Does anyone know of a way to auto query owner {last logged on user} and location information from AD or SCCM? Is there an API integration you can implement to achieve auto-importing this information into InsightVM?
Example: Under Asset Info, the “Owner(s)” tag would auto populate with what SCCM or AD shows as the “Last Logged in User”. “Location(s)” tag could show the DHCP scope this IP address or Hostname was listed under.
We’ve starting our threat hunting campaign on our campus, and we’re looking at ways to streamline this process, if possible.
To my knowledge, there’s not an existing integration that does this. With some dev, you could always create a script that queries AD and then creates tags in InsightVM via the /tags endpoint.
The InsightVM API docs are here if you want to take a look at the endpoint. We also have an Active Directory LDAP InsightConnect plugin, which has open source code in case you want to see how we went about implementing things like queries, etc.
1 Like
I was able to get this working. I posted a very rough version of the script here. Emphasis on the “rough”.
1 Like