Glossary

Terminology of the FSProtect

Selected Scan / Current Scan

FSProtect enumerates the Active Directory environment though periodic or on-demand scans. FSProtect web interface shows only the data of the currently selected scan. This selection can be done through the combo box in the left navbar. So before analyzing the results, make sure the select correct scan.

Risk / Risk Score

FSProtect calculates risk scores for scans and objects based on different metrics and categories. These scores state the risk on the objects or scans according to the context.

Object / Entity

The term Object or Entity refers to objects in the Active Directory environment. FSProtect enumerates and analyzes objects/entities below.

  • Forest

  • Domain

  • Computer

  • User

  • Group

  • Group Policy Object

  • Organizational Unit

  • Managed Service Account

  • Group Managed Service Account

  • Local User

  • Local Group

  • Certificate Authority

  • Certificate Template

  • Certificate Authority Certificate

Relation

The term Relation refers to the connections between Active Directory objects. FSProtect enumerates and analyzes various relation. You can see details of these relations with the page below.

Admin

Objects that have direct privilege on the entire Active Directory environment or that can lead to total Active Directory compromise. FSProtect marks the following objects as Admin.

  • Direct or nested members of

    • Administrators

    • Domain Admins

    • Enterprise Admins

  • Domain Controller Servers

  • KRBTGT

  • Certificate Authorities

Privileged

Objects that have direct privilege on some Active Directory objects or that can lead to compromise of Admin objects. FSProtect marks the following objects as Privileged.

  • All Admin objects

  • Direct or nested members of

    • Account Operators

    • Backup Operators

    • Cert Publishers

    • Cryptographic Operators

    • DnsAdmins

    • Enterprise Key Admins

    • Enterprise Read-only Domain Controllers

    • Group Policy Creator Owners

    • Incoming Forest Trust Builders

    • Key Admins

    • Network Configuration Operators

    • Print Operators

    • Read-only Domain Controllers

    • Remote Desktop Users

    • Replicator

    • Schema Admins

Unprivileged

All other objects that are not privileged or admin.

Everyone-Like

Groups that contain all/general objects in Active Directory. FSProtect marks the following objects as Everyone-Like.

  • Everyone

  • World

  • Anonymous

  • Authenticated Users

  • Users

  • Guests

  • Domain Guests

  • Domain Users

  • Domain Computers

Local Admin

Objects that have direct or nested membership on local Administrators group in at least one computer.

Service Account

Users with the ServicePrincipalNames attribute set.

Explicit Local Admin

Objects that have direct membership on local Administrators group.

Group Delegated Local Admin

Objects that have nested membership on local Administrators group.

Risky

Objects with a risk score greater than 50.

Online

Computers that accessed to port 445 during the network scan.

Stealth Admin

Unprivileged or privileged objects that can compromise admin objects through attack paths.

Issue

Vulnerabilities, misconfigurations, dangerous privileges, and relations that can pose risks to Active Directory.

Tag

Labels attached to issues to categorize, group, and make it easy to understand.

Impact / FSProtect Impact Name

The special tag attached to issues to identify the effects of issues on Active Directory.

Severity

Risk levels of the issues. Severity can be Info, Low, Medium, High and Critical.

Ease of Mitigation

Indicates the level of effort to mitigate/remediate the issues. Ease of Mitigation can be Easy, Medium, or High.

Ease of Detection

Indicates the level of effort to detect exploitation of the issues. Ease of Detection can be Easy, Medium, or High.

Ease of Deception

Indicates the level of effort of implementing deceptive countermeasures based on issues. Ease of Detection can be Easy, Medium, or High.

Exploitation Privilege

Refers to the level of permission or access an attacker needs to exploit a specific vulnerability, such as administrator rights or access to a specific user account.

Exploitation Certainty

Indicates the likelihood or confidence that a specific vulnerability can be successfully exploited, based on technical feasibility and environmental factors.

Path / Attack Path

FSProtect identifies relationships that allow an object to compromise/control another. The combination of one or more relationships creates the attack path.

Dangerous Path

Combination of relations that leads to compromising of objects by lower privileged objects.

PreviousFSProtect - Active Directory Security AssessmentNextArchitecture

Last updated

Was this helpful?