Overview and technical capabilities

Prev Next

Discovery offers a comprehensive approach to the discovery, inventory, and governance of privileged assets and credentials in corporate environments. This documentation details the functionalities, integrations, and technical capabilities of the module, aligning with best security and compliance practices.

Supported environments

Discovery is compatible with various types of environments, including:

  • On-Premises
  • Hybrid
  • Cloud

Connection protocols

The platform can connect to devices on the network using standard protocols, without the need for local agent installation:

  • SSH / TELNET
  • RDP
  • UDP
  • TCP

During discovery, information such as hostname, IP address, credential list, privilege type, and user log data, such as last access date and password change, are collected.

Automatic identification of privileged accounts in operating systems

It is possible to automatically identify privileged accounts in the following environments:

  • Windows: Server 2022–2008, 11–7, XP
  • Linux: RHEL, CentOS, Ubuntu, Debian, SUSE, Fedora, Amazon, Rocky, Alma
  • macOS: Ventura, Monterey, Big Sur, Catalina, Mojave, High Sierra
  • UNIX: AIX, Solaris, HP-UX, FreeBSD, OpenBSD, NetBSD, SCO, Tru64, IRIX
  • Databases: Oracle, SQL Server, MySQL, PostgreSQL, MongoDB, and others

Native integrations and custom connectors

Native APIs and custom connectors allow integration with external tools and workflows, facilitating automation and interoperability with existing systems.

DevOps support

Discovery has specific capabilities for DevOps environments:

  • Docker: Containers, Services, Nodes, Secrets (Permissions/Users) – only if managed externally
  • Kubernetes: Pods, Deployments, Services, Secrets, ConfigMaps, Nodes, Namespaces, RBAC (Roles, RoleBindings, Service Accounts, Users/Groups)
  • Jenkins: Jobs, Nodes, Users, Plugins, Credentials (Passwords, tokens, and keys)
  • Ansible: Playbooks, Roles, Inventories, Modules, Vaults

Special features

Shadow admins

Identification and notification of undocumented accounts with elevated privileges, known as "Shadow Admins", which are accounts that have some type of privilege, even without being necessarily associated with administrative groups.

It is possible to find them in environments such as:

  • Windows
  • Linux
  • macOS
  • Active Directory
  • Main cloud environments (Azure AD, AWS IAM, Google Workspace, and others)

Windows assets

Discovery performs advanced discovery of specific components and accounts in Windows environments, offering granular visibility to assist in risk management, auditing, and compliance in Microsoft infrastructure.

Types of assets identified

  • Active Directory Managed Service Accounts (gMSA/MSA): Discovery and inventory of managed service accounts linked to AD, with analysis of associated permissions.
  • Administrative Accounts and Groups: Identification of users with local administrative privileges and critical groups in the domain or machine.
  • Application Pools: Collection of information about IIS application pools, including configurations, linked accounts, and execution status.
  • COM+ / DCOM Applications: Mapping of registered COM/DCOM components, identifying permissions, associated users, and dependent services.
  • IIS (Internet Information Services): Discovery of websites, bindings, virtual directories, and certificates associated with IIS.
  • Logon Scripts: Identification of scripts executed during user logon, with content and permission analysis.
  • Orphan Users: Detection of local or domain accounts no longer associated with valid devices or groups.
  • Remote Desktop Users: Mapping of users with permission for RDP, including group configurations and applied policies.
  • SCOM Run As Accounts: Inventory of accounts used to execute tasks in System Center Operations Manager (SCOM), with scope analysis.
  • Shared Folders: Identification of shared folders and access permissions on Windows workstations and servers.
  • Virtual IIS Directories: Discovery of virtual directories configured in IIS, with analysis of physical paths and permissions.
  • Windows Auto Login Configurations: Detection of automatic login configurations (AutoAdminLogon) and associated risks.
  • Windows Scheduled Tasks: Collection of scheduled tasks with execution details, accounts used, and frequency.
  • Windows Services: Inventory of running services, startup types, and linked service accounts.

Account and credential management in clustered environments

Discovery offers native integration with Windows cluster APIs (Windows Failover Cluster, Cluster Shared Volume) and third-party cluster solutions (VMware vSphere, Hyper-V, among others). This integration ensures the discovery, rotation, and management of service accounts and credentials in an orchestrated manner, without causing downtime or impacting the availability of clustered services.

