Application Catalog
The application Catalog page is where all the discovered applications are gathered from the agent-installed endpoints and Application Policy Groups can be created. When a system admin wants to define a policy group, an application can be selected from this discover application list, or its attributes can be input manually. Agent reports application metadata to Kron PAM for the enhanced security level of the policies and ease of use.
When an agent-installed endpoint detects applications installed on the device those applications will start appearing in the discovered applications. To observe applications under this menu you need to make a configuration under Application Discovery which will be mentioned in section 2.4 If you click on these applications on the right side of the page Kron PAM will display which endpoints have these applications installed. And when you click on the IP address shown Kron PAM will display the application metadata sent from that specific endpoint as shown in the image above. In metadata, we can discover the application name, hash of the application, version of the application, path of the application, signature of the application, source of the application, vendor of the application.
and Kron PAM applies policies over hash, application name, and application version.
On the Application Catalog screen Client and Server policies are also being separated. When creating an application policy group, you can indicate that the policy is for a client or server. Client means Windows 10 and 11. Server means Server 2016, 2019, and 2022. When the agent is installed on the endpoint it recognizes that the OS is the client or server. Hence receives policies according to OS type.
When a user wants to define a policy, an application policy group must be created for this purpose, the user clicks on the add button in the top right. corner.
Upon clicking the add button, the user is expected to input a group name and select a policy action.
Under this policy with elevation configuration, when an end user attempts to launch an application included in the policy, a prompt will be triggered, requesting the user to set a time limit for its usage. The end-user has the authority to determine the duration for which this application can be accessed. Once the elevation request is approved by the end user's manager, a temporary rule is generated specifically for that user.
This temporary rule remains active until the designated time limit expires. Upon reaching the expiration time, the temporary rule is automatically removed, revoking the elevated privileges previously granted to the user for that particular application. This mechanism ensures that elevated access is granted only for the required period, promoting security and control over privileged application usage.