All,
I am new to InsightVM and trying to learn.
How does InsightVM Query Builder asset.os.type CONTAINS ‘domain controller’ work?
Specifically, I am trying to understand which Service, TCP/UDP Port, etc. that InsightVM uses to determine if an Asset is a Domain Controller.
Thank you,
T.J.
Hi there! This is determined by looking at the Windows Registry value for the ProductType key located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions. If the value is LanmanNT then it means the system is configured as a Domain Controller.
This requires either an authenticated scan (using an account that is able to access the registry) or else the Insight Agent running on the system.
All the best,
Greg
Thanks for asking this! I found it helpful