> For the complete documentation index, see [llms.txt](https://docs.cloudcyte.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cloudcyte.com/getting-started/integrations/active-directory-integration.md).

# Active Directory Integration

The CyberCyte portal provide Active Directory integration for more comprehensive visibility. We recommend it for machines without an agent on the domain, accounts with unchanged passwords, locked accounts and analysis of the domain infrastructure.

## 1. Create Remote Credential in Portal

Please navigate to "Settings & Reporting" -> "Integration Settings" -> "Credential Settings". Click on the "+ Credential" button to create a new credential. Select the "WINDOWS" as a "Credential Type".

<figure><img src="/files/otuMg8Zh3PKEoLbU6Ucx" alt=""><figcaption></figcaption></figure>

## 2. Create a Repository on the Portal

Please navigate to "Settings & Reporting" -> "Integration Settings" -> "Repository Management". Click on the "+Repository" button to create a new AD(Active Directory) repository and select the "Active Directory" as Type, and please select the credential that we created in the first step as a "Remote Credential". After that fill the rest of the blank fields, the "Pull from Server" option should be disabled. Please save the settings after everything is defined.

<figure><img src="/files/AajobZ2OK11Hpy5pxYJ4" alt=""><figcaption></figcaption></figure>

## 3. Create a Policy in the Portal

Please navigate to "Rules & Policies" -> "Policy Management" -> Click on the "+ Policy" button. Please select the module named "Scenario and Network Discovery" and type named "Active Directory Analysis". After the selection, required fields will appeared. Please fill in the blanks with required values. For default values, users can use these values in images below.

<figure><img src="/files/djlPYMBmcVGuNilXAfiT" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/YPJ2opUKbWmvifPMYkXz" alt=""><figcaption></figcaption></figure>

The users can assign this policy to their group(s). Also, the collection intervals can be changed to their requirements.

The users can add custom tags by just typing and hitting the enter. The policy will automatically accept the tags.

## 4. Reviewing the Results

Please navigate to "Dashboards" -> "Asset & Identity" -> "Domain Overview". The "Domain Overview" and "Asset Overview" dashboards provides a great visibility on the active directory and domain information.

<figure><img src="/files/pHYGNGeeItQZmiGU1Lqv" alt=""><figcaption></figcaption></figure>

Also, the results can be analyzed from under the "Threat Hunting" -> "Analysis & Investigation" -> "Identities".

<figure><img src="/files/15oQHZYPRYyH5KwdORx2" alt=""><figcaption></figcaption></figure>

After integration, the data obtained must be validated and, if necessary, white-listing or rule definitions must be made. There are already defined rules on CyberCyte, and listing can be done with additional analyses to these rules. Our primary recommendation is to double-check in parallel with the existing solutions in the user's infrastructure.

You can access the relevant findings via dashboards, and you can go to the relevant analysis table by clicking on the data.

<figure><img src="/files/H9KQeZOysvlA979rghYS" alt=""><figcaption></figcaption></figure>

When you right-click on any data, you can provide list management under "List Management" from the options that appear on the screen. Similarly, if a special rule needs to be defined, you can create a special rule with the "Rule Management" -> "Add value as a Classification Rule" option and trigger the notification mechanism. The rule management explained in this link <https://docs.cloudcyte.com/getting-started/classification-rules>.
