An indicator consists of a set of criteria that is used to evaluate collected data and generate Findings for:
- Tier Zero object activity
- The following Hygiene, Detected TTP, and Detected Anomaly indicators:
- Security Assessment vulnerabilities detected by Security Guardian
- Critical Activity and unprotected Tier Zero objects collected by On Demand Audit.
|
|
NOTE: Indicator-specific detail, with listings by severity and by the data source, can be found in the Appendix. |
If you no longer want a Finding to be generated for an indicator, you can mute it.
|
|
EXCEPTION: New Tier Zero object indicators cannot be muted. |
To access the All Indicators page:
-
From the left navigation menu, choose Security | Settings.
-
Select the All Indicators tab.
A list of all indicators displays, with the following information for each:
-
Finding (Indicator name)
-
one of the following Severity levels:
Critical Generally reserved for Hygiene and Detected Indicators that are changes to Tier Zero object security, have significant potential impact to the Active Directory environment, and are not part of the default Active Directory configuration. High Generally reserved for Hygiene and Detected Indicators that are of high concern but impact single objects, the discovery of new Tier Zero domain objects, and changes to Tier Zero objects that occur more often through normal business operations or are part of the default Active Directory configuration. Medium Generally reserved for the addition of Tier Zero user, computer, group, and Group Policy objects. -
Type (Tier Zero, Hygiene, Detected TTP, Detected Anomaly)
-
Active Findings
-
Inactive Findings
-
number of Muted Objects
-
Mute Status
|
|
NOTE: If you click the Filter button, you can filter displayed results by one or more of the following criteria:
|
Either:
-
Click the link for the indicator.
-
Select the indicator and click View Indicator.
NOTE: If more than one indicator in the list is selected, the View Indicator button will be disabled.
OR