Azure Active Directory Integration
Last updated
Was this helpful?
Last updated
Was this helpful?
The CyberCyte portal can integrate with Active Directory for further analysis and investigations. To integrate, please follow these steps:
Please log in to the MS Azure Portal and navigate to
Register a new applicaiton on a signle tennant with "+ New registration" button. Do not put any URL for endpoint.
After the registration, please navigate to "Manage" -> "Certificates & Secrets". Please add a new client secret and copy it.
From the "Overview" menu, please copy the "Application (client) ID" and "Directory (tenant) ID".
Go back to the "Manage" menu and navigate to "API permissions". Add a new permission and select the "Microsoft Graph Permission".
Select the "Applicaiton Permissions".
Select the permissions in the list provided below:
AdministrativeUnit.Read.All
Application
Read all administrative units
Contacts.Read
Delegated
Read user contacts
Contacts.Read
Application
Read contacts in all mailboxes
Contacts.Read.Shared
Delegated
Read user and shared contacts
Directory.Read.All
Delegated
Read directory data
Directory.Read.All
Application
Read directory data
Delegated
View users' email address
Group.Read.All
Delegated
Read all groups
Group.Read.All
Application
Read all groups
GroupMember.Read.All
Delegated
Read group memberships
GroupMember.Read.All
Application
Read all group memberships
User.Read
Delegated
Sign in and read user profile
User.Read.All
Delegated
Read all users' full profiles
User.Read.All
Application
Read all users' full profiles
User.ReadBasic.All
Delegated
Read all users' basic profiles
Office 365 Exchange
Contacts.Read
Delegated
Read user contacts
Contacts.Read.All
Delegated
Read user and shared contacts
Contacts.Read.Shared
Delegated
Read user and shared contacts
Group.Read.All
Delegated
Read all groups (preview)
People.Read
Delegated
Read users' relevant people lists (preview)
User.Read
Delegated
Read user profiles
User.Read.All
Delegated
Read all users' full profiles
User.ReadBasic.All
Delegated
Read all users' basic profiles
User.ReadBasic.All
Delegated
Read all users' basic profiles
Grand admin consent after adding the permissions.
Please navigate to "Settings & Reporting" -> "Integration Settings" -> "Credential Settings". Click on the "+ Credential" button to create a new credential. Select the "Microsoft Graph API Credential" as a "Credential Type".
Please navigate to "Settings & Reporting" -> "Integration Settings" -> "Repository Management". Click on the "+Repository" button to create a new Azure AD(Active Directory) repository and select the "Azure AD" as Type, and please select the credential that we created in the first step as a "Remote Credential". After that please fill the rest of the blank fields.
Please navigate to "Rules & Policies" -> "Policy Management" -> Click on the "+ Policy" button. Please select the module named "Scenario and Network Discovery" and type named "Active Directory Analysis". After the selection, required fields will appeared. Please fill in the blanks with required values. For default values, users can use these values in images below.
The users can assign this policy to their group(s). Also, the collection intervals can be changed to their requirements.
The users can add custom tags by just typing and hitting the enter. The policy will automatically accept the tags.
Please navigate to "Home" -> "User Overview" -> "Domain Overview" and "Asset Overview". The "Domain Overview" and "Asset Overview" dashboards provides a great visibility on the active directory and domain information.
Domain Analysis Example Dashboard:
Asset Overview Example Dashboard:
Also, the results can be analyzed from under the "Threat Hunting" -> "Analysis & Investigation" -> "Assets".
