English

Deutsch

English

Deutsch

Appearance

What's New

Hydden release notes entries are catalogued by calendar year. To review What's New entries prior to 2026, refer to

Refer to the Changelog entries to review information regarding added or edited documentation topics.

Hydden.Discovery - 1.21.0

Released TBD

AI Assistant

  • Skills — Additional Frontmatter: Embed custom metadata in exported skills. Add optional YAML fields such as compatibility or license to a skill's SKILL.md frontmatter directly from the Skills editor. On import, any extra frontmatter fields are preserved automatically.
  • Skills — Name Format: Skill names now use a consistent format — lowercase letters, numbers, and hyphens — so they work reliably as tool identifiers in agent sessions.

Identity Mapping

Hydden.Discovery - 1.20.0

Released: 03/06/2026

Configuration

  • Clients: New comprehensive guide to the Clients page. Covers what clients are and how they run collection jobs on your network, how to register a new client using a join code, how to edit client configuration (site, modules, connection targets, network addresses), how to monitor live client status, how to stream real-time logs for troubleshooting, and how to remove a client.
  • Credential Providers: New guide to the Credential Providers page. Covers how vault credential providers work, supported vault types (CyberArk and BeyondTrust), how to configure provider connection settings (URL, Application ID, site), and how to manage client certificates — including import, generation (for testing), copy, and delete.

Attestation & Certifications

  • Certifications Overview: New guide to the Certifications feature. Manage identity access review campaigns with three certification types — Identity Integrity, Schema Integrity, and Report Integrity. Certifications move through a tracked lifecycle (Pending, In Progress, Completed, Abandoned), support priority and due date assignment, and auto-transition status as reviewers take action.
  • Review Certification Data: Open a certification to view collected identity records in a sortable, filterable grid. Export the current data set as CSV with a filename that includes the connector and entity type. Switch to Compare mode to view a side-by-side diff of records from two different data sources.
  • Scheduled Certifications: Run Identity Integrity certifications automatically on a cron schedule. Certifications for tombstoned or unreachable connectors are skipped. The scheduler seeds the next-run time from the most recently completed certification to prevent duplicate runs.
  • Certificate List Reliability: Deleted certificates are now excluded from the certificate list automatically. Discovery also logs the file path, CN, SANs, and default status when loading certificates from disk, making configuration issues easier to diagnose.

Attestation & Automation

  • Certification Status Trigger: Workflow trigger that fires when certification campaigns change status. Use it to send email reminders, create tickets, or notify managers when access reviews require attention. Supports filtering by certification ID.
  • Email To-Field Template Variables: The To field in email workflows now supports template variables such as {AssignedToEmail}. Recipients resolve at runtime, and empty values are skipped automatically.

Attestation & Compliance

  • Scheduled Certifications: Automate certification campaigns with cron-based scheduling. Certifications run at configured intervals with timezone support and automatic skip for tombstoned collectors.

Identity Management & Threat Detection

  • Safes Manager Assignment: Assign managers to PAM safe containers in bulk. The Safes page now includes timeline integration for viewing historical safe inventories and enhanced grid controls.
  • Threat Score Architecture: Expanded documentation for the threat scoring system. Scores range from 0–100 across 8 categories (Account Activity, Account Statistics, Breach Data, Expired Accounts, Group Membership, Owner Mapping, Password & Security, Privilege), each capped at 10 points. Scores classify as Low (0–24.99), Moderate (25–74.99), or Critical (75+).
  • Default Threat Rules: Complete reference for all 27 default threat detection rules organized by category, including detection-only rules, disabled rules, and compliance framework mappings.
  • Z-Score Detection: Expanded Group Membership Deviation (Z-Score) documentation with formula, default parameters, worked example, interpretation guide, and threshold customization guidance.
  • Custom Threat Rules: Full configuration reference for custom threat rules including detection-only mode, propagation type (max/sum), platform and data source filters, and score severity guidance.
  • Identity Status Lifecycle: Documentation for all 8 identity status values (Active, Inactive, Prestart, On Leave, Terminated, Retired, Suspended, Deceased) and 5 owner types (Human, Service, Resource, Vault, Other).
  • Classification Rule Query Fields: Complete reference for 15 query fields available in classification rules, including Path, Name, Type, Display Name, UPN, Email, Title, Department, IsPrivileged, Custom1–10, Employee ID, and Group Name.

