Ignore write access to /adm folder in GPOs, it's not an attack vector

Author: lkarlslund

modules/integrations/activedirectory/analyze/gpoimport.go

@@ -73,6 +73,11 @@ func ImportGPOInfo(ginfo activedirectory.GPOdump, ao *engine.IndexedGraph) error
 			activedirectory.WhenChanged, item.Timestamp,
 		)
 
+		if strings.EqualFold(relativepath, "/adm") ||
+			strings.EqualFold(relativepath, "/gpt.ini") {
+			// not really useful from an attack perspective
+			continue
+		}
 		if relativepath == "/" {
 			ao.EdgeTo(itemobject, gpoobject, EdgeFSPartOfGPO)
 			gpoobject.Adopt(itemobject)