English

Deutsch

English

Deutsch

Appearance

Architecture

This diagram illustrates Hydden Discovery's architecture framework, showing both Cloud and On-Premises deployment options, the broker architecture, available services, and data source collectors.

Integration Reference

The diagram shows key integration categories. See the Complete Integration Reference below for the named 45+ supported data sources and collectors.

🤖AI LayerTCP 443 · TCP 11434 (Ollama)
Anthropic
OpenAI
Google Gemini
🦙Ollamalocal

May require separate API Token Credit depending on provider

TCP 443 Cloud LLMsorTCP 11434 Ollama
🖥️'Server' / Microservice Layerhttps://portal.hydden.io
☁️ Any Public Cloud
🔒 Any Private Cloud
🏢 Any On-Premises Hypervisor

Windows / Linux / Mac / Container

SaaS Allowlisting: 57.151.59.226 · 172.171.154.194
TCP 22103 SMB ClientorTCP 22104 Msg Broker GWTCP 22100 Stream Broker
💻Client LayerOOB Collector Modules · Universal Collector

Windows / Linux / Mac / Container

Bootstrap: TCP 22101 (On-Prem) or TCP 443 (Cloud)

For SaaS customers, a built-in client service is available. Additional client needed only for on-premises or network-isolated data sources.

Source-specific ports ↓
📡Out-of-Box Collectors — 45+ IntegrationsAll ports adjustable per data source
☁️ Web / Cloud Sources
TCP 443 HTTPS
OktaSlackGoogle CloudAWSAzureSalesforceServiceNowGitHubGitLabWorkspaceDayforceTableauHIBP
💾 Database Sources
TCP 5432 PostgreSQL · TCP 1433 SQL Server
PostgreSQLSQL Server
🏗️ Datacenter / Endpoint
TCP 22 SSH · TCP 3269/3268, 636/389 AD/LDAP · TCP 443 VMware · TCP 5986 WinRM HTTPS · TCP 49152–65535 Windows RPC
Linux HostApache2Active DirectoryWindowsWindowsRmLDAPVMware vSphereAD Workstation
🐳 Orchestration
TCP 6443 K8s API
KubernetesK8s Pods
🛡️ Edge / Firewall
TCP 443 HTTPS
PAN-OS
🖧 Mainframe
TCP 22 SSH
IBM AS/400
🔑 Privileged Access & Vaults
TCP 443 HTTPS
CyberArkBeyondTrustSailPoint IIQKeeperStrongDMAWS Key VaultAzure Key Vault
🔧 Universal Collector
Ports vary per target data source

Connects to any data source via LDAP, SQL, REST, SCP, FTP, SFTP, FTPS, and Files.

REST APIDatabase SQLCSV / JSONCustom Scripts (sandboxed Python)

Examples: CCURE9K · Morpheus · Qualys · Symantec DCS · Workday · ADP · Jira · Domo · Oracle

Complete Integration Reference

Hydden Discovery supports 45+, fully verified, data source integrations across multiple categories:

☁️ Cloud Platforms & SaaS

  • AWS - Amazon Web Services (EC2, IAM, S3, etc.)
  • AWS Key Vault - AWS Secrets Manager
  • Azure - Microsoft Azure (AD, Resources, Subscriptions)
  • Azure Key Vault - Azure Secrets Management
  • Google Cloud - GCP (IAM, Projects, Resources)
  • Google Workspace - Gmail, Drive, Groups

👥 Identity & Access Management

  • Active Directory - Microsoft AD (Users, Groups, OUs)
  • AD Workstation - Windows workstation accounts
  • LDAP - Lightweight Directory Access Protocol
  • Okta - Cloud Identity Provider
  • SailPoint IIQ - Identity IQ Governance Platform

📱 Business Applications

  • GitHub - Repository access and teams
  • GitLab - Repository access and groups
  • Salesforce - CRM users and profiles
  • ServiceNow - ITSM users and roles
  • Slack - Workspace members and channels
  • Dayforce - HR and payroll system
  • Tableau - Analytics and visualization platform

🔐 Privileged Access & Vaults

  • BeyondTrust - Privileged Access Management
  • CyberArk - Enterprise password vault
  • Keeper - Password management platform
  • StrongDM - Infrastructure access platform

