Group

Field

Type

Possible Operators

Description

Guid

TEXT

LIKE, EQUAL, NOT_EQUAL

A unique identifier that is a combination of GUID of selected Scan and Active Directory ObjectGUID of the object.

FSName

TEXT

LIKE, EQUAL, NOT_EQUAL

A special unique identifier that is a combination of the Name of the object and the Fully Qualified Domain Name of the Domain.

ObjectSid

TEXT

LIKE, EQUAL, NOT_EQUAL

Active Directory security identifier of object. (Ldap Display Name: objectSid)

Name

TEXT

LIKE, EQUAL, NOT_EQUAL

Name of the specified object. (Ldap Display Name: name)

DistinguishedName

TEXT

LIKE, EQUAL, NOT_EQUAL

Active Directory distinguished name of the object. (Ldap Display Name: distinguishedName)

IsPrivileged

BOOLEAN

N/A

Indicates that the object is Privileged.

IsAdmin

BOOLEAN

N/A

Indicates that the object is Admin.

WhenChanged

DATE

SMALLER, LARGER, BETWEEN, EQUAL

The date when this object was last changed. (Ldap Display Name: whenChanged)

IsProtected

BOOLEAN

N/A

Indicates that the object is a direct or nested member of the Protected Users group.

WhenCreated

DATE

SMALLER, LARGER, BETWEEN, EQUAL

The date when this object was created. (Ldap Display Name: whenCreated)

risk

NUMBER

EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL

The risk score of the object that calculated based on vulnerability counts and severities.

member_count

NUMBER

EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL

The total count of the direct member objects.

SAMAccountName

TEXT

LIKE, EQUAL, NOT_EQUAL

The logon name used to support clients and servers running earlier versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. (Ldap Display Name: sAMAccountName)

TEXT

LIKE, EQUAL, NOT_EQUAL

The name that represents an object. Used to perform searches. (Ldap Display Name: cn)

IsStealth

BOOLEAN

N/A

Indicates that the object can compromise admin objects with at least one attack path.

SidHistory

TEXT

LIKE, EQUAL, NOT_EQUAL

Contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and that new SID becomes the objectSID. The previous SID is added to the sIDHistory property. (Ldap Display Name: sIDHistory)

GroupType

NUMBER

EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL

Contains a set of flags that define the type and scope of a group object. (Ldap Display Name: https://learn.microsoft.com/en-us/windows/win32/adschema/a-grouptype)

SAMAccountType

NUMBER

EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL

Specifies the account type of the security principal objects in Active Directory. (LDAP Display Name: sAMAccountType) ()

first_degree_localadmin_count

NUMBER

EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL

Indicates that the group has explicit local admin privilege on how many computers.

Description

TEXT

LIKE, EQUAL, NOT_EQUAL

Description text to display for an object. (Ldap Display Name: description)

AdminCount

NUMBER

EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL

Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). (Ldap Display Name: adminCount)

IsLocalAdmin

BOOLEAN

N/A

Indicates that the object is a member (direct or nested) of a local administrators group in at least one computer.

PreviousUser NextGPO

Last updated 2 months ago

Was this helpful?