# SpecterOps ## Docs - [BloodHound Configuration](https://bloodhound.specterops.io/analyze-data/configuration.md) - [Search with Cypher](https://bloodhound.specterops.io/analyze-data/explore/cypher-search.md): Start exploring BloodHound's prebuilt Cypher queries to uncover relationships and gain deeper insights into your environment. - [Supported Cypher Syntax](https://bloodhound.specterops.io/analyze-data/explore/cypher-supported.md): This page documents the supported openCypher Syntax that BloodHound officially supports - [Search and pathfinding](https://bloodhound.specterops.io/analyze-data/explore/search.md): Search for objects and visualize relationships between them in the graph. - [Analysis Process](https://bloodhound.specterops.io/analyze-data/findings/analysis.md): Understand how the BloodHound Enterprise analysis process works to surface findings and prioritize risk. - [Attack Paths](https://bloodhound.specterops.io/analyze-data/findings/attack-paths.md): Learn how to interpret Attack Path findings and use them to prioritize remediation efforts. - [Posture](https://bloodhound.specterops.io/analyze-data/findings/posture.md): Learn how to use the Posture page to track your organization's risk posture over time and measure the impact of your remediation efforts. - [Risk Acceptance](https://bloodhound.specterops.io/analyze-data/findings/risk-acceptance.md): Learn how to accept findings as known risks in BloodHound Enterprise, and understand the difference between acceptance and remediation. - [The BloodHound Dashboard](https://bloodhound.specterops.io/analyze-data/overview.md): Learn how to use the BloodHound dashboard to analyze your data and identify attack paths. - [Certification](https://bloodhound.specterops.io/analyze-data/privilege-zones/certification.md): Understand the certification process for Privilege Zones and how to manage member approvals. - [Default Rules](https://bloodhound.specterops.io/analyze-data/privilege-zones/default-rules.md): Explore and understand the default rules in Privilege Zones. - [History](https://bloodhound.specterops.io/analyze-data/privilege-zones/history.md): Review the audit log of changes made to Privilege Zones over time. - [Labels](https://bloodhound.specterops.io/analyze-data/privilege-zones/labels.md): Learn how to use labels to categorize and manage objects within Privilege Zones for better organization. - [Overview](https://bloodhound.specterops.io/analyze-data/privilege-zones/overview.md): Discover how Privilege Zones help you organize and segment your environment based on sensitivity and access level. - [Rules](https://bloodhound.specterops.io/analyze-data/privilege-zones/rules.md): Learn how to create, manage, and optimize rules in Privilege Zones to enhance BloodHound's analysis. - [Zones](https://bloodhound.specterops.io/analyze-data/privilege-zones/zones.md): Organize and categorize objects in your environment using Privilege Zones. - [AzureHound Community Edition](https://bloodhound.specterops.io/collect-data/ce-collection/azurehound.md) - [AzureHound Community Edition Flags](https://bloodhound.specterops.io/collect-data/ce-collection/azurehound-flags.md) - [Create a gMSA for Use With SharpHound Community Edition](https://bloodhound.specterops.io/collect-data/ce-collection/create-gmsa-community-edition.md) - [BloodHound CE Collection](https://bloodhound.specterops.io/collect-data/ce-collection/overview.md) - [SharpHound Community Edition](https://bloodhound.specterops.io/collect-data/ce-collection/sharphound.md): SharpHound Community Edition (CE) is the official data collector for BloodHound CE. It is written in C# and uses native Windows API functions and LDAP namespace functions to collect data from domain controllers and domain-joined Windows systems. - [SharpHound Community Edition Flags](https://bloodhound.specterops.io/collect-data/ce-collection/sharphound-flags.md) - [Ad-hoc BHE Data Collection with SharpHound CE](https://bloodhound.specterops.io/collect-data/enterprise-collection/ad-hoc-collection.md): Learn how to do ad-hoc data collection for BloodHound Enterprise using SharpHound Community Edition. - [Create a Data Collection Schedule](https://bloodhound.specterops.io/collect-data/enterprise-collection/collection-schedule.md): Learn how to configure a SharpHound Enterprise collector client to run data collection on a schedule. - [Create a Collector Client](https://bloodhound.specterops.io/collect-data/enterprise-collection/create-collector.md): Learn how to create a BloodHound Enterprise collector client. - [SharpHound Enterprise Cross-Trust Collection](https://bloodhound.specterops.io/collect-data/enterprise-collection/cross-trust.md) - [Data Reconciliation and Retention](https://bloodhound.specterops.io/collect-data/enterprise-collection/data-retention.md) - [SharpHound Collection FAQ](https://bloodhound.specterops.io/collect-data/enterprise-collection/faq.md): The following are common questions