This guide explains how to collect data ad-hoc for BloodHound Enterprise (BHE) using the BloodHound Community Edition (BHCE) collector: SharpHound CE.It should be used by BloodHound Enterprise users who cannot deploy SharpHound Enterprise, for example in:
Environments with no internet access, such as SCADA or OT environments
Merger and acquisition scenarios, to assess risk before to assess risk before integration or consolidation of IT infrastructure
Quick deployment scenarios, to get an initial assessment before a full SharpHound Enterprise deployment
Note that SharpHound CE may require allow-listing in endpoint protection solutions, as it is unsigned and will likely be flagged as malicious.SharpHound CE collects the same data as SharpHound Enterprise since they both use the same collection library. However, SharpHound CE does not support integration with the SaaS portal for a status overview and easily configurable schedules for continuous automatic collection and upload.
Once ingest and analysis is completed, BloodHound Enterprise will present a comprehensive report with actionable recommendations on the Attack Paths page.