When the value of an attribute changes, the Trail Flow shows a blue dot before the Attribute column.
To display the attribute change:
In Tenable Identity Exposure, click Trail Flow in the navigation bar on the left.
The Trail Flow page opens with a list of events
Hover the blue dot in front of the event line to display the changes.
The color of the Value at event label depends on the changes applied to the attribute:
A security descriptor is a data structure that contains security information about an AD object such as its ownership and permissions. For more details, see Microsoft's online documentation.
To display details of an object security descriptor:
In Tenable Identity Exposure, click Trail Flow to open the Trail Flow page.
Click to select an entry in the Trail Flow table.
The Event details pane opens.
Click on See SDDL Description.
The nSDDL Description pane opens.
Click on the arrows on the left of the SDDL (1), DACL (2), and Descriptor (3) to expand the description:
Browse to an Access Control Entry (ACE) (4) highlighted in color to display the object's access rights. The color codes indicate:
To copy the SDDL description, click Copy to clipboard.