about the data collection capabilities provided by the SharpHound Enterprise service. - [Least-Privileged Collection in SharpHound](https://bloodhound.specterops.io/collect-data/enterprise-collection/least-privileged-collection.md): Learn how to collect more than AD Structure data without Domain Admin. - [Monitor Data Collection](https://bloodhound.specterops.io/collect-data/enterprise-collection/monitor.md): Learn how to interpret the status of collector jobs and file uploads. - [Run an On Demand Scan](https://bloodhound.specterops.io/collect-data/enterprise-collection/on-demand-scan.md): Learn how to run an on demand scan with a collector client in BloodHound Enterprise. - [BloodHound Enterprise Collection](https://bloodhound.specterops.io/collect-data/enterprise-collection/overview.md): Learn about attack path data collection in BloodHound Enterprise. - [Privileged Collection in SharpHound](https://bloodhound.specterops.io/collect-data/enterprise-collection/privileged-collection.md) - [Data Collection](https://bloodhound.specterops.io/collect-data/overview.md): Learn how to run attack path data collection and ingestion. - [SharpHound Data Collection and Permissions](https://bloodhound.specterops.io/collect-data/permissions.md): Learn how to collect data. - [BloodHound Community Edition Custom Installation](https://bloodhound.specterops.io/get-started/custom-installation.md): Learn how to install and customize BloodHound Community Edition (BHCE). - [Introduction to BloodHound](https://bloodhound.specterops.io/get-started/introduction.md) - [BloodHound Community Edition Sample Data](https://bloodhound.specterops.io/get-started/quickstart/ce-ingest-sample-data.md) - [BloodHound Community Edition Quickstart](https://bloodhound.specterops.io/get-started/quickstart/community-edition-quickstart.md): Set up a local instance of BloodHound Community Edition and start identifying and visualizing security risks in your environment. - [BloodHound Enterprise Quickstart](https://bloodhound.specterops.io/get-started/quickstart/enterprise-quickstart.md) - [BloodHound Enterprise Security Overview](https://bloodhound.specterops.io/get-started/security-boundaries/enterprise-security-overview.md) - [Tier Zero: Members and Modification](https://bloodhound.specterops.io/get-started/security-boundaries/tier-zero-members.md) - [Home](https://bloodhound.specterops.io/home.md) - [AzureHound Enterprise Azure Configuration](https://bloodhound.specterops.io/install-data-collector/install-azurehound/azure-configuration.md): This section details creating and configuring an Enterprise Application for AzureHound within Microsoft Entra ID, including API permissions, roles, and authentication certificate. - [Create an AzureHound Configuration](https://bloodhound.specterops.io/install-data-collector/install-azurehound/create-configuration.md): Learn how to create a configuration file for AzureHound Enterprise data collection. - [Install and Upgrade AzureHound (Windows, Docker, or Kubernetes)](https://bloodhound.specterops.io/install-data-collector/install-azurehound/installation-options.md) - [Run Multiple AzureHound Enterprise Collectors on One Server With Scheduled Tasks](https://bloodhound.specterops.io/install-data-collector/install-azurehound/multiple-collectors.md) - [Deploying AzureHound Enterprise](https://bloodhound.specterops.io/install-data-collector/install-azurehound/overview.md) - [AzureHound Enterprise System Requirements and Deployment Process](https://bloodhound.specterops.io/install-data-collector/install-azurehound/system-requirements.md) - [Configure ADFS for Integrated Windows Authentication](https://bloodhound.specterops.io/install-data-collector/install-sharphound/configure-adfs-iwa.md): Learn how to enable Integrated Windows Authentication for SharpHound Enterprise on your Active Directory Federation Services (ADFS) server. - [Create a gMSA for Use With SharpHound Enterprise](https://bloodhound.specterops.io/install-data-collector/install-sharphound/create-gmsa.md) - [Install and Upgrade SharpHound Enterprise](https://bloodhound.specterops.io/install-data-collector/install-sharphound/installation-upgrade.md) - [SharpHound Enterprise Local Configuration](https://bloodhound.specterops.io/install-data-collector/install-sharphound/local-configuration.md) - [Modify the Service Account Used By SharpHound Enterprise](https://bloodhound.specterops.io/install-data-collector/install-sharphound/modify-service-account.md) - [Deploy SharpHound Enterprise](https://bloodhound.specterops.io/install-data-collector/install-sharphound/overview.md): Deploy and maintain SharpHound Enterprise for continuous automatic collection of Active Directory attack path data. - [SharpHound Enterprise System Requirements and Deployment Process](https://bloodhound.specterops.io/install-data-collector/install-sharphound/system-requirements.md) - [Deploy a Tiered SharpHound Enterprise Collector