first of all congrats on building a great community around this software and thanks so far for the answers you guys have provided. My goal is not to spam the forum but doing PoC for customers, I need to explore every aspects of the solution.
The question I have, is how âplatformâ is meant to be used in privilege secure?
F.e. an activity can be tight to a platform which can have a specific password policy. When creating a password for an ephemeral account under this activity, I would have expect it to follow the password policy configured in the platform definition.
Is the platform setting under activity only relevant to where an account will be created or activated for âactivity tokenâ and âmanagedâ type of LoginAccount?
A second aspect which is not 100% clear to me around platform, is the way it is supposed to work between ressource, activity and access policy. A ressource belongs to a platform as does an activity. But under access policy I can mix it and allow activity to be run on ressources that donât share the same platform.
There is a lot in your question, so please bear with me!
First of all the Platform for a Resource does a few things:
Defines the which Platform Policy applies to the resource. In the platform policy you have settings that apply to all the resources that have that platform.
Within the activities, we use the Platform to determine how to connect. (Windows - use WinRM/PowerShell Remoting, Linux - use SSH, Cisco - use SSH with Cisco commands)
The Platform for a Resource is also used within the Policy to help determine which Activities are suited for that Resource, more on that later.
Platform also tells the scanner what type of information to show.
When connecting, the Platform dictates which type of connection to use.
The UI will also use the Platform to help determine what to show.
Platform for the Activity dictates the types of Resources that will match to that Activity in a Policy.
but doing PoC for customers, I need to explore every aspects of the solution.