What is discovery in Thycotic Secret Server:
- Discovery finds secrets in an IT environment and imports them into secret server.
- Secret server is most effective when it covers all privileged accoutns
- Discovery helps to eliminate,
- Unknown privileged accounts
- Backdoor Access
- Gaps in security
- Auditors want automated processes to reduce human mistakes
Out-of-box:
- AD (using LDAPs and WMI)
- Domain Computers’ local accounts
- Domain accounts
- Domain accounts running
- Window Services
- Scheduled Tasks
- IIS Application Pools
- IIS Application Pool Recycles
- Unix/Linux Local accounts
- Machines – finds out Operating System first then local accounts
- Non-Daemon Users – most other user accounts
- All users – built-in accounts
- Scanning accounts
- need to be able to connect over ssh
- read /etc/passwd
- minimum permissions for taking over account during import sudoer permissions
- sudoer permissions on /etc/passwd
- Define host range
- IP address
- Host name
- IP address range
- Hypervisor ESXi accounts
- vSphere PowerCLI 5.5 release 2 – API installed on your Secret server
- PowerShell 3 or greater on your secret server
- Scanning accounts
- Shell Access
- Query VRM policy permission
- Define host range
- IP address
- Host name
- IP address range
- Amazon Web services
- AWS accounts
- AWS access key
- AWS console account
- one secret using Amazon IAM secret template
- Amazon IAM access key permissions
- Iam:ListUsers
- Iam:GetLoginProfile
- Iam:ListAccessKeys
- Google Cloud platform
- Discovery and password changing of IAM service account users
- Discovery of instances associated to the projects
- Heartbeat and password changing of GCP service accounts
- Token rotation for GCP service accounts
Custom (Extensible)
- Anything – leverages PowerShell scripts
- SQL accounts & DB links
- Networking equipment
- Embedded password
Accounts Discovery Flow Charts
AD accounts discovery flow chart:
Unix/Linux accounts discovery flow chart:
Vmware ESX/ESXi accounts discovery flow chart:
AWS accounts discovery flow chart:
GCP accounts discovery flow chart:
Steps to Use Discovery
- Enable Globally
- Configure Settings
- Add Discovery Sources and Rules
- Run Discovery
- Import Accounts
from Blogger http://blog.51sec.org/2021/07/thycotic-secret-server-discovery.html