AI

  • AI Skills: Configure reusable AI skills and attach them to agents as callable tools. Each skill packages its own tools and knowledge base collections behind a focused prompt. Agents delegate to skills at runtime, letting you build modular AI workflows without duplicating configuration.
  • Skill Resource Archives: Package an entire skill — prompt, supporting scripts, and reference files — into a single ZIP file. Import the ZIP directly from the Skills page to create a new skill, or attach a resource archive to any existing skill. The AI agent loads individual files from the archive on demand as it works through a task, keeping context lean and focused.
  • Hybrid Search for Knowledge Base: Knowledge base collections now combine semantic (vector) and full-text keyword (BM25) search for improved query results. Configure the search balance with Default Alpha, set result limits with Default Top K, and filter by relevance with Default Min Score.
  • Agent Types: Agents now support two modes: Agentic for interactive chat with tool execution, and Completion for inline code autocomplete. Select the mode when creating or editing an agent.
  • Provider Cost Tracking: Configure per-token input and output costs on AI providers. Costs are calculated automatically for each session and displayed in the Sessions list.
  • OpenAI Base URL: OpenAI-compatible providers now support a custom Base URL, enabling connections to Azure OpenAI Service, local proxies, and other OpenAI-compatible endpoints.
  • Session Cost Visibility: The Sessions table now displays per-session cost based on provider token pricing, helping administrators track AI usage and costs.

Search & Reports

  • Enhanced Date Filters: New relative date filter options for date columns including "The next month", "The previous month", "The next six months", "Today", and "Today or later". Relative filters update automatically based on the current date for recurring saved searches.
  • Reorganized Search Library: Search Library categories reorganized for better discoverability. "Classification & Certification" category now groups account classification and compliance queries. "Passwords, Secrets & Certificates" category consolidates all credential-related queries including MFA, SSH keys, and secrets.
  • Search Library Category Reorder: Search Library category display order updated. "Passwords, Secrets & Certificates" now appears earlier in the library for faster access to credential-related queries.
  • Account Secrets & Certificates Query: Renamed from "Account Credentials" with expanded visibility into certificate data alongside secrets.
  • Manager Field in Reports: Manager field support added to Global Search Accounts and Account Query reports. Filter and display account manager assignments directly in search results.
  • Secrets and Certificates Visibility: Secrets and certificates are now visible in Global Search, enabling security teams to track credential metadata across the identity inventory.

Data Sources

  • Azure Custom Security Attributes: Collect custom security attributes from Microsoft Entra ID users and service principals. These business-specific key-value pairs enable threat rules and searches based on organizational classifications, compliance tags, and attribute-based access control assignments.
  • Azure Sign-In Activity Collection: Optimized collection of last login data with a separate API call for better performance on large tenants.
  • Azure App Credential Linkage: Service principals now display inherited credentials from their parent application registrations.
  • Windows Foreign Security Principal Detection: Enhanced cross-domain group member detection with dedicated entity and edge types for foreign security principals.
  • Dayforce Non-Employee Accounts: Collect non-employee user accounts from custom Dayforce reports. Configure a Report XRefCode to discover contractors, vendors, and other non-employee identities alongside standard HR accounts.
  • SailPoint ISC Sync Enhancements: Improved duplicate application handling when multiple Hydden data sources share an ISC tenant, plus attribute schema mapping for account descriptions.
  • SailPoint ISC Role Sync: ISC collector now collects and syncs role entitlements separately from groups. Roles have dedicated schemas and aggregation operations, with connection testing before aggregations.
  • Configurable Display Name Attribute: Generic and IGA data source collectors now support a configurable Display Name Attribute. Set which source attribute becomes the display name for identities in Hydden, separate from the identity key attribute. SailPoint ISC and IIQ now also read and track the display attribute from the source schema automatically.
  • CyberArk Username Field Selection: Vaulted credentials for CyberArk now let you select which platform property to use as the credential username. Available fields depend on the CyberArk platform configuration.
  • Universal Collector — Atlassian: Collect users, managed accounts, groups, and roles from Atlassian (Jira, Confluence, and related products) using the REST module.
  • Universal Collector — Blackline: Collect users, teams, and roles from the Blackline financial close management platform using the REST module.
  • Universal Collector — Deel: Collect users and groups from the Deel HR and payroll platform using the REST module.
  • Universal Collector — Microsoft SQL (Application-Specific): Collect application-level user and entitlement data from SQL-backed applications including Kiwi, Phoenix, Ripplestone, Falcon, Idera, and DBAudit.
  • Universal Collector — APT Hosts (Falcon Circulation): Collect users, groups, and roles from APT Hosts Falcon Circulation using the Microsoft SQL collector as a foundation.
  • Universal Collector — Workato: Collect collaborators, end users, groups, and project/environment-level roles from the Workato integration and automation platform using the REST module.

Search & Automation

  • Account Role Membership: A new Role Membership tab on Account Details shows all role assignments for the account, with drill-through navigation to Role Details.
  • Owner Role Membership: A new Role Membership tab on Owner Details shows aggregated role assignments across all mapped accounts, enabling identity-level role-based access reviews.

Hydden.Discovery - 1.19.0

This is Hydden's 2026 kickoff release.

Released: 01/19/2026

Data Sources

Custom Properties

All data sources now have an optional Custom Properties field to specify specific operational needs.

Custom Attributes Configuration

The Active Directory and Azure data sources, under Advanced Configuration, provide Custom Attributes Configuration to allow organizations to collect non standardized data point from their environments.

Hydden Documentation and Training Hub

Copyright © 2026 Hydden