API Reference
Enum
PurpleKnightDoc
Purple Knight indicator identifiers used to cross-reference rules with vendor content.
Inheritance
- Enum
- PurpleKnightDoc
Inherited Methods
public override sealed Int32 CompareTo(Object target) #Returns:
Int32Inherited from Enum
Parameters
- target Object
public override sealed String ToString(String format, IFormatProvider provider) #Returns:
StringInherited from Enum
Obsolete("The provider argument is not used. Use ToString(String) instead.")Parameters
- format String
Values
public const PurpleKnightDoc Unprivilegeduserscanaddcomputeraccountstothedomain #Value:
0public const PurpleKnightDoc Builtinguestaccountisenabled #Value:
1public const PurpleKnightDoc EvidenceofMimikatzDCShadowattack #Value:
2public const PurpleKnightDoc UsersandcomputerswithnondefaultPrimaryGroupIDs #Value:
3public const PurpleKnightDoc ReversiblepasswordsfoundinGPOs #Value:
4public const PurpleKnightDoc ComputeroruseraccountswithSPNthathaveunconstraineddelegation #Value:
5public const PurpleKnightDoc KerberosKRBTGTaccountwitholdpassword #Value:
6public const PurpleKnightDoc NondefaultvalueonmsMcsAdmPwdSearchFlags #Value:
7public const PurpleKnightDoc PrivilegeduserswithSPNdefined #Value:
8public const PurpleKnightDoc ProtectedUsersgroupnotinuse #Value:
9public const PurpleKnightDoc NondefaultprincipalswithDCSyncrightsonthedomain #Value:
10public const PurpleKnightDoc RiskyRODCcredentialcaching #Value:
11public const PurpleKnightDoc WellknownprivilegedSIDsinSIDHistory #Value:
12public const PurpleKnightDoc UnprivilegedprincipalsasDNSAdmins #Value:
13public const PurpleKnightDoc Privilegedobjectswithunprivilegedowners #Value:
14public const PurpleKnightDoc Custombannedpasswordprotectionnotinuse #Value:
15public const PurpleKnightDoc UserswithKerberospreauthenticationdisabled #Value:
16public const PurpleKnightDoc BuiltindomainAdministratoraccountusedwithinthelasttwoweeks #Value:
17public const PurpleKnightDoc UserswithPasswordNeverExpiresflagset #Value:
18public const PurpleKnightDoc AnonymousaccesstoActiveDirectoryenabled #Value:
19public const PurpleKnightDoc ComputeraccounttakeoverthroughKerberosResourceBasedConstrainedDelegationRBCD #Value:
20public const PurpleKnightDoc GPOlinkingdelegationatthedomainlevel #Value:
21public const PurpleKnightDoc Recentprivilegedaccountcreationactivity #Value:
22public const PurpleKnightDoc UnprivilegedaccountswithadminCount1 #Value:
23public const PurpleKnightDoc ChangestoMSLAPSreadpermissions #Value:
24public const PurpleKnightDoc Zerologonvulnerability #Value:
25public const PurpleKnightDoc Userswitholdpasswords #Value:
26public const PurpleKnightDoc Enabledadminaccountsthatareinactive #Value:
27public const PurpleKnightDoc Privilegedusersthataredisabled #Value:
28public const PurpleKnightDoc GPOlinkingdelegationatthedomaincontrollerOUlevel #Value:
29public const PurpleKnightDoc GPOlinkingdelegationattheADSitelevel #Value:
30public const PurpleKnightDoc UserswithSPNdefined #Value:
31public const PurpleKnightDoc Changestoprivilegedgroupmembershipinthelast7days #Value:
32public const PurpleKnightDoc ADobjectscreatedwithinthelast10days #Value:
33public const PurpleKnightDoc Securityquestionsareinuse #Value:
34public const PurpleKnightDoc ObjectsinprivilegedgroupswithoutadminCount1SDProp #Value:
35public const PurpleKnightDoc Changestodefaultsecuritydescriptorschemainthelast90days #Value:
36public const PurpleKnightDoc ChangestoDefaultDomainPolicyorDefaultDomainControllersPolicyinthelast7days #Value:
37public const PurpleKnightDoc BuiltindomainAdministratoraccountwitholdpassword180days #Value:
38public const PurpleKnightDoc DomainControllerownerisnotanadministrator #Value:
39public const PurpleKnightDoc Domainswithobsoletefunctionallevels #Value:
40public const PurpleKnightDoc AnonymousNSPIaccesstoADenabled #Value:
