Applies to BloodHound Enterprise only

Summary

The Posture page is a simplified reporting dashboard that helps users understand their environment’s current and historical risks. It is divided into several parts to illustrate where the biggest risks originate and provide metrics to indicate progress on remediation over time. You can filter the view by environment or tenant (or view all), and select a time range for assessing overall risk.

Attack Paths

The Attack Paths list displays the Attack Paths with active findings during the selected date range. Each Attack Path shows:
  • Severity of the Attack Path at the end date of the selected range
  • Name of the Attack Path
  • Category of the Attack Path
  • How many findings existed on the end date of the selected range
  • The calculated difference in the number of findings between the beginning and end date of the selected range
This list will include Attack Paths that were entirely resolved or deprecated by SpecterOps during the selected duration.
BloodHound Enterprise calculates the severity from percentage of users and computers that can abuse the Attack Path. For example, a CRITICAL attack path is one that is abusable by 95% - 100% of all users and computers in the environment. The different severity rankings and exposure levels are:
  • CRITICAL: 95%-100%
  • HIGH: 80%-94%
  • MODERATE: 40%-79%
  • LOW: 0%-39%
These are expressed with colors in the Severity column.

Attack Path Summary

The Attack Path Summary includes a “plain English” description of the risk held within the applied filter on the selected end date; and the change in Attack Paths, Findings, and Tier Zero Objects within the selected time frame.

Posture Over Time Graphs

This series of visualizations shows posture over time.
  • Total Tier Zero Attack Path Exposure - A graph representing the volume of assets in the Tier Zero Privilege Zone.
  • Historical Findings - As findings are remediated or newly created misconfigurations generate new ones, this chart will help users track the changes in the number of identified findings over time.
  • Total Attack Paths - This represents the overall exposure of your Tier Zero Privilege Zone within the selected filter parameters. This risk represents the percentage of principals within the environment (and trusted/connected environments) that can compromise the Tier Zero Privilege Zone.
  • Tier Zero Objects - A graph representing the volume of assets in the Tier Zero Privilege Zone.

Completeness Graphs

For Active Directory environments, the Group Completeness and Session Completeness graphs provide a view of how complete of a perspective BloodHound Enterprise has within the environment to indicate how accurately the assessed risk is communicated. Completeness is calculated as the number of computers BloodHound was able to scan for Sessions and Groups as a percentage of all computers.
The total collection completeness significantly impacts the accuracy of the graph available for analysis within BloodHound Enterprise. See Why perform privileged collection in SharpHound for more details.