hydden.docs

#

The Account Details page provides an overview of a specific account record discovered by Hydden.

Data Tiles

The following tiles with information are visible:

• Account Information: This data includes the name, type, such as user, service, federated, status and mapped to details.
• Account Source: Lists the platform, data source platform and name, and the domain.
• Risk Level: The risk indicator for this account based on the threat rules in the table grid.
• Multi Factor Authentication: Indicates if this specific account is under MFA rules.
• Last Logon: Shows the last logon date for this account if available.
• Password Information: Shows details like the password age and date of last password change.

Data Tabs

The following tabs are available for themed data views:

• Account Threat Information: A list of all threat rules that apply to this account and determine the overall risk level.
• Group Membership: A list of group memberships for the account.
• Login History: The complete login history for the account.
• MFA Devices: An overview of MFA device data points. The default columns displayed are Provider, MFA Type, and MFA Status. Other columns can be added to the view via the columns tab on the right side of the table grid.
• SSH (Public) Keys: An overview of ssh public key data points. By default the following data columns are displayed:
  • Source Account: Could be root or any account on the collection system.
  • Source SSH Host: The name of the data source collector as created in Hydden.
  • Source Platform: The platform on which the data was collected.
  • Source Account Type: The account type, like User, Service, Federated, etc.
  • Algorithm: The encryption algorithm used to generate the key.
  • Fingerprint: The actual fingerprint of the key. <!–* Key Description: Any comment or description added to the key during the key creation.
  • Key Path: Location of the key on the system on which it was discovered.
  • Last Updated: Date/Time stamp of last update record.–>
  • Restriction: IP address or subnet restrictions, if in place.
  • Usage: Authentication <!–* Hardware Token: Yes or No
  • Key Status: Enabled or Disabled–>
• SSH (Private) Keys An overview of ssh private key data points. By default the following data columns are displayed:
  • Target Account: Discovered user for the private key.
  • Target SSH User: Discovered user for the private key.
  • Target SSH Host: Name of the system where the private key is stored.
  • Target Platform: The platform (OS) on which the data was collected.
  • Target Account Type: The account type, like user or service account, etc.
  • Algorithm: The encryption algorithm used to generate the key.
  • Fingerprint: The actual fingerprint of the key.
  • Key Description: Any comment or description added to the key during the key creation. <!–* Key Path: Location of the key on the system on which it was discovered.
  • Last Updated: Date/Time stamp of last update record.
  • Hardware Token: Yes or No
  • Password Protected: Yes or No–>
• Tokens:

Share via Action

On Tenants that have the Integrate Action Providers and Workflows feature enabled, the Action button is available on the details page. The button allows users, depending on the configuration, to send an email, create a ticket or trigger other configured workflows for the account.