41public const PurpleKnightDoc OperatorgroupsnolongerprotectedbyAdminSDHolderandSDProp #Value:
42public const PurpleKnightDoc ComputerswitholderOSversions #Value:
43public const PurpleKnightDoc PermissionchangesonAdminSDHolderobject #Value:
44public const PurpleKnightDoc EnterpriseKeyAdminswithfullaccesstodomain #Value:
45public const PurpleKnightDoc Objectswithconstraineddelegationconfigured #Value:
46public const PurpleKnightDoc Kerberosprotocoltransitiondelegationconfigured #Value:
47public const PurpleKnightDoc Computerswithpasswordlastsetover90daysago #Value:
48public const PurpleKnightDoc RecentSIDHistorychangesonobjects #Value:
49public const PurpleKnightDoc ComputerAccountsinPrivilegedGroups #Value:
50public const PurpleKnightDoc Adminswitholdpasswords #Value:
51public const PurpleKnightDoc DomainControllerswitholdpasswords #Value:
52public const PurpleKnightDoc Forestcontainsmorethan50privilegedaccounts #Value:
53public const PurpleKnightDoc PrincipalswithconstraineddelegationusingprotocoltransitionenabledforaDCservice #Value:
54public const PurpleKnightDoc DomainControllerswithResourceBasedConstrainedDelegationRBCDenabled #Value:
55public const PurpleKnightDoc Privilegedaccountswithapasswordthatneverexpires #Value:
56public const PurpleKnightDoc Trustaccountswitholdpasswords #Value:
57public const PurpleKnightDoc DomainControllersininconsistentstate #Value:
58public const PurpleKnightDoc PrincipalswithconstrainedauthenticationdelegationenabledforaDCservice #Value:
59public const PurpleKnightDoc KrbtgtaccountwithResourceBasedConstrainedDelegationRBCDenabled #Value:
60public const PurpleKnightDoc GMSAobjectswitholdpasswords #Value:
61public const PurpleKnightDoc DomainControllersthathavenotauthenticatedtothedomainformorethan45days #Value:
62public const PurpleKnightDoc Useraccountswithpasswordnotrequired #Value:
63public const PurpleKnightDoc UseraccountsthatuseDESencryption #Value:
64public const PurpleKnightDoc Useraccountsthatstorepasswordswithreversibleencryption #Value:
65public const PurpleKnightDoc PrintspoolerserviceisenabledonaDC #Value:
66public const PurpleKnightDoc UsersandcomputerswithoutreadablePGID #Value:
67public const PurpleKnightDoc WriteaccesstoRBCDonDC #Value:
68public const PurpleKnightDoc WriteaccesstoRBCDonkrbtgtaccount #Value:
69public const PurpleKnightDoc Nonstandardschemapermissions #Value:
70public const PurpleKnightDoc ChangestoADDisplaySpecifiersinthepast90days #Value:
71public const PurpleKnightDoc NonprivilegeduserswithaccesstogMSApasswords #Value:
72public const PurpleKnightDoc GMSAnotinuse #Value:
73public const PurpleKnightDoc UnsecuredDNSconfiguration #Value:
74public const PurpleKnightDoc Weakcertificatecipher #Value:
75public const PurpleKnightDoc Domaintrusttoathirdpartydomainwithoutquarantine #Value:
76public const PurpleKnightDoc OutboundforesttrustwithSIDHistoryenabled #Value:
77public const PurpleKnightDoc UserswithpermissionstosetServerTrustAccount #Value:
78public const PurpleKnightDoc Dangerouscontrolpathsexposecertificatetemplates #Value:
79public const PurpleKnightDoc Dangerouscontrolpathsexposecertificatecontainers #Value:
80public const PurpleKnightDoc NondefaultaccesstoDPAPIkey #Value:
81public const PurpleKnightDoc ReportsuspiciousMFAactivitydisabled #Value:
82public const PurpleKnightDoc ADCertificateAuthoritywithWebEnrollmentESC8 #Value:
83public const PurpleKnightDoc PrivilegedUserswithWeakPasswordPolicy #Value:
84public const PurpleKnightDoc NTFRSSYSVOLReplication #Value:
85public const PurpleKnightDoc AbnormalPasswordRefresh #Value:
86public const PurpleKnightDoc AccountswithConstrainedDelegationconfiguredtokrbtgt #Value:
87public const PurpleKnightDoc AccountswithConstrainedDelegationconfiguredtoghostSPN #Value:
88public const PurpleKnightDoc SYSVOLExecutableChanges #Value:
89public const PurpleKnightDoc AccountswithaltSecurityIdentitiesconfigured #Value:
