An indicator consists of a set of criteria that is used to evaluate collected data and generate Findings for:
- Tier Zero object activity
- The following Hygiene, Detected TTP, and Detected Anomaly indicators:
- Security Assessment vulnerabilities detected by Security Guardian
- Critical Activity and unprotected Tier Zero objects collected by On Demand Audit.
|
|
NOTE: Indicator-specific detail, with listings by severity and by the data source, can be found in the Appendix. |
If you no longer want a Finding to be generated for an indicator, you can mute it.
|
|
EXCEPTION: New Tier Zero object indicators cannot be muted. |
To access the All Indicators page:
-
From the left navigation menu, choose Security | Settings.
-
Select the All Indicators tab.
A list of all indicators displays, with the following information for each:
-
Finding (Indicator name)
-
one of the following Severity levels:
Critical Generally reserved for Hygiene and Detected Indicators that are changes to Tier Zero and Privileged object security, have significant potential impact to the Active Directory or Entra ID environment, and are not part of the default Active Directory or Entra ID configuration. High Generally reserved for:
-
Hygiene and Detected Indicators that are of high concern but impact single objects.
-
the discovery of new Tier Zero domain objects and Privileged tenant objects.
-
changes to Tier Zero and Privileged objects that occur more often through normal business operations or are part of the default Active Directory or Entra ID configuration.
Medium Generally reserved for the discovery of :
-
Tier Zero user, computer, group, and Group Policy objects.
-
Privileged user, role, group, and service principal objects.
-
-
Type (Tier Zero, Privileged, Hygiene, Detected TTP, Detected Anomaly)
-
Active Findings
-
Inactive Findings
-
number of Muted Objects
-
Mute Status
|
|
NOTE: If you click the Filter button, you can filter displayed results by one or more of the following criteria:
|
Click the link for the indicator.