Added specific service SID objects to local machine services

lkarlslund · Jan 29, 2024 · 270b8ad · 270b8ad
1 parent 2cf6bab
commit 270b8ad
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/modules/integrations/localmachine/analyze/import.go b/modules/integrations/localmachine/analyze/import.go
@@ -608,10 +608,19 @@ func ImportCollectorInfo(ao *engine.Objects, cinfo localmachine.Info) (*engine.O
 			if serviceaccountSID != windowssecurity.LocalServiceSID {
 				serviceobject.EdgeTo(svcaccount, analyze.EdgeAuthenticatesAs)
 			}
+
 		} else if service.Account != "" || service.AccountSID != "" {
 			ui.Warn().Msgf("Unhandled service credentials %+v", service)
 		}
 
+		// Specific service SID
+		so := ao.FindOrAddSID(windowssecurity.ServiceNameToServiceSID(service.Name))
+		// ui.Debug().Msgf("Added service account %v for service %v", so.SID().String(), service.Name)
+		so.SetFlex(
+			activedirectory.Name, engine.AttributeValueString("Service account for "+service.Name),
+		)
+		serviceobject.EdgeTo(so, analyze.EdgeAuthenticatesAs)
+
 		// Change service executable via registry
 		if service.RegistryOwner != "" {
 			ro, err := windowssecurity.ParseStringSID(service.RegistryOwner)