Identity Details (page)
The Identity Details page is the main profile view of an identity in the Nanitor UI. It shows all relevant information regarding an identity.
The Identity Details page can be described in terms of the following display areas:
- Identity fields: The fields typically describe properties such as Username, Identity type, etc.
- Inventory lists: Tabbed information tables with rich information on the identity. More detail about each tab is given below.
Identity fields
The identity fields include
- Name
- Username
- Domain (this field will contain information only for Active Directory users and will be empty for others)
- Identity ID (the ID in the corresponding OS)
- Identity Type (as described above)
- Properties (this includes some labels related to identity properties or detected identity issues)
Inventory lists
The inventory lists provide detailed information about the inventory related to the identity. Each list is accessible by clicking on the corresponding tab. The information included in each inventory list is documented below.
Attributes
This tab contains the list of identity properties and attributes. For Windows domain users, there is information about groups and privileged groups to which the user belongs, as well as other Active Directory attributes.
Issues
The Issues inventory list displays issues detected for the given identity.
This table includes the following columns for each issue in the list:
| Column | Description |
|---|---|
| Created | The timestamp at which time the issue was detected for the identity. |
| State | The issue state. |
| Type | The type of the issue (most often, it is Identity). |
| Issue | Represents the issue name and links to the issue detail. |
| Highest Issue Priority | The priority of the issue in terms of confidentiality (C), integrity (I) and availability (A). |
| NPS (Nanitor Prioritization Score) | The prioritization score of the issue. |
| Assets | The number of assets that are portentially endangered by this issue. You can click the link here to view the full list of Assets. |
Assets
The Assets Inventory list displays the list of assets to which the identity has logged on and the associated activity state.
The information is displayed in the grid with the following columns:
| Column | Description |
|---|---|
| Hostname | The hostname of the asset. |
| Device IP Addresses | The IP addresses on the local network interfaces on the asset. |
| Logged On Now | "Locally" if the user is currently logged in locally on the computer, "Remote" if the user is remotely logged in. The warning triangle indicates that the information may be old if the asset has not checked in recently. |
| Local Admin | "Yes" if the user has ability to elevate to local administrator (or root), "No" otherwise. |
| Remote Access | "Yes" if the user has ability to log remotely into the asset, "No" otherwise. |
| Last Activity | The timestamp when the asset was last known to be active, as seen by the Nanitor agent. |
| Last Logon | The timestamp when the asset was last seen with the identity logged in, as seen by the Nanitor agent. |
Activity log
The activity log is an event history and audit log regarding events and changes that Nanitor logs regarding the identity and identity issues. The latest events are shown on top.
Note that additional information is available by expanding the event with the down arrow on the left.
The information for each event includes the following columns:
| Column | |
|---|---|
| Expand/collapse arrow | Expands to show full information regarding the event. Collapse to reduce the row height and show less information. |
| Event details | The event message and field details (if expanded). |
| Time | Timestamp when the event was logged. |
| Event type | The type of the event, e.g. Security or Audit. |
| Triggered by | Event trigger, either System or User. User triggered changes are typically due to changes made through the Nanitor UI, whereas system changes are due to automatic changes. |
| Severity | The severity of the event: Low / Medium / High. |