Skip to main content
Applies to BloodHound Enterprise only Use this page to troubleshoot common issues with the BloodHound Enterprise integration for Google SecOps. Start by testing the integration instance and the connector configuration, then review the connector logs for more detail.

Integration or connector test fails

If the integration or connector test does not succeed:
  1. Run Test on the integration instance to validate the BloodHound Enterprise server URL, token ID, and token key.
  2. Run Test Connector from the connector’s Testing tab to verify the connector logic and required parameter values.
  3. Review the generated alerts and the debug logs.
  4. Confirm that the connector creates alerts successfully before you enable it for ongoing ingestion.

API authentication (401 Unauthorized)

Possible causes include the following:
  • The BloodHound Enterprise API token or token key is expired or invalid.
  • The configured token ID, token key, or server URL is incorrect.
  • The API token does not have permission to access the required Attack Path endpoints.
To resolve the issue:
  1. Verify that the configured Token ID, Token Key, and BloodHound Enterprise Server values are correct.
  2. Confirm that the API token is still active in BloodHound Enterprise.
  3. Generate a new API token if the current one is expired or invalid, then update the integration and connector settings.
  4. Confirm that the API token has permission to access the Attack Path endpoints used by the integration.
  5. Restart the connector and validate the connection again from the Testing tab.