1. Introduction
Active Directory (AD) is the backbone of identity and access management in most Windows-based environments. Think of it as the central directory service that organizations rely on to manage users, computers, and permissions in a secure, structured way.
Nearly every application and tool connects to AD — whether for authentication, directory browsing, or single sign-on (SSO). This makes AD incredibly powerful, but also a prime target: it holds sensitive information such as:
Usernames and passwords
Network structure details
Access rights and permissions
Because AD is the “keyring” of the organization, attackers who gain access to it can potentially unlock critical systems and data. That’s why integrating Active Directory with Hyver is so valuable: it helps you surface weaknesses in AD’s configuration and usage, and ties them directly to business risk so you can act quickly and effectively.
2. Prerequisites
Before we dive into the setup, let’s make sure everything is in place. In this section, we’ll review what you need to have ready on your side — both the information at hand and the technical requirements that must be met — so the integration process goes smoothly from start to finish.
Make sure you have:
Access to the Hyver platform.
Administrator permissions in Hyver.
An Active Directory environment.
You’ll also need a machine for the on-prem connector that:
Has access to AD (but is not a domain controller).
Has Docker Engine installed.
Provides a read-only AD account for the connector user.
This integration lets Hyver securely ingest vulnerability data from your Active Directory (AD) environment.
Required IP Addresses
For the integration to work smoothly, you may need to allow traffic from Hyver’s servers in your firewall or network configuration. This ensures that Hyver can securely connect to your environment and perform scans without being blocked.
Depending on your region and the type of scan, add the following IP addresses:
General IPs:
Europe →
18.198.79.197America →
52.1.10.176,35.171.70.87
IPs for Azure and AWS Scans:
Europe →
18.158.77.90America →
34.206.252.13
In most cases, you only need to add the IPs relevant to your region and use case.
How the Integration Works
As mentioned in the previous part, Hyver connects to AD through an on-premises connector, which:
Collects vulnerability data from AD every 24 hours.
Runs inside your on-prem environment.
The connector acts as a secure mediator between Hyver and your on-prem. Active Directory, ensuring that Hyver never accesses AD directly.
Network Access: IPs and Domains
For the integration to work properly, the Active Directory connector needs to reach Hyver’s S3 bucket.
Since AWS manages S3 IP addresses dynamically, we can’t provide a fixed list of IPs.
Instead, simply allow access to these domains:
1) s3.eu-central-1.amazonaws.com
2) sqs.eu-central-1.amazonaws.com
Once these domains are accessible, the connector will take care of the rest automatically. Note: There’s no difference between Europe and America in this context. Our servers are hosted in Europe, so you’ll only see EU-based addresses.
Multi-Company Dashboard and Integrations
This section explains how Hyver’s Multi-Company Dashboard works in general, and how integrations behave when used in a Multi-Company setup.
What is the Multi-Company Dashboard?
Hyver’s Multi-Company Dashboard is designed for large enterprises with multiple subsidiaries. It gives you:
A centralized view of cybersecurity risk across the entire organization
Key metrics like exposure, cost of breach, and maturity scores
The ability to switch between subsidiaries and view their individual data
Parent admins and power users can view aggregated and subsidiary-level risk, while detailed findings remain visible only to members of the specific subsidiary
Data that updates in real time
To enable Multi-Company, contact your CYE Technical Account Manager.
How Integrations Work in Multi-Company
Here’s the important part:
Integrations are created only at the subsidiary level
Findings from an integration appear only in that subsidiary’s dashboards and reports
Parent companies cannot create integrations — they can only view the aggregated results
Best Practices for Combining Integrations with Multi-Company
To get the most out of Multi-Company with integrations, we recommend:
Each subsidiary should create its own integration, using credentials that only grant access to data relevant to that subsidiary
In some cases, it’s useful to also have a dedicated “General” company, which holds findings that apply to the entire enterprise and cannot be tied to a single subsidiary
The parent company then combines these insights and metrics from all subsidiaries and the General company — but remember, integrations cannot be connected directly to the parent company.
3. Configuring on the Active Directory Side
Here, we’ll go step by step: preparing the AD account and permissions, confirming network access and DNS/firewall rules, making sure the host machine is ready (non-DC, Docker installed), downloading the configuration file, running the install commands, and verifying the connector is Running. By the end, your AD environment will be correctly configured and securely connected to Hyver.
The process together is straightforward, and we’ll take it step by step. There are two main parts to the setup:
Entering your Active Directory login details.
Downloading and installing a configuration file to complete the connection.
Open the Integration Settings
In Hyver, click the gear icon in the upper right to access Settings.
From the left-hand menu, select Integrations and Workflows.
On the Integrations page, find the Active Directory card and click Add.
Enter Your Active Directory Details
You’ll now see the Active Directory details entry page.
There are about eight fields here, but only three are mandatory (marked with a red asterisk).
These required fields are:
LDAP Username
LDAP Password
Domain Name
Be sure to also give the integration a name you’ll recognize later.
Optional fields:
Domain controller FQDN
Domain controller IP
LDAP port
Use LDAP over SSL
When you’re done:
Click Validate to confirm the details match the expected format.
Once validated, click Save to continue.
