Health Checks

The health check feature in Tenable Identity Exposure provides you with real-time visibility into the configuration of your domains and service accounts in one consolidated view, from which you can drill down to investigate any configuration anomalies leading to connectivity or other issues in your infrastructure. It verifies that everything is properly set up to ensure the smooth operation of Tenable Identity Exposure and gives you the ability to take quick and precise actions to remedy issues, as well as the confidence that your configuration settings are optimal to enable Tenable Identity Exposure to function efficiently.

Health checks are visible by default for administrative roles and by permission for certain user roles. You can also create Syslog or email alerts on each change in health check status.

Health Checks and DC Sync Attack Detection

Health checks provide valuable information about the status and usability of Tenable Identity Exposure services. It verifies the service account's capability to collect sensitive information like password hashes and DPAPI backup keys used for Privileged Analysis. In the health check report, Tenable attempts to collect sensitive data to determine if the service account has the Privileged Analysis feature properly configured, without actually collecting anything if this feature is not in use. To prevent detection of a DCSync attack during this process, Tenable automatically whitelists the provided service account for the DCSync Indicator of Attack.

Domain Status

Tenable Identity Exposure performs the following checks for each domain:

  • Authentication to the AD domain — LDAP settings and status, credentials, and SMB access

  • Domain reachability — Working connection to the dynamic RPC port, a reachable SMB server, a reachable domain controller IP address or FQDN, a working connection to the RPC port, a reachable LDAP server, and a reachable global catalog LDAP server.

  • Permissions — Ability to access AD domain data and collect privileged data.

  • Domain Linked to Relay — The domain is correctly associated to a relay service.

Platform Status

Tenable Identity Exposure performs the following checks on your platform configuration:

  • Running Relay service — Whether or not the Relay configuration is correct with troubleshooting tips.

  • Relay version consistency — Whether or not the Relay version is consistent with the Tenable Identity Exposure version.

  • Running AD data collector service — Whether or not the data collector service, broker, and collector bridge are operational to relay data to other services.