Strategy](https://bloodhound.specterops.io/install-data-collector/install-sharphound/tiered-collector-strategy.md) - [Troubleshoot Local Collection Coverage](https://bloodhound.specterops.io/install-data-collector/install-sharphound/troubleshooting.md) - [Install Data Collectors](https://bloodhound.specterops.io/install-data-collector/overview.md) - [BloodHound JSON Formats](https://bloodhound.specterops.io/integrations/bloodhound-api/json-formats.md) - [Work With the BloodHound API](https://bloodhound.specterops.io/integrations/bloodhound-api/working-with-api.md) - [Integrate BloodHound Enterprise with Cortex XSOAR](https://bloodhound.specterops.io/integrations/cortex-xsoar/configure.md): Learn how to integrate BloodHound Enterprise with Cortex XSOAR by Palo Alto Networks. - [BloodHound Enterprise Cortex XSOAR integration design](https://bloodhound.specterops.io/integrations/cortex-xsoar/reference.md): Technical reference and design details for the BloodHound Enterprise Cortex XSOAR integration. - [Use Cortex XSOAR with BloodHound Enterprise](https://bloodhound.specterops.io/integrations/cortex-xsoar/use.md): Learn how to use Cortex XSOAR with BloodHound Enterprise to monitor and manage attack path findings. - [API and Integrations](https://bloodhound.specterops.io/integrations/overview.md): Leverage BloodHound's REST API and third-party integrations to extend functionality and maximize your security infrastructure investments. - [Integrate BloodHound Enterprise with ServiceNow Security Incident Response](https://bloodhound.specterops.io/integrations/service-now/security-incident-response/configure.md): Learn how to install and configure the integration to automate the creation of security incidents based on attack path findings. - [Use Security Incident Response Integration with BloodHound Enterprise](https://bloodhound.specterops.io/integrations/service-now/security-incident-response/use.md): Learn how to use the ServiceNow Security Incident Response integration to manage security incidents based on BloodHound Enterprise attack path findings. - [Integrate BloodHound Enterprise with ServiceNow Vulnerability Response](https://bloodhound.specterops.io/integrations/service-now/vulnerability-response/configure.md): Learn how to install and configure the integration to automate vulnerability management based on attack path findings. - [Troubleshoot Common Issues](https://bloodhound.specterops.io/integrations/service-now/vulnerability-response/troubleshoot.md): Learn how to troubleshoot common installation, configuration, and performance issues with the Vulnerability Response Integration for ServiceNow. - [Use the Vulnerability Response Integration with BloodHound Enterprise](https://bloodhound.specterops.io/integrations/service-now/vulnerability-response/use.md): Learn how to navigate the Vulnerability Manager Workspace to see attack path data from BloodHound Enterprise. - [Integrate BloodHound Enterprise with Splunk SIEM](https://bloodhound.specterops.io/integrations/splunk/siem/install.md): Learn how to install and configure the BloodHound Enterprise Splunk app to ingest BloodHound Enterprise data into Splunk. - [Troubleshoot the BloodHound Enterprise Splunk app](https://bloodhound.specterops.io/integrations/splunk/siem/troubleshoot.md): Learn how to troubleshoot common issues with the BloodHound Enterprise Splunk app using the BHE Integration Health dashboard. - [Use the BloodHound Enterprise Splunk app](https://bloodhound.specterops.io/integrations/splunk/siem/use.md): Learn how to use the BloodHound Enterprise Splunk app to visualize and analyze BloodHound Enterprise data within Splunk. - [Integrate BloodHound Enterprise with Splunk SOAR](https://bloodhound.specterops.io/integrations/splunk/soar/configure.md): Learn how to install and configure the BloodHound Enterprise Splunk SOAR app to ingest attack path findings into Splunk SOAR. - [Use the Splunk SOAR integration for BloodHound Enterprise](https://bloodhound.specterops.io/integrations/splunk/soar/use.md): Learn how to use the BloodHound Enterprise Splunk SOAR app to view attack path findings in Splunk SOAR. - [Configure ETAC](https://bloodhound.specterops.io/manage-bloodhound/auth/environment-targeted-access-control.md): Configure Environment Targeted Access Control to limit user access by environment. - [Enable/Disable Multi-Factor Authentication](https://bloodhound.specterops.io/manage-bloodhound/auth/mfa.md) - [OIDC in BloodHound](https://bloodhound.specterops.io/manage-bloodhound/auth/oidc.md): BloodHound supports OIDC for Single Sign On to authenticate users to your tenant environment. - [OIDC: Okta Configuration](https://bloodhound.specterops.io/manage-bloodhound/auth/oidc-okta.md): This document provides instructions for creating an application within Okta for compatibility with BloodHound Enterprise. - [Authentication and Authorization](https://bloodhound.specterops.io/manage-bloodhound/auth/overview.md): Create and administer users of BloodHound using built-in authentication or SAML. - [SAML in BloodHound](https://bloodhound.specterops.io/manage-bloodhound/auth/saml.md): BloodHound supports SAML 2.0 for Single Sign On to authenticate users to your tenant environment. - [SAML: ADFS Configuration](https://bloodhound.specterops.io/manage-bloodhound/auth/saml-adfs.md): This document provides instructions for creating an application within ADFS for compatibility with BloodHound Enterprise. - [SAML: Auth0 Configuration](https://bloodhound.specterops.io/manage-bloodhound/auth/saml-auth0.md): This document provides instructions for creating an application within Auth0 for compatibility with BloodHound Enterprise. - [SAML: Entra ID Configuration](https://bloodhound.specterops.io/manage-bloodhound/auth/saml-entra-id.md): This document provides instructions for creating an application within Entra ID for compatibility with BloodHound Enterprise. - [SAML: Google IDP Configuration](https://bloodhound.specterops.io/manage-bloodhound/auth/saml-google.md): This document provides instructions for creating an application within Google for compatibility with BloodHound Enterprise. - [SAML: Okta Configuration](https://bloodhound.specterops.io/manage-bloodhound/auth/saml-okta.md): This document provides instructions for creating an application within Okta for compatibility with BloodHound Enterprise. - [Administer Users and Roles](https://bloodhound.specterops.io/manage-bloodhound/auth/users-and-roles.md) - [BloodHound Configuration Supplement](https://bloodhound.specterops.io/manage-bloodhound/bh-config.md): This page provides example configuration details for BloodHound and BloodHound Enterprise - [BloodHound Shortcuts](https://bloodhound.specterops.io/manage-bloodhound/bh-shortcuts.md): List of the keyboard shortcuts available in BloodHound - [BloodHound Enterprise NIST CSF v1.1 Compliance Resource](https://bloodhound.specterops.io/manage-bloodhound/compliance-framework/nist-csf-v1-1.md): The Following information is meant to provide a more detailed and in-depth view of compliance items that BloodHound Enterprise can provide coverage for. - [BloodHound Enterprise NIST CSF v2 Compliance Resource](https://bloodhound.specterops.io/manage-bloodhound/compliance-framework/nist-csf-v2.md): The Following information is meant to provide a more detailed and in-depth view of compliance items that BloodHound Enterprise can provide coverage for. - [BloodHound Enterprise NIST SP 800-171 Compliance Resource](https://bloodhound.specterops.io/manage-bloodhound/compliance-framework/nist-sp-800-171.md): The Following information is meant to provide a more detailed and in-depth view of compliance items that BloodHound Enterprise can assist in providing coverage for. - [BloodHound Enterprise NIST SP 800-53 Rev.8 Compliance Resource](https://bloodhound.specterops.io/manage-bloodhound/compliance-framework/nist-sp-800-53.md) - [BloodHound Enterprise Compliance Framework](https://bloodhound.specterops.io/manage-bloodhound/compliance-framework/overview.md) - [BloodHound Enterprise Compliance Framework Resource](https://bloodhound.specterops.io/manage-bloodhound/compliance-framework/resources.md): BloodHound Enterprise aids numerous organizations in meeting their compliance requirements through our continuous monitoring of identity Attack Path exposure within their environments. We're eager to support you and your auditors in gaining a deeper understanding of the inner workings of BloodHound… - [Administration](https://bloodhound.specterops.io/manage-bloodhound/overview.md): Administer a BloodHound instance and its related components: users, roles, authentication, collector status, and general security. - [SharpHound Enterprise Service Hardening](https://bloodhound.specterops.io/manage-bloodhound/securing-bloodhound-and-collectors/sharphound-hardening.md): The BloodHound team recommends the hardening actions described on this page to protect the SharpHound service account. The hardening recommendations are focused on the remediation of the attack techniques targeting service accounts. - [OpenGraph API](https://bloodhound.specterops.io/opengraph/developer/api.md): Information on how to use the OpenGraph API - [OpenGraph Best Practices](https://bloodhound.specterops.io/opengraph/developer/best-practices.md): Dos and don'ts for OpenGraph - [OpenGraph Custom Icons](https://bloodhound.specterops.io/opengraph/developer/custom-icons.md): How to set Custom Icons for your Custom Nodes - [OpenGraph Graph Theory](https://bloodhound.specterops.io/opengraph/developer/graph-theory.md): Attack Graph Model Design Requirements and Examples - [OpenGraph Community Incentive Program](https://bloodhound.specterops.io/opengraph/developer/ocip.md): Description of the OpenGraph Community Incentive Program (OCIP) and how to participate - [OpenGraph Requirements](https://bloodhound.specterops.io/opengraph/developer/requirements.md): Requirements for using