Download the Configuration File
Next, you’ll download a configuration file:
Click Download to get the file onto your machine.
This file is what enables Hyver to install the connector locally and run the integration.
Installing the On-Prem Connector
Now that we’ve set up the integration details, let’s walk through how to install the On-Prem Connector — the secure bridge that allows Hyver to collect data from your Active Directory.
The On-Prem Connector is the secure bridge between Hyver and your Active Directory environment. It runs inside your network and ensures that Hyver never directly touches your AD.
Installation Notes
Install the connector on a machine that has access to AD.
Do not install it on a domain controller.
System Requirements
Make sure the machine you’ll use meets the following requirements:
Component | Requirement |
CPU | 64-bit kernel, 4 CPU / 8 vCPU |
Memory | 4 GB minimum |
Operating System | 64-bit Ubuntu, Debian, or CentOS |
Networking | Outbound TCP/443 to AWS API Gateway |
Firewall (AD only) | MSRPC 135, SMB 445, LDAP 389, LDAPS 636 |
DNS | Must resolve domain and Domain Controller names |
To resolve domain names, either:
Configure the Domain Controller (DC) as DNS, or
Add the domain name to your hosts file
Permissions
The connector user in AD only needs regular read-only access.
Install Docker
The connector runs on Docker. Install Docker on your chosen machine:
You’ve successfully installed the On-Prem Connector. Now we can move on to Step 4 in Hyver, where you’ll connect it all together.
4. Configuring in Hyver
This step might look technical, but it’s just a copy-paste process:
You’ll see several lines of code with a Copy button next to each one.
Each line includes a short title explaining its purpose (for example: “Run the onboarding script to finish the onboarding”).
Simply copy each line in order and run it in your terminal.
This step ensures the connector is properly installed and has the right permissions.
Run the Script
Finally, run the installation script:
It may take a few seconds, even after the loading bar reaches 100%.
If everything worked correctly, you’ll see a green “Running” message:
At this point, the integration is complete. Click Save if prompted.
And that’s it. Your Active Directory integration is now live and ready to feed insights directly into Hyver.
Note: The script is available for download for one hour only.
What Happens Next
Hyver will automatically collect AD vulnerability data every 24 hours.
Findings from your AD environment will start appearing on the Findings page in Hyver.
5. Viewing Results
What happens once the integration is up and running? You’ll see the findings collected from Active Directory appear directly in Hyver’s Findings page, updated automatically every 24 hours. These findings are tied to NIST subcategories and contribute to your maturity assessment, giving you clear visibility into your AD-related risks and how they impact your organization’s overall security posture.
Searching for Findings by Source
To review AD-related findings in Hyver:
Go to the Findings page.
Use the Findings filter to search by:
Source (e.g., Active Directory)
Creation date (to narrow down results further)
Example:
Filter by source = Active Directory, then add a date filter to refine your view.
Auto-Fix Statuses
Hyver includes Auto-Fix, a feature that automatically updates the status of remediation assets (servers, settings, etc.) once they’re fixed in the source system. However, Active Directory findings do not support Auto-Fix at this time. You’ll need to update remediation statuses manually.
Collected Endpoints (APIs Used)
Hyver connects to the external tool through its official API and continuously collects data from specific endpoints. These endpoints define the types of information Hyver ingests into your dashboard.
For this integration, Hyver collects data from the following endpoints:
SYSVOL
RustHound
In simple terms: SYSVOL shows how AD enforces rules and scripts across your environment, and RustHound reveals the relationships and paths attackers might exploit. Together, they give Hyver visibility into both policies and attack paths.
(The list may vary depending on your setup and the permissions granted to the integration.)
6. Types of Fetched Entities
When Hyver integrates with Active Directory, it automatically identifies findings related to configuration and usage issues:
Each finding is linked to NIST subcategories
Findings directly impact Hyver’s maturity assessment
Examples of Active Directory Findings
Some examples of findings you may encounter include:
High-risk maintenance procedures
Insufficient global security update policy or mechanism
Use of outdated or vulnerable technologies
Application services running with excessive permissions
Personal users with high privileges
Insufficient hardening of Kerberos authentication (e.g., roastable accounts, unconstrained delegation)
Unused domain users or computer accounts
Critical AD users without password rotation
7. Deleting the Integration
Sometimes you may need to update settings, remove the connector, or delete the integration entirely. Here’s how to do it:
Deleting the Integration
In Hyver, click Delete Integration.
Confirm the deletion.
Once deleted:
The connection to Active Directory is terminated immediately.
No new data will be ingested.
Existing data will remain in Hyver for your records.
Deleting the Connector
If you need to uninstall the connector from your machine, run the following command:
./home/$USER/hyver/integrations/cye-integration-agent.sh --uninstall
Editing the Integration
In Hyver, click Edit Integration.
Make your changes.
Click Save.
Note that If you edit or update the integration, you’ll need to download a new script.
Wrap-up
In this guide, we explored how to integrate Active Directory with Hyver, from setting up the connector and configuring integration details to managing, editing, or deleting the connection. We also reviewed the types of findings Hyver surfaces from AD and how they contribute to your organization’s security posture. With this integration in place, you gain clearer visibility into AD risks and can take focused steps toward stronger cyber resilience.