Group

Field Type Possible Operators Description

Field	Type	Possible Operators	Description
Guid	TEXT	`LIKE`, `EQUAL`, `NOT_EQUAL`	A unique identifier that is a combination of GUID of selected `Scan` and Active Directory `ObjectGUID` of the object.
FSName	TEXT	`LIKE`, `EQUAL`, `NOT_EQUAL`	A special unique identifier that is a combination of the `Name of the object` and the `Fully Qualified Domain Name of the Domain`.
ObjectSid	TEXT	`LIKE`, `EQUAL`, `NOT_EQUAL`	Active Directory security identifier of object. (Ldap Display Name: objectSid)
Name	TEXT	`LIKE`, `EQUAL`, `NOT_EQUAL`	Name of the specified object. (Ldap Display Name: name)
DistinguishedName	TEXT	`LIKE`, `EQUAL`, `NOT_EQUAL`	Active Directory distinguished name of the object. (Ldap Display Name: distinguishedName)
IsPrivileged	BOOLEAN	`N/A`	Indicates that the object is Privileged.
IsAdmin	BOOLEAN	`N/A`	Indicates that the object is Admin.
WhenChanged	DATE	`SMALLER`, `LARGER`, `BETWEEN`, `EQUAL`	The date when this object was last changed. (Ldap Display Name: whenChanged)
IsProtected	BOOLEAN	`N/A`	Indicates that the object is a direct or nested member of the Protected Users group.
WhenCreated	DATE	`SMALLER`, `LARGER`, `BETWEEN`, `EQUAL`	The date when this object was created. (Ldap Display Name: whenCreated)
risk	NUMBER	`EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL`	The risk score of the object that calculated based on vulnerability counts and severities.
member_count	NUMBER	`EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL`	The total count of the direct member objects.
SAMAccountName	TEXT	`LIKE`, `EQUAL`, `NOT_EQUAL`	The logon name used to support clients and servers running earlier versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. (Ldap Display Name: sAMAccountName)
Cn	TEXT	`LIKE`, `EQUAL`, `NOT_EQUAL`	The name that represents an object. Used to perform searches. (Ldap Display Name: cn)
IsStealth	BOOLEAN	`N/A`	Indicates that the object can compromise admin objects with at least one attack path.
SidHistory	TEXT	`LIKE`, `EQUAL`, `NOT_EQUAL`	Contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and that new SID becomes the objectSID. The previous SID is added to the sIDHistory property. (Ldap Display Name: sIDHistory)
GroupType	NUMBER	`EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL`	Contains a set of flags that define the type and scope of a group object. (Ldap Display Name: https://learn.microsoft.com/en-us/windows/win32/adschema/a-grouptype)
SAMAccountType	NUMBER	`EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL`	Specifies the account type of the security principal objects in Active Directory. (LDAP Display Name: sAMAccountType) (Field Reference)
first_degree_localadmin_count	NUMBER	`EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL`	Indicates that the group has explicit local admin privilege on how many computers.
Description	TEXT	`LIKE`, `EQUAL`, `NOT_EQUAL`	Description text to display for an object. (Ldap Display Name: description)
AdminCount	NUMBER	`EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL`	Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). (Ldap Display Name: adminCount)
IsLocalAdmin	BOOLEAN	`N/A`	Indicates that the object is a member (direct or nested) of a local administrators group in at least one computer.

Guid

TEXT

LIKE, EQUAL, NOT_EQUAL

A unique identifier that is a combination of GUID of selected Scan and Active Directory ObjectGUID of the object.

FSName

TEXT

LIKE, EQUAL, NOT_EQUAL

A special unique identifier that is a combination of the Name of the object and the Fully Qualified Domain Name of the Domain.

ObjectSid

TEXT

LIKE, EQUAL, NOT_EQUAL

Active Directory security identifier of object. (Ldap Display Name: objectSid)

Name

TEXT

LIKE, EQUAL, NOT_EQUAL

Name of the specified object. (Ldap Display Name: name)

DistinguishedName

TEXT

LIKE, EQUAL, NOT_EQUAL

Active Directory distinguished name of the object. (Ldap Display Name: distinguishedName)

IsPrivileged

BOOLEAN

N/A

Indicates that the object is Privileged.

IsAdmin

BOOLEAN

N/A

Indicates that the object is Admin.

WhenChanged

DATE

SMALLER, LARGER, BETWEEN, EQUAL

The date when this object was last changed. (Ldap Display Name: whenChanged)

IsProtected

BOOLEAN

N/A

Indicates that the object is a direct or nested member of the Protected Users group.

WhenCreated

DATE

SMALLER, LARGER, BETWEEN, EQUAL

The date when this object was created. (Ldap Display Name: whenCreated)

risk

NUMBER

EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL

The risk score of the object that calculated based on vulnerability counts and severities.

member_count

NUMBER

EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL

The total count of the direct member objects.

SAMAccountName

TEXT

LIKE, EQUAL, NOT_EQUAL

The logon name used to support clients and servers running earlier versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. (Ldap Display Name: sAMAccountName)

TEXT

LIKE, EQUAL, NOT_EQUAL

The name that represents an object. Used to perform searches. (Ldap Display Name: cn)

IsStealth

BOOLEAN

N/A

Indicates that the object can compromise admin objects with at least one attack path.

SidHistory

TEXT

LIKE, EQUAL, NOT_EQUAL

Contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and that new SID becomes the objectSID. The previous SID is added to the sIDHistory property. (Ldap Display Name: sIDHistory)

GroupType

NUMBER

EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL

Contains a set of flags that define the type and scope of a group object. (Ldap Display Name: https://learn.microsoft.com/en-us/windows/win32/adschema/a-grouptype)

SAMAccountType

NUMBER

EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL

Specifies the account type of the security principal objects in Active Directory. (LDAP Display Name: sAMAccountType) (Field Reference)

first_degree_localadmin_count

NUMBER

EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL

Indicates that the group has explicit local admin privilege on how many computers.

Description

TEXT

LIKE, EQUAL, NOT_EQUAL

Description text to display for an object. (Ldap Display Name: description)

AdminCount

NUMBER

EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL

Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). (Ldap Display Name: adminCount)

IsLocalAdmin

BOOLEAN

N/A

Indicates that the object is a member (direct or nested) of a local administrators group in at least one computer.

PreviousUser NextGPO

Last updated 1 year ago