Uncategorized

BeyondTrust Password Safe SQL query to get Managed Account access for a Managed System

Navigating through BeyondTrust Password Safe to gauge the security exposure of Managed Systems can often feel a bit cumbersome. Typically, users must click through multiple pages to access information related to Managed Accounts, SmartRules, Groups, and Application Users. This process not only takes time but can sometimes make it difficult to get a clear, comprehensive view of the security landscape.

Fortunately, there is a more efficient method available to get a quick snapshot of Application Users, which can serve as a starting point for deeper analysis. By executing a specific SQL query, users can generate a concise report that brings all the crucial data into one view. This approach significantly cuts down the time spent navigating through various interfaces.

Moreover, the query can be easily modified to enhance its utility. By adjusting the WHERE clause, users can expand the report to include details about specific types of access, such as RDP (Remote Desktop Protocol) and SSH (Secure Shell). This customization allows for targeted insights into how these access types are managed within the system, providing a clearer picture of potential vulnerabilities or misconfigurations.

To make the most out of this streamlined reporting technique, it’s essential to familiarize oneself with the basic structure of the SQL query and understand how minor tweaks can tailor the output to meet various security assessment needs. This proactive approach not only saves time but also enhances the overall efficiency of security management within BeyondTrust Password Safe environments.

SELECT
	a.SystemName
	, a.AccountName
	, c.Title AS SmartRule
	, e.Name AS [Group]
	, f.UserName
	, f.FirstName
	, f.LastName
FROM            pmm.vw_MA_System AS a INNER JOIN
                         SmartRuleManagedAccountCache AS b ON a.ManagedAccountID = b.ManagedAccountId INNER JOIN
                         SmartRule AS c ON b.SmartRuleId = c.SmartRuleId INNER JOIN
                         UserGroup_SmartRule AS d ON c.SmartRuleId = d.SmartRuleId INNER JOIN
                         UserGroup AS e ON d.GroupID = e.GroupID INNER JOIN
                         AppUser_UserGroup ON e.GroupID = AppUser_UserGroup.GroupID INNER JOIN
                         AppUser AS f ON AppUser_UserGroup.UserID = f.UserID
WHERE		
	---- Put scope of servers here
		(a.SystemName LIKE 'MyManagedSystemName')
	---- Filter out unwanted SmartRules
	AND
		c.SmartRuleId NOT IN (2001,2002)
	---- Only Groups with connections to SmartRules and the built-in Administrators group
	AND 
		(d.Permission = 1 or e.GroupID = 1) AND c.IsActive = 1
ORDER BY e.Name, c.Title, f.UserName