🗝️ Infrastructure & Systems

  • Linux Host - Linux servers (users, groups, sudo)
  • Linux Apache2 - Apache web server configurations
  • Windows Host - Windows servers and workstations
  • WindowsRm Host - Windows Remote Management
  • VMware vSphere - Virtual infrastructure
  • PAN-OS - Palo Alto Networks firewall

🐳 Container Orchestration

  • Kubernetes - K8s cluster access (RBAC, service accounts)
  • Kubernetes Pods - Pod-level access control

💾 Databases

  • SQL Server - Microsoft SQL Server
  • PostgreSQL - Postgres database
  • AS/400 - IBM System i (DB2)

🔍 Security & Threat Intelligence

  • Have I Been Pwned - Compromised credential detection

🔧 Universal Collector

The Universal Collector (Custom) allows integration with any system via:

  • REST API - HTTP/HTTPS API endpoints
  • Database SQL - Direct SQL queries (MySQL, Oracle, etc.)
  • CSV/JSON Files - File-based data imports
  • Custom Scripts - sandboxed Python-based data collection

Popular Universal Collector Examples:

  • Domo (Business Intelligence)
  • Oracle Database
  • Microsoft SQL (custom queries)
  • Custom REST APIs
  • HR systems (Workday, ADP, etc.)
  • Ticketing systems (Jira, etc.)
  • Custom applications

Architecture Components

Deployment Models

  • Cloud Deployment: Utilizes NATS Cluster as the Core Broker for centralized management
  • On-Premises Deployment: Uses Leaf Broker (Gateway) architecture for local data collection and processing

Identity Provider (IDP) Setup

Hydden uses OpenID Connect (OIDC) for platform authentication. Users sign in to both Hydden.Discovery and Hydden.Control through an external identity provider. The following providers are supported:

ProviderRequired Configuration
Microsoft Entra ID (Quick Setup)No additional credentials — Hydden manages the OAuth configuration
Microsoft Entra ID (Custom App)Azure AD Tenant ID, Client ID, Client Secret
GoogleClient ID, Client Secret
OktaOkta Domain, Client ID, Client Secret
Other OIDC ProviderIssuer URL, Client ID, Client Secret

The IDP authenticates users and issues tokens over TCP 443 (HTTPS). The authentication flow is:

  1. User accesses the Hydden portal or client web interface
  2. Hydden redirects the user to the configured OIDC provider
  3. The user authenticates with the identity provider
  4. The IDP returns an authorization token to Hydden
  5. Hydden validates the token and grants access based on assigned roles

Multi-Tenant Support

If a user's email is associated with multiple tenants, a tenant picker is presented after IDP authentication. Allowed email domains can be restricted per tenant.

Core Components

Hydden Server (Cloud)

The server component acts as the central hub using NATS Cluster technology, accessible at https://portal.hydden.io:

  • Manages multiple broker instances
  • Provides web services and reporting capabilities
  • Maintains the Identity Graph
  • Orchestrates all platform services

Hydden Client (On-Premises)

The client component operates as a gateway between on-premises infrastructure and the cloud:

  • Runs on Windows / Linux / Mac / Container
  • Leaf Broker architecture for secure communication
  • Local collector modules for data gathering (OOB Collector Modules, Universal Collector)
  • Connects to various data sources
  • Provides local services including web interface, reporting, and identity graph visualization
  • Bootstraps locally on TCP port 22101 (on-prem)

SaaS Customers

For SaaS customers, Hydden offers a built-in client service. An additional client service is only needed for connecting on-premises or network-isolated data sources.

Platform Services

Server Services

Comprehensive suite of services available on the server side:

  • Web Services: User interface and API endpoints
  • Classifications: Data categorization and tagging
  • Configuration: System settings management
  • Dashboard: Visualization and monitoring
  • Communications: Internal messaging system
  • Data Store: Persistent storage layer
  • Reporting: Analytics and report generation
  • Scheduler: Job scheduling and automation
  • Vault: Secure credential storage
  • Identity Mapper: Identity correlation engine
  • Entity Mapper: Entity relationship mapping
  • Time Server: Timestamp synchronization
  • Audit: Activity logging and compliance tracking
  • OpenAI Module: AI-powered insights and automation
  • Notification: Alert and notification system
  • Package Repository: Module and update management
  • Simple KV Store: Key-value storage
  • Stream: Real-time data streaming
  • SNOW Action: ServiceNow integration actions
  • SMTP Action: Email notification actions

Client Services

Services available on the client (on-premises) side:

  • Web Services: Local web interface
  • Gateway: Secure communication bridge
  • Vault: Local credential management

