:

From the On Demand left navigation menu, choose Security | Dashboard.
From the Configuration Status tile, configure the necessary components.

NOTE: Once an additional component is configured in On Demand, it's available to any other module that uses it.

Component

Purpose

Instructions

Hybrid Agent

Gives Security Guardian access to the Active Directory domain(s) that you want to keep secure.

On Demand Global Settings User Guide - Adding an on-premises agent

When configuring the agent, ensure that:

the action Collect Active Directory object data is selected
any domain for which you want data to be collected is added.

NOTE: In addition to the permissions required for the hybrid agent, the service account (which the Collect Active Directory object data action uses) requires an additional permission to assess certain vulnerabilities.

Quest Change Auditor

(via On Demand Audit)

Sends Active Directory events to On Demand Audit for reporting in Security Guardian Findings and allows you to protect Tier Zero objects.

NOTE: A minimum of version 7.3 is required to send critical activity events to On Demand Audit, and a minimum of version 7.4 is required to protect Tier Zero objects.

Instructions are provided via a tool tip in the Security Guardian UI. You can also find instructions at On Demand Audit User Guide - Change Auditor Integration

SpecterOps BloodHound Enterprise

(Optional)

Identifies Tier Zero assets in your organization's Active Directory domain(s), which you can monitor and assess for security vulnerabilities in Security Guardian.

NOTE: If BloodHound Enterprise is not configured, Security Guardian will be used as your organization's Tier Zero provider once the Hybrid Agent is configured.

On Demand Audit User Guide - Specter BloodHound Integration

SIEM solution:

Microsoft Sentinel
Splunk Cloud or Enterprise

(Optional)

Allows Security Guardian Findings to be forwarded to a configured SIEM tool for further analysis

NOTE:Regardless of whether your organization uses a SIEM solution, you can also have Finding alerts sent via email.

Security Guardian User Guide - Configuring a Forwarding Destination

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Security Guardian Current - Release Notes

Configuring Additional Components