Special Features

Discovering and auditing configuration's changes

To discover and audit changes in configurations:

In Discovery ➔ Settings ➔ Discovery, when creating or editing a discovery, in the search tab you can check Identify systems configuration.

info

We integrate with the following systems:

• Active Directory

• Microsoft Exchange

• SQL Server

• File Systems

• NetApp

caution

For this configuration, we will need the Windows or SSH plugin.

After the discovery is done, the result will be shown in Discovery ➔ Discovery ➔ Configurations.

To restore a configuration, you can search in Discovery ➔ Discovery ➔ Configurations, the action History will show all different configurations, and in the button Restore you can recover any previous configuration.

Discovering privilege accounts in other applications

The senhasegura has a series of plugins to automatically find accounts with high privilege in several applications. Besides having a flexible platform that allows the inclusion of new third party systems, improving the monitoring and identification possible offenders in your company.

This integration with third party applications also allows the synchronization of equipment with the main CMDB tools on the market, such as ServiceNow and BMC, synchronizing their device base, ensuring visibility and control of your entire equipment park. Through our support service we are able to expand the interaction with third party systems according to the needs of our customers.

To do so, follow the instructions in the previous sections and create a new Discovery of Application and fill in the necessary data for the correct discovery.

IIS application pool accounts

senhasegura also performs the search for local and domain credentials associated with an IIS application pool.

To perform a search for these credentials follow the instructions:

1. As explained in the dry antherors create an Application Discovery through the menu Discovery ➔ Settings ➔ Discovery

2. Uma vez no formulário, siga para a guia Buscas selecione a opção Identify accounts in application pools (IIS)

   caution

   Only Windows plugins may be used on this Discovery

3. Save and carry out the search.

IIS Application Pool Report

At the end of the search it will be possible to analyze a report containing the information collected such as: name of the pool, username of the credential linked to the pool, untime version of the application pool and other data.

To do this, go to the menu: Discovery ➔ Discovery ➔ Devices.

Select the item in the report you want to check and click the action button Application pools IIS.

A report with the collected data will be displayed.

Secrets Discovery in Kubernetes

It is possible to perform the discovery of secrets in Kubernetes through the integration of the senhasegura with the orchestrator.

Before performing this type of discovery it is necessary to know:

• The Kube API Server URL

• On which port the Kubernetes is being executed. By default it is 6443.

• Bearer token to access the Kubernetes API

Getting the bearer token

caution

The token to be used in the senhasegura must have permission to list and search the secrets, so it must be generated according to our instructions.

Access the Kubernetes server and execute the following commands:

1. Command to create a service account on Kubernetes:

   kubectl apply -f - <<EOF
   ---
   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: senhasegura-discovery
     namespace: kube-system
   ---
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRole
   metadata:
     name: senhasegura-discovery
   rules:
   - apiGroups:
     - ""
     resources:
     - secrets
     verbs:
     - get
     - list
   ---
   kind: ClusterRoleBinding
   apiVersion: rbac.authorization.k8s.io/v1
   metadata:
     name: senhasegura-discovery
   subjects:
   - kind: ServiceAccount
     name: senhasegura-discovery
     namespace: kube-system
   roleRef:
     kind: ClusterRole
     name: senhasegura-discovery
     apiGroup: rbac.authorization.k8s.io
   EOF
   caution

   Do not change any data in this command, this may influence the effectiveness of the token. If you wish, only the name field can be changed, but we do not recommend this action since the string secure-discovery will help in identifying the policy.

2. Command to export the service account token to environment variable:

   export K8S_TOKEN=$(kubectl get secrets/$(kubectl get serviceaccount/senhasegura-discovery -n kube-system -o jsonpath='{.secrets[0].name}') -n kube-system -o jsonpath='{.data.token}' | base64 -d)
   caution

   If the name field was changed in the previous command it must be changed in this one too.

3. Command to print the token on the screen: echo $K8S_TOKEN

Registering the credential

After executing the commands and with the token in hand it is necessary to associate it with an access credential to the Kubernetes server.

Go to PAM Core ➔ Credentials ➔ All click on the action button in the report to create a new credential.

1. Enter your credential username

2. Define the Password type

3. In the field Device select or Kubernetes server

4. Select the Set current password field and in the Password field enter the token obtained

5. Click Save

Performing the discovery

With the bearer token already registered in the senhasegura you will be able to perform the discovery. To do so, access the menu Discovery ➔ Settings ➔ Discovery and create a new discovery of Devices or Containers:

Containers Discovery

info

Please refer to the Create Discovery section of this chapter to understand how to complete the form.

1. This type of discovery will search for containers on a host. In the Container host field select the host where the search should be done.

2. In the tab Search select the option Find DevOps artifacts

3. When selecting the option a new tab called DevOps will be displayed, access the tab and go to the section Kubernetes' settings

4. Select the options:

   • Enable Kubernetes service: Enables the to search for Kubernetes services

   • Search secrets: Performs the search for secrets

   • Bearer token: Uses as a means of API Kubernetes authentication employing a bearer token

5. In the field Credential access Kubernetes select the credential where the bearer token was registered

6. Then select which port you want Kubernetes to search on.

   info

   The default port of Kubernetes is 6443, or enter the number configured for your Kubernetes server.

7. To finish click Save to finish.

   info

   Consult Credentials Administration to understand how to complete the credentials registration form.

Device Discovery

info

Please refer to the Create Discovery section of this chapter to understand how to complete the form.

1. This kind of discovery will search for devices. In the Initial IP field enter the IP's range where the search should be done.

2. In the tab Search select the option Find DevOps artifacts

3. When selecting the option a new tab called DevOps will be displayed, access the tab and go to the section Kubernetes' settings

4. Select the options:

   • Enable Kubernetes service: Enables the to search for Kubernetes services

   • Search secrets: Performs the search for secrets

   • Bearer token: Uses as a means of API Kubernetes authentication employing a bearer token

5. In the field Credential access Kubernetes select the credential where the bearer token was registered

6. Then select which port you want Kubernetes to search on.

   info

   The default port of Kubernetes is 6443, or enter the number configured for your Kubernetes server.

7. To finish click Save to finish.

   info

   Consult Credentials Administration to understand how to complete the credentials registration form.

Discovery Certificates with NetScaler

Only application certificates managed by NetScaler will be scanned, imported, and managed by senhasegura.

To Discovery Certificates the fields (Name, Initial IP, Final IP, Site, and Active) are fields that, after being filled in, returned the devices that are in this IP range, you can also filter by the site and if devices are discovered will be active or inactive.

1. Select the module Discovery ➔ Settings ➔ Discovery.
2. Choose the New option in the actions menu.
3. Choose the Discovery Devices type.
4. Select the Certificates tab.
5. Check the type of search (types of plugins).
6. Fill in the other information with your API Key Extras settings for NetScaler search.

Discovered and imported certificates can be viewed in the Discovery ➔ Discovery ➔ Certificates ➔ Certificates module Certificates not imported will be in the module Discovery ➔ Discovery ➔ Certificates ➔ Certificates not imported.

Viewing the secrets found

Access the menu Discovery ➔ DevOps ➔ Kubernetes ➔ Secrets. This screen will display the list of Secrets found during the search.

Click on the action button to have more information about Secret.