Bloodhound queries: improve outdated OS and top 10 users queries and misc fixes #380
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello,
this PR modifies some Bloodhound custom queries.
Outdated OS:
Instead of returning every outdated computers referenced in the AD, only return the ones which machine account is enabled.
Indeed, returning a disabled Windows XP is not interesting.
Top 10 user sessions:
The queries were returning the top 10 users with local admin rights. So basically, it was also returning the domain administrators with admin rights on all object computers including the domain controllers. And if the domain has more than 10 DA, then these are the only ones returned.
The modified queries only return the top 10 users who are neither Domain Admins, Enterprise Admins, nor Administrators.
Fix a broken query and an english typo