Risk Posture
A company's overall capacity to identify and respond to risks is referred to as its risk posture. It entails inspecting every aspect of a company's network and identifying potential vulnerabilities. All users, network elements, and any information that may be stored but is at risk of being hacked are included. It also involves examining current security practices and software to assess how well they can fend off attacks.
Active Directory Edit Compliance
- You can select the specific domains in which the Active Directory should be analyzed.
- Go to Manage Compliance → Active Directory → Edit to edit parameters of the rules with the possible values to get your personalized scores (By default, the recommended values from the Microsoft / CIS Standards will be present).
Run Analysis Schedules:
- You can get the fresh analysis results by clicking the Run Now link at the top left corner of the Risk Posture.
- The frequency can be set by clicking the Schedule button next to the Run Now Link.
- By default, the schedule will run once per day. It also allows you to change the frequency of analysis.
- Click the Schedule button to see the time when the next analysis is scheduled to run.
- You can also see the time when the last analysis has been completed.
Rule Status and its definitions
Low/No Risk
This status informs that the selected source's configurations have met the Recommended / User set compliance value as per their norms.
High Risk
This status informs that the selected source's configurations have not met the Recommended / User set compliance value as per their norms.
Unable to Verify
This status informs that the log360 server was unable to fetch the required data needed for analyzing the specific rule. It can be due to the following reasons.
Troubleshooting Steps for Unable to Verify Status:
Active Directory
Possible Reasons for the status "Unable to verify" as follows:
- Insufficient Domain Details
- Access Denied for SYSVOL Folder.
Insufficient Domain Details:
This error occurs when the domain details or credentials haven't been synced properly while integrating with child components.
Troubleshooting Steps:
Access Denied for SYSVOL Folder:
This error occurs when a log360 installed machine was unable to access the SYSVOL Folder of the domain controllers of selected domain. This restriction was made by Microsoft after 2015.
Kindly Make sure the SYSVOL Folder (C:\Windows\SYSVOL\sysvol) of the domain controllers has been shared to the User with which the domain is configured.
Troubleshooting Steps:
Using GPO of log360 installed Machine's Domain:
- Go to "Computer Configuration → Administrative Templates → Network → Network Provider" in the Domain Controller.
- Enable the Hardened UNC Paths. In Options, Click the show button.
- Kindly add "\\*\SYSVOL" value in "Value Name" Field.
- Kindly add "RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" value in "Value" Field.
- For immediate results, open Command prompt as Administrator and run "gpupdate /force" command in the log360 installed Machine.
- Click Ok.
(or)
Using Local Security Policy Editor:
- Open Local Security Policy Editor with "gpedit.msc" in the log360 installed Machine.
- Go to Computer Configuration → Administrative Templates → Network → Network Provider.
- Enable the Hardened UNC Paths. In Options, Click the show button.
- Kindly add "\\*\SYSVOL" value in "Value Name" Field.
- Kindly add "RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" value in "Value" Field.
- Click Ok.
(or)
Execute the below command in Command Prompt as Administrator in Log360 installed Machine:
%COMSPEC% /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\*\SYSVOL" /d "RequireMutualAuthentication=0" /t REG_SZ
After these trouble shooting Steps, Go to Compliance → Risk Posture → Active Directory, and click Run Now button