-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: Impact report #168
Comments
The information you described are already in the report (which contains a lot of data) |
it's not that simple. Looking for keywords is not effective: Comments are even worse |
yes, would be really lots of work to make it perfect. but why not start with an informational rule titled "Potential AD-joined backup servers" ? if that shows a bunch of entries the pentester/ISO can ask his backup-team(s) on the details. |
I can't think of any algorithm that could get this data in a way that would fit into PingCastle. There are a lot of possible false positives if you focus on getting the data from Active Directory.
It is a BAD idea to have backup servers (and anything that can control them and the backup data) in the AD. This information should be in the area "Anomalies" -> "Backup" area, and it could also include more details about what was backed up (each NC) like So i can only imagine improving the backup section with more details, and maybe a tiny statistical data area at the
@ruppde
The result may look like this, but it can easily be improved and extended.
The |
Thanks for the ideas. I would image the table like this: Potential Ransomware Impact
|
So far most metrics show how difficult it would be to attack an AD but pingcastle also has already a lot of data, which can show the impact of that actually happening. It would be useful to show the management, how many eggs actually are in the same basket and what would happen, if it gets broken in a short section:
The text was updated successfully, but these errors were encountered: