PingCastle
This Integration is part of the PingCastle Pack.#
Supported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
This integration will run a server that will listen for PingCastle XML reports. This integration was integrated and tested with version 6.0.0 of PingCastle.
Configure PingCastle on Cortex XSOAR#
Navigate to Settings > Integrations > Servers & Services.
Search for PingCastle.
Click Add instance to create and configure a new integration instance.
Parameter Description Required API Key The API Key PingCastle must use to send reports. True Long running instance Whether this instance should listen for reports. False Listen port, e.g. 7000 Runs the service on this port from within Cortex XSOAR. Requires a unique port for each long-running integration instance. Do not use the same port for multiple instances.
Note: If you click the test button more than once, a failure may occur mistakenly indicating that the port is already in use.
(For Cortex XSOAR 8 and Cortex XSIAM) If using an engine, you must enter a Listen Port. If not using an engine, do not enter a Listen Port and an unused port will automatically be generated when the instance is saved.False Click Test to validate the URLs, token, and connection.
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
pingcastle-get-report#
Get the Currently saved Ping Castle Report
Base Command#
pingcastle-get-report
Input#
| Argument Name | Description | Required |
|---|---|---|
| delete_report | Whether to delete the report after getting it or save it to allow retrieving it again. Possible values are: Yes, No. Default is No. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| PingCastle.Report.report | String | The XML report sent by Ping Castle |
Command Example#
!pingcastle-get-report delete_report=No
Context Example#
Human Readable Output#
Results#
report <?xml version="1.0" encoding="utf-8"?><HealthcheckData xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><EngineVersion>2.9.2.0</EngineVersion><GenerationDate>2021-04-13T11:16:53.4987279-07:00</GenerationDate><Level>Normal</Level><MaturityLevel>2</MaturityLevel><DomainFQDN>pingcastledemo.local</DomainFQDN><NetBIOSName>PINGCASTLEDEMO</NetBIOSName><ForestFQDN>pingcastledemo.local</ForestFQDN><DomainCreation>2021-03-09T10:46:54</DomainCreation><DomainSid>S-1-5-21-2115980419-2321553098-4164854430</DomainSid><DomainFunctionalLevel>7</DomainFunctionalLevel><ForestFunctionalLevel>7</ForestFunctionalLevel><SchemaVersion>88</SchemaVersion><SchemaInternalVersion>0</SchemaInternalVersion><IsRecycleBinEnabled>false</IsRecycleBinEnabled><SchemaLastChanged>0001-01-01T00:00:00</SchemaLastChanged><NumberOfDC>1</NumberOfDC><GlobalScore>65</GlobalScore><StaleObjectsScore>16</StaleObjectsScore><PrivilegiedGroupScore>40</PrivilegiedGroupScore><TrustScore>0</TrustScore><AnomalyScore>65</AnomalyScore><Trusts /><DomainControllers><HealthcheckDomainController><DCName>WIN2019-AD-SX</DCName><CreationDate>2021-03-09T10:47:41</CreationDate><StartupTime>2021-03-09T03:48:59.4415839-08:00</StartupTime><LastComputerLogonDate>2021-04-09T04:49:10.2174788-07:00</LastComputerLogonDate><DistinguishedName>CN=WIN2019-AD-SX,OU=Domain Controllers,DC=pingcastledemo,DC=local</DistinguishedName><OperatingSystem>Windows 2019</OperatingSystem><OwnerSID>S-1-5-21-2115980419-2321553098-4164854430-512</OwnerSID><OwnerName>PINGCASTLEDEMO\Domain Admins</OwnerName><HasNullSession>false</HasNullSession><SupportSMB1>false</SupportSMB1><SMB1SecurityMode>NotTested</SMB1SecurityMode><SupportSMB2OrSMB3>true</SupportSMB2OrSMB3><SMB2SecurityMode>SmbSigningEnabled SmbSigningRequired</SMB2SecurityMode><RemoteSpoolerDetected>true</RemoteSpoolerDetected><IP><string>fe80::717e:f51a:66a3:2fa2%15</string><string>10.158.106.123</string></IP><FSMO><string>PDC</string><string>RID pool manager</string><string>Infrastructure master</string><string>Schema master</string><string>Domain naming Master</string></FSMO><LDAPSProtocols /><PwdLastSet>2021-04-08T16:34:37.9205977-07:00</PwdLastSet><RODC>false</RODC><SYSVOLOverwrite>false</SYSVOLOverwrite></HealthcheckDomainController></DomainControllers><Sites><HealthcheckSite><SiteName>Default-First-Site-Name</SiteName><Networks /></HealthcheckSite></Sites><lDAPIPDenyList /><PreWindows2000AnonymousAccess>false</PreWindows2000AnonymousAccess><PreWindows2000NoDefault>false</PreWindows2000NoDefault><DsHeuristicsAnonymousAccess>false</DsHeuristicsAnonymousAccess><DsHeuristicsAdminSDExMaskModified>false</DsHeuristicsAdminSDExMaskModified><DsHeuristicsDoListObject>false</DsHeuristicsDoListObject><DsHeuristicsAllowAnonNSPI>false</DsHeuristicsAllowAnonNSPI><UsingNTFRSForSYSVOL>false</UsingNTFRSForSYSVOL><RiskRules><HealthcheckRiskRule><Points>20</Points><Category>PrivilegedAccounts</Category><Model>AccountTakeOver</Model><RiskId>P-Delegated</RiskId><Rationale>Presence