Tier0 Analysis

Accessing the Tier0 Analysis Module

  • Navigate to the Visualize section in the application menu.

  • Select the Tier0 Analysis option.

Tier0 Analysis Module - Tier0 Node
Tier0 Analysis Module - Group1 Node

Graph View

  • The central area displays an interactive graph where nodes represent object groupss, and edges represent relationships.

  • Different colors indicate sum members count in nodes.

  • Hovering over a node provides additional details about the object.

  • The graph visualizes relationships between Tier0 (red node) and Tier2 (other nodes) objects.

  • Edges represent different types of relationships (e.g., IN_GROUP, GenericAll).

Tier2 to Tier0 Relationships

  • Direct or indirect relationships between Tier2 and Tier0 objects can indicate potential privilege escalation vectors.

Tier2 to Tier2 Relationships

  • Analyze relationships among Tier2 objects to identify lateral movement paths. For example, a user in one group may have access to another group due to nested memberships.

Info Panel

On the right side, the Info panel shows detailed information about the selected node, including:

  • FSName: Fully Qualified Name of the object.

  • Type: Object type (e.g., Tier, User, Group, Computer).

  • Guid: Globally Unique Identifier.

  • Id: Object ID.

  • Member Count: Number of direct members.

  • Sum Member Count: Total number of members, including nested members.

  • Outgoing Relation: Name of relationship originating from that group.

Members Table

  • Below the Info panel, the Members table lists all members of the selected group, along with their types, incoming and outgoing relation counts to parent group's members.

Node focus and Outgoing Relation

Color-Coded Risk Levels

The system utilizes a standardized color scheme to represent the risk level or sensitivity of objects within the Active Directory environment. This visual indicator helps users quickly identify high-risk components such as Tier0 and Tier2 objects, as well as neutral or informational entities like standard users or computers.

The algorithm calculates the risk score for each group by analyzing its sum member count , which includes both direct and indirect members (e.g., nested group memberships). Based on this score, the group is assigned a color-coded risk level that reflects its potential impact on security.

Each object is assigned a numerical score between 0 and 100 , which corresponds to one of four color-coded risk levels :

Score Range
Colour
Node

100

Tier0 (High Risk)

75–99

Tier2 (Moderate Risk)

50–74

Tier2 (Potential Risk)

0–49

Tier2 (Info Risk)

PreviousGraphNextSettings

Last updated

Was this helpful?