What is discovery in Thycotic Secret Server:

  • Discovery finds secrets in an IT environment and imports them into secret server.
  • Secret server is most effective when it covers all privileged accoutns
  • Discovery helps to eliminate,
    • Unknown privileged accounts
    • Backdoor Access
    • Gaps in security
  • Auditors want automated processes to reduce human mistakes

Out-of-box:

  • AD (using LDAPs and WMI)
    • Domain Computers’ local accounts
    • Domain accounts
    • Domain accounts running 
      • Window Services
      • Scheduled Tasks
      • IIS Application Pools
      • IIS Application Pool Recycles
  • Unix/Linux Local accounts
    • Machines – finds out Operating System first then local accounts
    • Non-Daemon Users – most other user accounts
    • All users – built-in accounts
    • Scanning accounts
      • need to be able to connect over ssh
      • read /etc/passwd
      • minimum permissions for taking over account during import sudoer permissions
      • sudoer permissions on /etc/passwd
    • Define host range
      • IP address
      • Host name
      • IP address range
  • Hypervisor ESXi accounts
    • vSphere PowerCLI 5.5 release 2 – API installed on your Secret server
    • PowerShell 3 or greater on your secret server
    • Scanning accounts
      • Shell Access
      • Query VRM policy permission
    • Define host range
      • IP address
      • Host name
      • IP address range
  • Amazon Web services
    • AWS accounts
      • AWS access key
      • AWS console account
    • one secret using Amazon IAM secret template
    • Amazon IAM access key permissions
      • Iam:ListUsers
      • Iam:GetLoginProfile
      • Iam:ListAccessKeys
  • Google Cloud platform
    • Discovery and password changing of IAM service account users
    • Discovery of instances associated to the projects
    • Heartbeat and password changing of GCP service accounts
    • Token rotation for GCP service accounts

Custom (Extensible)

  • Anything – leverages PowerShell scripts
  • SQL accounts & DB links
  • Networking equipment
  • Embedded password

Accounts Discovery Flow Charts

AD accounts discovery flow chart:

Unix/Linux accounts discovery flow chart:

Vmware ESX/ESXi accounts discovery flow chart:

AWS accounts discovery flow chart:

GCP accounts discovery flow chart:

Steps to Use Discovery

  1. Enable Globally
  2. Configure Settings
  3. Add Discovery Sources and Rules
  4. Run Discovery
  5. Import Accounts

from Blogger http://blog.51sec.org/2021/07/thycotic-secret-server-discovery.html

By Jon

Leave a Reply