# Tier0 Analysis Accessing the Tier0 Analysis Module * Navigate to the Visualize section in the application menu. * Select the Tier0 Analysis option.

### Graph View * The central area displays an interactive graph where nodes represent object groupss, and edges represent relationships. * Different colors indicate sum members count in nodes. * Hovering over a node provides additional details about the object. * The graph visualizes relationships between Tier0 (red node) and Tier2 (other nodes) objects. * Edges represent different types of relationships (e.g., IN\_GROUP, GenericAll). **Tier2 to Tier0 Relationships** * Direct or indirect relationships between Tier2 and Tier0 objects can indicate potential privilege escalation vectors. **Tier2 to Tier2 Relationships** * Analyze relationships among Tier2 objects to identify lateral movement paths. For example, a user in one group may have access to another group due to nested memberships. ### **Info Panel** On the right side, the Info panel shows detailed information about the selected node, including: * **FSName:** Fully Qualified Name of the object. * **Type:** Object type (e.g., Tier, User, Group, Computer). * **Guid:** Globally Unique Identifier. * **Id:** Object ID. * **Member Count:** Number of direct members. * **Sum Member Count:** Total number of members, including nested members. * **Outgoing Relation:** Name of relationship originating from that group. ### **Members Table** * Below the Info panel, the Members table lists all members of the selected group, along with their types, incoming and outgoing relation counts to parent group's members.

#### **Color-Coded Risk Levels** The system utilizes a standardized color scheme to represent the **risk level** or **sensitivity** of objects within the Active Directory environment. This visual indicator helps users quickly identify high-risk components such as **Tier0** and **Tier2** objects, as well as neutral or informational entities like standard users or computers. The algorithm calculates the **risk score** for each group by analyzing its **sum member count** , which includes both direct and indirect members (e.g., nested group memberships). Based on this score, the group is assigned a **color-coded risk level** that reflects its potential impact on security. Each object is assigned a **numerical score between 0 and 100** , which corresponds to one of four **color-coded risk levels** : | Score Range | Colour | Node | | :---------: | :-------------------------------------------------------------------------------------------------: | :--------------------: | | **100** |

| Tier0 (High Risk) | | **75–99** |

| Tier2 (Moderate Risk) | | **50–74** |

| Tier2 (Potential Risk) | | **0–49** |

| Tier2 (Info Risk) | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/visualize/tier0-analysis.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.