Discovery of assets in Active Directory

Last updated at Thu, 17 Aug 2017 17:42:47 GMT

Many security teams work in a world that they can't fully see, let alone control. It can be difficult to know how to make meaningful progress in your vulnerability management program when simply maintaining visibility can be a struggle. One way to get some leverage is to make wise use of asset discovery. If you are able to tap into repositories or sources of assets, you stand a better chance of gaining and maintaining visibility.

Over the years, we've written a thing or two about expanding your ability to discover assets from wherever they may leave a trace. You might have read about our vulnerability scanner having the ability to discover assets from McAfee ePO, or Infoblox DHCP, or even Rapid7's own Project Sonar. Or perhaps you've scoured the recently redesigned https://help.rapid7.com to learn about how you may discover assets from AWS or VMware vSphere. If you were a voracious reader, you may have even tried out Adaptive Security to automate your response to what you discover, and then you could've started to monitor the work automated actions do for you.

Today we are pleased to share the availability of asset discovery from Active Directory.

Getting started

We've made it simple for you to gain visibility into your catalog of assets as they reside within Active Directory. In the Administration tab, create a new Discovery Connection.

Next, select Active Directory (LDAP). You'll immediately be able to enter in information to connect to your own Active Directory server.

Give your connection a name, enter the hostname of the Active Directory server, and select a protocol. Both LDAP and LDAPS are supported. Provide a username and password, and then test your credential. If your credentials are good to go, you can then move on to creating your Base Query and Search Query.

Your Active Directory is likely tailored to meet the needs and contours of your organization. We've provided the ability to enter a Base Query to specify the portion of the AD tree you'd like to import, and a Search query that you may use to further qualify the computers to discover. Once you've created your query, you might want to take it for a spin to make sure its working properly. Try out Preview to see the top 50 results of your query to make sure you've got it dialed in.

Let's refine our search just a bit, to focus on just Exchange servers. I'll enter a Search Query: (dnshostname=exch*), and perform another quick test.

Now that I'm feeling good about this query, I think I'd like to put it to work for me...

Simple automation

Did you notice the Consumption Settings in the screenshot above? It looks pretty familiar to the setup for importing assets from McAfee ePolicy Orchestrator, and it works in the same manner. Simply enable Consume assets, and select a site to import into and let the system do the work for you. You'll see assets populated from Active Directory as soon as the connection is saved. The time it takes to complete will vary, and will largely be driven by the time it takes the Active Directory server to respond to the query. Here is a view of the assets immediately after they've been imported:

You'll notice we've also pulled in OS information from Active Directory where available, so you can create asset groups by the hostname and the OS. Of course, if you have existing dynamic asset groups, these assets may also be included.

The Discovery Connection imports assets once a day, maintaining the visibility you need, while limiting the burden on your Active Directory server. And just like that, you're on your way to better visibility, with a minimum of effort, and a great deal of flexibility to match the contours of your world.

All of our innovations are built side-by-side with our customers through the Rapid7 Voice program. Please contact your Rapid7 CSM or sales representative if you're interested in helping us make our products better.

Not a customer of ours? Try a free 30- day trial of InsightVM today.