What is discovery in Thycotic Secret Server:

  • Discovery finds secrets in an IT environment and imports them into secret server.
  • Secret server is most effective when it covers all privileged accoutns
  • Discovery helps to eliminate,
    • Unknown privileged accounts
    • Backdoor Access
    • Gaps in security
  • Auditors want automated processes to reduce human mistakes

Out-of-box:

  • AD (using LDAPs and WMI)
    • Domain Computers’ local accounts
    • Domain accounts
    • Domain accounts running 
      • Window Services
      • Scheduled Tasks
      • IIS Application Pools
      • IIS Application Pool Recycles
  • Unix/Linux Local accounts
    • Machines – finds out Operating System first then local accounts
    • Non-Daemon Users – most other user accounts
    • All users – built-in accounts
    • Scanning accounts
      • need to be able to connect over ssh
      • read /etc/passwd
      • minimum permissions for taking over account during import sudoer permissions
      • sudoer permissions on /etc/passwd
    • Define host range
      • IP address
      • Host name
      • IP address range
  • Hypervisor ESXi accounts
    • vSphere PowerCLI 5.5 release 2 – API installed on your Secret server
    • PowerShell 3 or greater on your secret server
    • Scanning accounts
      • Shell Access
      • Query VRM policy permission
    • Define host range
      • IP address
      • Host name
      • IP address range
  • Amazon Web services
    • AWS accounts
      • AWS access key
      • AWS console account
    • one secret using Amazon IAM secret template
    • Amazon IAM access key permissions
      • Iam:ListUsers
      • Iam:GetLoginProfile
      • Iam:ListAccessKeys
  • Google Cloud platform
    • Discovery and password changing of IAM service account users
    • Discovery of instances associated to the projects
    • Heartbeat and password changing of GCP service accounts
    • Token rotation for GCP service accounts

Custom (Extensible)

  • Anything – leverages PowerShell scripts
  • SQL accounts & DB links
  • Networking equipment
  • Embedded password

Accounts Discovery Flow Charts

AD accounts discovery flow chart:

Unix/Linux accounts discovery flow chart:

Vmware ESX/ESXi accounts discovery flow chart:

AWS accounts discovery flow chart:

GCP accounts discovery flow chart:

Steps to Use Discovery

  1. Enable Globally
  2. Configure Settings
  3. Add Discovery Sources and Rules
  4. Run Discovery
  5. Import Accounts

from Blogger http://blog.51sec.org/2021/07/thycotic-secret-server-discovery.html

By Jon

Leave a Reply

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.

%d