Discovery

The Discovery feature is able to search for accounts with different privilege levels on domain controllers, servers on domain controllers, and local accounts on Windows servers.

Additional nomenclature that comes along with the Discovery feature within the Discovery tab, the Accounts tab, and the Servers tab:

• Scanner - the main component that aims to discover accounts or servers on the target server. The scanner can have a rule that defines an action that follows the discovery. The scanner can be executed manually or automatically according to the schedule.
• Rule - allows setting criteria for the objects to be discovered and the actions to be performed after their discovery.
• Account Category - is a privilege level of the account.
• Discovered Accounts - accounts that were discovered by the scanner.
• Discovered Servers - servers that were discovered by the scanner.
• Onboarded Accounts - accounts that were unblocked on the target server and optionally added to the listener and / or safe.
• Onboarded Servers - servers that were unblocked on the target server and optionally added to the pools.
• Quarantined Accounts / Servers - accounts or servers that were blocked on the target server.

Note

• The Discovery feature executes scanning Active Directory by connecting using the LDAP protocol.
• The WinRM protocol is used to connect to the server and scan for local accounts.

The Discovery function needs two objects to provide the most efficient results:

1. A scanner with configuration of the target server and an account to connect, and a schedule for running the scanner automatically.
2. A rule to specify what the scanner should do in terms of its discovery.

To have the Discovery function fully automatic, it is advised to start its configuration from creating a rule and next, create a scanner.

Although, if you want to onboard or send to quarantine the discovered accounts or servers manually, you can complete Creating a scanner step only, as the scanner can work without the rules being added. Next, discovered accounts or servers can be moved further with the Managing discovered accounts or Managing discovered servers option, available in the Accounts and Servers tab.

Note

The active node, which is used for the scanning process, can be checked under the Discovery section in the Settings > System tab.

• Creating a rule
  • Creating a rule for accounts
  • Creating a rule for servers
• Managing rules
• Creating a scanner
  • Creating a scanner for Domain Controller Accounts
  • Creating a scanner for Domain Controller Servers
  • Creating a scanner for local accounts
• Managing scanners
• Managing discovered accounts
• Managing discovered servers