Security Guardian manages the following type of customer data:
-
Active Directory objects such as users, groups, computers and domains are provided by the On Demand Hybrid Agent via Event Hubs and stored in the Azure Data Explorer product database and in Azure Storage BLOBs.
-
Entra ID objects such as users, groups, roles, service principals and tenants are provided by the On Demand Entra ID collector via Event Hubs and stored in the Azure Data Explorer product database and in Azure Storage BLOBs.
-
Active Directory and Entra ID object content is persistently stored by the product. Data collected is stored in Azure Event Hubs and then in Azure Data Explorer and Azure Storage BLOBs and is encrypted at rest.
-
The application does not collect or store Active Directory object passwords.
See also:
Security Guardian Intelligence, powered by Large Language Model (LLM) Artificial Intelligence, allows you to interact with your security data using natural language prompts. You can ask questions, explore findings, and receive summaries and recommendations to support tasks such as vulnerability research, data correlation, and environment analysis.
These features are integrated across various areas of the product, making it easy to access relevant insights about your organization whenever needed.
Artificial Intelligence provided with Security Guardian includes:
-
Findings Intelligence: Security Guardian Intelligence can analyze and interpret Security Guardian findings data.
-
Entities Intelligence: Security Guardian Intelligence can use information collected about users, including recent audit activity related to those users.
-
Assessments Intelligence: Security Guardian Intelligence can process identity assessment data collected by Security Guardian.
Global Enablement or Disablement
-
Who can manage this? Only users with the On Demand Administrator role can enable or disable Security Guardian Intelligence for the entire organization.
-
How to disable globally? To request a global disablement of Security Guardian Intelligence, submit a support ticket to Quest Support.
-
User Opt-In Requirement
-
The first time a user accesses an AI feature, they will be prompted to opt in to AI usage.
-
If the user declines, Security Guardian Intelligence will be disabled for that individual user.
Security Guardian is designed with strict privacy and data protection measures:
Security Guardian’s AI models are not trained on customer data.
Customer prompts and chat interactions with AI are not stored or retained. Chat history is automatically deleted when Security Guardian Intelligence features are closed.
Security Guardian Intelligence features cannot access data from other On Demand Organizations. The system uses Retrieval-Augmented Generation (RAG) architecture, which adheres to the same strict data separation protocols outlined in the Privacy and Protection of Customer Data documentation.
Security Guardian uses Azure OpenAI services to power its AI features. These services are deployed within a Data Zone architecture, ensuring that all data processed by Security Guardian remains within the geographic region of the On Demand Organization’s deployment.
