HomeLiongardRequest a DemoKnowledge Base

Identity Monitoring

This document provides the steps required to configure the Identity Monitoring Inspector.

Suggest Edits

👍

Quick Details

Recommended Agent: On-Demand
Supported Agents: On-Demand
Is Auto-Discovered By: N/A
Can Auto-Discover: N/A
Parent/Child Type Inspector: No
Inspection via: API
Data Summary: Here

Overview

See it in Action

Inspector Information

The Identity Monitoring Inspector looks up haveibeenpwned.com for the list of email addresses provided to identify customers that have been part of a known data breach.

Looking ahead, we will add multi-tenancy and auto-discovery of email addresses known to Liongard into this Inspector.

Additionally, at this time, the Identity Monitoring Inspector does not support wildcards.

Liongard Inspector Setup

🚧

Update Identity Monitoring Inspector

Liongard's Best Practice is to use Dynamic Inspector Configuration to automatically keep the Identity Monitoring Inspector up-to-date with the latest account list from another Inspector, such as Microsoft 365.

If you choose not to use Dynamic Inspector Configurations, in order to keep up with your and your clients' user changes, update your Identity Monitoring Inspector(s) once a month.

To do so, once you have rolled out this Inspector, click in to edit it and add or remove email addresses.

Individual Inspector Setup

In Liongard, navigate to Admin > Inspectors > Inspector Types > Navigate to the Identity Monitoring Inspector > Select Add System.

Fill in the following information:

  • Environment: Select the Environment this System should be associated to
  • Friendly Name: Suggested "Identity Monitoring [Environment Name]"
  • Agent: On-Demand
  • Inspector Version: Latest
  • Email Addresses: You can add Email Addresses to the field in one of the following ways:
    • Dynamic Inspector Configuration (Recommended)
    • Typing in an Email Address and pressing Enter for each address
    • Pasting a comma-delimited list of email addresses and pressing Enter
    • You can remove Email Addresses from the inspection by clicking the "X"
  • Scheduling: The Inspector will default to run once a week at the time the Inspector is set up. Here you can adjust the schedule.

Select Save. The Inspector will now be triggered to run within the minute.

Optional: Turn on Flexible Asset/Configuration Auto-Updating

If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:

  • ConnectWise: Admin > Integrations > ConnectWise > Configuration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
  • IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled

Roll out Inspectors at Mass via CSV Import

For more detailed information, please visit our documentation.

To import Network IP Inspectors via CSV Import, navigate to Admin > Inspectors > Identity Monitoring > in the top right corner, select the down arrow icon to Download CSV Import Template. In the CSV Template, each row, starting on row 3, will represent an Inspector.

Enter details of each Inspector you care to roll out per the associated column prompt, and save the template.

  • Agent.Name: Enter "On-Demand Agent"
  • Inspector.Name: Enter "email-compromise-inspector"
  • Environment.Name: This column is case sensitive. Copy and Paste the associated Environment name from the Dashboard screen
  • Alias: Enter the Desired Friendly Name
  • Config.EMAILS[0]: Enter the email address you'd like to inspect. If you would like to inspect multiple email addresses, you will need to add a column to the left called "Config.EMAILS[1]", "Config.EMAILS[2]", etc., and in each column enter the additional email address that you would like to inspect
  • FreqType: Enter "weeks"
  • FreqInterval: Enter "1"

When you’re ready to Import the CSV Template of Inspectors, navigate to Admin > Inspectors > Identity Monitoring > in the top right corner, select the up arrow icon to Import CSV and select your saved template. After the successful import notification, reload your browser to find your imported Inspectors. These Inspectors will automatically trigger themselves to run within a minute.

❗️

Dynamic Inspector Config and CSV import

The Identity Monitoring Inspector can not currently be set up with Dynamic Inspector Configuration when using CSV import.

We recommend adding a single email address for each deployed inspector, and then editing your Inspectors with Dynamic Inspector Configuration after importing your CSV.

Identity Monitoring Quick Tips/FAQs

Inspector FAQs

Updated 4 months ago