Purpose
This guide explains how to collect data ad-hoc for BloodHound Enterprise (BHE) using the BloodHound Community Edition (BHCE) collector: SharpHound CE. It should be used by BloodHound Enterprise users who cannot deploy SharpHound Enterprise, for example in:- Environments with no internet access, such as SCADA or OT environments
- Merger and acquisition scenarios, to assess risk before integration or consolidation of IT infrastructure
- Quick deployment scenarios, to get an initial assessment before a full SharpHound Enterprise deployment
Prerequisites
- Logged in as a user role, which is authorized to perform file ingest, see Administering users and roles
- Access to an account and computer in the in-scope domain or a domain trusted by the in-scope domain
Process
Perform SharpHound CE data collection
- Download the latest version of SharpHound CE from GitHub releases
- Choose a data collection method
DCOnly
is the recommended starting method and is equivalent to BHE’s Active Directory Structure Data + Certificate ServicesAll
performs all collection methods- Learn about collection methods and flags:
- Start the collection
- Once the collection finishes, the output will be a .zip archive containing JSON files
Upload data to BloodHound Enterprise
- Log in to BloodHound Enterprise
- Navigate to the File Ingest page
- From the Main Screen, click on the cog wheel in the upper right hand corner
- From the drop down menu, select ‘Administration’
- In the left margin, select ‘File Ingest’ under the ‘Data Collection’ heading
- Select “Upload File(s)” and in the pop-up window, drag and drop the output .zip file and select “Upload”
- BloodHound Enterprise will parse and process the data, making it available for analysis
Analyzing Data and Using BloodHound Enterprise Features
- Dashboard and Visualization: Review key insights and summaries.
- Running Queries: Explore specific security aspects and visualize attack paths.
- Posture Reporting: Visualize and track exposure within your Enterprise
Best Practices for Secure Environments
- Minimize Data Collection Scope: Focus on necessary data to limit exposure.
- Secure Data Handling: Ensure secure storage and handling of collected data.
- Regular Updates and Maintenance: Keep SharpHound CE updated.