Global Search Default Table Columns
This reference provides a complete overview of the system columns available in the Global Search table. Each entity type (Owners, Accounts, Groups, Roles) has its own set of default columns optimized for that data type.
Overview
Global Search columns fall into three categories:
- System Columns: Core entity attributes collected from platforms (Platform, Name, Email, Status, etc.)
- Threat Rule Columns: Columns generated from default Threat Rules and custom threat rules
- Custom Columns: Organization-specific columns from custom threat rules or extended attributes
NOTE
Each row in the Global Search tables offers click-through to the entity details page for that specific entity, providing comprehensive information about relationships, threat analysis, and historical data.
Owners Tab Columns
The Owners tab displays individual identities with aggregated data from all mapped accounts.
Default Columns
| Column | Description | Type | Notes |
|---|---|---|---|
| Owner Name | The name under which the identity owner was established | String | Primary identifier; click to open Owner Details |
| Owner Email | Primary email address associated with the owner | String | Used for account mapping and contact |
| Mapped Accounts | Number of accounts mapped to this owner | Integer | Expandable chevron shows account list |
| Total Threat | Aggregated risk level for this owner from all mapped accounts | Score | Higher scores indicate greater risk |
Accounts Tab Columns
The Accounts tab displays individual user accounts, service accounts, and federated identities discovered across all connected systems.
Default Columns
| Column | Description | Type | Notes |
|---|---|---|---|
| Platform | System platform from which the account was collected | String | E.g., Azure AD, Active Directory, Okta, AWS |
| Data Source | Collector module that retrieved the account data | String | Data source name configured in Hydden |
| Type | Account type classification | String | User, Service, Federated, Discovered, or Vaulted |
| Display Name | Established display name for the account | String | Typically FirstName LastName format |
| Account Name | Name under which the account was initially created | String | Primary account identifier on the platform |
| Email address associated with the account | String | Used for owner mapping | |
| Total Threat | Risk level indicator for this account | Score | Aggregate of all applicable threat rules |
| Status | Account status | String | Enabled, Disabled, Locked, Expired, etc. |
Groups Tab Columns
The Groups tab displays security groups, distribution lists, and role groups with membership information.
Default Columns
| Column | Description | Type | Notes |
|---|---|---|---|
| Group Platform | System platform on which this group was discovered | String | E.g., Azure AD, Active Directory, Okta, AWS |
| Data Source | Collector module that retrieved the group data | String | Data source name configured in Hydden |
| Group Name | Group name as established in the directory service | String | Primary group identifier |
| Group Display Name | Group display name | String | Friendly name for the group |
| Direct Member Count | Number of direct members in the group | Integer | Accounts explicitly added to the group |
| Expanded Member Count | Number of expanded (nested) members | Integer | Includes direct members plus members from nested groups |
Roles Tab Columns
The Roles tab displays cloud roles, application roles, and permission sets with assignment counts.
Default Columns
| Column | Description | Type | Notes |
|---|---|---|---|
| Role Platform | System platform from which the role data was collected | String | E.g., Azure, AWS, GCP |
| Data Source Name | Collector module that retrieved the role data | String | Data source name configured in Hydden |
| Domain | Domain associated with the role | String | Cloud tenant or account identifier |
| Provider | Role provider | String | Azure, AWS, GCP, etc. |
| Name | Role name as used in the role provider | String | Primary role identifier |
| Direct Role Count | Number of accounts with this specific role assignment | Integer | Explicitly assigned accounts |
| Expanded Role Count | Number of accounts with this role due to inheritance | Integer | Includes direct assignments plus inherited roles |
Threat Rule Columns
Threat rule columns appear across all tabs based on default and custom threat detection rules. For a complete list, see Default Threat Rules.
Common Threat Rule Columns include:
- Privileged Account(s) - Entity has elevated privileges
- Password 90+ Days, Password 180+ Days - Password age exceeds thresholds
- Password Never Set - No password set since account creation
- MFA Not Enabled, MFA Status N/A - MFA configuration status
- Stale Account 90+ Days, 180+ Days, 365+ Days - No login activity
- More Than 5/10/20/25 Failed Login Attempts - Failed authentication attempts
- Breached Account(s), Breached Account(s) High Risk - Found in breach databases
- Group(s) 500+ - Member of 500+ groups
- No Owner, Shared Account, Shared Account+ - Mapping status
- Highly Privileged Group(s), Highly Privileged Role(s) - Elevated permissions
Custom threat rules created by your organization will automatically appear as additional columns.
Column Features
Sorting
- Click column header once for ascending sort (A-Z, 0-9, oldest-newest)
- Click again for descending sort (Z-A, 9-0, newest-oldest)
- Click third time to remove sorting
- Shift+Click additional columns for multi-column sorting
Filtering
Each column supports filtering based on data type:
- Text Filter: Contains, Equals, Starts with, Ends with
- Number Filter: Equals, Greater than, Less than, Between
- Set Filter: Select multiple values (checkboxes)
- Date Filter: Before, After, Between dates
Column Customization
Use the Columns panel to show/hide, reorder, pin, or search for columns. Preferences are saved per user in browser local storage.
Additional Columns
Beyond the default columns, many additional attributes are available via the Columns panel:
Common Additional Columns:
- User Principal Name, Domain, Short Domain
- Description, Classification
- Created date, Last Logon, Last Logon Age
- Password Changed, Password Age
- MFA Count, Pending MFA Count
- Is Privileged (0-10 scale)
- Failed Logon Count
- Object SID, Object GUID (Active Directory)
- Employee ID, Job Title, Department, Manager
- PAM Status, Vault/Safe (for vaulted accounts)
Platform-specific columns are also available for attributes unique to Azure AD, AWS, Okta, Linux, and other platforms.
Related Topics
- Global Search - Interactive search interface
- Entity Details - Understanding entity detail pages
- Threat Detection Rules - Default threat rule reference
- Account Classification - Account classification rules
- Identity Mapping - Account-to-owner mapping rules