Set up AD Rating Modus Operandi

1. Download Agent from the platform

1. Log-on to your Board of Cyber dashboard

2. Go to the list of domains 

AD Rating Menu > List of domains 

3. Identify the agent that you wish to use and click on the gear icon to acess is settings

4. Download the latest versions of the agent by clicking on the dedicated button available on the "Download Link" tab.

 

5. Write down the API Key to synchronize the platform with the remote agent in the "Update" tab.

 

2. Agent Set Up

2.1 Required configuration for the system hosting the agent

 

- The machine must be in the domain that you wish to evaluate and have access to the Internet. It does not need network administrations rights. 

- To set up the program, the local administrator rights are required. 

- The machine must not be a domain controller. 

- The machine must be running the minimum versions of Windows 10 Anniversary Update / Windows Server 2016. 

- The machine must be turned on 24/7. 

- The program is set by following the windows agreements related to the system services. 

- The machine must have access to Internet: 

If a firewall and/or proxy is in place, it must allow communication between the server hosting the SRAD Agent and API SR :  

https://api-rating.boardofcyber.io 

In case of no proxy server, the firewall must authorise the communication between the server hosting the SRAgent agent and the internet.  

- Note: The IP address of the SRAD API is dynamic and changes based on the caller’s geographical localization, while also varying over time. This can make filtering by IP addresses tedious. Routine maintenance must be set up to ensure the long-term operation of the SRAD agent. 

2.2 Agent set up

1. Launch the installation program on your machne

2. Indicate the API Key retrieved in step 1 (the API key is unique to each agent)

Note: an API key only contains numbers and letters in lowercase. It is available here on the platform: 

3. Finish to set up

 

2.3 Validate the agent configuration on the Board of Cyber platform

1. Go to the List of Domains from the platform

AD Rating Menu > List of domains 

2. Identify the agent that you wish to configurate and click on the gear icon to access its settings. 

3. Go to the “Status” tab. 

4. Confirm the configuration of the agent by clicking on “Validate”. 

5. The link between the agent and the platform is configured, the status switch from “Configured” to “Validated”. 

6. Once the first measures are reported on the platform, the agent will be declared as “Operational”. 

The agent is configurated !

3. Frequently Asked Questions

 

I have installed the probe on a machine of my domain but the data is not reported on the platform: 

• Make sure that you have validated the configuration of your agent (part 2.3) 

• Try to reinstall the agent on the machine, write down the API key (it only contains numbers and lowercase letters), then try to validate the configuration on the platform. 

• If you cannot validate the configuration:  

• Contact our support : support@boardofcyber.io 

• Please attach to your message the agent log file (C:/ProgramData/sragent/logs) 

 

What technology does the AD Rating agent rely on?  

The agent carries out measurement using the PingCastle software. 

Board of Cyber provides the automation of the measures as well as a completely redesigned risk-oriented rating algorithm. 

The solution includes new observables, detailed recommendations for correcting your Active Directory configuration, and a bibliography to help you get started. 

 

How does the agent recover the information with potentially weak access right on the machine?  

The agent does not need a service account. Any machine account on the domain can make an LDAP connection to the domain controllers and retrieve the information needed for the analysis. This is a normal active directory operation.  

 

What is the difference between the office and technical domain?  

If you have more than one Active Directory to evaluate, you can select whether it is an office or technical domain when setting up the parameters. An office domain is an Active Directory domain that manages user accounts and workstations, as opposed to a domain that only manages technical resources (e.g. printers, servers, etc.). An office domain will be perceived as riskier than a technical domain.  

 

After installation, how much time does the agent needs to send out all of the observables? 

After the installation of the agent and its validation on the platform, the first measures tends to be available within the next hour. The organization will have access to its dashboard with all the retrieved information. 

 

How to update the agent?  

The platform will notify you when an updated version of the agent is available. 

As it is currently a manual update, we recommend you download the agent from the platform, then delete the outdated agent on the machine where the former version was installed. Finally, install the updated version by re-entering the API key given in the platform. 

 

The number of computers in the information includes which types of machine? 

The AD rating platform escalates information of all types of physical machines or VMs connected to the AD domain. These can be Windows, Linux or Mac OS machines.  

 

What is the load of the installed agent?  

The load on the RAM/processor, or the load on the network is as follows:  

• Disk space required : approximately 200 MO 

• RAM/Processor Load : Despite a more important activity during the measurements, it stays very modest.  

• Network Load : Only during measurements, LDAP and SMB calls to one of the domain controllers.  

 

Do you have a Security Insurance Plan related to the AD Rating service?  

Yes, it is available on request. Please contact your project contact.