Technical Documentation
WebsiteLinkedIn
  • Technical Documentation
  • Admin Guides
    • Epiphany Intelligence Platform Administrator Guide
      • Epiphany Intelligence Platform Overview
      • Using Epiphany: A Quickstart Guide
      • Epiphany Tools
        • Dashboards
        • Path Finder
          • Path Finder Search Strings
        • Impact Matrix
        • Vulnerabilities
        • Rogue Report
          • Coverage Area
          • Host List and the Query Builder
        • Inventory
          • Active Directory
        • Tickets
          • Creating Tickets
          • Adding comments to a ticket
          • Ticket Activity
          • Closing A Ticket
          • Reveald Ticket Synchronization
          • Supported Markdown
      • Administration
        • User Management
        • Source Management
          • Site Collectors Setup
          • Cloud-Based Data Sources
            • Data Source Examples
          • On-Prem Data Sources
            • Example
      • Search and Query Guidelines
        • Search Basics
        • Query Operators
        • Complex Epiphany Queries
        • Search Keywords
      • Other Resources
    • Epiphany Validation Engine User's Guide
      • Chapter 1: Architecture of EVE
        • Endpoint
        • Platform
      • Chapter 2 : EVE Endpoint
        • Hardware Requirements
        • Operating System Requirements
        • Custom Threat Module Requirements
        • EVE Agent Requirements
          • Endpoint (physical or VM) with Golden Image.
          • Exclusion of E.V.E. paths in third-party Endpoint solutions
          • Third-party communications configuration in the EVE Platform.
          • Privileges
          • Communication between Endpoint and Platform
          • Frameworks
        • Obtaining The EVE Agent
        • The E.V.E. Agent
          • Controls
          • Notifications
          • Isolation
        • Installing the EVE Agent
          • EVE Agent Installation on Windows EndPoints
          • Validating the Installation of EVE Agent on Windows
          • EVE Agent Installation on Linux Endpoints
          • Validating the Installation of EVE Agent on Linux
          • Backup of the Virtual Machine with Golden Image
        • Updating EVE Agent
        • Uninstalling the EVE Agent
        • Troubleshooting
          • Obtaining Logs of the Agent from the cloud instance
          • Obtaining Logs locally of the EVE Agent on Windows Systems
          • Obtaining Logs locally of the EVE Agent on Linux Systems
          • Obtaining Logs of the Isolation Process
      • Chapter 3: EVE Platform
        • Logging in to the Platform for the first time
        • Navigation Tabs
          • Dashboard
          • Emulation Control
            • Endpoints
              • Endpoints Table
              • Obtaining Endpoint Details
              • Rename an Endpoint: Alias
              • Restart an Agent
              • Emulation History of an Endpoint
              • Remove a Host
              • EVE Agent
              • Download the EVE Agent
              • Download Endpoints Report
              • Windows Installer Update
              • Linux Installer Update
              • Delete an Installer Version
            • Threat Library
              • View the MITRE Matrix Related to a Sample
              • Artifacts Severity
              • Artifacts
            • Emulations
              • Scheduled Emulations
              • Emulation Results
              • Export a .xlsx Report of an Emulation
              • Export a .PDF Report of an Emulation
              • Continuous Validation
            • Custom Threats
          • System Configuration
            • Users
              • Account Types
              • 2FA
              • SSO
        • License
        • Help
        • Support
        • Users Management
        • API
    • Data Usage Guide
      • Primer: How Epiphany Works
      • Data Sources: A Deeper Dive
      • Getting Results: Data Source Outputs
      • Data Privacy and Security
    • Epiphany Security and Trust
      • Introduction
      • Program Details
      • Primary Risks
      • Our Responsibility to You
      • Your Responsibility to Yourself
      • Supplemental Information
      • Secure by Design
      • Conclusion
  • Use Cases
    • Overview
    • 6 Essential Cybersecurity Questions
    • Validate and Manage Assets and Devices in Your Environment
