Contents
| Table of Contents |
|---|
...
Upon selecting the Windows dashboard, the top bar presents key information such as the number of reporting servers, endpoints, Domain Controllers, and Virtual Desktop Infrastructures (VDIs) – indicating the distribution of monitored assets. Additionally, the top bar showcases metrics regarding users validated through GYTPOL's Policy Validation module and the count of missing devices. Further explanation about these metrics can be found in the Customization and Settings > Health Screen section.
| Anchor | ||||
|---|---|---|---|---|
|
...
For every device listed, a further drill-down option is available. Activating this drill-down leads you to specific findings associated with that particular device. This in-depth exploration provides granular insights into the security and configuration status of the chosen device.
Selecting any of the misconfiguration scopes, such as Servers or Endpoints, triggers the opening of the misconfiguration page, where all pertinent alerts relevant to that specific scope are presented. These alerts are systematically categorized according to the MITRE ATT&CK framework, enhancing their organization and clarity. Each alert possesses the capability to be further expanded, revealing the list of devices implicated in that misconfiguration.
...
For a comprehensive guide on navigating the Misconfigurations and Alerts section effectively, refer to the detailed instructions provided in the corresponding documentation.
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
...
This CSV file will provide you with a structured record of the metrics related to Legacy Protocols, which you can then use for reporting or analysis purposes.
Another example, is an export of a single finding:
...
In opting for the targeted refresh, only the relevant metrics section that you select will be updated, aligning with your specific requirements. This feature enhances your ability to efficiently access the most recent information without refreshing the entire interface.
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
...
The Knowledge Base empowers users with in-depth information, enabling them to tackle security challenges with informed solutions. Whether you access it through the top bar or directly within specific topics, the Know How feature is designed to enrich your experience within GYTPOL and enhance your ability to address security concerns.
| Anchor | ||||
|---|---|---|---|---|
|
...
Red (High): Represents high-severity misconfigurations that require immediate attention due to their critical impact on security.
Orange (Medium): Indicates medium-severity misconfigurations that should be addressed promptly to mitigate potential risks.
Yellow (Low): Denotes low-severity misconfigurations that may not pose an immediate threat but should still be resolved to enhance overall security posture.
Green (Complied): Signifies items that are in compliance and meet the expected security standards, resulting in no alerts generated.
...
In GYTPOL, alerts are visually differentiated by the presence of a spanner icon, which conveys specific information about the remediation process:
Green Spanner: Alerts accompanied by a green spanner icon indicate that you can swiftly remediate the finding using the GYTPOL user interface. This streamlined process enables you to fix the identified misconfiguration in a matter of seconds. For more detailed guidance on the remediation process, refer to the provided resources.
Gray Spanner: If an alert is associated with a gray spanner icon, it signifies that the finding cannot be remediated through the user interface due to certain limitations or conditions. These limitations could include factors such as unsupported PowerShell versions or informational nature of the alert. This may also indicate that the item fully complied with GYTPOL standards or was already fixed.
...
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
Color | Meaning |
  | Green – alert remediable and revertible |
  | Green with (!) – alert remediable but non-revertible |
  | Red – remediation failed (timeout, access) |
  | Orange – no error was reported during remediation, but the scanner found the same alert again |
  | Gray – action cannot be applied, either because the Powershell version is too old or there is no remediation action available for this finding |
  | Gray with a spinning icon – remediation is pending and ready to run on devices |
...
By utilizing these export functionalities, GYTPOL empowers users to generate reports, gather insights, and maintain efficient records of misconfigurations and remediation efforts for better security management and documentation.
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
...
Identify the Finding: Start by identifying a particular misconfiguration or security finding that needs to be addressed.
Choose the Target Group: Select the group of devices on which you want to apply the remediation action. This can include specific devices, a group based on OU, Domain, or custom computer groups.
Initiate the Remediation Action: Define the specific action or fix that needs to be implemented to address the finding. This action can involve changes to configurations, settings, or other relevant parameters.
Pending Status and Client Check-In: After initiating the action, it enters a pending status. The respective client devices periodically check in (hourly) to receive and acknowledge the action.
Client Acknowledgment and Feedback: Once the client applies the action locally, it sends feedback to GYTPOL indicating the success or failure of the task, along with reasons for any failures.
Revert Capability (if applicable): If the action supports reversion to the original state, GYTPOL allows you to revert changes directly from the UI.
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
...
By utilizing the Automatic Remediation Action feature, GYTPOL empowers users to proactively respond to emerging security challenges, ensuring that devices remain aligned with organizational policies and security standards as new alerts are detected. This automated approach enhances the overall security posture of the organization.
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
...
Group Policy update Computer + user without restart: This operation triggers a gpupdate for both computer and user configurations without requiring a restart or logoff.
Group Policy update Computer + user with restart: This operation performs a gpupdate for both computer and user settings, followed by a computer restart upon successful completion.
Rescan Computer / User: This operation initiates a rescan of the computer or user ahead of the regular schedule, ensuring that the alert information is up to date.
Remove Local Policy Settings: This operation removes locally defined policy settings on the computer, ensuring that no administrative changes have altered the local configuration.
Sync Intune: This operation forces devices to retrieve updates from InTune, ensuring that the information remains current.
| Anchor | ||||
|---|---|---|---|---|
|
...
Revert All: This option enables you to revert the remediation action on all devices within the defined scope. By selecting this option, the remediation changes will be undone on all applicable devices.
Revert on Selected Device(s): If you wish to revert the remediation action on specific devices within the scope, you can do so by clicking the "undo" icon for the respective device(s). This allows you to selectively revert changes on chosen devices.
| Anchor | ||||
|---|---|---|---|---|
|
...
Accessible from the homepage, you can access the corresponding dashboard by selecting the relevant standard. Once clicked, the CIS or NIST dashboard will be displayed, presenting the benchmark results. Here's a breakdown of the color codes used:
Green: Indicates that the settings within your organization are compliant.
Red: Denotes that the settings within your organization are not compliant.
Orange: Indicates that the settings are not managed in your organization, and there is no detectable Group Policy Object (GPO) containing the relevant setting.
...
Devices that are missing from reporting are color-coded as follows:
Blue: Devices reported within the last 24 hours.
Yellow: Devices that have not reported in the last 3 days.
Orange: Devices that have not reported in the last week.
Red: Devices that have not reported in 7-14 days.
...
Click on the "+" icon to initiate the creation of a new group.
Provide a name for the group that represents its purpose or criteria.
Select the devices you want to include in the group based on the available options on the screen. These options could include name patterns, operating systems, OUs, domains, or even arbitrary lists of devices.
After specifying the criteria and devices, click "Add" or a similar confirmation button to create the custom group.
By creating custom computer groups, you can efficiently manage and categorize your devices, allowing for easier organization, targeting of actions, and monitoring of specific sets of devices that meet certain criteria. This feature can enhance the flexibility and customization of your GYTPOL deployment.
...