Alsid Glossary
Welcome to our Glossary!
The purpose of this glossary is to familiarize you with the most popular terms revolving around Alsid for AD.
If there is no definition, we invite you to post a question "Definition of the term(s):
In order to help you find your definition terms are listed in alphabetical order and links allow you to move from one term to another.
Application Programming Interface is a software intermediary that allows two applications to talk to each together in Alsid for AD context our API allows to talk with Eridanis and Equuleus
These are the pages displayed when you navigate within a menu:
It is the service in charge of translating and decoding the raw data from Ceti (collecting the replication flow)
Cephei is the service in charge of calculating the statistics observable on your dashboard (Widget Active Users count, Compliance Score, Deviance ...). It obtains these metrics by aggregating the information obtained from new deviance (Eridanis) and user events (Corvi2) "
It is the service in charge of the initial collection of AD objects (crawling) and of subscribing to replication flows (appearance of new events: listening). The AD objects retrieved currently come from two sources: LDAP and SYSVOL.
It is the service in charge of ordering events so that Caroli receives them in order.
It is the service in charge of ordering events so that Cygni receives them in order.
Period during which the Ceti service synchronizes the AD replication flow and the sysvol data
It is the service which analyzes changes in AD objects in order to deduce whether they involve one or more risks, which, when assembled, would meet the criteria for deviance . This deviance will then be transmitted to the database and then visible in Alsid for AD.
Deviant elements are the set of deviances noted by an Indicator Of Exposure (IoE) , they point to an object, carrying an attribute that triggered the IoE in relation
More related content about this subject on documentation Alsid for AD.
The Directory Listener is the machine hosting the Ceti services (On-premise context)
It is the service which allows to see AD events in real time in Kapteyn
This is the service in charge of controlling authentication at the Web interface
It is the API service that stores time data (statistics,) in InfluxDB
It is the API service which stores the business data (configuration and AD objects, deviances , etc.) in MS SQL Server and supplies them to other services.
An event detail is obtained by clicking on one of the Trail Flow , it lists all the attributes and highlights the ones in question:
More related content about this subject on documentation Alsid for AD.
This policy setting configures secure access to UNC paths.If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements.
A SAML identity provider is a system entity that issues authentication assertions in conjunction with a single sign-on (SSO) profile of the Security Assertion Markup Language (SAML) .
Alsid for AD measures the security maturity of your AD infrastructures through Indicators of Exposure (IoEs) and assigns severity levels (Critical, High, Medium or Low) to the constant flow of events that is being monitored and analyzed
More related content about this subject on documentation Alsid for AD.
InfluxDB is an open source time series database designed to handle high write and query loads and provides a SQL-like query language called InfluxQL for interacting with data
Complete period, at the start of the Alsid services after a stop, during which all of the services have synchronized all of the events, their deviances (initial and comparative crawling of the existing database) and makes all the results available in Alsid for AD. The duration of this phase depends on your number of supervised objects and the number of changes made to your AD supervised by the application
In the context of Alsid for AD, we use integrations to refer to tools related to the application (SIEM, SOAR, EDR...)
It is the service hosting the ALSID for AD web application. Developed with Javascript technologies, it is a real-time application which allows updating of data without user action.
The Kerberos protocol defines how clients interact with a network authentication service. Clients obtain tickets from the Kerberos Key Distribution Center (KDC), and they present these tickets to servers when connections are established. Kerberos tickets represent the client's network credentials
LDAP authentication is an authentication process responsible for validating a user's login information (combination of user name and password) with a directory server, for example Active Directory . LDAP is used to log into Alsid for AD using LDAP Enterprise accounts. LDAP configuration is accessible under System in the Configuration blade .
More related content about this subject on documentation Alsid for AD.
Windows Challenge/Response (NTLM) is the authentication protocol used on networks that include systems running the Windows operating system and on stand-alone systems.
A security descriptor is a data structure that contains security information about an AD object, such as the ownership and permissions of the object. For more details, see Microsoft's online documentation.
