Enzoic for Active Directory
v3.5
v3.5
  • Overview
  • Installation & Setup
    • Installation Prerequisites
    • Setup Instructions
    • Client Setup Instructions
    • Upgrade Instructions
    • Automated Deployments
  • Product Usage
    • Enzoic Installed Product Console
      • Dashboard
      • System Health
      • Monitoring Policies
      • Settings
      • Reporting
        • Password Change Report
        • Continuous Monitoring Report
        • Monitored Users Report
        • Compromised Users Report
        • Users Sharing Passwords
        • Users with Passwords Set to Never Expire
        • Users with No Password Set
        • Stale User Accounts
      • License
      • Test Page
    • Enzoic Web Product Console
      • Overview
      • Alerts
      • Activity History
      • Error Log
      • Server Status
      • Clients
      • Password Test
    • Logging and SIEM Integration
    • Backup Considerations
    • Troubleshooting
  • Release History & Notes
Powered by GitBook
On this page

Was this helpful?

  1. Product Usage
  2. Enzoic Installed Product Console
  3. Reporting

Compromised Users Report

Enzoic for Active Directory v3.5

PreviousMonitored Users ReportNextUsers Sharing Passwords

Last updated 10 months ago

Was this helpful?

This report shows you a list of all the users with out-of-policy passwords or compromised credentials. For each user, you can see when the compromised password was detected and what remediation action was taken in response, along with the current status of that remediation action. The More Info link next to each user will bring up a dialog with additional details.

The Monitoring Policy filter dropdown at the top right allows you to further filter the report, so you can filter down to just the users under a specific monitoring policy. The Update button in the header allows you to refresh the report. Since this report can be time-consuming to generate for larger domains, it is only refreshed on demand. If the data is stale (more than 15 minutes out of date), you will see a red warning message next to this Update button reminding you that you need to regenerate the report to see current data.

Compromised Users Report Fields

Field
Description

Username

The user’s username in AD.

Compromised On

The time the compromise was detected, in your local timezone

Policy Applied

The monitoring policy the user was under at the time of the detection

Original Action Taken

The remediation action specified on the policy at the time of the compromise

Remediation Action State

The current status of the remediation action. In the case of delayed remediation actions, this indicates whether the delay period has expired or not and whether the action was applied. In the case where an administrator has manually applied a remediation from this console, that will appear here as well.

You can use the checkboxes on the left side of each row to select one or more compromised users and manually apply one of the three remediation actions available by clicking the buttons at the bottom of the grid:

Action Button
Effect

Force Password Change Now

Sets the account(s) to Force Password Change on Next Login in Active Directory

Disable Account(s) Now

Disables the selected account(s) in Active Directory

Notify User(s) by Email

Resends the email notification users receive letting them know they need to change their password. This will use the custom email content you have specified for the applied policy.

Clicking the More Info... link on a row brings up the Compromise Details dialog:

This dialog contains more detailed info about the compromised password, including an Event Log of all events that have occurred from the time of detection. You can take the same manual remediation actions from this dialog.

Sample Compromised Users Report
Sample of the Compromise Details dialog