PingCastle
This Integration is part of the PingCastle Pack.#
Supported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
This integration will run a server that will listen for PingCastle XML reports. This integration was integrated and tested with version 6.0.0 of PingCastle.
Configure PingCastle in Cortex#
| Parameter | Description | Required |
|---|---|---|
| API Key | The API Key PingCastle must use to send reports. | True |
| Long running instance | Whether this instance should listen for reports. | False |
| Listen port, e.g. 7000 | Runs the service on this port from within Cortex XSOAR. Requires a unique port for each long-running integration instance. Do not use the same port for multiple instances. Note: If you click the test button more than once, a failure may occur mistakenly indicating that the port is already in use. (For Cortex XSOAR 8 and Cortex XSIAM) If using an engine, you must enter a Listen Port. If not using an engine, do not enter a Listen Port and an unused port will automatically be generated when the instance is saved. | False |
Commands#
You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
pingcastle-get-report#
Get the Currently saved Ping Castle Report
Base Command#
pingcastle-get-report
Input#
| Argument Name | Description | Required |
|---|---|---|
| delete_report | Whether to delete the report after getting it or save it to allow retrieving it again. Possible values are: Yes, No. Default is No. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| PingCastle.Report.report | String | The XML report sent by Ping Castle |
Command Example#
!pingcastle-get-report delete_report=No
Context Example#
Human Readable Output#
Results#
report <?xml version="1.0" encoding="utf-8"?><HealthcheckData xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><EngineVersion>2.9.2.0</EngineVersion><GenerationDate>2021-04-13T11:16:53.4987279-07:00</GenerationDate><Level>Normal</Level><MaturityLevel>2</MaturityLevel><DomainFQDN>pingcastledemo.local</DomainFQDN><NetBIOSName>PINGCASTLEDEMO</NetBIOSName><ForestFQDN>pingcastledemo.local</ForestFQDN><DomainCreation>2021-03-09T10:46:54</DomainCreation><DomainSid>S-1-5-21-2115980419-2321553098-4164854430</DomainSid><DomainFunctionalLevel>7</DomainFunctionalLevel><ForestFunctionalLevel>7</ForestFunctionalLevel><SchemaVersion>88</SchemaVersion><SchemaInternalVersion>0</SchemaInternalVersion><IsRecycleBinEnabled>false</IsRecycleBinEnabled><SchemaLastChanged>0001-01-01T00:00:00</SchemaLastChanged><NumberOfDC>1</NumberOfDC><GlobalScore>65</GlobalScore><StaleObjectsScore>16</StaleObjectsScore><PrivilegiedGroupScore>40</PrivilegiedGroupScore><TrustScore>0</TrustScore><AnomalyScore>65</AnomalyScore><Trusts /><DomainControllers><HealthcheckDomainController><DCName>WIN2019-AD-SX</DCName><CreationDate>2021-03-09T10:47:41</CreationDate><StartupTime>2021-03-09T03:48:59.4415839-08:00</StartupTime><LastComputerLogonDate>2021-04-09T04:49:10.2174788-07:00</LastComputerLogonDate><DistinguishedName>CN=WIN2019-AD-SX,OU=Domain Controllers,DC=pingcastledemo,DC=local</DistinguishedName><OperatingSystem>Windows 2019</OperatingSystem><OwnerSID>S-1-5-21-2115980419-2321553098-4164854430-512</OwnerSID><OwnerName>PINGCASTLEDEMO\Domain Admins</OwnerName><HasNullSession>false</HasNullSession><SupportSMB1>false</SupportSMB1><SMB1SecurityMode>NotTested</SMB1SecurityMode><SupportSMB2OrSMB3>true</SupportSMB2OrSMB3><SMB2SecurityMode>SmbSigningEnabled SmbSigningRequired</SMB2SecurityMode><RemoteSpoolerDetected>true</RemoteSpoolerDetected><IP><string>fe80::717e:f51a:66a3:2fa2%15</string><string>10.158.106.123</string></IP><FSMO><string>PDC</string><string>RID pool manager</string><string>Infrastructure master</string><string>Schema master</string><string>Domain naming Master</string></FSMO><LDAPSProtocols /><PwdLastSet>2021-04-08T16:34:37.9205977-07:00</PwdLastSet><RODC>false</RODC><SYSVOLOverwrite>false</SYSVOLOverwrite></HealthcheckDomainController></DomainControllers><Sites><HealthcheckSite><SiteName>Default-First-Site-Name</SiteName><Networks /></HealthcheckSite></Sites><lDAPIPDenyList /><PreWindows2000AnonymousAccess>false</PreWindows2000AnonymousAccess><PreWindows2000NoDefault>false</PreWindows2000NoDefault><DsHeuristicsAnonymousAccess>false</DsHeuristicsAnonymousAccess><DsHeuristicsAdminSDExMaskModified>false</DsHeuristicsAdminSDExMaskModified><DsHeuristicsDoListObject>false</DsHeuristicsDoListObject><DsHeuristicsAllowAnonNSPI>false</DsHeuristicsAllowAnonNSPI><UsingNTFRSForSYSVOL>false</UsingNTFRSForSYSVOL><RiskRules><HealthcheckRiskRule><Points>20</Points><Category>PrivilegedAccounts</Category><Model>AccountTakeOver</Model><RiskId>P-Delegated</RiskId><Rationale>Presence of Admin accounts which have not the flag "this account is sensitive and cannot be delegated": 1</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>15</Points><Category>Anomalies</Category><Model>PassTheCredential</Model><RiskId>A-LAPS-Not-Installed</RiskId><Rationale>LAPS doesn't seem to be installed</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>15</Points><Category>Anomalies</Category><Model>Backup</Model><RiskId>A-BackupMetadata</RiskId><Rationale>Last AD backup has been performed 35 day(s) ago</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>PrivilegedAccounts</Category><Model>IrreversibleChange</Model><RiskId>P-SchemaAdmin</RiskId><Rationale>The group Schema Admins is not empty: 1 account(s)</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>Anomalies</Category><Model>Audit</Model><RiskId>A-AuditDC</RiskId><Rationale>The audit policy on domain controllers does not collect key events.</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>PrivilegedAccounts</Category><Model>IrreversibleChange</Model><RiskId>P-RecycleBin</RiskId><Rationale>The Recycle Bin is not enabled</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>StaleObjects</Category><Model>Provisioning</Model><RiskId>S-ADRegistration</RiskId><Rationale>Non-admin users can add up to 10 computer(s) to a domain</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>Anomalies</Category><Model>PassTheCredential</Model><RiskId>A-DC-Spooler</RiskId><Rationale>The spooler service is remotely accessible from 1 DC</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>10</Points><Category>Anomalies</Category><Model>WeakPassword</Model><RiskId>A-MinPwdLen</RiskId><Rationale>Policy where the password length is less than 8 characters: 1</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>5</Points><Category>StaleObjects</Category><Model>NetworkTopography</Model><RiskId>S-DC-SubnetMissing</RiskId><Rationale>The subnet declaration is incomplete [1 IP of DC not found in declared subnets]</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>5</Points><Category>Anomalies</Category><Model>Backup</Model><RiskId>A-NotEnoughDC</RiskId><Rationale>The number of DCs is too small to provide redundancy: 1 DC</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>1</Points><Category>StaleObjects</Category><Model>ObjectConfig</Model><RiskId>S-PwdNeverExpires</RiskId><Rationale>Number of accounts which has never-expiring passwords: 2</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>Audit</Model><RiskId>A-AuditPowershell</RiskId><Rationale>The powershell audit configuration is not fully enabled.</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>Reconnaissance</Model><RiskId>A-NoNetSessionHardening</RiskId><Rationale>No GPO has been found which implements NetCease</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>WeakPassword</Model><RiskId>A-NoServicePolicy</RiskId><Rationale>No password policy for service account found (MinimumPasswordLength>=20)</Rationale></HealthcheckRiskRule><HealthcheckRiskRule><Points>0</Points><Category>Anomalies</Category><Model>NetworkSniffing</Model><RiskId>A-NoGPOLLMNR</RiskId><Rationale>No GPO has been found which disables LLMNR or at least one GPO does enable it