On-premises refers to the IT equipment located in the company building
We generally use this term to refer to the queues of messages observable in the RabbitMQ tool
A Role within the application is a scope of visibility and configurations that it is possible to configure in the "Roles Management"
More related content about this subject on documentation Alsid for AD.
Software as a service is a software distribution model in which a service provider hosts applications for customers and makes them available to these customers via the internet and licences
Security Assertion Markup Language (SAML) is an XML-based language that provides a means for security entities to communicate security information about a client that is requesting access to protected resources or services.
More related content about this subject on documentation Alsid for AD.
The Security Engine Node (aka SEN) is the machine hosting the Cancri caroli Corvi Corvi2 Cygni Cephei rabbitMQ (Context On Prem) service. In the SaaS context, the concept of Security Engine Node does not exist, the services are hosted in a Kubernetes node.
The Security profiles management blade allows you to add and modify already existing security profiles. This function allows different types of users (such as AD administrators, CISO, etc.) to review security results from different reporting angles and to fully customize the behavior of Indicator Of Exposure (IoE)
More related content about this subject on documentation Alsid for AD.
The Storage manager is the machine hosting the databases useful for the application, SQL server and InfluxDB based on the Eridanis and Equuleus services in Back-end
Syslog is a tool for network devices to send event messages to a log server. The Syslog protocol is widely adopted and supported. It can be used to record different types of events
More related content about this subject on documentation Alsid for AD.
This landing page displays the real-time monitoring and analysis of events affecting your AD infrastructures. The Trail Flow page provides users the ability to load previous events in order to go back in time. The search field at the top of this page can also be used to perform threat hunting and detect malicious patterns.
More related content about this subject on documentation Alsid for AD.
You will find it in the TrailFlow or Deviant Elements menu, it allows you to build your search graphically (screenshot)
More related content about this subject on documentation Alsid for AD.
The purpose of this glossary is to familiarize you with the most popular terms revolving around Alsid for AD.
If there is no definition, we invite you to post a question "Definition of the term(s):
In order to help you find your definition terms are listed in alphabetical order and links allow you to move from one term to another.
API
Application Programming Interface is a software intermediary that allows two applications to talk to each together in Alsid for AD context our API allows to talk with Eridanis and Equuleus
Blades
These are the pages displayed when you navigate within a menu:
Cancri
It is the service in charge of translating and decoding the raw data from Ceti (collecting the replication flow)
Cephei
Cephei is the service in charge of calculating the statistics observable on your dashboard (Widget Active Users count, Compliance Score, Deviance ...). It obtains these metrics by aggregating the information obtained from new deviance (Eridanis) and user events (Corvi2) "
Ceti
It is the service in charge of the initial collection of AD objects (crawling) and of subscribing to replication flows (appearance of new events: listening). The AD objects retrieved currently come from two sources: LDAP and SYSVOL.
Corvi
It is the service in charge of ordering events so that Caroli receives them in order.
Corvi2
It is the service in charge of ordering events so that Cygni receives them in order.
Crawling
Period during which the Ceti service synchronizes the AD replication flow and the sysvol data
Cygni
It is the service which analyzes changes in AD objects in order to deduce whether they involve one or more risks, which, when assembled, would meet the criteria for deviance . This deviance will then be transmitted to the database and then visible in Alsid for AD.
Deviance / Deviant Element
Deviant elements are the set of deviances noted by an Indicator Of Exposure (IoE) , they point to an object, carrying an attribute that triggered the IoE in relation
More related content about this subject on documentation Alsid for AD.
Directory Listener / Listener
The Directory Listener is the machine hosting the Ceti services (On-premise context)
Electra
It is the service which allows to see AD events in real time in Kapteyn
Enif
This is the service in charge of controlling authentication at the Web interface
Equuleus
It is the API service that stores time data (statistics,) in InfluxDB
Eridanis
It is the API service which stores the business data (configuration and AD objects, deviances , etc.) in MS SQL Server and supplies them to other services.
Event detail
An event detail is obtained by clicking on one of the Trail Flow , it lists all the attributes and highlights the ones in question:
More related content about this subject on documentation Alsid for AD.
