Weak Passwords Audit
Purpose
This solution gathers information on users with potentially compromised passwords by querying currently available comprehensive lists of known password hashes.
Associated Content
Custom Fields
| Content | Type | Level | Function |
|---|---|---|---|
| CW RMM - Custom Field - Company - Weak Password Count | Text | Endpoint | Holds the count of accounts with weak passwords gathered by RSM - Active Directory - Script - Weak Passwords - AD Test |
| CW RMM - Custom Field - Company - Duplicate Password Count | Text | Endpoint | Holds the count of accounts with duplicate passwords gathered by RSM - Active Directory - Script - Weak Passwords - AD Test |
Device Groups
| Content | Type | Description |
|---|---|---|
| CW RMM - Machine Group - Domain Controllers | Dynamic | This group contains the Domain Controllers. |
Monitors
| Content | Type | Description |
|---|---|---|
| CW RMM - Monitor - Weak Passwords Detected | Custom Field | It creates a ticket if accounts with weak passwords are detected on a domain controller. |
| CW RMM - Monitor - Duplicate Password Detected | Custom Field | It creates a ticket if accounts with duplicate passwords are detected on a domain controller. |
Tasks
| Content | Description |
|---|---|
| CW RMM - Task - Weak Passwords - AD Test | This task utilizes the agnostic script Test-WeakCredentials to test the hashed credentials in AD against a known compromised or weak list. |
Implementation
-
Create the following custom fields:
-
Create the following device group:
-
Create the following monitors:
-
Create and deploy the following task: