Detections
Analytics
Group Policy Discovery
Description
Adversaries may gather information on Group Policy settings to identify paths for privilege escalation, security measures applied within a domain, and to discover patterns in domain objects that can be manipulated or used to blend in the environment. Group Policy allows for centralized management of user and computer settings in Active Directory (AD). Group policy objects (GPOs) are containers for group policy settings made up of files stored within a predictable network path \\SYSVOL\\Policies\.[
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Identity Exposure | Active Directory | Authenticated AD user | LDAP/S(389/636) | Group Policy objects | ||
| Tenable Identity Exposure | Active Directory | Authenticated AD user | LDAP/S(389/636) | Organizational Unit objects | Plugin ID: 28-C-GPO-SD-CONSISTENCY:R-GPO-SD-CONSISTENCY-ACL | |
| Tenable Identity Exposure | Active Directory | Standard AD User | LDAP | List of Computers, Domain Users, Groups and Memberships |
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Discovery
Technique: Group Policy Discovery
Sub-Technique: Group Policy Discovery
Platform: Windows
Products Required: Tenable Identity Exposure
Tenable Release Date: 2024 Q2