    • Deep Inspection and Audit of Identity Services
    • Manage Exploitability
    • Manage Business Impact
    • Effectively Manage Attack Paths to Enable Better Risk Decisions
  • Epiphany Workflows
    • Technical Analysis
      • Create an Analysis-Focused Dashboard
        • Dashboard Widgets
        • Attack Path Widgets
        • Exposure Widgets
        • Occurrence Widgets
        • Environmental Widgets
        • Administrative Widgets
        • Ticketing Widgets
        • Example Analyst Dashboard
        • Report Features in Dashboard Widgets
      • Attack Path Management
        • Analyze the Attack Path
        • Select a Remediation Recommendation
        • Track Remediation Progress
        • View Potential Exposure to Material impact
        • Tag a Node
      • Vulnerability Management
        • Search for Vulnerabilities
        • Prioritize Vulnerabilities for Remediation
      • Identity Management
        • Identify Risky Conditions in Active Directory (Kerberoastable Users and AS-REP Roastable Users)
        • Identify Risky Conditions in Active Directory (Exposed Active Directory Domain Administrators)
        • Audit High Value Groups
      • Device Management
        • Explore Device Inventory
        • Identify a Rogue System
  • Site Collectors
    • Epiphany Collector Prerequisites
    • Site Collector Guide
      • Create a Site Collector in Epiphany
      • Download a Site Collector Image
      • Generate an Activation Key and Activate Your Epiphany Site Collector
      • Windows GPO Configuration for Epiphany Collector v2.0
      • (Deprecated) Windows GPO Configuration for Epiphany Collector
  • Data Sources
    • Azure Services
      • Obtain the Tenant ID in Azure
      • Register Epiphany as an Application in Azure
      • Add Permissions to the Application - Azure AD
      • Add Permissions to the Application - Defender for Endpoint
      • Add the Azure Credentials to Epiphany
      • How Epiphany Interacts With the Azure API
      • Supplemental Information
    • Carbon Black Cloud
      • Create a Role in Carbon Black Cloud
      • Create a New Carbon Black Cloud User
      • Generate a Carbon Black Cloud API Key
      • Add the Carbon Black Cloud Credentials to Epiphany
      • Supplemental Information
    • Cisco IOS
      • Create a New Cisco IOS User
      • Add the Cisco IOS Credentials to Epiphany
      • Supplemental Information
      • Cisco IOS Manual Collection
    • Claroty
      • Create a Claroty Read-Only User
      • Add the Claroty Credentials to Epiphany
      • How Epiphany Interacts With the Claroty API
    • CrowdStrike
      • Create a CrowdStrike API Key
      • Add the CrowdStrike Credentials to Epiphany
      • How Epiphany Interacts With the CrowdStrike API
      • Supplemental Information
    • Cylance
      • Create a New Cylance User
      • Add the User's Cylance Credentials to Epiphany
      • How Epiphany Interacts With the Cylance API
      • Supplemental Information
    • Manage Engine Patch Manager Plus
      • Create a New Patch Manager Plus User
      • Create a New Patch Manager Plus API Key
      • Add the Patch Manager Plus Credentials to Epiphany
      • How Epiphany Interacts With the Patch Manager Plus API
    • NCentral
      • Create an NCentral Read-Only User and an API Key
      • Add the NCentral Credentials to Epiphany
      • How Epiphany Interacts With the NCentral API
    • Nessus
    • Qualys
      • Create a New Qualys User
      • Add the Qualys Credentials to Epiphany
      • How Epiphany Interacts With the Qualys API
      • Supplemental Information
    • Rapid7 Nexpose
      • Create a New Rapid7 Nexpose User
      • Add the User's Credentials to Epiphany
      • Deploy an Epiphany Site Collector
      • Associate the Site Collector and the Data Source
      • How Epiphany Interacts With the Rapid7 Nexpose Data Source
      • Supplemental Information
    • SentinelOne
      • Create a New Sentinel One User and Generate an API Key
      • Add the User's Sentinel One Credentials and API Key to Epiphany
      • Supplemental Information
    • Tenable
      • Create a New Tenable User
      • Tenable IO Permissions
      • Generate an API Key
      • Add the User's Credentials to Epiphany
      • Deploy a Site Collector (Tenable.sc only)
      • Associate the Site Collector and the Data Source (Tenable.sc only)
      • How Epiphany Interacts With the Tenable Data Source
