Glossary
Terminology of the FSProtect
Selected Scan / Current Scan
FSProtect enumerates the Active Directory environment though periodic or on-demand scans. FSProtect web interface shows only the data of the currently selected scan. This selection can be done through the combo box in the left navbar. So before analyzing the results, make sure the select correct scan.
Risk / Risk Score
FSProtect calculates risk scores for scans and objects based on different metrics and categories. These scores state the risk on the objects or scans according to the context.
Object / Entity
The term Object or Entity refers to objects in the Active Directory environment. FSProtect enumerates and analyzes objects/entities below.
Forest
Domain
Computer
User
Group
Group Policy Object
Organizational Unit
Managed Service Account
Group Managed Service Account
Local User
Local Group
Certificate Authority
Certificate Template
Certificate Authority Certificate
Relation
The term Relation refers to the connections between Active Directory objects. FSProtect enumerates and analyzes various relation. You can see details of these relations with the page below.
Admin
Objects that have direct privilege on the entire Active Directory environment or that can lead to total Active Directory compromise. FSProtect marks the following objects as Admin.
Direct or nested members of
Administrators
Domain Admins
Enterprise Admins
Domain Controller Servers
KRBTGT
Certificate Authorities
Privileged
Objects that have direct privilege on some Active Directory objects or that can lead to compromise of Admin objects. FSProtect marks the following objects as Privileged.
All Admin objects
Direct or nested members of
Account Operators
Backup Operators
Cert Publishers
Cryptographic Operators
DnsAdmins
Enterprise Key Admins
Enterprise Read-only Domain Controllers
Group Policy Creator Owners
Incoming Forest Trust Builders
Key Admins
Network Configuration Operators
Print Operators
Read-only Domain Controllers
Remote Desktop Users
Replicator
Schema Admins
Unprivileged
All other objects that are not privileged or admin.
Everyone-Like
Groups that contain all/general objects in Active Directory. FSProtect marks the following objects as Everyone-Like.
Everyone
World
Anonymous
Authenticated Users
Users
Guests
Domain Guests
Domain Users
Domain Computers
Local Admin
Objects that have direct or nested membership on local Administrators group in at least one computer.
Service Account
Users with the ServicePrincipalNames attribute set.
Explicit Local Admin
Objects that have direct membership on local Administrators group.
Group Delegated Local Admin
Objects that have nested membership on local Administrators group.
Risky
Objects with a risk score greater than 50.
Online
Computers that accessed to port 445 during the network scan.
Stealth Admin
Unprivileged or privileged objects that can compromise admin objects through attack paths.
Issue
Vulnerabilities, misconfigurations, dangerous privileges, and relations that can pose risks to Active Directory.
Tag
Labels attached to issues to categorize, group, and make it easy to understand.
Impact / FSProtect Impact Name
The special tag attached to issues to identify the effects of issues on Active Directory.
Severity
Risk levels of the issues. Severity can be Info, Low, Medium, High and Critical.
Ease of Mitigation
Indicates the level of effort to mitigate/remediate the issues. Ease of Mitigation can be Easy, Medium, or High.
Ease of Detection
Indicates the level of effort to detect exploitation of the issues. Ease of Detection can be Easy, Medium, or High.
Ease of Deception
Indicates the level of effort of implementing deceptive countermeasures based on issues. Ease of Detection can be Easy, Medium, or High.
Path / Attack Path
FSProtect identifies relationships that allow an object to compromise/control another. The combination of one or more relationships creates the attack path.
Dangerous Path
Combination of relations that leads to compromising of objects by lower privileged objects.
Last updated