How to read results on the AD scan?

Risk score

The higher the score, the more closely the Active Directory configuration adheres to security best practices. The aggregate score takes the lowest score among the four security points analyzed by the Active Directory scan:

• Expired Objects: Expired objects represent everything related to Active Directory objects and their lifecycle: computer and user creation, delegation.

• Trusts: Also called "trust relationships," these are the links between Active Directories (reminder: one Active Directory can compromise another in the event of misconfigured trusts).

• Privileged Accounts: Analysis of accounts with administrator rights.

• Anomalies: This category includes rules that are not classified under outdated objects, trusts, or privileged accounts. It analyzes certain misconfigurations, for example, in the case of weak password policies.

Vulnerabilities

The AD scan identifies configuration settings that could expose your environment to security risks. Vulnerabilities can be viewed via three tabs:

• Cyber projects: This tab categorizes vulnerabilities by theme – access control, authentication, networks, privileged account management, updates;

• Attack paths: This tab provides an overview of risky entry points – compromise of a domain machine, a domain account, or the AD itself;

• List: This tab lists all vulnerabilities.

The various misconfigured rules found and their criticality levels, ranked from low to critical, are displayed on a table of the Active Directory page. Click on a vulnerability to find technical information such as its name, detection date, impact, and recommendations for remediating it.

If SIDHistory has been deleted, you can use a recovery script. Ensure that the ACL settings are recreated after the restoration.