← 返回
未分类 中文

Active Directory Hardening

Enterprise-grade API for generating optimized Active Directory security configuration files with hardening best practices.
企业级API,用于生成符合强化最佳实践的 Active Directory 安全配置文件。
krishnakumarmahadevan-cmd krishnakumarmahadevan-cmd 来源
未分类 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 339
下载
💾 0
安装
1
版本
#latest

概述

Overview

The Active Directory Hardening Tool is an enterprise-grade security API designed to generate comprehensive Active Directory (AD) hardening configuration files based on industry best practices and CISSP-aligned security standards. This tool automates the complex process of configuring AD security settings, reducing manual configuration errors and ensuring consistent security posture across AD environments.

Organizations managing large-scale Active Directory deployments require robust security configurations to protect against lateral movement, privilege escalation, and unauthorized access. This tool streamlines the generation of hardening configurations by accepting flexible hardening options and producing deployment-ready configuration files. It is ideal for security architects, system administrators, and organizations undergoing AD security assessments or compliance initiatives.

The API provides enumeration of available hardening options, allowing teams to understand all supported configurations before generating customized hardening profiles. This enables organizations to tailor security configurations to their specific risk profiles and operational requirements.

Usage

Sample Request

Generate an AD hardening configuration with multiple security options:

{
  "sessionId": "sess_abc123def456",
  "userId": 12345,
  "timestamp": "2025-01-15T10:30:00Z",
  "hardeningOptions": {
    "passwordPolicy": ["enforceComplexity", "minLength14", "historyCount24"],
    "accountLockout": ["threshold5", "duration30minutes", "resetCounterAfter30"],
    "kerberosHardening": ["enableAESEncryption", "disableRC4", "setMaxTicketLifetime"],
    "groupPolicy": ["enableAudit", "disableAnonymousAccess", "restrictNetworkAccess"]
  }
}

Sample Response

{
  "status": "success",
  "configurationId": "config_xyz789uvw",
  "timestamp": "2025-01-15T10:30:15Z",
  "configurations": {
    "passwordPolicy": {
      "enforceComplexity": true,
      "minimumLength": 14,
      "passwordHistoryCount": 24,
      "maximumPasswordAge": 90
    },
    "accountLockout": {
      "lockoutThreshold": 5,
      "lockoutDuration": 30,
      "resetCounterAfterMinutes": 30
    },
    "kerberosHardening": {
      "encryptionTypes": ["AES256", "AES128"],
      "disabledEncryption": ["RC4"],
      "maxTicketLifetimeHours": 10
    },
    "groupPolicy": {
      "auditingEnabled": true,
      "anonymousAccessDisabled": true,
      "networkAccessRestricted": true
    }
  },
  "deploymentScript": "powershell_script_content_here",
  "auditLog": {
    "requestId": "req_123456",
    "userId": 12345,
    "action": "AD_HARDENING_GENERATED",
    "timestamp": "2025-01-15T10:30:15Z"
  }
}

Endpoints

GET /

Health Check Endpoint

Verifies API availability and returns service status.

Method: GET

Path: /

Parameters: None

Response:

  • Status Code: 200
  • Content-Type: application/json
  • Body: Service status object confirming API health

POST /api/ad-hardening/generate

Generate AD Hardening Configuration

Generates enterprise-ready Active Directory hardening configuration files based on specified security options. Returns deployable configurations and scripts.

Method: POST

Path: /api/ad-hardening/generate

Request Body (application/json):

ParameterTypeRequiredDescription
----------------------------------------
hardeningOptionsObject (string arrays)YesMap of hardening categories to configuration options. Keys represent hardening domains (e.g., passwordPolicy, accountLockout, kerberosHardening); values are arrays of specific settings to apply.
sessionIdStringYesUnique session identifier for request tracking and audit logging. Used to correlate multiple requests within a session.
userIdInteger \nullNoOptional user identifier for audit trail association. Useful for tracking which user generated the configuration.
timestampStringYesISO 8601 formatted timestamp of request generation. Must be in UTC format (e.g., "2025-01-15T10:30:00Z").

Response:

  • Status Code: 200
  • Content-Type: application/json
  • Body: Configuration object containing hardened AD settings, deployment scripts, and audit trail metadata
  • Status Code: 422 (on validation error)
  • Content-Type: application/json
  • Body: HTTPValidationError object with detailed field-level validation errors

GET /api/ad-hardening/options

Retrieve Available Hardening Options

Enumerates all supported Active Directory hardening options, categories, and their descriptions. Use this endpoint to discover available configurations before generating hardening profiles.

Method: GET

Path: /api/ad-hardening/options

Parameters: None

Response:

  • Status Code: 200
  • Content-Type: application/json
  • Body: Object containing hierarchical hardening options with descriptions:
  • Available hardening categories (passwordPolicy, accountLockout, kerberosHardening, groupPolicy, etc.)
  • Supported settings within each category
  • Parameter descriptions and recommended values
  • Security impact and compliance mappings

Pricing

PlanCalls/DayCalls/MonthPrice
-------------------------------------
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

  • Kong Route: https://api.mkkpro.com/hardening/active-directory
  • API Documentation: https://api.mkkpro.com:8127/docs

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-05-07 07:17 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

Free Ride - Unlimited free AI

shaivpidadi
管理OpenClaw的OpenRouter免费AI模型,自动按质量排名模型,配置速率限制备用方案,并更新opencla...
★ 472 📥 78,652
it-ops-security

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 90 📥 31,093
it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装后可防止您和您的用户受到提示注入、数据泄露及恶意行为的侵害。
★ 116 📥 31,028