explicitly</Rationale></HealthcheckRiskRule></RiskRules><UserAccountData><Number>3</Number><NumberEnabled>2</NumberEnabled><NumberDisabled>1</NumberDisabled><NumberActive>2</NumberActive><NumberInactive>0</NumberInactive><NumberLocked>0</NumberLocked><NumberPwdNeverExpires>2</NumberPwdNeverExpires><NumberSidHistory>0</NumberSidHistory><NumberPwdNotRequired>0</NumberPwdNotRequired><NumberBadPrimaryGroup>0</NumberBadPrimaryGroup><NumberDesEnabled>0</NumberDesEnabled><NumberTrustedToAuthenticateForDelegation>0</NumberTrustedToAuthenticateForDelegation><NumberReversibleEncryption>0</NumberReversibleEncryption><NumberDuplicate>0</NumberDuplicate><NumberNoPreAuth>0</NumberNoPreAuth></UserAccountData><ComputerAccountData><Number>1</Number><NumberEnabled>1</NumberEnabled><NumberDisabled>0</NumberDisabled><NumberActive>1</NumberActive><NumberInactive>0</NumberInactive><NumberLocked>0</NumberLocked><NumberPwdNeverExpires>0</NumberPwdNeverExpires><NumberSidHistory>0</NumberSidHistory><ListDomainSidHistory /><NumberPwdNotRequired>0</NumberPwdNotRequired><NumberBadPrimaryGroup>0</NumberBadPrimaryGroup><NumberDesEnabled>0</NumberDesEnabled><NumberTrustedToAuthenticateForDelegation>1</NumberTrustedToAuthenticateForDelegation><NumberReversibleEncryption>0</NumberReversibleEncryption><NumberDuplicate>0</NumberDuplicate><NumberNoPreAuth>0</NumberNoPreAuth></ComputerAccountData><OperatingSystem><HealthcheckOSData><OperatingSystem>Windows 2019</OperatingSystem><NumberOfOccurence>1</NumberOfOccurence><data><Number>1</Number><NumberEnabled>1</NumberEnabled><NumberDisabled>0</NumberDisabled><NumberActive>1</NumberActive><NumberInactive>0</NumberInactive><NumberLocked>0</NumberLocked><NumberPwdNeverExpires>0</NumberPwdNeverExpires><NumberSidHistory>0</NumberSidHistory><NumberPwdNotRequired>0</NumberPwdNotRequired><NumberBadPrimaryGroup>0</NumberBadPrimaryGroup><NumberDesEnabled>0</NumberDesEnabled><NumberTrustedToAuthenticateForDelegation>1</NumberTrustedToAuthenticateForDelegation><NumberReversibleEncryption>0</NumberReversibleEncryption><NumberDuplicate>0</NumberDuplicate><NumberNoPreAuth>0</NumberNoPreAuth></data></HealthcheckOSData></OperatingSystem><GPOInfo><GPOInfo><GPOName>Default Domain Policy</GPOName><GPOId>{31B2F340-016D-11D2-945F-00C04FB984F9}</GPOId><IsDisabled>false</IsDisabled><AppliedTo><string>DC=pingcastledemo,DC=local</string></AppliedTo><AppliedOrder><int>1</int></AppliedOrder></GPOInfo><GPOInfo><GPOName>Default Domain Controllers Policy</GPOName><GPOId>{6AC1786C-016F-11D2-945F-00C04fB984F9}</GPOId><IsDisabled>false</IsDisabled><AppliedTo><string>OU=Domain Controllers,DC=pingcastledemo,DC=local</string></AppliedTo><AppliedOrder><int>1</int></AppliedOrder></GPOInfo></GPOInfo><LoginScript><HealthcheckLoginScriptData><LoginScript>None</LoginScript><NumberOfOccurence>2</NumberOfOccurence><Delegation /></HealthcheckLoginScriptData></LoginScript><LastADBackup>2021-03-09T03:47:51-08:00</LastADBackup><LAPSInstalled>9999-12-31T23:59:59.9999999</LAPSInstalled><KrbtgtLastChangeDate>2021-03-09T02:47:41.9719605-08:00</KrbtgtLastChangeDate><KrbtgtLastVersion>2</KrbtgtLastVersion><ExchangePrivEscVulnerable>false</ExchangePrivEscVulnerable><AdminLastLoginDate>2021-04-03T08:23:12.3112318-07:00</AdminLastLoginDate><GPPPassword /><GPPFileDeployed /><GPOAuditSimple /><GPOAuditAdvanced /><GPPPasswordPolicy><GPPSecurityPolicy><Properties><GPPSecurityPolicyProperty><Property>MinimumPasswordAge</Property><Value>1</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>MaximumPasswordAge</Property><Value>42</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>MinimumPasswordLength</Property><Value>7</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>PasswordComplexity</Property><Value>1</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>PasswordHistorySize</Property><Value>24</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>LockoutBadCount</Property><Value>0</Value></GPPSecurityPolicyProperty><GPPSecurityPolicyProperty><Property>ClearTextPassword</Property><Value>0</Value></GPPSecurityPolicyProperty></Properties><GPOName>Default Domain