Detections
Analytics
Permission Groups Discovery: Domain Groups
Description
Adversaries may attempt to find domain-level groups and permission settings. The knowledge of domain-level permission groups can help adversaries determine which groups exist and which users belong to a particular group. Adversaries may use this information to determine which users have elevated permissions, such as domain administrators.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Identity Exposure | Active Directory | Standard AD User | LDAP | List of Domain Users, Groups and Memberships | ||
| Tenable Vulnerability Management | AD Start or Identity Scan | Active Directory | Authenticated AD User | LDAP | List of Domain Users | Plugin ID: 167250 |
| Tenable Vulnerability Management | AD Start or Identity Scan | Active Directory | Authenticated AD User | LDAP | List of Domain Groups | Plugin ID: 167251 |
References
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Discovery
Technique: Permission Groups Discovery
Sub-Technique: Domain Groups
Platform: Windows
Products Required: Tenable Identity Exposure or Tenable Vulnerability Management
Tenable Release Date: 2022 Q2