      • Supplemental Information
    • Trend Micro Apex One
      • Create a Trend Micro Apex One API Key
      • Add the Trend Micro Apex One Credentials to Epiphany
      • How Epiphany Interacts With the Apex Server
      • Supplemental Information
    • Trend Micro Cloud One Deep Security
      • Create a Trend Micro Cloud One Account and API Key
      • Add the Trend Micro Cloud One Credentials to Epiphany
      • How Epiphany Interacts With the Trend Micro Cloud One API
      • Supplemental Information
    • Vicarious vRx
      • Create an API key in Vicarious vRx
      • Add the Vicarious vRx API Key to Epiphany
    • Windows AD
      • Create an AD Service Account for Epiphany
      • Create the Windows AD GPO
      • Deploy the Epiphany Site Collector
      • Add the Windows AD Credentials to the Windows AD Data Source Configuration in Epiphany
      • Supplemental Information
  • Data Sources (Early Access)
    • Armis
      • Create a New Armis User
      • Generate an Armis API Key
      • Add the Armis User's Credentials to Epiphany
      • How Epiphany Interacts With the Armis API
      • Supplemental Information
    • ArubaOS
      • Use SSH to Collect ArubaOS Network Appliance Information
      • Add the ArubaOS Credentials to Epiphany
      • ArubaOS Manual Collection
      • Supplemental Information
    • Automox
      • Create a New Automox User and a New Automox API Key
      • Add the Automox Credentials to Epiphany
      • How Epiphany Interacts with the Automox API
      • Supplemental Information
    • AWS
      • Create a New AWS User and AWS API Credentials
      • Add the AWS Credentials to Epiphany
      • How Epiphany Interacts with the AWS API
      • Supplemental Information
    • BeyondTrust
      • Create an Explicit User Account in BeyondTrust
      • Deploy an Epiphany Site Collector
      • Add the BeyondTrust Credentials to Epiphany
      • Supplemental Information
    • Bloodhound
      • Bloodhound Set Up 1
      • Bloodhound Set Up 2
      • Add the Bloodhound Credentials to Epiphany
      • How Epiphany Interacts With the Bloodhound Data Source
      • Supplemental Information
    • Cisco Meraki
      • Generate a Read-Only Meraki Account
      • Generate a Meraki API Key
      • Collect the Meraki Network Maps
      • Add the Cisco Meraki Credentials to Epiphany
      • Supplemental Information
    • FortiOS
      • Generate a FortiOS API Token
      • Add the API Token to Epiphany
      • Supplemental Information
    • HPE Comware
      • Data Collection for Epiphany
      • Supplemental Information
    • Juniper OS
      • Configure and Verify the Rest API
      • Data Collection for Epiphany
      • Supplemental Information
    • Okta
      • Okta Set Up 1
      • Okta Set Up 2
      • Add the Okta Credentials to Epiphany
      • How Epiphany Interacts With the Okta Data Source
      • Supplemental Information
    • Palo Alto PAN-OS and Panorama
      • Create a New PAN-OS or Panorama User
      • Add the Panorama or PAN-OS Credentials to Epiphany
      • Add the SSH Credentials to Epiphany
      • PAN-OS and Panorama SSH/Manual Collection
      • How Epiphany Interacts With the Palo Alto API/Console
      • Supplemental Information
    • Windows AD (Legacy Version)
      • Create the Windows AD GPO
      • Supplemental Information
    • VMware vSphere
      • Create the vSphere User Account
      • Create a Role
      • Assign Read-Only permissions to vCenter
      • Assign a User Account the Role on a single Object
      • Add vSphere as a Data Source within the Console
  • Changelog
    • 2023-08-02: Phase 1 Customer Portal
    • 2023-08-25: Epiphany Administrator Guide v1.0
    • 2023-09-14: Product Update
    • 2023-09-27: Product Update
    • 2023-10-13: Product Update
    • 2023-12-01: Product Update
  • Legal Notice
    • Terms and Conditions
    • Privacy
Powered by GitBook
On this page
  • Scenario 1: Identify Systems With Specific Characteristics
  • Solution: Epiphany’s Combined Asset Inventory
  • Scenario 2a: Locate Systems Where Agents Need to be Installed, Fixed, or Reconfigured
  • Scenario 2b: Discover Devices and Agents That Were Thought to be Decommissioned but are Still in Use
  • Solution: Epiphany’s Rogue System Detection
  • Scenario 3: Quickly Locate Information About Devices, IP Addresses, Users and More
  • Solution: Epiphany’s “Explorer” Style Search Across Data Sets
  1. Use Cases