Policy</GPOName><GPOId>{31B2F340-016D-11D2-945F-00C04FB984F9}</GPOId></GPPSecurityPolicy></GPPPasswordPolicy><GPOLsaPolicy /><GPOScreenSaverPolicy /><GPOEventForwarding /><GPODelegation /><TrustedCertificates /><PrivilegedGroups><HealthCheckGroupData><GroupName>Account Operators</GroupName><DistinguishedName>CN=Account Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Administrators</GroupName><DistinguishedName>CN=Administrators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Backup Operators</GroupName><DistinguishedName>CN=Backup Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Certificate Operators</GroupName><DistinguishedName>CN=Cryptographic Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Certificate Publishers</GroupName><DistinguishedName>CN=Cert Publishers,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Dns Admins</GroupName><DistinguishedName>CN=DnsAdmins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Domain Administrators</GroupName><DistinguishedName>CN=Domain Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Enterprise Administrators</GroupName><DistinguishedName>CN=Enterprise Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Enterprise Key Administrators</GroupName><DistinguishedName>CN=Enterprise Key Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Key Administrators</GroupName><DistinguishedName>CN=Key Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Print Operators</GroupName><DistinguishedName>CN=Print Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Replicator</GroupName><DistinguishedName>CN=Replicator,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Schema Administrators</GroupName><DistinguishedName>CN=Schema Admins,CN=Users,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>1</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>1</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>1</NumberOfMemberActive><NumberOfMemberEnabled>1</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>1</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData><HealthCheckGroupData><GroupName>Server Operators</GroupName><DistinguishedName>CN=Server Operators,CN=Builtin,DC=pingcastledemo,DC=local</DistinguishedName><NumberOfMember>0</NumberOfMember><NumberOfMemberDisabled>0</NumberOfMemberDisabled><NumberOfMemberPwdNotRequired>0</NumberOfMemberPwdNotRequired><NumberOfMemberPwdNeverExpires>0</NumberOfMemberPwdNeverExpires><NumberOfMemberLocked>0</NumberOfMemberLocked><NumberOfMemberInactive>0</NumberOfMemberInactive><NumberOfMemberActive>0</NumberOfMemberActive><NumberOfMemberEnabled>0</NumberOfMemberEnabled><NumberOfMemberCanBeDelegated>0</NumberOfMemberCanBeDelegated><NumberOfExternalMember>0</NumberOfExternalMember><NumberOfSmartCardRequired>0</NumberOfSmartCardRequired><NumberOfServiceAccount>0</NumberOfServiceAccount><NumberOfMemberInProtectedUsers>0</NumberOfMemberInProtectedUsers></HealthCheckGroupData></PrivilegedGroups><AdminSDHolderNotOKCount>0</AdminSDHolderNotOKCount><UnixPasswordUsersCount>0</UnixPasswordUsersCount><SmartCardNotOKCount>0</SmartCardNotOKCount><DomainControllerWithNullSessionCount>0</DomainControllerWithNullSessionCount><SIDHistoryAuditingGroupPresent>false</SIDHistoryAuditingGroupPresent><MachineAccountQuota>10</MachineAccountQuota><ListHoneyPot /><DnsZones><HealthcheckDnsZones><name>pingcastledemo.local</name><InsecureUpdate>false</InsecureUpdate></HealthcheckDnsZones><HealthcheckDnsZones><name>RootDNSServers</name><InsecureUpdate>false</InsecureUpdate></HealthcheckDnsZones><HealthcheckDnsZones><name>106.158.10.in-addr.arpa</name><InsecureUpdate>false</InsecureUpdate></HealthcheckDnsZones></DnsZones><PasswordDistribution><Dist HigherBound="1" Value="2" /></PasswordDistribution><AzureADSSOLastPwdChange>0001-01-01T00:00:00</AzureADSSOLastPwdChange><AzureADSSOVersion>0</AzureADSSOVersion><PrivilegedDistributionLastLogon><Dist HigherBound="0" Value="1" /></PrivilegedDistributionLastLogon><PrivilegedDistributionPwdLastSet><Dist HigherBound="1" Value="1" /></PrivilegedDistributionPwdLastSet><ControlPaths><Data><data