Make AD & Entra ID make sense
We understand the graph so your team doesn't have to. You get a clear, prioritized view and spend your time fixing, not decoding.
Make sure you see it first. GrexID makes sense of your Active Directory and Entra ID, scores every object 0 to 100, and points to the one edge that collapses half the graph — so your team focuses on fixing, not decoding.
Every permission, group membership and ACE is an edge. Chain them and a forgotten service account reaches Domain Admin in four hops. GrexID draws the whole chain before anyone else does.
Active Directory and Entra ID are a tangle of permissions nobody fully holds in their head. GrexID reads the whole thing for you and hands back a clear, prioritized picture.
We understand the graph so your team doesn't have to. You get a clear, prioritized view and spend your time fixing, not decoding.
Every object, attack path and identity gets a heuristic risk score — with an AI layer that judges whether each privilege actually makes sense. Export it to enrich your other tools.
Remediation is step one. We watch every change, show its impact before you apply it, and flag a privilege escalation from its very first hop.
Everything a security team needs to stop guessing: heuristic and AI-driven risk, predicted impact, and the exact list of what to touch — in what order.
Heuristics find what's dangerous. The AI layer reasons about how your organization is actually shaped to find what's unjustified — the access nobody can explain, the rights that drifted, the privilege no role in your company should hold.
A heuristic score for every user, group and permission — paths, exposure, scope and proximity to Domain Admin. Export it to enrich your SIEM, IGA or CMDB.
Across Active Directory and Entra ID, see how an attacker escalates to your crown jewels — and which paths to fix first. Shortest path and alternates.
Simulate removing a permission and see what breaks before you touch production. Fix without locking anyone out.
Find the super-connectors whose compromise spreads across the whole environment. Fix the choke point, not the leaves.
Agents watch permission, group and descriptor changes in near real time — and catch a privilege escalation from its very first hop, long before it reaches Domain Admin.
Breached, weak and reused passwords — K-anonymity checked. Plaintext never leaves your network.
Search any object across AD and Entra ID and instantly understand who is a risk to you — risk, permissions and relationships in plain view.
30+ dangerous permissions inspected (GenericAll, WriteDACL, DCSync…) with risk classification and remediation guidance.
Designed to drop into the tools you already run. A documented REST API plus API Hooks push risk and change events straight into your SIEM, ticketing or automation.
GrexID drops into the stack you already run. Every metric sits behind a documented REST API, and API Hooks push risk and change events to your SIEM, ticketing or SOAR the moment they happen — risk that enriches your tools, not another dashboard to check.
Results in hours with what you already have in BloodHound. When you need it, level up to full endpoint visibility and hybrid environments.
GrexID was built under Spain's Esquema Nacional de Seguridad (Royal Decree 311/2022, MEDIA category). Every feature declares the D/A/I/C/T dimensions it touches. Compliance wasn't added — it was in the blueprint.
From analyst to boardroom, the same quantified-risk language. Every role sees what it needs without translating.
Prioritize by quantified impact. No more eyeballing what to fix first.
Investigate compromises with attack paths and a change timeline. Spot anomalies live.
Clean up excessive permissions with a safety net: see the impact before you apply it.
Prove your AD posture with metrics, audit trails and standards-aligned reporting.
Document attack paths for offensive testing and harden defenses by cascade impact.
Board-ready dashboards, historical trend and demonstrable security ROI.
Request a demo and we'll look at it on your directory. In hours you'll have the number — and the one edge that cuts more than half.