Validate and Manage Assets and Devices in Your Environment

Learn how Epiphany validates and manages assets

Previous6 Essential Cybersecurity QuestionsNextDeep Inspection and Audit of Identity Services

Last updated 1 year ago

Epiphany focuses on finding the conditions that create risk in your organization's devices from things such as lack of defensive controls, misconfigurations, and vulnerabilities, as well as illustrating how an attacker might use those conditions. Epiphany views multiple aspects of a device when it considers its risk to an organization, including its users, attack surface, applications, defenses, and position within the environment.

Outcomes:

  • You can use Epiphany’s Inventory tool to view all your assets and devices, aggregated from all your data sources. View details such as risk level, the number of risks, and the number of entry points for individual devices.

  • You can use Epiphany’s Rogue System Detection to identify where agents need to be installed, fixed, or reconfigured and to discover devices you thought were decommissioned but are still in use. Use Rogue’s query builder to create custom queries showing users who are in and/or out of certain groups, thus highlighting where to take corrective action.

  • You can use Epiphany’s Search to display information about all users, aggregated from all your data sources. Limit the search results to show only users using a particular operating system or with a critical risk level, then download the file to a CSV to use for remediation planning.

Scenario 1: Identify Systems With Specific Characteristics

You need to identify which systems across your environment have a specific vulnerability, live in a specific network segment, and are used by accounts with privileged access. Epiphany aggregates data from multiple data sources, providing a unified asset inventory across multiple data sets. Epiphany’s inventory search feature operates as an “explorer,” making queries possible even when the data is spread across multiple sources, such as Microsoft Active Directory, endpoint protection, and vulnerability management systems.

Solution: Epiphany’s Combined Asset Inventory

Epiphany’s Inventory tool looks at all your assets and devices, then allows you to drill into groups such as all the devices with a particular operating system. You can see the total number of devices and devices in groups such as Windows devices, Linux devices, and network devices. Or you can search for things such as Windows or Linux to display just the devices using either of those operating systems.

The Inventory tool is the central aggregation point of all unique devices that Epiphany discovers across all data sets reporting device-related information. This can come from vulnerability scanners, endpoint agents, network management systems, and access management systems, as well as others. Epiphany attempts to simplify this view for you by showing you the most-used counts in most organizations: the overall total number of unique devices in your organization (Total Devices), the number of unique Windows Devices, the number of unique Linux Devices, and the number of unique Network Devices. These can be used to quickly understand where you may have gaps between your configuration management database (CMDB) and your individual data sources (which can be explored in Epiphany’s Rogue Reporting tool).

For any individual device, you can click on Node Details to see specific information about the device, such as its Risk Level, total number of risks (Total Risks), and the number of Entry Points it has. Its specific Entry Points are listed, making it easy for you to know where to target remediation efforts.

