Compiling a User Inventory
  • 18 Dec 2022
  • 4 Minutes to read
  • Dark
    Light
  • PDF

Compiling a User Inventory

  • Dark
    Light
  • PDF

Article Summary

Watch the “Compiling a User Inventory” video, or read below.

Compiling a User Inventory

A user inventory is a complete list of every user account across the varied systems of an organization. User accounts are generally associated with a wide range of platforms — from databases to applications, from directory services, to identity and access management platforms. They serve a number of purposes, including user authentication, authorization, and accounting controls. Compiling an aggregated user account inventory can inform a wide array of administrative, operational, and technical security workflows.

Customers commonly use Axonius to identify and compile a complete, up to date, user inventory to query, track, and monitor a wide range of user attributes, characteristics and conditions.

User Inventory Challenges

Like device inventories, the sheer number of user accounts that exist across an enterprise result in challenges obtaining a single, consolidated inventory for user information. Almost every application, database, and compute platform across an enterprise has their own associated (and siloed) user account inventory.

Even when organizations attempt to pull together some subset of these user inventories, they run into challenges similar to obtaining a complete user inventory. These include:

  • Fragmented administrative ownership across systems and platforms
  • Developing, managing, and maintaining integrations to the various data sources
  • Managing the rate of user characteristic changes across each source and historically across all sources
  • Widely varied naming conventions making correlation rules complex and difficult.

Most enterprises have opted to forgo a complete inventory. Instead, they focus on identity and access management (IAM) solutions for their most critical applications and databases.

The following data sources are commonly used to compile a comprehensive user inventory:

How to Compile a User Inventory with Axonius

By connecting to the management consoles of platforms with user data associated, Axonius can identify key indicators that are useful for finding users. On the aggregate level, Axonius can search for the following data fields in order to help identify users. Many more specific fields from various adapters can also be queried in addition to those listed in this table.

User Table.png

Example Queries:

Simple queries can be built to find users and user information in Axonius, ranging from the broadest possible scenario to the most detailed.

Let’s take a look at a couple of queries for finding users and compiling a user inventory.

Finding all admin users

This query can be represented in the Axonius Query Wizard as:

Admin True.png

The query finds all users that have admin access rights. Here’s an example of the returned results:

Admin True Results.png

Finding Admin Users with Outdated Passwords

We can add other filter criteria to see if the admin users are adhering to security policies. Let’s say our security policy states that all admin users need to change their password every 180 days. The following query can find admin users who haven’t changed their passwords in over 180 days:

Here’s an example of the returned results:

Last PW Change results.png

Finding All Active Windows Users With No Password Required

A bit more complex query could involve multiple fields or parameters. Let’s say we know that our organization has an issue with employees disabling or not requiring passwords for the Windows devices.

In this case we would want to find all Windows users (associated with AD), with active accounts, that do not require a password. You can do so using the following query:

PW Not Req.png

After running the query, it appears that there are 44 active Windows users without passwords required.

Here’s an example of the returned results:

PW not req results.png

Example Enforcement Actions

If deviance from security policies or other security issues are found when conducting queries on users in Axonius, a number of options are available to alert teams without any human intervention needed.

Any time a saved query surfaces user-related security concerns, security and risk teams can take actions including:

For more details, see Action Library.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.