Hardened path
This policy setting configures secure access to UNC paths.If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements.
Identity provider
A SAML identity provider is a system entity that issues authentication assertions in conjunction with a single sign-on (SSO) profile of the Security Assertion Markup Language (SAML) .
Indicator Of Exposure (IoE)
Alsid for AD measures the security maturity of your AD infrastructures through Indicators of Exposure (IoEs) and assigns severity levels (Critical, High, Medium or Low) to the constant flow of events that is being monitored and analyzed
More related content about this subject on documentation Alsid for AD.
InfluxDB
InfluxDB is an open source time series database designed to handle high write and query loads and provides a SQL-like query language called InfluxQL for interacting with data
Initialization
Complete period, at the start of the Alsid services after a stop, during which all of the services have synchronized all of the events, their deviances (initial and comparative crawling of the existing database) and makes all the results available in Alsid for AD. The duration of this phase depends on your number of supervised objects and the number of changes made to your AD supervised by the application
Integrations
In the context of Alsid for AD, we use integrations to refer to tools related to the application (SIEM, SOAR, EDR...)
Kapteyn
It is the service hosting the ALSID for AD web application. Developed with Javascript technologies, it is a real-time application which allows updating of data without user action.
Kerberos
The Kerberos protocol defines how clients interact with a network authentication service. Clients obtain tickets from the Kerberos Key Distribution Center (KDC), and they present these tickets to servers when connections are established. Kerberos tickets represent the client's network credentials
LDAP
LDAP authentication is an authentication process responsible for validating a user's login information (combination of user name and password) with a directory server, for example Active Directory . LDAP is used to log into Alsid for AD using LDAP Enterprise accounts. LDAP configuration is accessible under System in the Configuration blade .
More related content about this subject on documentation Alsid for AD.
NTLM
Windows Challenge/Response (NTLM) is the authentication protocol used on networks that include systems running the Windows operating system and on stand-alone systems.
ntsecuritydescriptor attribute
A security descriptor is a data structure that contains security information about an AD object, such as the ownership and permissions of the object. For more details, see Microsoft's online documentation.
On-premise
On-premises refers to the IT equipment located in the company building
Queues
We generally use this term to refer to the queues of messages observable in the RabbitMQ tool
Role
A Role within the application is a scope of visibility and configurations that it is possible to configure in the "Roles Management"
More related content about this subject on documentation Alsid for AD.
SaaS
Software as a service is a software distribution model in which a service provider hosts applications for customers and makes them available to these customers via the internet and licences
SAML
Security Assertion Markup Language (SAML) is an XML-based language that provides a means for security entities to communicate security information about a client that is requesting access to protected resources or services.
More related content about this subject on documentation Alsid for AD.
Security Engine Node
The Security Engine Node (aka SEN) is the machine hosting the Cancri caroli Corvi Corvi2 Cygni Cephei rabbitMQ (Context On Prem) service. In the SaaS context, the concept of Security Engine Node does not exist, the services are hosted in a Kubernetes node.
Security Profile / Profile
The Security profiles management blade allows you to add and modify already existing security profiles. This function allows different types of users (such as AD administrators, CISO, etc.) to review security results from different reporting angles and to fully customize the behavior of Indicator Of Exposure (IoE)
More related content about this subject on documentation Alsid for AD.
Storage Manager
The Storage manager is the machine hosting the databases useful for the application, SQL server and InfluxDB based on the Eridanis and Equuleus services in Back-end
Syslog
Syslog is a tool for network devices to send event messages to a log server. The Syslog protocol is widely adopted and supported. It can be used to record different types of events
More related content about this subject on documentation Alsid for AD.
Trail Flow
This landing page displays the real-time monitoring and analysis of events affecting your AD infrastructures. The Trail Flow page provides users the ability to load previous events in order to go back in time. The search field at the top of this page can also be used to perform threat hunting and detect malicious patterns.
More related content about this subject on documentation Alsid for AD.
Wizard
You will find it in the TrailFlow or Deviant Elements menu, it allows you to build your search graphically (screenshot)
More related content about this subject on documentation Alsid for AD.
Add New Comment