hydden.docs

#

The Owner Details page provides an overview for a specific owner record discovered by Hydden.

Data Tiles

The following tiles with information are visible:

• Owner Information: This data includes the name, primary and if available alternate email addresses, type, status, phone, and mobile numbers, if available.
• Employee Information: It lists title, department, start/end dates, manager and location, if available.
• Threat Score: The risk indicator for this owner and all mapped accounts.
• Recent Failed Logins: A list of recent failed logins showing the platform and account name.
• Number of Accounts without MFA: These are account for which MFA has not been enabled despite being available.
• High Risk Accounts: A list of the top five high risk accounts associated with this owner record.

Data Tabs

The following tabs are available for themed data views:

• Owner Accounts: A list of the associated accounts.
• Group Membership: A list of group memberships for the associated accounts.
• Login History: The complete login history for all associated accounts.
• MFA Devices: An overview of MFA device data points. The default columns displayed are OIDC Provider, MFA Type, MFA Provider, MFA Create Date, and MFA Status. Other columns can be added to the view via the columns tab on the right side of the table grid.
• SSH (Public) Keys: An overview of ssh public key data points. By default the following data columns are displayed:
  • Source Account: The account that the key is associated with, could be root or operator or any account name.
  • Source SSH Host: The name of the system where the data was collected.
  • Source Platform: The platform (OS) on which the data was collected.
  • Source Account Type: The account type, like User, Service, Federated, etc.
  • Algorithm: The encryption algorithm used to generate the key.
  • Fingerprint: The actual fingerprint of the key.
  • Restriction: IP address or subnet restrictions, if in place.
  • Usage: Authentication
• SSH (Private) Keys An overview of ssh private key data points. By default the following data columns are displayed:
  • Target Account: The account that the private key is associated with, could be root or operator or any account name.
  • Target SSH Host: Name of the system where the private key is stored.
  • Target Platform: The platform (OS) on which the data was collected.
  • Target Account Type: The account type, like User, Service, etc.
  • Algorithm: The encryption algorithm used to generate the key.
  • Fingerprint: The actual fingerprint of the key.

Share

On Tenants that have the Integrate Action Providers and Workflows feature enabled, the share button is active on the details page. The button allows users, depending on the configuration, to send an email or create a ServiceNow ticket or both with instructions to further investigate the owner record.