Chat now with support
Chat with Support

Security Guardian Current - User Guide

Introducing Quest Security Guardian Audit
Configuring Audit Working with Audit
Using the Audit Dashboard Searching for specific event data (Quick Search) Working with critical activity Working with searches Working with alerts and notification templates Auditing Microsoft Entra Auditing Microsoft 365
Findings Tier Zero Objects Shields Up Protection (Prevention) Privileged Objects Managing Workload Identities Assessments Hybrid Audit Security Settings Appendix - Available Audit Search Columns and Filters Appendix - Security Guardian Indicator Details Appendix - Data Collection Details Documentation Roadmap

Using Security Guardian Intelligence with Assessments

Security Guardian Intelligence helps you ask focused questions tailored to your environment, providing valuable insights into the security posture of your organization’s Active Directory and Entra ID systems. It highlights critical vulnerabilities and issues identified during assessments and offers practical recommendations for remediation. You can choose to view a high-level summary across all your organizations or dive into detailed findings for specific domains or tenants.

NOTE:

  • Before you can access the Security Guardian Intelligence assistance, you need to read and accept the AI Terms of Use.

  • To refresh the Security Guardian Intelligence content in the flyout, click the AI Icon next to the Active Directory domain name or Entra ID tenant name.

To access Security Guardian Intelligence for Assessments:

  1. From the left navigation menu, choose Security | Assessments.

  2. Select the Security Guardian Intelligence button or the icon in the Results column.

  3. Select one of the following to access more information: 

    • Type your question.

    • Click Summary to view an overview of all Active Directory and Entra ID assessments.

    • Click the Security Guardian Intelligence icon next to the Active Directory domain or Entra ID tenant to view only the associated Assessment summary information.

  4. Review the provided information and delve deeper into the issue if needed.

The summary information includes: 

  • The analyzed workload, including the number of issues found and the total objects collected for the Assessment.

  • Security Posture Summary.

  • Top vulnerabilities identified.

  • Suggested follow-up questions to guide further investigation.

All Assessments List

 

The All Assessments tab displays a list of all Assessments (both built-in and user-created) for the organization along with the following information for each:

  • Assessment name (with a link to Assessment Details)

  • Active Directory domain or Entra ID tenant containing the assessed objects (with the option to Link to Results)

  • Security Guardian Intelligence: Access Security Guardian Intelligence by clicking the icon next to the Active Directory domain or Entra ID tenant in the Link to Results column. See Using Security Guardian Intelligence with Assessments.

  • Assessment Summary: The Assessment Summary is an AI-generated report that provides insights and a high-level overview of assessment results across your organization. See Viewing Assessment Summary Information.

  • Workload (Active Directory or Entra ID)

  • Created By either:

  • Status of the Assessment:

    Configuration Required

    NOTE: This status is used to indicate the absence of an Active Directory domain or Entra ID tenant in On Demand for the organization. This may be because:

    • A domain or tenant has not yet been added to On Demand, which will prevent the built-in Assessment from running.

    • The domain or tenant selected for the Assessment has since been removed from On Demand.

    • When the Assessment was created, all available domains or tenants were excluded.

    Agent Required (See Configuring Additional Components -Hybrid Agent)
    No Data Collected
    No Vulnerabilities Found
    n Vulnerabilities Found

  • Date and time when data was Last Collected

    NOTE: This field displays the signed-in user's local date and time.

Creating an Assessment

In addition to using the built-in Assessment provided by Quest, you can create your own Assessments based on available Discoveries.

To create an Assessment:

  1. From the All Assessments tab click Create.

  2. Select the Workload (Active Directory or Entra ID)

  3. Enter an Assessment Name and Description.

  4. If you want to Automatically add Discoveries as they are released by Quest, check this box.

    NOTE: If you check this box and all pre-defined Discoveries that are provided by Quest will be added to the Assessment as they become available.

  5. Click Select Discoveries to display a list of available Discoveries for the workload.

  6. Select each Discovery you want to add to the Assessment, then click Select.

  7. For Domains or Tenants (depending on the workload you selected), select the Active Directory domains or Entra ID tenants that you want to Run this Assessment for. Use the information in the following table for guidance.

    Option Steps to Complete
    Only selected domains
    OR
    Only selected tenants

    • Select Only selected domains or Only selected tenants from the drop-down.

    • Click Select Domains or Select Tenants and select each domain or tenant you want to add to the Assessment, then click Select.

    The selected domain(s) or tenant(s) will display in the list.

    All except selected domains OR
    All selected tenants

    • Select All except selected domains or All except selected tenants from the drop-down.

    • Click Exclude Domains or Exclude Tenants

    • Select the domain(s) or tenant(s) you want to exclude from the Assessment.

    • Click Exclude.

    Excluded domains or tenants will display in the list. However, when you view the Assessment, all domains or tenants will display and those that are excluded are identified in the Status column.

    All domains

    OR

    All tenants

    Select All domains or All tenants.

    All domains or tenants configured for your organization will display in the list.

  8. Click Save.

Viewing, Editing, and Deleting an Assessment

From the All Assessments list, you view Assessment details and summary information. You can also edit or delete a user-created Assessment.

NOTE: You cannot edit or delete a built-in Assessment, so the Edit and Delete options will be disabled.

To view an Assessment:

  • Click the Assessments link.

To edit a user-created Assessment:

  1. Either

    • ln the All Assessments list, select the Assessment that you want to edit.

      OR

    • Open the Assessment that you want to edit.

  2. Click Edit.

  3. Update the Assessment as needed.

  4. Click Save.

To delete a user-created Assessment:

NOTE: Currently, you can only delete one Assessment at a time

  1. Either

    • ln the All Assessments list, select the Assessment that you want to delete.

      OR

    • Open the Assessment that you want to delete.

  2. Click Delete. You will be prompted to confirm the deletion.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating