The ITDR - Change Detection feature monitors and detects active changes in an Active Directory (AD) domain, and classifies these changes as a good or bad impact. The Change Detection (ITDR > Change Detection) page displays the detected issues. You can review these change detection issues to confirm that they are not a risk and mark them as safe.

See image.

To learn more, see About ITDR - Change Detection, Adding a Change Detection Issue to the Safelist, and Viewing Change Detection Issue and Remediation Details.

The ITDR Active Directory (AD) Assessment Posture report is a summary of potential misconfigurations and vulnerabilities in your scanned AD domain. The report displays a unified domain risk score on a scale of 0 to 100, the type of risks most prevalent in the AD, an issue priority matrix, and remediation guidance to fix the issues. You can download the ITDR AD Assessment Posture report as a PDF file.

See image.

To learn more, see Viewing the ITDR AD Assessment Report and Downloading the ITDR AD Assessment Report.

• The Identity label on the left-side navigation menu was renamed to ITDR.

  See image.

  Close

• The Identity Posture - Active Directory Dashboard page (Identity > Dashboard) was renamed to ITDR Posture - Active Directory Dashboard (ITDR > Dashboard).

  See image.

  Close

  To learn more, see About the ITDR Posture - Active Directory Dashboard.

After an Active Directory (AD) domain is scanned and the scan status is completed, you can view the details of the failed scan checks, if any.

See image.

To learn more, see About Scan Agents.

See image.

To learn more, see Viewing Failed Scan Check Details.

You can create a Windows landmine policy and configure the ITDR - Active Directory (AD) attack detection module to detect credential misuse, entitlement exposures, and privilege escalation activities against AD via the Landmine Agent.

See image.

To learn more, see Creating a Landmine Policy and Configuring ITDR - Active Directory.

The Identity Posture - Active Directory feature enables organizations to protect privileged identities, such as Active Directory (AD) domains that are at a high risk of exploitation and regulatory noncompliance. It helps you to detect attacks, such as DYSync, DCShadow, Kerberoast, etc., and disrupt privilege escalation and lateral movement threats with decoy users and computers.

Scan Active Directory Domains

You can scan AD domains via a Microsoft Windows landmine agent to discover identity vulnerabilities, such as AS-REP roasting and kerberoasting attacks.

See image.

To learn more, see About Scan Agents and Scanning an Active Directory.

Identity Posture - Active Directory Dashboard

After your AD domains are scanned, the results are available on the Identity Posture - Active Directory dashboard. The dashboard displays the top vulnerability issues by severity, affected users and computers, risk analysis with issues categorized by percentage, issues mapped on the MITRE ATT&CK kill chain, etc. You can interactively drill down to a specific issue and analyze it.

On the dashboard, you can view active changes detected in your AD that provide near real-time visibility of new misconfigurations and security risks introduced.

The dashboard displays remediation steps that you can take to maintain the security posture of your AD infrastructure. You can also view and download the vulnerability reports.

See image.

To learn more, see About the Identity Posture - Active Directory Dashboard.

Issue and Object Safelist

After your AD domain is scanned, the vulnerability issues and objects (AD user accounts and computers) are listed on the Focus Area page. You can review these issues and objects to confirm that the vulnerability is not a risk and mark them as safe. The issues and objects marked as safe are listed on the Issue Safelist and Object Safelist pages.

See image.

To learn more, see Adding a Vulnerability Issue to the Safelist and Viewing and Managing Issue Safelist.

See image.

To learn more, see Adding an Active Directory Object to the Safelist and Viewing and Managing Active Directory Object Safelist.

ITDR - Change Detection

The ITDR - Change Detection feature improves the security posture of an Active Directory (AD) environment. It provides near real-time visibility into new misconfigurations and security risks introduced to your AD.

See image.

To learn more, see About ITDR - Change Detection.