of Admin accounts which have not the flag "this account is sensitive and cannot be delegated": 1</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>15</Points><Category>Anomalies</Category><Model>PassTheCredential</Model><RiskId>A-LAPS-Not-Installed</RiskId><Rationale>LAPS doesn't seem to be installed</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>15</Points><Category>Anomalies</Category><Model>Backup</Model><RiskId>A-BackupMetadata</RiskId><Rationale>Last AD backup has been performed 35 day(s) ago</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>PrivilegedAccounts</Category><Model>IrreversibleChange</Model><RiskId>P-SchemaAdmin</RiskId><Rationale>The group Schema Admins is not empty: 1 account(s)</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>Anomalies</Category><Model>Audit</Model><RiskId>A-AuditDC</RiskId><Rationale>The audit policy on domain controllers does not collect key events.</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>PrivilegedAccounts</Category><Model>IrreversibleChange</Model><RiskId>P-RecycleBin</RiskId><Rationale>The Recycle Bin is not enabled</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>StaleObjects</Category><Model>Provisioning</Model><RiskId>S-ADRegistration</RiskId><Rationale>Non-admin users can add up to 10 computer(s) to a domain</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>Anomalies</Category><Model>PassTheCredential</Model><RiskId>A-DC-Spooler</RiskId><Rationale>The spooler service is remotely accessible from 1 DC</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>Anomalies</Category><Model>WeakPassword</Model><RiskId>A-MinPwdLen</RiskId><Rationale>Policy where the password length is less than 8 characters: 1</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>5</Points><Category>StaleObjects</Category><Model>NetworkTopography</Model><RiskId>S-DC-SubnetMissing</RiskId><Rationale>The subnet declaration is incomplete [1 IP of DC not found in declared subnets]</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>5</Points><Category>Anomalies</Category><Model>Backup</Model><RiskId>A-NotEnoughDC</RiskId><Rationale>The number of DCs is too small to provide redundancy: 1 DC</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>1</Points><Category>StaleObjects</Category><Model>ObjectConfig</Model><RiskId>S-PwdNeverExpires</RiskId><Rationale>Number of accounts which has never-expiring passwords: 2</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>Audit</Model><RiskId>A-AuditPowershell</RiskId><Rationale>The powershell audit configuration is not fully enabled.</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>Reconnaissance</Model><RiskId>A-NoNetSessionHardening</RiskId><Rationale>No GPO has been found which implements NetCease</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>WeakPassword</Model><RiskId>A-NoServicePolicy</RiskId><Rationale>No password policy for service account found (MinimumPasswordLength>=20)</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>NetworkSniffing</Model><RiskId>A-NoGPOLLMNR</RiskId><Rationale>No GPO has been found which disables LLMNR or at least one GPO does enable it explicitly</Rationale></HealthcheckRiskRule></RiskRules><UserAccountData><Number>3</Number><NumberEnabled>2</NumberEnabled><NumberDisabled>1</NumberDisabled><NumberActive>2</NumberActive><NumberInactive>0</NumberInactive><NumberLocked>0</NumberLocked><NumberPwdNeverExpires>2</NumberPwdNeverExpires><NumberSidHistory>0</NumberSidHistory><NumberPwdNotRequired>0</NumberPwdNotRequired><NumberBadPrimaryGroup>0</NumberBadPrimaryGroup><NumberDesEnabled>0</NumberDesEnabled><NumberTrustedToAuthenticateForDelegation>0</NumberTrustedToAuthenticateForDelegation><NumberReversibleEncryption>0</NumberReversibleEncryption><NumberDuplicate>0</NumberDuplicate><NumberNoPreAuth>0</NumberNoPreAuth></UserAccountData><ComputerAccountData><Number>1</Number><NumberEnabled>1</NumberEnabled><NumberDisabled>0</NumberDisabled><NumberActive>1</NumberActive><NumberInactive>0</NumberInactive><NumberLocked>0</NumberLocked><NumberPwdNeverExpires>0</NumberPwdNeverExpires><NumberSidHistory>0</NumberSidHistory><ListDomainSidHistory /><NumberPwdNotRequired>0</NumberPwdNotRequired><NumberBadPrimaryGroup>0</NumberBadPrimaryGroup><NumberDesEnabled>0</NumberDesEnabled><NumberTrustedToAuthenticateForDelegation>1</NumberTrustedToAuthenticateForDelegation><NumberReversibleEncryption>0</NumberReversibleEncryption><NumberDuplicate>0</NumberDuplicate><NumberNoPreAuth>0</NumberNoPreAuth></ComputerAccountData><OperatingSystem><HealthcheckOSData><OperatingSystem>Windows 