The Security [2] Attack Surface Dashboard

Article ID: 515
Category: Dashboard
Applies to: 5.1.1.102 and higher
Updated: 2024-05-20

The Attack Surface dashboard utilized various validation scripts to ensure the monitored hosts meet basic security and best practices guidelines. To make it easier to prioritize resolving issues identified by the validation checks, the scripts are grouped into Workstation, Server & Domain Controllers.

Numbers shown in the tiles reflect the number of validation checks that failed for this particular host type (e.g. Server) and validation tag (e.g. #security-server). Clicking the tile will run the respective reports and show all failed validation checks.

EventSentry Security Dashboard Attack Surface

Prerequisites
This dashboard requires that the tags listed below are assigned to one or more validation script packages. The respective packages can be downloaded through an online package update (Management Console -> Packages -> Update) or by manually importing (Management Console -> Packages -> Import) the JSON package file below.

1
2
3
4
5
6
7
8
9
10
#domaincontroller
#bestpractice-domaincontroller
#bestpractice-server
#bestpractice-desktop
#cis-csc-server
#cis-csc-desktop
#privacy-server
#privacy-desktop
#security-server
#security-desktop

Reports
All tiles utilize reports from the Security [2] Attack Surface category, which can be found under Reports ->My Reports. These reports can be adjusted if there are valid reasons that the recommended settings would not work. Individual scripts that are not applicable can also be blocked in the respective Validation Scripts packages in the management console.

The reports can also be scheduled with jobs, for example to get an email on the condition that a report contains data (implying that there are failed validation scripts).

Practical Approach
Since it is likely that this dashboard will initially contain a large number of failed validations, it's important to take a structured approach to resolve deficiencies. In many environments it will take time to correct the underlying OS settings which cause scripts to fail: Consider this a long-term effort that will pay significant dividends when completed. Below are some approaches that may work in your environment:

  • Start by identifying and resolving failed checks that have little or no impact on your environment. After successfully reducing the number of failed checks, establish a procedure for the remaining checks.
  • Focus on failed checks that affect the most hosts - this can result in a more visible impact initially.
  • Focus on resolving failed & critical checks on high-risks assets, e.g. domain controllers or specific servers

IMPORTANT: Correcting some failed checks may break legacy functionality in your environment, when unsure always test settings first



Try EventSentry on-premise

FREE 30-day evaluation

Download Now