Usage
Identity Security
The identity security module will display all collected users, groups, and computer objects within a directory services environment. The attributes for each object (users, groups, and computers) will be analyzed and the risks on the objects will then be called out as individual issues or vulnerabilities at the identity layer.
The layout of the Identity Security module will mirror that of the Attack Surface and Internal Network modules. All issues and vulnerabilities that exist within the identity layer, can be observed, managed, and tracked over time.
The Identity Security module provides a dashboard view of all issues and vulnerabilities, as well as all information around the users, computers, and groups that these objects are a part of. Users have the ability to drill into each issue, as well as each object (user, computer, or group) to view the details.
The dashboard will also surface all of the issues that exist with the amount of the affected objects on that risk sorted by the risk of the issue. Additionally, the percentage of active users and active computers within the directory services environment will also be displayed.
The Identity Security module automates the identification of Tier 0 or critical objects within a directory services environment. These objects are considered critical within a traditional Active Directory (AD) environment due to the permissions users and computers are delegated by default, or due to the groups that they are a part of and the delegated permissions due to the group membership.
Users can drill into each issue within the Active Directory Vulnerabilities table to view the description, solution and the affected entities for each of the AD issues that were identified within the directory services environment.
To view the information regarding a single user, click into a single user account and you will be directed to a page that will display the attributes for the user object you have selected.
Users have the ability to assign a criticality ranking for each object and/or group each object into pre-created groups, like any other asset within the Shield Platform. Additionally, this page will show the groups the user is a part of, any issues the user object has, as well as the Description, SID, Password Not Required attribute, Password Expired attribute, Password Last Set date, and Trusted for Delegation attribute.
To view all of the information regarding the groups object, click into a single group and you will be directed to a page that will display all users and/or computers within that group object.
Users have the ability to assign a criticality ranking for each group object and/or group each group object into a pre-created group within the platform.
Groups can be created within Settings -> Group Maintenance and that is independent of the groups objects that are collected via AD.
This page will also show any users within the AD groups, any issues that are tied to the group objects (independent of the users within the groups), as well as the Description, Date Created, Domain, and SID.
Active Computer objects are computers that are enabled and have been accessed within the last ninety (90) days. Computers that are disabled and have not been accessed for over ninety (90) days are considered inactive.
To view the information regarding a single computer, click into a single computer object and you will be directed to a page that will display the attributes for the computer object you have selected.
Users have the ability to assign a criticality ranking for each computer object and/or group each computer object into pre-created groups, like any other asset within the Shield Platform. Additionally, this page will show the groups the computer is a part of, any issues the computer object has, as well as the Description, Date Created date, Domain, SID, Password Not Required attribute, Password Expired attribute, Password Last Set date, and Trusted for Delegation attribute.
Dashboard
The Identity Security dashboard will surface information regarding how many objects are within the directory services environment, how many issues are open, and how many issues have been fixed within the last thirty (30) days.Vulnerabilities
The vulnerabilities tab within the Identity Security module will surface all of the issues that have been identified within the objects collected from the Shield platform. The table will display all of the issues, the risk of each issue, as well as how many objects are within the issues that were identified.Users can now export all of the vulnerabilities across their identity objects in the form of CSV files. To do this, click the Export button in the top right of the screen and proceed to click Download to receive the results.
Users
The Users tab will display all users objects within a directory services environment, any created groups that user is part of, the criticality of that object, and if that user account is enabled or not. This page will also display the percentage of active users and the tier 0 (critical) users within the environment.Groups
The Groups tab will list out all of the groups within the AD environment for an organization and will call out the tier 0 (critical) groups within that environment.Computers
The Computers tab will display all assets or entities that have been collected via AD or scanned (at a network or agent-level). This page will also show the percentage of active computers, as well as the tier 0 (critical) computer objects.