> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Ad-hoc BHE Data Collection with SharpHound CE

> Learn how to do ad-hoc data collection for BloodHound Enterprise using SharpHound Community Edition.

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=b682a26b342bde12302ec829e265bdb6" alt="Applies to BloodHound Enterprise only" width="225" height="45" data-path="assets/enterprise-edition-pill-tag.svg" />

## Purpose

This article explains how to perform ad-hoc data collection for BloodHound Enterprise (BHE) using the SharpHound Community Edition (CE) collector.

Use SharpHound CE when you cannot deploy [SharpHound Enterprise](/install-data-collector/install-sharphound/system-requirements). Examples include:

* Environments with no internet access (such as SCADA or OT environments)
* Merger and acquisition scenarios to assess risk before integration or consolidation of IT infrastructure
* Quick deployment scenarios to do an initial assessment before a full SharpHound Enterprise deployment

<Note>SharpHound CE may require allow-listing in endpoint protection solutions, as it is unsigned and will likely be flagged as malicious.</Note>

SharpHound CE uses the same collection library as SharpHound Enterprise and therefore collects the same data. However, CE does not integrate with the SaaS portal, so it cannot provide portal status monitoring or configurable scheduled automatic collection and upload.

## Prerequisites

The following prerequisites are required to perform ad-hoc data collection with SharpHound CE:

* Logged in as a user with the **Administrator**, **Power User**, or **Upload-only** [role](/manage-bloodhound/auth/users-and-roles)
* Access to an account and computer in the in-scope domain or a domain trusted by the in-scope domain

## Process

The ad-hoc data collection process consists of two main steps: performing the data collection with SharpHound CE and uploading the collected data to BloodHound Enterprise.

### Perform SharpHound CE data collection

This section outlines how to use SharpHound CE to collect data from the target environment.

<Steps>
  <Step title="Download SharpHound CE">
    Get the latest version of SharpHound CE using one of the following methods:

    * Download from your [BloodHound Enterprise](/get-started/quickstart/community-edition-quickstart#download-collectors) tenant
    * Download from [GitHub](https://github.com/SpecterOps/SharpHound/releases/latest)

    <Note>You can also compile SharpHound CE from the [source code](https://github.com/SpecterOps/SharpHound).</Note>
  </Step>

  <Step title="Extract SharpHound CE">
    Extract the contents of the downloaded ZIP archive to a working directory on the system where you plan to collect data.
  </Step>

  <Step title="Collect data">
    1. Choose a [collection](/collect-data/ce-collection/sharphound-flags#collectionmethods-or-'c') method that meets your requirements.

       <TIP>DCOnly is the recommended starting method and is equivalent to BHE's Active Directory + Certificate Services.</TIP>

    2. Open a PowerShell or Command Prompt window.

    3. Navigate to the directory where you extracted SharpHound CE.

    4. Start collection with the chosen method.

       For example, to perform a **DCOnly** collection:

       ```ps theme={null}
       C:\> SharpHound.exe --CollectionMethods DCOnly
       ```
  </Step>

  <Step title="Locate collected data">
    After the collection completes, locate the output .zip file in the same directory where you ran SharpHound CE. The file name is in the format `SharpHound-<timestamp>.zip`.
  </Step>
</Steps>

### Upload data to BloodHound Enterprise

This section outlines how to upload the collected data to BloodHound Enterprise for analysis.

<Steps>
  <Step title="Open the File Ingest page">
    In the left menu, click **Administration** > **File Ingest**.
  </Step>

  <Step title="Upload collected data">
    1. Click **Upload File(s)**.

           <Frame>
             <img src="https://mintcdn.com/specterops/g2ltNIVwNN2AtKcq/images/data_collectors/file-ingest-page.png?fit=max&auto=format&n=g2ltNIVwNN2AtKcq&q=85&s=e6d6bb53b1aa0e77c6a44f96a5a3dcf0" alt="File Ingest screen showing the Upload File(s) button" width="1443" height="446" data-path="images/data_collectors/file-ingest-page.png" />
           </Frame>

    2. Click the modal or drag and drop the output .zip file onto it and click **Upload**.

           <Frame>
             <img src="https://mintcdn.com/specterops/g2ltNIVwNN2AtKcq/images/data_collectors/file-ingest-modal.png?fit=max&auto=format&n=g2ltNIVwNN2AtKcq&q=85&s=4db135a79b82aeb138addff9fb7a95f9" alt="File Ingest screen showing the upload modal" style={{ width: "50%" }} width="570" height="490" data-path="images/data_collectors/file-ingest-modal.png" />
           </Frame>

    <Note>After the upload completes, you can verify the status on the [**File Ingest**](/collect-data/enterprise-collection/monitor#file-ingest-logs) page.</Note>
  </Step>
</Steps>

### Analyze Data and Use BloodHound Enterprise Features

* **Dashboard and Visualization:** Review key insights and summaries.
* **Running Queries:** Explore specific security aspects and visualize attack paths.
* **Posture Reporting:** Visualize and track exposure within your Enterprise

### Best Practices for Secure Environments

* **Minimize Data Collection Scope:** Focus on necessary data to limit exposure.
* **Secure Data Handling:** Ensure secure storage and handling of collected data.
* **Regular Updates and Maintenance:** Keep SharpHound CE updated.

## Outcome

After ingest and analysis is complete, BloodHound Enterprise presents a comprehensive report with actionable recommendations on the **Attack Paths** page.