Security Guardian Current

Security Guardian Current - Release Notes

New Features Incident response management System Requirements Product licensing Third Party Contributions

Findings

Findings allow you to view and investigate notable events in your organization's Active Directory, including:

Tier Zero object activity, including the identification of unprotected Tier Zero objects
Hygiene indicators detected by Security Guardian Assessments
Detected TTP and Detected Anomaly Indicators collected by Security Guardian from On Demand Audit.

NOTE: Hygiene indicates that objects are susceptible to an adversary attack. Detected indicates that an action took place that could possibly be an adversary attack. Detected TTP (tactics, techniques and procedures) are search-based detected indicators whereas Detected Anomalies are indicators based on statistical analysis.

To view Findings:

From the left navigation menu, choose Security | Findings.

The Findings list displays Active Directory objects, along with the following information for each:

Finding

one of the following Severity levels:

NOTE: Security Guardian calculates severity levels by a range of values (i.e., the lower the value, the higher severity). If you sort by this column, you can see the Findings in order of most to least severe.

	Critical	Generally reserved for Hygiene and Detected Indicators that are changes to Tier Zero object security, have significant potential impact to the Active Directory environment, and are not part of the default Active Directory configuration.
	High	Generally reserved for Hygiene and Detected Indicators that are of high concern but impact single objects, the discovery of new Tier Zero domain objects, and changes to Tier Zero objects that occur more often through normal business operations or are part of the default Active Directory configuration.
	Medium	Generally reserved for the addition of Tier Zero user, computer, group, and Group Policy objects.

Type (Tier Zero, Hygiene, Detected TTP, or Detected Anomaly)
The date and time Last Detected

NOTE: This field displays the signed-in user's local date and time.
Status (Active or Inactive)

NOTE: If you click the Filter button, you can filter displayed results by one or more of the following criteria:

Finding
Severity
Type
Status

(Active Findings display by default. You can choose to display either Active or Inactive Findings in the list, but not both.)

From the Findings list you can dismiss one or more Findings and view Finding history.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Security Guardian Current - Release Notes

Findings