If Change Auditor version 7.4 is integrated with On Demand, you can protect Tier Zero objects from unauthorized or accidental modifications or deletions from the Security Guardian interface.

You can protect Tier Zero objects from the Findings Investigation page if one or more unprotected Tier Zero objects have been detected as a Detected TTP or Hygiene Indicator, or from the Tier Zero list.

NOTES:

  • Currently, you cannot unprotect objects in On Demand. However, Change Auditor can be used to unprotect objects. Once an object is unprotected, a new Finding will be raised in Security Guardian.

  • When an object within a Finding is protected, it no longer displays in the Findings investigation page. However, object protection status details can be viewed in Change Auditor.

Tier Zero Protection Status

The Tier Zero protection status is displayed in the Protection Status column of the Tier Zero Objects List. The status may be:

  • Not Protected

  • Protected

  • Pending Evaluation

    NOTE: A Pending Evaluation status indicates that either Change Auditor has not completed processing the protection request or that Change Auditor 7.4 or later is not integrated with On Demand.

To protect Tier Zero objects from the Tier Zero list:

  1. Select the unprotected object(s) you want to protect.

  2. Click the Enable Protection button.

To protect Tier Zero objects from the Findings Investigation page (if applicable):

  1. On the Findings Investigation page What Happened? section, select the Tier Zero object(s) that you want to protect.

  2. Click the Enable Protection button.