Thycotic
Purpose
This document provides set up information on the Thycotic integration.
Introduction
Thycotic provides a privileged account security solution and password vault. It is required to have the Thycotic Secret Server account to use the integration.
Note
Thycotic authentication can be configured on the scan policy, on the target or on the target group.
Set Up Thycotic Integration in OUTSCAN or HIAB
To set up Thycotic in OUTSCAN or HIAB:
- Go to Main Menu > Settings > Integrations.
- Select the Thycotic tab.
Configure Thycotic Sever:
Option Description Enabled Click on this field to enable Thycotic. Name Provide a name for this configuration. URI Provide your Thycotic Secret server URI.
User Provide your Thycotic user name. Password Provide your Thycotic password. Organization (optional) Provide the name of the organization that should be queried in a Thycotic Cloud setup. Tenant (optional) Provide the tenant for Thycotic Cloud setup. Ignore certificate validation It is recommended to leave this box unchecked. Check this box only when there is no trusted certificate available. Test Authentication Click on this button to test the authentication status. Add Click to add the configuration settings. - Click Save.
After enabling Thycotic, the authentication can be configured on a target, target group, or a scan policy.
Target / Target Group
- Go to Main Menu > Netsec > Manage Targets.
- Target: Edit a target to setup the Authentication.
- Target Group: Right-click on a group and select Set Target Authentication.
- Select Thycotic SMB or Thycotic SSH from the drop-down list, to use the respective authentication.
Fill in the Credentials:
Option Description Thycotic Config Select the config from the drop-down list.
Secret name Provide the name of the Secret.
Note
When the user provides a phrase, it searches for the name matching the given phrase. The first name matched is used. ${IP} will get replaced by the target IP. ${HOSTNAME} will get replaced by the host name of the target.
Override path Provide a new path to cancel using the existing path.
SSH substitute user command The use of the following commands is to execute commands with a different user/privilege escalation.
- sudo: This command is found in most of the Linux based systems (or can be installed). Used to execute commands as a different user (other than the one used to log in). From the tools perspective, it uses root account to perform the commands.
- doas: It is an OpenBSD based command. 95% of its features are like sudo. https://man.openbsd.org/doas
- sesu: It is an IBM implementation of su.
- dzdo: Used in Linux/Unix (can be installed at will). An alternative to sudo.
- pfexec: Mostly used in Solaris.
- custom: It gives a flexibility to use a custom defined privilege escalation command.
SSH custom user command This field is available when the user selects custom in the SSH substitute user command field. Add a custom command for escalating privilege. SMB allow NTLMv1 Check this box to enable the authentication using NTLMv1. Enable remote registry If enabled, the scanner initiates the Remote Registry service with the given details. Disable the service when the scan is finished. - Click Test to start a verification.
- Click Save to enable the current settings.
Scan Policy
- Go to Main Menu > Netsec > Scan Scheduling > Scan Policy.
- Edit a scan policy to setup the Authentication. Under SMB and SSH tabs, Thycotic SSH and Thycotic SMB are now visible as new options.
- Click on any of the options to use the respective authentication.
Provide your Credentials:
Option Description Thycotic Config Select the config from the drop-down list.
Secret name Provide the name of the Secret.
Note
When the user provides a phrase, it searches for the name matching the given phrase. The first name matched is used. ${IP} will get replaced by the target IP. ${HOSTNAME} will get replaced by the host name of the target.
Override path Provide a new path to cancel using the existing path. SSH substitute user command The use of the following commands is to execute commands with a different user/privilege escalation.
- sudo: This command is found in most of the Linux based systems (or can be installed). Used to execute commands as a different user (other than the one used to log in). From the tools perspective, it uses root account to perform the commands.
- doas: It is an OpenBSD based command. 95% of its features are like sudo. https://man.openbsd.org/doas
- sesu: It is an IBM implementation of su.
- dzdo: Used in Linux/Unix (can be installed at will). An alternative to sudo.
- pfexec: Mostly used in Solaris.
- custom: It gives a flexibility to use a custom defined privilege escalation command.
SSH custom user command This field is available when the user selects custom in the SSH substitute user command field. Add a custom command for escalating privilege. SMB allow NTLMv1 Check this box to enable the authentication using NTLMv1. Enable remote registry If enabled, the scanner initiates the Remote Registry service with the given details. Disable the service when the scan is finished. To start verification, provide the target IP or Hostname and click on Test Credentials.
- Click Save to enable the current settings.
Related Articles
Copyright
© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.