Data Source Collectors

The platform supports an unlimited number of data source integrations across multiple categories, especially via the Universal Collector data source. For a list of fully verified integrations, see Complete Integration Reference above:

Identity Systems (6)

Active Directory, AD Workstation, LDAP, Okta, SailPoint IIQ

Cloud Platforms (6)

AWS, Azure, Google Cloud, Google Workspace, AWS Key Vault, Azure Key Vault

Business Applications (7)

Salesforce, ServiceNow, GitHub, GitLab, Slack, Dayforce, Tableau

Privileged Access & Vaults (4)

BeyondTrust, CyberArk, Keeper, StrongDM

Infrastructure (6)

Linux Host, Linux Apache2, Windows Host, WindowsRm, VMware vSphere, PAN-OS

Container Orchestration (2)

Kubernetes, Kubernetes Pods

Databases (3)

SQL Server, PostgreSQL, AS/400

Security & Threat Intelligence (1)

Have I Been Pwned (HIBP)

Universal Collector (Custom)

REST APIs, Database SQL, CSV/JSON Files, Custom Scripts (sandboxed Python)

Network Ports & Connectivity

The following table lists the default ports used by Hydden collectors to communicate with data sources. All ports can be adjusted depending on data source support for custom ports.

Data Source Ports

Data Source CategoryPort(s)Protocol / Notes
Web/Cloud Sources (AWS, Azure, GCP, Okta, SaaS apps)TCP 443HTTPS
Active DirectoryTCP 3269/3268, 636/389Global Catalog (SSL/non-SSL), LDAPS/LDAP
LDAPTCP 636/389LDAPS (SSL) / LDAP
Linux / SSH HostsTCP 22SSH
WindowsRmTCP 5986WinRM over HTTPS only
WindowsTCP 49152–65535RPC dynamic port range
MainframeTCP 22SSH
PostgreSQLTCP 5432PostgreSQL wire protocol
SQL ServerTCP 1433TDS (SQL Server)
KubernetesTCP 6443Kubernetes API Server
KeeperTCP 443HTTPS
EdgeTCP 443HTTPS
Value-Add Integrations (ServiceNow, BeyondTrust, etc.)TCP 443HTTPS
Universal CollectorVariesPorts depend on the target data source

Platform Communication Ports

ConnectionPort(s)Description
Client → Server (Gateway)TCP 22103 (SMB Client) or TCP 22104 (Message Broker Gateway)Outbound from client to server
Client Bootstrap (On-Prem)TCP 22101Local bootstrap for on-premises client setup
Stream BrokerTCP 22100Outbound from client to server for real-time data streaming
Server → AI LayerTCP 443 or TCP 11434 (Ollama)Outbound from server to AI providers (cloud APIs or local Ollama)
IDP AuthenticationTCP 443OIDC identity provider (Entra ID, Okta, Google, or custom)

AI Token Requirements

AI layer connectivity may require a separate API token credit depending on the AI provider.

SaaS Allowlisting

If your organization requires IP allowlisting for Hydden SaaS, add the following public IPs to your firewall rules:

IP AddressIdentifier
57.151.59.22650b2e38e-0fd3-45f6-a8ed-e5ace54d387e
172.171.154.194kubernetes-a4ac63ffe385b4d648ba0214d896d3bb

Communication Flow

  1. Client → Server Communication: Outbound-only connection from on-premises clients to the cloud server via TCP 22103 (SMB Client) or TCP 22104 (Message Broker Gateway), with TCP 22100 for stream broker traffic
  2. Server → AI Communication: Outbound-only connection from the server/microservice layer to AI providers over TCP 443 (cloud LLMs) or TCP 11434 (local Ollama instances)
  3. Service Integration: Brokers utilize various services for processing and management
  4. Data Collection: Clients gather data from connected sources using source-specific ports (see Network Ports) and transmit to brokers for processing
  5. IDP Authentication: Users authenticate through the configured OIDC identity provider over TCP 443 (HTTPS) before accessing any Hydden services
  6. Distributed Processing: Multiple clients can operate independently while maintaining connection to the central server

Scalability

The architecture supports:

  • Multiple server brokers for load distribution
  • Multiple client brokers for geographic distribution
  • Multiple collector clients for broad data source coverage
  • Flexible deployment models (cloud-only, hybrid, or on-premises)

Hydden Documentation and Training Hub

Copyright © 2026 Hydden