Discovery

The Discovery feature is able to search domain controllers for accounts with different privilege levels and add them to the relevant safes and/or listeners. This is an Onboarding process, which grants the discovered accounts access to connections, is a basis of the Discovery feature. Alternatively, the feature can send the accounts to quarantine, which means blocking accounts on the target server.


Additional nomenclature that comes along with the Discovery feature within the Discovery tab and the Accounts tab:


Scanner - the main component that aims to discover accounts on the target server. The scanner can have a rule that defines an action that follows the discovery. The scanner can be executed manually or automatically according to the schedule.

Rule allows setting criteria for the accounts to be discovered and the actions to be performed after their discovery.

Account Category - is a privilege level of the account.

Discovered Accounts - accounts that were discovered by the scanner

Onboarded Accounts - accounts that were added to the listener and / or safe

Quarantined Accounts - accounts that were blocked on the target server.


Note

The Discovery feature executes scanning Active Directory using LDAP connection mode only.

The Discovery function needs two objects to provide the most efficient results:

  1. A scanner with configuration of the target server and an account to connect, and a schedule for running the scanner automatically.
  2. A rule to specify what the scanner should do in terms of its discovery.

To have the Discovery function fully automatic, it is advised to start its configuration from creating a rule and next, create a scanner.


Although, if you want to onboard or send to quarantine the discovered accounts manually, you can complete Creating a scanner step only, as the scanner can work without the rules being added. Next, discovered accounts can be moved further with the Manage accounts option, available in the Accounts tab.

Note

Active node, which is used for the scanning process is available to check under the Discovery section in the Settings > System tab.

../../_images/5-1-discovery-active-node.png