Scenario 2a: Locate Systems Where Agents Need to be Installed, Fixed, or Reconfigured

You are migrating from one endpoint protection solution to another and need to find the systems that are not yet on the new solution. And you need to verify that all required tools are correctly installed across the environment. Epiphany makes it easy to identify systems where agents need to be installed, fixed, or reconfigured. Epiphany’s Rogue System Detection visually shows you your tools’ coverage. You can perform queries based on set logic and display and export target lists. If your organization has a compliance requirement, which may include having one or more tools installed, non-compliance is visually identifiable in seconds.

Scenario 2b: Discover Devices and Agents That Were Thought to be Decommissioned but are Still in Use

You have a number of devices you believe are decommissioned (for example, network devices still on your network or systems still establishing sessions). You need to identify and target these devices for removal. Epiphany can discover devices and agents that were thought to be decommissioned but are still in use. Epiphany’s Rogue System Detection visually shows you situations such as computers that still authenticate via Active Directory but are running older unsupported agents (or no agent at all).

Solution: Epiphany’s Rogue System Detection

The most powerful tools in device management are knowledge and visibility. Most organizations struggle to know where they have devices that are misconfigured, unmanaged, or rogue. In other words, devices that don't match their expected security configurations. It can be a complex task to sift through so much information. Epiphany simplifies this for you.

Epiphany's Rogue Report distills otherwise mountainous sets of data into simplistic diagrams and tables that you can search for the systems that might pose a great risk to your organization due to things such as their misconfigurations or absence in a critical data set. Most organizations do not realize that each tool within their environment manages data in different ways and for different time periods. Tools that are used to discover devices can only give point-in-time reports and endpoint agents sometimes go stale, disappearing from the tool all together. Epiphany attempts to bridge that by using all the data at its disposal to illustrate to you the true state of your environment and how your tools relate to each other.

The simplest way to describe the data in Epiphany’s Rogue System Detection is to think of Venn Diagrams. They show you where data intersects and where it doesn't. The overlapping circles show your coverage. In the next image, you can see two antivirus platforms: Crowdstrike and McAfee. You can also see that there’s a large outset of devices using Nexpose that aren’t being scanned for vulnerabilities by Crowdstrike or McAfee.

In addition, ideally, all of the devices that are reporting into Windows Active Directory would have all the circles. Basically, the circles should be sitting on top of each other to represent full and complete coverage.

Query via Set Logic in Rogue

You can use Rogue’s Query Builder to show users in and/or out of certain groups. For example, you can create a query that shows you all the users in Windows Active Directory who aren’t using Crowdstrike.

Scenario 3: Quickly Locate Information About Devices, IP Addresses, Users and More

You are planning resolution for areas where agents need to be installed, fixed, or reconfigured and removing devices and agents that were thought to be decommissioned but are still in use, and you need to quickly locate information about device names, IP addresses, installed applications, risk levels, users, and groups. Epiphany provides multiple ways to search and display detailed information. Epiphany provides “Explorer” style searching capability across data sets, giving you quick and easy access to rich data within a few mouse clicks.

Solution: Epiphany’s “Explorer” Style Search Across Data Sets

Epiphany is a data-driven platform, designed to empower you to find the data you need as quickly as possible. There are multiple places to search for anything in Epiphany, but on the Inventory page you can use the search field to look for device names, IP addresses, installed applications, risk levels, and more. As an example, a of search "Windows" yielded 20137 results in the inventory since it includes all operating systems with Windows in the name as well as any installed application since because did not limit the search.

Epiphany’s full Search lists all the users in your environment. For each user, it shows their name, IP address, risk level (critical, high, medium, or low), their common vulnerabilities and exposures (CVEs), the group to which they belong, their operating system, and entry points.

Inventory page.
Device Detail page.
Rogue Report.
Rogue Report's Query Builder.
Search on the Inventory page.
Full search.