Compromised Users Report
Enzoic for Active Directory v3.5
Last updated
Enzoic for Active Directory v3.5
Last updated
This report shows you a list of all the users with out-of-policy passwords or compromised credentials. For each user, you can see when the compromised password was detected and what remediation action was taken in response, along with the current status of that remediation action. The More Info link next to each user will bring up a dialog with additional details.
The Monitoring Policy filter dropdown at the top right allows you to further filter the report, so you can filter down to just the users under a specific monitoring policy. The Update button in the header allows you to refresh the report. Since this report can be time-consuming to generate for larger domains, it is only refreshed on demand. If the data is stale (more than 15 minutes out of date), you will see a red warning message next to this Update button reminding you that you need to regenerate the report to see current data.
| Field | Description |
|---|---|
Username | The user’s username in AD. |
Compromised On | The time the compromise was detected, in your local timezone |
Policy Applied | The monitoring policy the user was under at the time of the detection |
Original Action Taken | The remediation action specified on the policy at the time of the compromise |
Remediation Action State | The current status of the remediation action. In the case of delayed remediation actions, this indicates whether the delay period has expired or not and whether the action was applied. In the case where an administrator has manually applied a remediation from this console, that will appear here as well. |
You can use the checkboxes on the left side of each row to select one or more compromised users and manually apply one of the three remediation actions available by clicking the buttons at the bottom of the grid:
| Action Button | Effect |
|---|---|
Force Password Change Now | Sets the account(s) to Force Password Change on Next Login in Active Directory |
Disable Account(s) Now | Disables the selected account(s) in Active Directory |
Notify User(s) by Email | Resends the email notification users receive letting them know they need to change their password. This will use the custom email content you have specified for the applied policy. |
Clicking the More Info... link on a row brings up the Compromise Details dialog:
This dialog contains more detailed info about the compromised password, including an Event Log of all events that have occurred from the time of detection. You can take the same manual remediation actions from this dialog.
