Default Threat Rules
This article provides and overview of the default threat detection rules available to all Hydden customers.
Each rule can be specified to be shown in Reports or Posture. By default both options are checked on sll default threat rules.
Default Threat Rules
| Category | Name | Description | Threshold | Score |
|---|---|---|---|---|
| Breaches | Account Password Not Changed Since Public Breach | This rule flags any accounts that have been identified as having been breached and where the password change date is not known or older than the breach date. | - | 10 |
| Account Statistics | Account Z-Score | Provides a mean to identify high absolute z-score values for accounts in groups. | - | 5 |
| Account Activity | Accounts not used in 90+ Days | This rule flags all accounts that have been stale for 90+ days with a risk score. | 90+days | 10 |
| Account Activity | Accounts with 10+ Failed Login Attempts in 1 Hour | This rule flags accounts with more than 10 failed login attempts in a period of one hour. | 10+ | 10 |
| Password and Security | Accounts with MFA Not Enabled | Accounts for which MFA has not been enabled. | - | 8 |
| Owner Mapping | Accounts with No Owner | Alerts to accounts without owner designation. | - | 8 |
| Password and Security | Accounts with Password 90+ Days | Accounts with a password age of 90 or more days. | 90+ | 5 |
| Password and Security | Accounts with Password Never Set | Accounts for which a password was never set up. | - | 10 |
| Privilege | Highly Privileged Group(s) | Groups for which privileges have not been trimmed. | - | 5 |
| Privilege | Highly Privileged Role(s) | Roles for which privileges have not been trimmed. | - | 5 |
| Owner Mapping | Shared Account | Alerts to an account that is shared with another user. | - | 5 |
Default Aggregation Rules
| Category | Name | Description | Threshold | Score |
|---|---|---|---|---|
| Total Calculation | Account Activity (Total) | internal calculation module | - | 10 |
| Total Calculation | Account Statistics (Total) | internal calculation module | - | 10 |
| Total Calculation | Breach Data (Total) | internal calculation module | - | 10 |
| Total Calculation | Expired Accounts (Aggregated) | internal calculation module | - | 10 |
| Total Calculation | Group Membership (Total) | internal calculation module | - | 10 |
| Total Calculation | Owner Mapping (Total) | internal calculation module | - | 10 |
| Total Calculation | Password & Security (Total) | internal calculation module | - | 10 |
| Total Calculation | Privilege (Total) | internal calculation module | - | 10 |
| Total Calculation | Total Threat - the total threat aggregation rule can be configured as Maximum, Totals Average (default), and Weighted Average. Contact Hydden Support to learn more about which setting to use for your specific needs. | internal calculation module | - | 100 |