Docs
Configuration
Discover
Data Sources Overview

Data Sources Overview

Connect Hydden to any data source, Active Directory, Okta, LDAP, etc. and discover identities, accounts, and privileges in seconds.

The template for setting up data sources is similar, with just a few data source-specific fields to differentiate. Any on-premises data source requires a local client deployment.

  1. To access the data sources page, navigate to Configuration > Discover and select Data Sources.

    img
    Data Sources page

  2. To add a new data source, click + Add Data Source.

    img
    Create Data Source page

    The first field on the Add Data Source modal is a drop-down to select the type of data source to be created. The default is Active Directory, change the Data Source selection to the correct option for your specific collection needs. The data source options are organized by Cloud, Database, and Data Center.

    img
    Data Source drop-down menu
    Based on the selection of that data source drop-down, there is a slight difference for the field that specifies the actual source address.

  3. For Name enter an easy-to-identify name, especially if several data sources for the same service are to be created.

  4. The next field depends on the data source to be configured. For

    • Active Directory, under Domain/Controller enter a fully qualified domain name (for example, ad_dns_name.corp or us.philly.ad.corp) or an IP address.
    • Azure or Okta, enter the Tenant identifier of your tenant, usually an alpha-numeric string.
    • Linux Host or Windows Host, enter the Hostname (for example, linux1.demo.corp or win11.bos.corp) or an IP Address. For Linux specify your preference of how to run the data collection, and use the check box to run elevated with sudo.
    • Have I Been Pwned, select which API key you want to use. Hydden offers a shared API key for customers; however, customers may also use their own Have I Been Pawned account. Add the API Key as a Cloud Credential.

  5. Under Presets, pre-configured data collection schedules and credentials are available for selection if configured. If you use one of the presets, the Schedule and Credentials fields contain the configured data, but they are grayed out.

    img
    Example of configured presets

  6. To manually specify credentials, enter the login information for your data source via the Credentials field or the + option.

    img

  7. To manually specify a Schedule for the data collection, specify the schedule via the Schedule field. This can be done by selecting from a list of pre-configured collection schedules or by manually entering a new schedule.

  8. Under Site specify the site matching your client registration site.

  9. For Identity Mode, three options are available:

    • Account, recommended for Azure, Linux Host, Windows Host, and Have I Been Pwned.
    • Identity, recommended for Active Directory.
    • Identity (if mapped), this will only collect accounts that have been mapped to a known identity.

  10. Click Add to save the data source. You have an option to manually run the data collection via the Run Now button.

Permissions

The Hydden collectors require read access to the data they are collecting. The following table provides and overview of least privileges for the account passwords used with local data sources.

CollectorAccount typeMinimum Permissions
Active Directory (AD)user/service accountread access to all data objects
Apache (Linux)user/service accountsudo access
LDAPuser/service accountread access to root directory tree
Linux Hostuser/service accountsudo access
Windows Hostuser/service accountbelonging to local Admin group
WindowsRm Hostuser/service accountbelonging to local Admin group
How to Configure an AWS Data Source