Detections
Analytics
Hybrid Identity
Description
Adversaries may patch, modify, or otherwise backdoor cloud authentication processes that are tied to on-premises user identities in order to bypass typical authentication mechanisms, access credentials, and enable persistent access to accounts.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Identity Exposure | Entra ID | Read-only | HTTPS | Entra ID Users | ||
| Tenable Identity Exposure | Active Directory | Standard AD User | LDAP | List of Domain Computers and Users | ||
| Tenable Vulnerability Management | AD Start or Identity Scan | Active Directory | Authenticated AD User | LDAP | List of Domain Users | |
| Tenable Identity Exposure | Entra ID | Read-only | HTTPS | Entra ID Users | ||
| Tenable Identity Exposure | Active Directory | Standard AD User | LDAP | List of Domain Computers and Users | ||
| Tenable Vulnerability Management | AD Start or Identity Scan | Active Directory | Authenticated AD User | LDAP | List of Domain Users |
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Credential Access, Defense Evasion, Persistence
Technique: Modify Authentication Process