ITDR
About the Identity Posture Dashboard
Watch a video on scanning an Active Directory.
Misconfigurations, unintended excessive privileges, and vulnerabilities in the identity infrastructure are key attack vectors. Adversaries use stolen credentials to compromise users and leverage these misconfigurations and permissions in the identity infrastructure to escalate privileges and move laterally. Out of all the identity systems, the on-premises Active Directory (AD) is the most widely used.
The Identity Posture dashboard enables you to:
- Obtain visibility into misconfigurations and vulnerabilities that exist in your AD.
- View a unified domain risk severity that can be used for executive reporting and tracking.
- View remediation guidance to fix issues that reduce the risk score and make the AD less vulnerable to identity-based attacks, such as DCSync, DCShadow, AS-REP Roasting, etc.
About the Identity Posture Dashboard
The Identity Posture dashboard summarizes the state of your AD security posture. On the Identity Posture dashboard (ITDR > Dashboard > Identity Posture), you can do the following:
- Filter scan results by AD domain and timestamp.
- View the total number of issues discovered after assessing the computers and users (objects) in the AD domain.
- View the domain risk severity, categorized as Critical, High, Medium, or Low. The risk posture gets better as the severity level decreases.
- View a list of the top 5 issues that are found in the AD. After the AD domain is scanned for various posture checks that are mainly focused on weak permissions, privilege escalations, insecure domain configuration etc., the issues and misconfigurations detected are listed. These are issues and misconfigurations that have the highest impact on your risk score and are the easiest to remediate. If you fix these issues first, you can significantly reduce your risk score. Click an issue to view additional details.
- View a list of the top 10 users and computers that have the highest risks in the AD. Having visibility of these 10 riskiest objects in your AD helps you to prioritize what to focus on first.
- View all of the AD issues categorized by severity in a bar chart. This gives you an overview of the risk composition of the AD. Click the chart to view additional details.
- View all of the AD issues categorized by risk in a donut chart. This gives you an overview of the types of risk most prevalent in AD. Click the chart to view additional details.
- View active changes detected that provide near real-time visibility into new misconfigurations and security risks introduced to your AD. Double-click a change detection issue to view issue and remediation details.
- View the Risk Reduction Roadmap to see the current domain risk severity and set targets to systematically lower the risk severity by providing a prioritized and actionable remediation roadmap.
- View all of the AD issues mapped to MITRE ATT&CK techniques and displayed on a kill chain. This widget enables you to get visibility into issues that can be exploited by adversaries during various stages of an attack. Click an issue mapped on the kill chain to view additional details.
- Download the AD executive summary report and Delta Scan report.
- View and download the AD posture scan report.
- Run an on-demand scan for the selected AD domain whenever necessary.
- Allow or disallow decoy AD user accounts and computers in the scan results.
- Delete an AD scan report.
