Special Features

Discovering and auditing configuration's changes

To discover and audit changes in configurations:

In Discovery ➔ Settings ➔ Discovery, when creating or editing a discovery, in the search tab you can check Identify systems configuration.

After the discovery is done, the result will be shown in Discovery ➔ Discovery ➔ Configurations.

To restore a configuration, you can search in Discovery ➔ Discovery ➔ Configurations, the action History will show all different configurations, and in the button Restore you can recover any previous configuration.

Discovering privilege accounts in other applications

The senhasegura has a series of plugins to automatically find accounts with high privilege in several applications. Besides having a flexible platform that allows the inclusion of new third party systems, improving the monitoring and identification of possible offenders in your company.

This integration with third party applications also allows the synchronization of equipment with the main CMDB tools on the market, such as ServiceNow and BMC, synchronizing their device base, ensuring visibility and control of your entire equipment park. Through our support service, we are able to expand the interaction with third party systems according to the needs of our customers.

To do so, follow the instructions in the previous sections and create a new Discovery of Application and fill in the necessary data for the correct discovery.

IIS application pool accounts

senhasegura also performs the search for local and domain credentials associated with an IIS application pool.

To perform a search for these credentials, follow the instructions:

1. Create an Application Discovery through the menu Discovery ➔ Settings ➔ Discovery

2. Once in the form, go to the Search tab and select the option Identify accounts in application pools (IIS)

   Caution

   Only Windows plugins may be used on this Discovery

3. Save and start the search.

IIS Application Pool Report

At the end of the search, it will be possible to analyze a report containing the information collected such as: name of the pool, username of the credential linked to the pool, runtime version of the application pool and other data.

To do this, go to the menu: Discovery ➔ Discovery ➔ Devices.

Select the item in the report you want to check and click the action button, Application pools IIS.

A report with the collected data will be displayed.

Secrets Discovery in Kubernetes

It is possible to perform the discovery of secrets in Kubernetes through the integration of the senhasegura with the orchestrator.

Before performing this type of discovery, it is necessary to know:

• The Kube API Server URL

• On which port the Kubernetes is being executed. By default it is 6443.

• Bearer token to access the Kubernetes API

Getting the bearer token

Access the Kubernetes server and execute the following commands:

1. Command to create a service account on Kubernetes:

   kubectl apply -f - <<EOF
   ---
   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: senhasegura-discovery
     namespace: kube-system
   ---
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRole
   metadata:
     name: senhasegura-discovery
   rules:
   - apiGroups:
     - ""
     resources:
     - secrets
     verbs:
     - get
     - list
   ---
   kind: ClusterRoleBinding
   apiVersion: rbac.authorization.k8s.io/v1
   metadata:
     name: senhasegura-discovery
   subjects:
   - kind: ServiceAccount
     name: senhasegura-discovery
     namespace: kube-system
   roleRef:
     kind: ClusterRole
     name: senhasegura-discovery
     apiGroup: rbac.authorization.k8s.io
   EOF
   

   Caution

   Do not change any data in this command, this may influence the effectiveness of the token.

   If you wish, only the name field can be changed, but we do not recommend this action since the string secure-discovery will help in identifying the policy.

   
   

2. Command to export the service account token to environment variable:

   export K8S_TOKEN=$(kubectl get secrets/$(kubectl get serviceaccount/senhasegura-discovery -n kube-system -o jsonpath='{.secrets[0].name}') -n kube-system -o jsonpath='{.data.token}' | base64 -d)
   

   Caution

   If the Name field has changed in the previous command, it should be changed in this too.
   
   

3. Command to print the token on the screen:
   echo $K8S_TOKEN

Register the credential

After running the commands and with the token in hand, you need to associate it with a Kubernetes server access credential.

Go to Pam Core ➔ Credentials ➔ All click the action button on the report to create a new credential.

1. Enter your credential username.

2. Set the type of password.

3. In the Device field, select Kubernetes server.

4. Select the field Define Current Password, and in the Field Password, enter the token obtained.

5. Save.

Discover

With the carrier's token already registered in the password, you can make the discovery. To do this, visit the Discovery ➔ Settings ➔ Discovery menu and create a new discovery of devices or containers:

Container discovery

1. This kind of discovery will look for containers in a host. In the container host field, select the host where the search should be done.

2. In the Search tab, select the Find Devops Artifacts option.

3. When selecting the option will be displayed a new tab called Devops, go to the tab and go to the Kubernetes Settings section.
   Select the options:
   
   Enable Kubernetes Service: Allows the user to look for Kubernetes services.
   
   Search Secrets: Performs the research of secrets.
   
   Bearer Token: Uses as a means of API Kubernetes authentication using a carrier token.

4. In the Credential Access Kubernetes field, select the credential where Bearer token was recorded.

5. Then select which door you want Kubernetes to search.

   Info

   The default Kubernetes port is 6443 or type the number configured for your Kubernetes server.

6. Save.

   Info

   Consult credentials administration to understand how to fill out the credential registration form.

Device discovery

1. This type of discovery will look for devices. In the initial IP field type, the IPS interval where the search should be done.

2. In the Search tab, select the Find Devops Artifacts option.

3. When selecting the option will be displayed a new tab called Devops, go to the tab and go to the Kubernetes Settings section.

4. Select the options:
   
   Enable Kubernetes Service: Allows the user to look for Kubernetes services.
   
   Search Secrets: Performs the research of secrets.
   
   Bearer Token: Uses as a means of API Kubernetes authentication using a carrier token.

5. 
   

   In the Credential Access Kubernetes field, select the credential where Bearer token was recorded.

6. Then select which door you want Kubernetes to search.

   
   
   Info

   Check the Credential administration section to understand how to fill out the form.

   
   

7. Save.

Certificate discovery with NetScaler

Only NetSCaler managed application certificates will be digitized, imported and managed by the password.

For discovery certificates the fields (name, initial IP, final IP, website and asset) are fields that, after being filled, returned the devices that are in this IP range, you can also filter through the site and if the devices are discovered will be active or inactive.

1. Go to Discovery ➔ Settings ➔ Discovery.

2. Choose the New option.

3. Choose the Type of discovery.

4. Select Certificates.

5. Check the type of search (types of plugins).

6. Fill out the other information with your Extra Key API Settings for NetSCaler search.

The discovered and imported certificates can be viewed in the Discovery Module ➔ Discovery ➔ Certificates ➔ Certificates with error in the import.

View the secrets

Visit the Discovery Menu ➔ DevOps ➔ Kubernetes ➔ Secrets. This screen will display the list of secrets found during the search.

Click the action button for more information about Secret.