Dashboard
Single Pane of Glass for Entire Active Directory
Dashboard, provides a general and holistic view of security posture about scanned Active Directory Forests based on different perspectives.
Risk Pane
This Risk Pane summarizes key risk metrics from the scan, including the overall Risk and Exposure Scores, Dangerous Paths, Shadow Admins, and severity levels (Critical to Info). It also breaks down risks by MITRE ATT&CK Tactics (e.g., Persistence, Privilege Escalation), Tags (e.g., Privilege Management, Account Security), Impacts (e.g., Credential Theft, NTLM Relay), and Entity Types (e.g., Domain, User, GPO). This layout helps quickly pinpoint high-risk areas and prioritize actions.
Risk Score, Exposure Score, Dangerous Path Count, Shadow Admins,and Severities
Risk Score: Risk score is the main identifier of the current security status of the Active Directory. It is calculated according to the severity and count of the Issues. If the risk score is 100, there is at least one Issue that causes total Active Directory compromise.
Exposure Score: A metric reflecting the level of exposure within the Active Directory based on discovered vulnerabilities and misconfigurations.
Dangerous Path Count: Dangerous Path Count indicates the attack path count that can lead to the compromise of Admin objects by Unprivileged objects.
Shadow Admins: The count of admin accounts with elevated permissions that are hard to detect, posing a security risk.
Critical: The number of Issues with Critical severity.
High: The number of Issues with High severity.
Medium: The number of Issues with Medium severity.
Low: The number of Issues with Low severity.
Info: The number of Issues with Info severity.
Risk Breakdown by MITRE ATT&CK Tactics
Risk scores based on MITRE ATT&CK Tactics mapping.
Risk Breakdown by Tags, Impacts and Entity Types
Risk Breakdown by Tags: Risk scores based on Tags.
Risk Breakdown by Impacts: Risk scores based on Impacts.
Risk Breakdown by Entity Types: Risk scores based on Entity Types.
Active Directory Entity Pane
Entity Pane, contains different statistics by object types for the selected scan. This area can be useful to view identity-related statistics from both security and management perspectives. The result of these statistics can be seen with Search & Reports interface with just one click.
Risky Admins: Admins with elevated privileges that pose security risks due to weak credentials, over-permissioning, or suspicious activity.
Shadow Admins: Admins with hidden or hard-to-detect privileges, increasing the risk of unnoticed misuse.
Users Table
Disabled Account
The number of disabled user accounts.
Privileged Account
The number of privileged user accounts.
Admin Account
The number of admin user accounts.
Service Account
The number of service user accounts.
Explicit Local Admin
The number of explicit local admin user accounts.
Group Delegated Local Admin
The number of group delegated local admin user accounts.
Risky User
The number of user accounts that have a risk score greater than 50.
Risky Admin
The number of admin user accounts that have a risk score greater than 50.
Shadow Admin
The count of admin accounts with elevated permissions that are hard to detect, posing a security risk.
Computers Table
Disabled Computer
The number of disabled computer objects.
Online Computer
The number of computer objects accessed through the network during the scan.
Unsupported OS
The number of computer objects that runs an unsupported operating system.
Risky Computer
The number of computer objects that have a risk score greater than 50.
Groups Table
Empty Group
The number of groups which have no member.
Privileged Group
The number of privileged groups.
Admin Group
The number of admin groups.
Risky Group
The number of groups that have a risk score greater than 50.
Group Policy Objects Table
Empty GPO
The number of Group Policy objects which have no applicable settings.
Disabled GPO
The number of disabled Group Policy objects.
Unlinked GPO
The number of Group Policy objects that are not linked to any container.
Risky GPO
The number of Group Policy Objects that have a risk score greater than 50.
Computer OS Breakdown: Distribution of computer objects by their operating system.
Top Risky Admins: Top 5 admin user accounts according to their risk scores.
Top Shadow Admins : Top 5 shadow admin user accounts according to their risk scores.
Azure Entity Pane
Users Table
Inactive Users
The number of inactive user accounts.
Privileged Users
The number of privileged user accounts.
Risky Users
The number of user accounts that have a risk score greater than 50.
Groups Table
Inactive Groups
The number of inactive groups.
Privileged Groups
The number of privileged groups.
Risky Groups
The number of groups that have a risk score greater than 50.
Devices Table
Inactive Devices
The number of device accounts that have not been active for a defined period.
Unmanaged Devices
The number of devices that not managed.
Risky Devices
The number of devices that have a risk score greater than 50.
Applications Table
Applications without Certificate/Secret
The number of applications missing authentication credentials such as certificates or client secrets.
Privileged Applications
The number of privileged applications.
Risky Applications
The number of applications that have a risk score greater than 50.
Service Principals Table
Inactive Service Principals
The number of service principals that have not been used or active in a defined period.
Privileged Service Principals
The number of privileged service principals.
Risky Service Principals
The number of service principals that have a risk score greater than 50.
Roles Table
Custom Roles
The number of non-default roles created manually in the environment.
Privileged Roles
The number of privileged roles.
Risky Roles
The number of roles that have a risk score greater than 50.
Inactive Custom Roles
The number of custom roles not assigned or used over a defined period.
Last updated
Was this helpful?