Modules
What it is: Hydden Discovery is built from modules. Each module performs a specific function — either collecting identity data from a target system or running a platform service that processes that data.
Why it matters: Knowing which modules exist helps you plan deployments and troubleshoot issues. Collector modules determine what systems you can scan. Platform modules provide the services that map, classify, and report on the collected data.
Module Types
Discovery modules fall into two categories:
- Collector — Connects to a target system and retrieves identity data (accounts, groups, roles, MFA status). Collectors run through a local client service or via cloud API endpoints. No agent is installed on the target.
- Platform — Provides an internal service such as identity mapping, scheduling, reporting, or storage. Platform modules run on the Discovery server.
Collector Modules
Cloud and SaaS
| Module | Platform ID | Discovers | Collection Method |
|---|---|---|---|
| AWS Collector | aws | Users, service accounts, groups, MFA, SSH keys | Cloud API |
| AWS Secrets Collector | awskv | Secrets for user and service accounts | Cloud API |
| Azure Collector | azure | Users, service accounts, groups, MFA, devices, role assignments | Cloud API |
| Azure Key Vault Collector | azurekv | Key vault secrets and access policies | Cloud API |
| Dayforce Collector | dayforce | HR users, groups, MFA | Cloud API |
| GitHub Collector | github | Organization members, teams, groups, SSH keys, roles | Cloud API |
| GitLab Collector | gitlab | Organization members, teams, groups | Cloud API |
| Google Cloud Platform Collector | googlecloud | Users, service accounts, groups | Cloud API |
| Google Workspace Collector | googleworkspace | Users, roles, groups | Cloud API |
| HIBP Collector | hibp | Breach data for accounts and identities | Cloud API |
| Keeper Collector | keeper | Vault users (not stored secrets) | Cloud API |
| Okta Collector | okta | Users, service accounts, groups, MFA, applications | Cloud API |
| SailPoint ISC Collector | sailpoint_isc | Users, service accounts, groups, MFA from connected apps | Cloud API |
| Salesforce Collector | salesforce | Users, service accounts, groups, MFA | Cloud API |
| ServiceNow Collector | servicenow | Users, service accounts, groups, MFA from connected apps | Cloud API |
| Slack Collector | slack | Users, MFA | Cloud API |
| Tableau Collector | tableau | Users, groups | Cloud API |
Data Center and On-Premises
| Module | Platform ID | Discovers | Collection Method |
|---|---|---|---|
| Active Directory Collector | ad | Users, service accounts, computers, groups, memberships | Local client (LDAP) |
| Apache (Linux) Collector | linux_apache2 | Users, groups | Local client (SSH) |
| AS/400 Collector | as400 | Users, status | Local client |
| LDAP Collector | ldap | Users, groups | Local client (LDAP) |
| Linux Collector | linux | Users, groups, logon events, SSH keys | Local client (SSH) |
| PAN-OS Collector | panos | Users, groups, MFA | Local client (API) |
| VMware vSphere Collector | vsphere | Users, groups, logon events | Local client (API) |
| Windows Collector | windows | Users, groups | Local client (WMI) |
| WindowsRM Collector | windowsrm | Users, groups, logon events | Local client (WinRM) |
Databases
| Module | Platform ID | Discovers | Collection Method |
|---|---|---|---|
| PostgreSQL Collector | postgresql | Users, service accounts, groups | Local client |
| SQL Server Collector | sqlserver | Users, service accounts, groups, federated accounts | Local client |
Orchestration
| Module | Platform ID | Discovers | Collection Method |
|---|---|---|---|
| Kubernetes Collector | k8s | Users, groups, memberships | Cloud or local API |
| Kubernetes Pod Collector | linux_pod | Users, groups within pods | Cloud or local API |
Vault and PAM Integrations
| Module | Platform ID | Discovers | Collection Method |
|---|---|---|---|
| BeyondTrust Collector | beyondtrust | User accounts, API accounts, groups, MFA | Cloud API |
| CyberArk Collector | cyberark | Users, service accounts, vaulted accounts, discovered accounts, safes, groups, roles, MFA | Cloud API |
| StrongDM Collector | strongdm | Users, access grants | Cloud API |
IGA and Universal
| Module | Platform ID | Discovers | Collection Method |
|---|---|---|---|
| SailPoint IIQ Collector | sailpoint_iiq | Users, service accounts, groups, MFA from connected apps | Local client |
| Universal Collector | generic | User, service, and resource accounts (custom via sandboxed Python scripts) | Cloud or local |
Platform Modules
| Module | Description |
|---|---|
| Add to Vault Action | Automates adding discovered accounts to a vault through workflows. |
| Allow On-Prem Collector | Manages on-prem licensing and tenant configuration. |
| Audit | Records and stores platform audit events. |
| Classifications | Assigns classifications to accounts based on configurable rules (e.g., nationality, OU location). |
| Communications | Manages data exchange between the platform and external systems. |
| Configuration | Manages all configuration settings in Hydden. |
| Dashboard | Provides dashboards for account, identity, group, threat, and audit data with 52-week history and report execution. |
| Data Store | Hydden's distributed identity graph store. Maintains historical identity attributes and relationships. |
| Data Validation | Validates collected data against quality rules. |
| Entity Mapper | Provides backend matching for identity rules, threat rules, and classification rules. |
| Gateway | Central control point for managing and securing access to services and data. |
| Identity Mapper | Analyzes accounts and assigns them to identities. |
| IGA Data Provider | Supports integration with external IGA systems. |
| License Manager | Manages Hydden platform licensing. |
| OpenAI Module | Provides AI assistant and chatbot capabilities for data analysis. |
| Package Repository | Manages client and server installation packages. |
| Reporting | Hydden reporting engine for queries, filters, and SSRM reports. |
| Scheduler | Automates recurring and one-time jobs based on schedules or conditions. |
| ServiceNow Action | Creates tickets in ServiceNow through configured workflows. |
| Slack Chatbot | Provides Slack bot functionality used by the OpenAI Module. |
| SMTP Action | Sends email notifications through configured actions and workflows. |
| Stream | Persistent streaming backend. Multiple instances form a quorum for event durability. |
| Time Server | Provides coordinated time for collections across all clients and stores. |
| Upgrade | Manages system upgrades and enhancements. |
| Vault | Provides encryption as a service using platform-specific key vault storage. |
| Vector Store | Stores and queries vector embeddings for AI-powered search. |
| Webhook Action | Sends webhook calls as part of automation workflows. |
| Web Services | Manages all internet and cloud-connected sources and resources. |