立即与支持人员聊天
与支持团队交流

Security Guardian Current - User Guide

Introducing Quest Security Guardian Audit
Configuring Audit Working with Audit
Using the Audit Dashboard Searching for specific event data (Quick Search) Working with critical activity Working with searches Working with alerts and notification templates Auditing Microsoft Entra Auditing Microsoft 365
Findings Tier Zero Objects Shields Up Protection (Prevention) Privileged Objects Managing Workload Identities Assessments Hybrid Audit Security Settings Appendix - Available Audit Search Columns and Filters Appendix - Security Guardian Indicator Details Appendix - Data Collection Details Documentation Roadmap

Best Practices built in searches

Audit provides the following Best Practices built in searches:

  • Microsoft Entra successful application consent events in the past 30 days
  • Sharing operations on important file types within past 7 days
  • Teams guest access enabled or disabled in the past 30 days

BloodHound Tier Zero assets built in searches

Audit provides the following BloodHound Tier Zero assets built in searches:

  • All Microsoft Entra Tier Zero AD risk events in the past 60 days

  • All Microsoft Entra Tier Zero application changes in the past 60 days

  • All Microsoft Entra Tier Zero group changes in the past 60 days

  • All Microsoft Entra Tier Zero principal logons in the past 60 days

  • All Microsoft Entra Tier Zero role changes in the past 60 days

  • All Microsoft Entra Tier Zero service principal changes in the past 60 days

  • All Microsoft Entra Tier Zero tenant level and directory activity in the past 60 days

  • All Microsoft Entra Tier Zero user changes in the past 60 days

  • All Tier Zero computer changes in the past 60 days

  • All Tier Zero domain and forest configuration changes in the past 60 days

  • All Tier Zero group changes in the past 60 days

  • All Tier Zero group policy item and object changes in the past 60 days

  • All Tier Zero user changes in the past 60 days

  • Local logons to Tier Zero computers in the past 60 days

  • Security changes to Tier Zero domain objects in the past 60 days

  • Security changes to Tier Zero group objects in the past 60 days

  • Security changes to Tier Zero group policy objects in the past 60 days

  • Security changes to Tier Zero computer objects in the past 60 days

  • Security changes to Tier Zero user objects in the past 60 days

  • Tier Zero user logons to computers that are not Tier Zero in the past 60 days

     

File System built in searches

Audit provides the following File System built in searches:

  • FS all events in the past 7 days
  • FS all permission and ownership changes to SYSVOL on domain controllers in the past 30 days
  • FS all local share changes in the past 30 days
  • FS all file and folder creates, deletes, and moves in the past 30 days
  • FS all file and folder attribute changes, modifications, and renames in the past 30 days
  • FS all file and folder auditing changes in the past 30 days
  • FS all file and folder ownership changes in the past 30 days
  • FS all file and folder permission changes in the past 30 days
  • FS all file and folder failed access attempts in the past 30 days
  • FS all file changes with suspicious file extensions in the past 30 days

Group Policy built in searches

Audit provides the following Group Policy built in searches:

  • Group Policy all events in the past 7 days
  • Group Policy all restricted group changes in the past 30 days
  • Group Policy all security changes in the past 30 days

  • Group Policy domain level linked changes in the past 30 days

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级