90public const PurpleKnightDoc FGPPnotappliedtoGlobalgroup #Value:
91public const PurpleKnightDoc ChangestoPreWindows2000CompatibleAccessGroupmembership #Value:
92public const PurpleKnightDoc NonsyncedEntrauserthatiseligibleforaprivilegedrole #Value:
93public const PurpleKnightDoc InheritanceenabledonAdminSDHolderobject #Value:
94public const PurpleKnightDoc DangerousTrustAttributeSet #Value:
95public const PurpleKnightDoc EphemeralAdmins #Value:
96public const PurpleKnightDoc Guestaccountsthatwereinactiveformorethan30days #Value:
97public const PurpleKnightDoc SuspiciousDirectorySynchronizationAccountsrolemember #Value:
98public const PurpleKnightDoc ResourceBasedConstrainedDelegationappliedtoAZUREADSSOACCaccount #Value:
99public const PurpleKnightDoc Checkiflegacyauthenticationisallowed #Value:
100public const PurpleKnightDoc Administrativeunitsarenotbeingused #Value:
101public const PurpleKnightDoc Securitydefaultsnotenabled #Value:
102public const PurpleKnightDoc MFAnotconfiguredforprivilegedaccounts #Value:
103public const PurpleKnightDoc Unrestricteduserconsentallowed #Value:
104public const PurpleKnightDoc ConditionalAccessPolicythatdoesnotrequireapasswordchangefromhighriskusers #Value:
105public const PurpleKnightDoc ForeignSecurityPrincipalsinPrivilegedGroup #Value:
106public const PurpleKnightDoc Privilegedgroupcontainsguestaccount #Value:
107public const PurpleKnightDoc Checkforguestshavingpermissiontoinviteotherguests #Value:
108public const PurpleKnightDoc CheckforriskyAPIpermissionsgrantedtoapplicationserviceprincipals #Value:
109public const PurpleKnightDoc CheckforuserswithweakornoMFA #Value:
110public const PurpleKnightDoc SSOcomputeraccountwithpasswordlastsetover90daysago #Value:
111public const PurpleKnightDoc ConditionalAccessPolicydoesnotrequireMFAonprivilegedaccounts #Value:
112public const PurpleKnightDoc EntraConnectsyncaccountpasswordreset #Value:
113public const PurpleKnightDoc ConditionalAccesspoliciesthatcontainMFATrustedIPs #Value:
114public const PurpleKnightDoc GlobalAdministratorsthatsignedinduringthelast14days #Value:
115public const PurpleKnightDoc PrivilegedusercredentialscachedonRODC #Value:
116public const PurpleKnightDoc ConditionalAccessPolicythatdisableadmintokenpersistence #Value:
117public const PurpleKnightDoc Smartcardpasswordrotationdisabled #Value:
118public const PurpleKnightDoc OperatorsGroupsthatarenotempty #Value:
119public const PurpleKnightDoc RC4orDESencryptiontypearesupportedbyDomainControllers #Value:
120public const PurpleKnightDoc PrimaryuserswithSPNnotsupportingAESencryptiononKerberos #Value:
121public const PurpleKnightDoc LDAPsigningisnotrequiredonDomainControllers #Value:
122public const PurpleKnightDoc SMBSigningisnotrequiredonDomainControllers #Value:
123public const PurpleKnightDoc SMBv1isenabledonDomainControllers #Value:
124public const PurpleKnightDoc Certificatetemplateswith3ormoreinsecureconfigurations #Value:
125public const PurpleKnightDoc CertificatetemplatesthatallowrequesterstospecifyasubjectAltName #Value:
126public const PurpleKnightDoc EntraIDprivilegedusersthatarealsoprivilegedinAD #Value:
127public const PurpleKnightDoc Nonadminuserscanregistercustomapplications #Value:
128public const PurpleKnightDoc Guestusersarenotrestricted #Value:
129public const PurpleKnightDoc ADprivilegedusersthataresyncedtoEntraID #Value:
130public const PurpleKnightDoc Morethan5GlobalAdministratorsexist #Value:
131public const PurpleKnightDoc Guestinvitesnotacceptedinlast30day #Value:
132public const PurpleKnightDoc ConditionalAccesspolicywithContinuousAccessEvaluationdisabled #Value:
133public const PurpleKnightDoc Userscancreatesecuritygroups #Value:
134public const PurpleKnightDoc ConditionalAccesspoliciescontainprivateIPaddresses #Value:
135public const PurpleKnightDoc ConditionalAccessPolicythatdoesnotrequireMFAwhensigninriskhasbeenidentified #Value:
