Default Rules
This article provides and overview of the default threat detection rules available to all Hydden customers.
The rules are grouped into categories and names:
| Category | Name | Description | Threshold | Score |
|---|---|---|---|---|
| Account Activity | More than {x} Failed Login Attempts | Hydden has rules configured for 5, 10, 20, and 25 failed login attempts. These are configured with the entity set to Account. | 5 attempts | 6 |
| 10 attempts | 7 | |||
| 20 attempts | 8 | |||
| 25 attempts | 9 | |||
| Account Activity | Stale Account {x}+ Days | Hydden has rules configured for 90+, 180+, 275+, and 360+ days for stale accounts. These are configured with the entity set to Account. | 90+days | 2 |
| 180+ days | 3 | |||
| 275+ days | 4 | |||
| 365+ days | 5 | |||
| Account Statistics | Account Z-Score | Provides a mean to identify high absolute z-score values for accounts in groups. | - | 10 |
| Breaches | Breached Account(s) | These are configured with the entity set to Account. | - | 5 |
| Breaches | Breached Account(s) High Risk | These are configured with the entity set to Account. | - | 5 |
| Group Membership | Group(s) 500+ | Large group detection, configured with an entity of Group Membership. | 500+ groups | 2 |
| Identity Mapping | No Owner | Alerts to accounts without owner designation. Configured with an entity of Account. | - | 7 |
| Identity Mapping | Shared Account | Alerts to an account that is shared with another user. Configured with an entity of Account. | - | 8 |
| Identity Mapping | Shared Account+ | Alerts to an account that is shared with more than one other user. Configured with an entity of Account. | 1+ | 10 |
| Password and Security | MFA Not Enabled | Accounts for which MFA has not been enabled. | - | 6 |
| Password and Security | MFA Status N/A | Accounts for which an MFA status is not available. | - | 2 |
| Password and Security | Password 180+ Days | Accounts with a password age of 180 or more days. | 180+ | 4 |
| Password and Security | Password 90+ Days | Accounts with a password age of 90 or more days. | 90+ | 8 |
| Password and Security | Password Never Set | Accounts for which a password was never set up. | - | 2 |
| Privilege | High Privileged Group(s) | Groups for which privileges have not been trimmed. | - | 4 |
| Privilege | High Privileged Role(s) | Roles for which privileges have not been trimmed. | - | 4 |
| Privilege | Privileged Group(s) | Groups with privileges. | - | 2 |
| Total Calculation | Account Activity (Total) | internal calculation module | - | 6 |
| Total Calculation | Breach Data (Total) | internal calculation module | - | 10 |
| Total Calculation | Expired Accounts (Aggregated) | internal calculation module | - | 10 |
| Total Calculation | Group Membership (Total) | internal calculation module | - | 0 |
| Total Calculation | Identity Mapping (Total) | internal calculation module | - | 0 |
| Total Calculation | Password & Security (Total) | internal calculation module | - | 8 |
| Total Calculation | Privilege (Total) | internal calculation module | - | 10 |
| Total Calculation | Total Threat (Max) | internal calculation module | - | 100 |
| Total Calculation | Total Threat (Weighted Avg) | internal calculation module | - | 100 |