Glossary

Discovery has an automated technical glossary that centralizes the definition of discovered assets, their attributes, and relationships. This special feature facilitates operational understanding, standardizes the nomenclature used, and supports analysis, audits, and integrations with external systems.

Main functionalities

  • Mapping of technical terms: Compiles definitions and descriptions of all types of identified assets, including privileged accounts, services, applications, certificates, scheduled tasks, secrets, and more.
  • Relationships between assets: Organizes associations between objects (e.g., accounts linked to services, certificates linked to applications, administrative groups connected to users), providing contextualized vision.
  • Vocabulary standardization: Ensures consistency in how assets and attributes are presented in dashboards, reports, and exports.
  • Integration with other resources: Supports functionalities such as topology, segmentation, and risk visualizations based on a standardized and enriched technical vocabulary.

Integration with CMDBs

Compatibility with configuration management systems (CMDBs):

  • ServiceNow
  • BMC Helix
  • SolarWinds

Support for devices and systems

  • Virtual Machines
  • iLO Systems
  • Network Devices: Cisco IOS, F5 BIG-IP, Fortinet, Juniper, Palo Alto, SonicWall, among others
  • AD Attributes and Assets: IIS, Application Pools, Scheduled Tasks
  • SNMP
  • Imports via CSV

Web applications

Identification of administrative accounts, service certificates, and system accounts in web applications such as:

  • Apache
  • Elastic Beanstalk
  • F5 BIG-IP
  • GlassFish
  • Google App Engine
  • IIS
  • JBoss
  • Jetty
  • ASP.NET Core Kestrel
  • OpenShift
  • PM2
  • SAP NetWeaver
  • Tomcat
  • WebLogic
  • WebSphere
  • Among others

SCADA and other systems

Support for discovery in SCADA systems and other industrial environments, air-gapped networks, and military zones such as DMZ.

Security integrations

  • Vulnerability Mapping
  • Segmentation Validation
  • Topology Mapping
  • Glossary
  • Integration with Threat Intelligence/SIEM/SOAR
  • Notifications about Discovered Credentials

AI Agents and privilege governance

Discovery offers automatic discovery and detailed inventory of AI agents (artificial intelligence-based automation agents) and their privileges in multiple environments: cloud, containers, DevOps pipelines, SaaS, networks, and edge.

Main capabilities:

  • Automatic identification of AI agents: Mapping of bots, virtual assistants, RPA bots (UiPath, Automation Anywhere, Blue Prism), chatbots (Microsoft Copilot, ServiceNow Virtual Agent, Slackbot, Google Gemini), DevOps agents (Jenkins, GitLab Runner, AWS Lambda, Azure Pipelines), and security agents (SOAR, SIEM, EDR) in use.

  • Privilege inventory: Discovery of service accounts, tokens, secrets, roles, policies, and permissions associated with each AI agent, regardless of the environment (on-prem, cloud, container, edge).

  • Risk classification and policy violations: Analysis of the privilege level, detection of excessive access or policy deviation, with automated alerts.

  • Automated access reviews: Generation of reports on the use and exposure of AI agents to support access reviews, audits, and compliance.

  • Integration with SIEM/SOAR/IGA: All discovery events, privilege changes, or exposures are integrated into external systems for rapid response, centralized governance, and remediation automation.

How it works:

  • Discovery via native APIs, customizable connectors, and CI/CD integrations: Discovery scans cloud environments (AWS, Azure, GCP), pipelines (Jenkins, GitLab), RPA/Chatbot platforms, SaaS, and containers, using APIs, read credentials, log scanning, and metadata analysis.

  • Dynamic and continuous mapping: The process is periodic or real-time, according to policies, ensuring continuous visibility over all AI agents and their privileges.

Compliance and audit:

All discoveries, classifications, and events related to AI agents are recorded in immutable, auditable, and exportable logs, allowing for a rapid response to regulatory requirements and investigations.

Secrets

Discovery offers automated discovery, inventory, and governance of secrets and privileged credentials across the digital environment. The platform ensures continuous detection, risk classification, and remediation of sensitive data exposures in cloud infrastructure, DevOps pipelines, logs/monitoring, collaboration tools, application code, and runtime environments.

