hydden.docs

#

The Search Library dashboard provides quick access to all data points in Hydden. Click the listed queries to open the respective data reports for detailed reviews. The reports can also be opened via the Library tab in Global Search.

The Export CSV options allows reports to be exported for further data trimming.

Reports per Tile

[!note] If you are using a macOS system to access the Hydden UI, the scroll bar on the tiles with more than 5 reports might only become visible when moving the mouse to the outer right site of the tile.

Owners & Accounts

• General Account Query: Query to report on all account data.
• Accounts Created by Date: Query to report account data based on account creation date.
• Owners: Query to report owner properties in full details from various collection sources.
• Insights and Recommendations: Query to show Threat Score correlations to actions suggested by Cyber Security Framework matches. The Insights and Recommendations reports for different frameworks are visualized under the Insights and Recommendations page, which is accessible via click-thru from the main Threat Score widget on the Identity Posture Dashboard. Reports are available based on the different frameworks:
  • CIS v8
  • CRI v2 Tier4
  • NIST CSF v2.0

[!note] Depending on the amount of data collected for your organization, accessing a report via query might show a loading indicator.

Groups

• General Group Query: Query to report on all groups.
• Expanded Group Membership: Query to report on expanded group memberships. Expanded group memberships include direct members and groups. Those Groups in turn have direct members, but those members are considered expanded group members due to being added indirectly via group.
• Direct Group Membership: Query to report on direct group members only. Direct group members are individual accounts that are not added indirectly via another group.

Detections

• Account Z-Score: Query to report on Account Z-Scores.
• Account Threat Scores: Query to report on account-specific threat scores.
• Owner Threat Scores: Query to report the identity threat scores, with the higher scores listed first in the table.
• Threat Scores: Query to report all threat scores for all accounts.
• Compromised Accounts: Query to report all compromised accounts with details about Password Age and Change dates.

Ownership & Mapping

• Account Classification: Query to report account data based on Classification Rules.
• Account SSH Key - Authorized Public Keys: Query to report public ssh key details for discovered accounts.
• Account SSH Key - Private Keys: Query to report private ssh key details for discovered accounts.
• Account MFA: Query to report discoverable MFA details, like MFA type, provider, and device, to name a few.
• Account Vault Objects: Query to report on key vault data collected.
• SailPoint Certification

Vault Integrations

• Secrets by Account
• Secrets by Group
• Secrets by Group (Expanded)

• Vaulted Account Management: Query to report on discovered and/or vaulted or managed accounts if a vault integration is configured. Accounts can be added to the discovery workflow of an integration product. Accounts can also be vaulted.

  The most important columns for this report are:

  • PAM Status, which reflects either:
    • N/A
    • CyberArk Discovered, specific to the CyberArk integration discovery workflow.
    • Not Vaulted
    • Vaulted, through an integrated password/secrets vaults.
    • Password Managed, through an IGA solution.
  • Vault/Safe, which list the name of the Vault or Safe as specified in the vault integration configuration.
  • Actions, which can be used to add accounts to discovery or to vaults/safes, if available. Mouse over hover provides help text to indicate available options:
    • Add To CyberArk Discovery
    • Cannot Add To CyberArk Discovery
    • Add To Vault
    • Cannot Add To Vault

    [!note] Accounts that are already vaulted, will indicate “Cannot Add To Vault”. Accounts that are already known to the CyberArk Discovery workflow, will indicate “Cannot Add To CyberArk Discovery”.

  Refer to the CyberArk Integration - Onboarding Discovered Accounts to CyberArk for an example.

User Activity

• Authentication by Date: Query to report on authentication events for accounts.
• Stale Accounts: Query to report on stale accounts based on last known login event.
• Login Audit: Query to report on all login events.

Privileges

• Privileged Group Query: Query to report on all groups with elevated permissions.
• Privileged Role Query: Query to report on role permissions.
• Permissions and Roles - WIP, not active

Password/Secret

• Password/Secret Age: Query to report on the password or secret age. Accounts with the oldest password age listed first.
• Password/Secret Never Set: Query to report on accounts which never had a password or secret set after being created.

Resources & Entitlements

• General Resource Query
• Groups Extended Attributes Export
• Users Extended Attributes Export
• Resource Entitlements - WIP, not active