Name="S-1-5-32-548" Description="Account Operators" Typology="PrivilegedAccount" ObjectRisk="High"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-500" Description="Administrator" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-544" Description="Administrators" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-551" Description="Backup Operators" Typology="PrivilegedAccount" ObjectRisk="High"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="CN=Builtin,DC=pingcastledemo,DC=local" Description="Builtin OU" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-569" Description="Certificate Operators" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-517" Description="Certificate Publishers" Typology="PrivilegedAccount" ObjectRisk="Other"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="CN=Computers,DC=pingcastledemo,DC=local" Description="Computers container" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-1101" Description="Dns Admins" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-512" Description="Domain Administrators" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-516" Description="Domain Controllers" Typology="Infrastructure" ObjectRisk="Critical"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>1</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430" Description="Domain Root" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-519" Description="Enterprise Administrators" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-527" Description="Enterprise Key Administrators" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-498" Description="Enterprise Read Only Domain Controllers" Typology="Infrastructure" ObjectRisk="Other"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-520" Description="Group Policy Creator Owners" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-526" Description="Key Administrators" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-502" Description="Krbtgt account" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-550" Description="Print Operators" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-521" Description="Read Only Domain Controllers" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-552" Description="Replicator" Typology="PrivilegedAccount" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-21-2115980419-2321553098-4164854430-518" Description="Schema Administrators" Typology="PrivilegedAccount" ObjectRisk="Critical"><NumberOfDirectUserMembers>1</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="S-1-5-32-549" Description="Server Operators" Typology="PrivilegedAccount" ObjectRisk="High"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data><data Name="CN=Users,DC=pingcastledemo,DC=local" Description="Users container" Typology="Infrastructure" ObjectRisk="Medium"><NumberOfDirectUserMembers>0</NumberOfDirectUserMembers><NumberOfDirectComputerMembers>0</NumberOfDirectComputerMembers><NumberOfIndirectMembers>0</NumberOfIndirectMembers><NumberOfDeletedObjects>0</NumberOfDeletedObjects><Dependancies /></data></Data><Dependancies /><AnomalyAnalysis><CompromiseGraphAnomalyAnalysisData ObjectRisk="Critical" NumberOfObjectsScreened="6" NumberOfObjectsWithIndirect="0" MaximumIndirectNumber="0" MaximumDirectIndirectRatio="0" /><CompromiseGraphAnomalyAnalysisData ObjectRisk="High" NumberOfObjectsScreened="3" NumberOfObjectsWithIndirect="0" MaximumIndirectNumber="0" MaximumDirectIndirectRatio="0" /><CompromiseGraphAnomalyAnalysisData ObjectRisk="Medium" NumberOfObjectsScreened="13" NumberOfObjectsWithIndirect="0" MaximumIndirectNumber="0" MaximumDirectIndirectRatio="0" /><CompromiseGraphAnomalyAnalysisData ObjectRisk="Other" NumberOfObjectsScreened="2" NumberOfObjectsWithIndirect="0" MaximumIndirectNumber="0" MaximumDirectIndirectRatio="0" /></AnomalyAnalysis><GlobalScore>0</GlobalScore><StaleObjectsScore>0</StaleObjectsScore><PrivilegiedGroupScore>0</PrivilegiedGroupScore><TrustScore>0</TrustScore><AnomalyScore>0</AnomalyScore></ControlPaths></HealthcheckData>