Main functionalities

  • Comprehensive secret scanning: Detection in cloud services, log/monitoring systems, CI/CD pipelines, environment variables, source code repositories, and collaboration tools.
  • Continuous and real-time monitoring: Automated scans ensure quick identification and management of new secrets.
  • Automatic onboarding and policy application: Discovered secrets are integrated into Segura® Secrets Manager, with automatic rotation, revocation, and remediation policies.
  • Integrated alerts and compliance: Risk-based alerts, complete audit trails, and compliance dashboards.
  • Customizable detection: Detection patterns, scan frequency, and onboarding flows adaptable to the company's needs.
  • Secret management for AI agents: Detection, inventory, rotation, and dynamic delivery of secrets used by AI agents and intelligent automation.

Supported scenarios

  1. Cloud infrastructure: Identification of secrets in AWS, Azure, GCP, Oracle Cloud, Alibaba Cloud.
  2. Logs and monitoring systems: Scans in Splunk, ELK Stack, Prometheus, Grafana, Datadog, Syslog servers.
  3. CI/CD pipelines: Detection in Jenkins, GitLab CI, GitHub Actions, Azure DevOps, Bitbucket Pipelines.
  4. Environment variables: Scans on servers, containers (Kubernetes, Docker), and cloud workloads.
  5. Collaboration tools and chatbots: Identification of API tokens, bot credentials, integration secrets, and webhooks in Slack and Microsoft Teams.
  6. Source code repositories: Detection of secrets in GitHub, GitLab, Bitbucket, and Azure DevOps.
  7. AI agents and intelligent automation: Identification, onboarding, and governance of secrets used by AI agents in CI/CD pipelines, orchestration platforms, cloud, edge, and SaaS environments, bots in collaborative platforms, security agents, and RPA automation. Supports automatic rotation, dynamic delivery, and revocation based on context or automation lifecycle.

Supported platforms

  • Cloud: AWS, Azure, GCP, Oracle Cloud, Alibaba Cloud
  • Logs/Monitoring: Splunk, ELK Stack, Prometheus, Grafana, Datadog, Syslog
  • CI/CD Pipelines: Jenkins, GitLab CI, GitHub Actions, Azure DevOps, Bitbucket Pipelines
  • Environments: Linux, Windows, macOS, Kubernetes, Docker
  • Collaboration: Slack, Microsoft Teams
  • Source Code: GitHub, GitLab, Bitbucket, Azure DevOps
  • AI agents & automation: UiPath, Automation Anywhere, Blue Prism, Microsoft Copilot, ServiceNow Virtual Agent, Slackbot, Google Gemini, Jenkins, GitLab Runner, AWS Lambda, Azure Pipelines, SOAR, SIEM, EDR, and any automations that require secrets or credentials to access systems and APIs.

Types of secrets supported

  • API keys
  • Database passwords
  • Access tokens
  • SSH keys
  • Certificates
  • Service credentials
  • Webhook secrets
  • Bot credentials
  • Other sensitive values

Collaboration platforms and messaging applications

Overview

Discovery offers continuous discovery, inventory, and governance of secrets, API tokens, and privileged credentials stored or exposed on collaboration and messaging platforms such as Slack and Microsoft Teams. Includes risk-based alerts, automated remediation via Secrets Manager, and complete audit logging.

Supported platforms

  • Slack
  • Microsoft Teams

Supported assets

  • API tokens
  • Bot credentials
  • Webhooks
  • Integration secrets
  • OAuth application keys
  • Service principals

Enterprise middleware and service buses

  • Enterprise middleware: MuleSoft, TIBCO, IBM Integration Bus, SAP PI/PO
  • RPA and digital workers: UiPath, Automation Anywhere, Blue Prism
  • API gateways and integration proxies: Apigee, Kong, AWS API Gateway, NGINX Plus

Discoveries

SSH Keys

Discovery allows for the automated identification of SSH keys in corporate environments. The platform scans systems and devices to locate public and private keys, associating them with specific user accounts and services. This facilitates centralized management of SSH keys, ensuring compliance with security policies and reducing risks associated with unauthorized access.