ITDR
Adding an Active Directory Object to the Safelist
On the Detailed Findings and Recommendations page for an Active Directory (AD) issue, you can view the list of AD objects (user accounts and computers) that are vulnerable to attack. You can review these objects to confirm that they are not a risk and mark them as safe.
Adding objects to the safelist impacts the unified risk score on the ITDR Posture - Active Directory Dashboard.
After you add objects to a safelist, they disappear from the Who is affected? section on the Detailed Findings and Recommendations page and vulnerability report for that particular issue only. These objects are not marked safe if you select a different issue in the same AD domain.
To add an object to the safelist:
- Go to ITDR > Dashboard.
- On the ITDR Posture - Active Directory Dashboard page:
- Select an AD domain from the Result for drop-down menu.
Select a timestamp from the scanned on drop-down menu.
The scan result for the AD domain appears.
Under Detailed Findings and Recommendations, click an issue.
- On the Detailed Findings and Recommendations page, scroll down to the Who is affected? section for the selected issue.
- Add objects to the safelist using one of the following methods:
To add a specific item to the object safelist, click the Shield icon to mark an object safe.
To add multiple items to the object safelist, select the items, and click Add Objects to Safelist.
In the Add to Safelist window, enter a reason for marking this AD object safe and set an expiration date if needed.
If you are adding multiple objects to the safelist simultaneously, the same reason and expiration date are applied to all those objects.
Click Save.
The AD object is added to the safelist. You can view and manage it on the Object Safelist page.