Microsoft Active Directory Connector
The Microsoft Active Directory Connector ingests identity assets such as Users and Groups from Microsoft Active Directory into Qualys Enterprise TruRisk Management (ETM), providing centralized visibility into directory-based identities.
Connector Details
High-level details for the Microsoft Active Directory connector.
| Vendor | Microsoft |
| Product Name | Active Directory |
| Category | Assets (Identity) |
| Findings Supported | NA |
| Assets Supported | Users, Groups |
| Version | 1.0.0 |
| Integration Type | On-Prem |
| Direction | Unidirectional (AD to Qualys) |
| Delta Support | Supported |
Connection Settings
User Roles and Permissions
The following permissions are required for the Active Directory service account:
| Entity Type | Permission |
|---|---|
| Users | Read Property (ADS_RIGHT_DS_READ_PROP) |
| Groups | Read Property (ADS_RIGHT_DS_READ_PROP) |
Authentication Details
The connector supports both LDAP and LDAPS authentication.
LDAP
| Name | Key | Type | Description |
|---|---|---|---|
| Host | host | String | IP or hostname for LDAP connection 10.113.217.83 |
| Port | port | Integer | Default: 389 |
| Base DN | bindDn | String | Bind DN used for authentication |
| Password | password | Encrypted | Password for the bind DN |
LDAPS
| Name | Key | Type | Description |
|---|---|---|---|
| Host | host | String | IP or hostname for LDAPS connection 10.113.217.83 |
| Port | port | Integer | Default: 636 |
| Base DN | bindDn | String | Bind DN used for authentication |
| Password | password | Encrypted | Password for the bind DN |
| Certificate | certificate | .cer | Required for LDAPS authentication |
Connector Configuration
Basic Details
- Log in to Qualys ETM.
- Navigate to Connectors > Integration.
- Locate Microsoft Active Directory Connector and click Manage.
- Provide connector name and description.
- Enter authentication details (LDAP or LDAPS)
Profile
Profiles define the directory search behavior. Provide the following:
- Base Context – Root DN for the directory search
- Search Scope – Scope of LDAP search
- Assets – Identity (default)
Review and Confirm
Review the configuration and click Create to register the connector.
How Does a Connection Work?
The connector’s execution schedule is configured using the cron expression defined in the Docker environment file. Authentication details required for ldap or ldaps connection are provided on the Basic Details page, while directory search parameters, such as the Base Context and Search Scope for Active Directory are configured on the Profile page.
Once the scheduled cron job triggers the execution, the connector retrieves the source data, applies the required transformation logic, and sends the processed data to the downstream system.
Connector States
A successfully configured connector goes through 4 states.
- Registered - The connector is successfully created and registered to fetch data from the vendor.
- Scheduled - The connector is scheduled to execute a connection with the vendor.
- Processing - A connection is executed and the connector is fetching the asset and findings data.
- Processed - The connector has successfully fetched the assets; it may still be under process of fetching the findings. Wait for some more time for the connector to fetch the findings completely.
The Processed state indicates that the Connector is successfully configured but it is under the process of importing all your assets. This process may take some time.
Viewing Assets in ETM
Navigate to Enterprise TruRisk Management > Inventory.
- Users: Inventory > Identity > User
- Groups: Inventory > Identity > Group
- Role: Inventory > Identity > Role
Use the filter: inventory.source: ('Microsoft Active Directory')
Mapping Details
Users – Transformation Map
| Source Field | Target Field |
|---|---|
| objectSid | asset.assetHeader.externalAssetId |
| objectGUID | asset.assetHeader.vendorAssetId |
| name | asset.assetDetail.userAssetClass.name |
| asset.assetDetail.userAssetClass.email | |
| displayName | asset.assetDetail.userAssetClass.displayName |
| whenCreated | asset.assetDetail.userAssetClass.activationDate |
| pwdLastSet | asset.assetDetail.userAssetClass.passwordLastChangedAt |
Groups – Transformation Map
| Source Field | Target Field |
|---|---|
| objectSid | asset.assetHeader.externalAssetId |
| objectGUID | asset.assetHeader.vendorAssetId |
| name | asset.assetDetail.groupAssetClass.name |
| description | asset.assetDetail.groupAssetClass.description |
| groupType | asset.assetDetail.groupAssetClass.type |