2019</OperatingSystem><NumberOfOccurence>1</NumberOfOccurence><data><Number>1</Number><NumberEnabled>1</NumberEnabled><NumberDisabled>0</NumberDisabled><NumberActive>1</NumberActive><NumberInactive>0</NumberInactive><NumberLocked>0</NumberLocked><NumberPwdNeverExpires>0</NumberPwdNeverExpires><NumberSidHistory>0</NumberSidHistory><NumberPwdNotRequired>0</NumberPwdNotRequired><NumberBadPrimaryGroup>0</NumberBadPrimaryGroup><NumberDesEnabled>0</NumberDesEnabled><NumberTrustedToAuthenticateForDelegation>1</NumberTrustedToAuthenticateForDelegation><NumberReversibleEncryption>0</NumberReversibleEncryption><NumberDuplicate>0</NumberDuplicate><NumberNoPreAuth>0</NumberNoPreAuth></data></HealthcheckOSData></OperatingSystem><GPOInfo><GPOInfo><GPOName>Default Domain Policy</GPOName><GPOId>{31B2F340-016D-11D2-945F-00C04FB984F9}</GPOId><IsDisabled>false</IsDisabled><AppliedTo><string>DC=pingcastledemo,DC=local</string></AppliedTo><AppliedOrder><int>1</int></AppliedOrder></GPOInfo><GPOInfo><GPOName>Default Domain Controllers Policy</GPOName><GPOId>{6AC1786C-016F-11D2-945F-00C04fB984F9}</GPOId><IsDisabled>false</IsDisabled><AppliedTo><string>OU=Domain Controllers,DC=pingcastledemo,DC=local</string></AppliedTo><AppliedOrder><int>1</int></AppliedOrder></GPOInfo></GPOInfo><LoginScript><HealthcheckLoginScriptData><LoginScript>None</LoginScript><NumberOfOccurence>2</NumberOfOccurence><Delegation /></HealthcheckLoginScriptData></LoginScript><LastADBackup>2021-03-09T03:47:51-08:00</LastADBackup><LAPSInstalled>9999-12-31T23:59:59.9999999</LAPSInstalled><KrbtgtLastChangeDate>2021-03-09T02:47:41.9719605-08:00</KrbtgtLastChangeDate><KrbtgtLastVersion>2</KrbtgtLastVersion><ExchangePrivEscVulnerable>false</ExchangePrivEscVulnerable><AdminLastLoginDate>2021-04-03T08:23:12.3112318-07:00</AdminLastLoginDate><GPPPassword /><GPPFileDeployed /><GPOAuditSimple /><GPOAuditAdvanced /><GPPPasswordPolicy><GPPSecurityPolicy><Properties><GPPSecurityPolicyProperty><Property>MinimumPasswordAge</Property><Value>1</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>MaximumPasswordAge</Property><Value>42</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>MinimumPasswordLength</Property><Value>7</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>PasswordComplexity</Property><Value>1</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>PasswordHistorySize</Property><Value>24</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>LockoutBadCount</Property><Value>0</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>ClearTextPassword</Property><Value>0</Value></GPPSecurityPolicyProperty></Properties><GPOName>Default Domain Policy</GPOName><GPOId>{31B2F340-016D-11D2-945F-00C04FB984F9}</GPOId></GPPSecurityPolicy></GPPPasswordPolicy><GPOLsaPolicy /><GPOScreenSaverPolicy /><GPOEventForwarding /><GPODelegation /><TrustedCertificates /><PrivilegedGroups><HealthCheckGroupData><GroupName>Account Operators</GroupName><DistinguishedName>CN=Account Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Administrators</GroupName><DistinguishedName>CN=Administrators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Backup Operators</GroupName><DistinguishedName>CN=Backup Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Certificate Operators</GroupName><DistinguishedName>CN=Cryptographic Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Certificate Publishers</GroupName><DistinguishedName>CN=Cert Publishers,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Dns Admins</GroupName><DistinguishedName>CN=DnsAdmins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Domain Administrators</GroupName><DistinguishedName>CN=Domain Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Enterprise Administrators</GroupName><DistinguishedName>CN=Enterprise Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Enterprise Key Administrators</GroupName><DistinguishedName>CN=Enterprise Key Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Key Administrators</GroupName><DistinguishedName>CN=Key Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Print Operators</GroupName><DistinguishedName>CN=Print Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Replicator</GroupName><DistinguishedName>CN=Replicator,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Schema Administrators</GroupName><DistinguishedName>CN=Schema Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Server