136public const PurpleKnightDoc ObjectswithReanimateTombstonesextendedright #Value:
137public const PurpleKnightDoc GPOWeakLMHashstorageenabled #Value:
138public const PurpleKnightDoc WritableshortcutsfoundinGPO #Value:
139public const PurpleKnightDoc OUpermissionsenablingBadSuccessordMSAescalation #Value:
140public const PurpleKnightDoc Changestounprivilegedgroupmembershipinthelast7days #Value:
141public const PurpleKnightDoc ApplicationnameandgeographiclocationadditionalcontextsaredisabledonMFA #Value:
142public const PurpleKnightDoc Nonadminuserscancreatetenants #Value:
143public const PurpleKnightDoc Usersordevicesinactiveforatleast90days #Value:
144public const PurpleKnightDoc Userconsentisallowedforriskyapplications #Value:
145public const PurpleKnightDoc EnterpriseapplicationsusingSAMLforSSO #Value:
146public const PurpleKnightDoc MFAbombingattackoccurredinthepastday #Value:
147public const PurpleKnightDoc QuerypoliciesthathavetheattributeofLDAPdenylistset #Value:
148public const PurpleKnightDoc ListofRiskyusersmediumorhighlevel #Value:
149public const PurpleKnightDoc Morethan10PrivilegedAdministratorsexist #Value:
150public const PurpleKnightDoc Privilegedaccountswithmailbox #Value:
151public const PurpleKnightDoc Lessthan2GlobalAdministratorsexist #Value:
152public const PurpleKnightDoc Applicationinstancepropertylockdisabled #Value:
153public const PurpleKnightDoc Unprivilegedownerofaprivilegedgroup #Value:
154public const PurpleKnightDoc ProhibitedEntraIDRolesAssigned #Value:
155public const PurpleKnightDoc Selfservicepasswordresetenabledforprivilegedroles #Value:
156public const PurpleKnightDoc EnsureallnonprivilegeduserscancompleteMFA #Value:
157public const PurpleKnightDoc PermanentActivePrivilegedRoleAssignment #Value:
158public const PurpleKnightDoc EntracustomRoleswithriskypermissions #Value:
160public const PurpleKnightDoc DetectMFApolicychangesforgroupsandusers #Value:
161public const PurpleKnightDoc Passwordhashsynchronizationisnotenabled #Value:
162public const PurpleKnightDoc CertificateBasedAuthenticationPersistence #Value:
163public const PurpleKnightDoc UseraccountsusingSmartCardauthenticationwitholdpassword #Value:
164public const PurpleKnightDoc UnresolvedEntraIDprivilegedrolemembers #Value:
165public const PurpleKnightDoc Usersarenotusingtheirprivilegedroles #Value:
166public const PurpleKnightDoc Newpermissionhasbeengrantedtoagroup #Value:
167public const PurpleKnightDoc Newpermissionhasbeengrantedtoauser #Value:
168public const PurpleKnightDoc DangeroususerrightsgrantedbyGPO #Value:
169public const PurpleKnightDoc NewAPItokenwascreated #Value:
170public const PurpleKnightDoc DangerousGPOlogonscriptpath #Value:
171public const PurpleKnightDoc NewSuperAdminpermissionhasbeengrantedtoauser #Value:
172public const PurpleKnightDoc NewSuperAdminpermissionhasbeengrantedtoagroup #Value:
173public const PurpleKnightDoc Useractivationinthelast7days #Value:
174public const PurpleKnightDoc Userdeactivationinthelast7days #Value:
175public const PurpleKnightDoc UserswithoutMultiFactorAuthenticationMFA #Value:
176public const PurpleKnightDoc Passwordpolicycheck #Value:
177public const PurpleKnightDoc Highprivilegedcustomroles #Value:
178public const PurpleKnightDoc UnexpectedaccountsinCertPublishersGroup #Value:
179public const PurpleKnightDoc Applicationexpiredsecretsandcertificates #Value:
180public const PurpleKnightDoc GPOwithScheduledTasksconfigured #Value:
181public const PurpleKnightDoc FIDO2Attestationisnotenforced #Value:
182public const PurpleKnightDoc UserswiththeattributeuserPasswordset #Value:
183public const PurpleKnightDoc ShadowCredentialsonprivilegedobjects #Value:
184public const PurpleKnightDoc DistributedCOMUsersgrouporPerformanceLogUsersgrouparenotempty #Value:
185public const PurpleKnightDoc SuspiciouscredentialsonMicrosoftserviceprincipals #Value:
186