Operators</GroupName><DistinguishedName>CN=Server Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData></PrivilegedGroups><AdminSDHolderNotOKCount>0</AdminSDHolderNotOKCount><UnixPasswordUsersCount>0</UnixPasswordUsersCount><SmartCardNotOKCount>0</SmartCardNotOKCount><DomainControllerWithNullSessionCount>0</DomainControllerWithNullSessionCount><SIDHistoryAuditingGroupPresent>false</SIDHistoryAuditingGroupPresent><MachineAccountQuota>10</MachineAccountQuota><ListHoneyPot /><DnsZones><HealthcheckDnsZones><name>pingcastledemo.local</name><InsecureUpdate>false</InsecureUpdate></HealthcheckDnsZones><HealthcheckDnsZones><name>RootDNSServers</name><InsecureUpdate>false</InsecureUpdate></HealthcheckDnsZones><HealthcheckDnsZones><name>106.158.10.in-addr.arpa</name><InsecureUpdate>false</InsecureUpdate></HealthcheckDnsZones></DnsZones><PasswordDistribution><Dist HigherBound="1" Value="2" /></PasswordDistribution><AzureADSSOLastPwdChange>0001-01-01T00:00:00</AzureADSSOLastPwdChange><AzureADSSOVersion>0</AzureADSSOVersion><PrivilegedDistributionLastLogon><Dist HigherBound="0" Value="1" /></PrivilegedDistributionLastLogon><PrivilegedDistributionPwdLastSet><Dist HigherBound="1" Value="1" /></PrivilegedDistributionPwdLastSet><ControlPaths><Data><data Name="S-1-5-32-548" Description="Account Operators" Typology="PrivilegedAccount" ObjectRisk="High"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-500" Description="Administrator" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-544" Description="Administrators" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-551" Description="Backup Operators" Typology="PrivilegedAccount" ObjectRisk="High"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="CN=Builtin,DC=pingcastledemo,DC=local" Description="Builtin OU" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-569" Description="Certificate Operators" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-517" Description="Certificate Publishers" Typology="PrivilegedAccount" ObjectRisk="Other"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="CN=Computers,DC=pingcastledemo,DC=local" Description="Computers container" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-1101" Description="Dns Admins" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-512" Description="Domain Administrators" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-516" Description="Domain Controllers" Typology="Infrastructure" ObjectRisk="Critical"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>1</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430" Description="Domain Root" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-519" Description="Enterprise Administrators" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-527" Description="Enterprise Key Administrators" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-498" Description="Enterprise Read Only Domain Controllers" Typology="Infrastructure" ObjectRisk="Other"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-520" Description="Group Policy Creator Owners" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-526" Description="Key Administrators" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-502" Description="Krbtgt account" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-550" Description="Print Operators" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-521" Description="Read Only Domain Controllers" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-552" Description="Replicator" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-518" Description="Schema Administrators" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-549" Description="Server Operators" Typology="PrivilegedAccount" ObjectRisk="High"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="CN=Users,DC=pingcastledemo,DC=local" Description="Users container" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data></Data><Dependancies /><AnomalyAnalysis><CompromiseGraphAnomalyAnalysisData ObjectRisk="Critical" NumberOfObjectsScreened="6" NumberOfObjectsWithIndirect="0" MaximumIndirectNumber="0" MaximumDirectIndirectRatio="0" /><CompromiseGraphAnomalyAnalysisData ObjectRisk="High" NumberOfObjectsScreened="3" NumberOfObjectsWithIndirect="0" MaximumIndirectNumber="0" MaximumDirectIndirectRatio="0" /><CompromiseGraphAnomalyAnalysisData ObjectRisk="Medium" NumberOfObjectsScreened="13" NumberOfObjectsWithIndirect="0" MaximumIndirectNumber="0" MaximumDirectIndirectRatio="0" /><CompromiseGraphAnomalyAnalysisData ObjectRisk="Other" NumberOfObjectsScreened="2" NumberOfObjectsWithIndirect="0" MaximumIndirectNumber="0" MaximumDirectIndirectRatio="0" /></AnomalyAnalysis><GlobalScore>0</GlobalScore><StaleObjectsScore>0</StaleObjectsScore><PrivilegiedGroupScore>0</PrivilegiedGroupScore><TrustScore>0</TrustScore><AnomalyScore>0</AnomalyScore></ControlPaths></HealthcheckData>