OpenGraph - [OpenGraph Schema](https://bloodhound.specterops.io/opengraph/developer/schema.md): Description of the OpenGraph JSON Schema - [Computed Edges](https://bloodhound.specterops.io/opengraph/extensions/github/computed-edges.md): How OpenHound GitHub and GitHound compute effective branch access and secret scanning alert access edges - [GH_AddAssignee](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_addassignee.md): [Repository] Repo role can assign users to issues and pull requests - [GH_AddCollaborator](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_addcollaborator.md): [Organization] Org role can add outside collaborators - [GH_AddLabel](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_addlabel.md): [Repository] Repo role can add labels to issues and pull requests - [GH_AddMember](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_addmember.md): Team role can add members to the team (maintainer privilege) - [GH_AdminTo](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_adminto.md): [Repository] Repo role has admin access to the repository. - [GH_BypassBranchProtection](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_bypassbranchprotection.md): [Repository] Repo role can bypass merge-gate branch protections (PR reviews, lock branch). Suppressed by enforce_admins. - [GH_BypassPullRequestAllowances](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_bypasspullrequestallowances.md): User or team can bypass pull request requirements on a branch protection rule - [GH_CallsWorkflow](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_callsworkflow.md): [Workflow] Job calls a reusable workflow — GH_WorkflowJob → GH_Workflow - [GH_CanAccess](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_canaccess.md): Personal access token or app installation can access this repository or organization - [GH_CanAssumeIdentity](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_canassumeidentity.md): Repository can assume this cloud identity via OIDC federation (Azure workload identity or AWS IAM role) - [GH_CanCreateBranch](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_cancreatebranch.md): [Repository - Computed] Role can create new branches in this repository (unprotected branches that bypass the merge gate) - [GH_CanEditProtection](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_caneditprotection.md): [Repository - Computed] Repo role can modify or remove branch protection rules for the repository/branch (computed from GH_EditRepoProtections + GH_ProtectedBy) - [GH_CanPwnRequest](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_canpwnrequest.md): [Computed] Repo role can exploit a pwn-requestable workflow to execute arbitrary code with the target's secrets and permissions — GH_RepoRole → GH_Repository / GH_Branch - [GH_CanReadSecretScanningAlert](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_canreadsecretscanningalert.md): [Computed] Role can read secret scanning alerts (computed from GH_ViewSecretScanningAlerts permission + GH_Contains) - [GH_CanWriteBranch](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_canwritebranch.md): [Repository - Computed] Role can push to this branch after evaluating branch protection rules, push restrictions, and bypass allowances - [GH_CloseDiscussion](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_closediscussion.md): [Repository] Repo role can close discussions - [GH_CloseIssue](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_closeissue.md): [Repository] Repo role can close issues - [GH_ClosePullRequest](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_closepullrequest.md): [Repository] Repo role can close pull requests - [GH_Contains](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_contains.md): Container relationship for organizational hierarchy (org contains secrets/variables, repo contains secrets/variables, environment contains secrets/variables) - [GH_ConvertIssuesToDiscussions](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_convertissuestodiscussions.md): [Repository] Repo role can convert issues to discussions - [GH_CreateDiscussionCategory](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_creatediscussioncategory.md): [Repository] Repo role can create discussion categories - [GH_CreateRepository](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_createrepository.md): [Organization] Org role can create repositories in the organization - [GH_CreateSoloMergeQueueEntry](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_createsolomergequeueentry.md): Repo role can create solo merge queue entries - [GH_CreateTag](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_createtag.md): [Repository] Repo role can create tags and releases - [GH_CreateTeam](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_createteam.md): [Organization] Org role can create teams in the organization - [GH_DeleteAlertsCodeScanning](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_deletealertscodescanning.md): [Repository] Repo role can delete code scanning alerts - [GH_DeleteDiscussion](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_deletediscussion.md): [Repository] Repo role can delete discussions - [GH_DeleteDiscussionComment](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_deletediscussioncomment.md): [Repository] Repo role can delete discussion comments - [GH_DeleteIssue](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_deleteissue.md): [Repository] Repo role can delete issues - [GH_DeleteTag](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_deletetag.md): [Repository] Repo role can delete tags and releases - [GH_DependsOn](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_dependson.md): [Workflow] Job must run after another job (needs: dependency) — ordering only, not an access path - [GH_DeploysTo](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_deploysto.md): [Workflow] Job deploys to a GitHub Environment — GH_WorkflowJob → GH_Environment - [GH_EditCategoryOnDiscussion](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_editcategoryondiscussion.md): [Repository] Repo role can change the category of a discussion - [GH_EditDiscussionCategory](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_editdiscussioncategory.md): [Repository] Repo role can edit discussion categories - [GH_EditDiscussionComment](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_editdiscussioncomment.md): [Repository] Repo role can edit discussion comments - [GH_EditRepoAnnouncementBanners](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_editrepoannouncementbanners.md): [Repository] Repo role can edit repository announcement banners - [GH_EditRepoCustomPropertiesValues](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_editrepocustompropertiesvalues.md): [Repository] Repo role can edit custom property values on the repository - [GH_EditRepoMetadata](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_editrepometadata.md): [Repository] Repo role can edit repository metadata - [GH_EditRepoProtections](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_editrepoprotections.md): Repo role can edit branch protection rules - [GH_HasBaseRole](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_hasbaserole.md): Role inherits permissions from another role - [GH_HasBranch](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_hasbranch.md): Repository has this branch - [GH_HasEnvironment](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_hasenvironment.md): Repository or branch has/can deploy to this environment - [GH_HasExternalIdentity](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_hasexternalidentity.md): SAML identity provider has this external identity - [GH_HasJob](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_hasjob.md): [Workflow] Workflow contains this job — GH_Workflow → GH_WorkflowJob - [GH_HasMember](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_hasmember.md): Enterprise or organization has this user as a member - [GH_HasPersonalAccessToken](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_haspersonalaccesstoken.md): User owns this personal access token that has been granted access to the organization - [GH_HasPersonalAccessTokenRequest](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_haspersonalaccesstokenrequest.md): User has a pending personal access token request for the organization - [GH_HasRole](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_hasrole.md): User or team has a role assignment (org role, team role, or repo role) - [GH_HasSamlIdentityProvider](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_hassamlidentityprovider.md): Organization has this SAML identity provider configured - [GH_HasSecret](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_hassecret.md): Repository or environment has access to this secret - [GH_HasStep](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_hasstep.md): [Workflow] Job contains this step — GH_WorkflowJob → GH_WorkflowStep - [GH_HasVariable](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_hasvariable.md): Repository has access to this variable (org-level or repo-level) - [GH_HasWorkflow](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_hasworkflow.md): Repository has this workflow - [GH_InstalledAs](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_installedas.md): GitHub App is installed as this app installation on an organization - [GH_InviteMember](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_invitemember.md): [Organization] Org role can invite members to the organization - [GH_JumpMergeQueue](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_jumpmergequeue.md): Repo role can jump the merge queue - [GH_ManageDeployKeys](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_managedeploykeys.md): [Repository] Repo role can manage deploy keys - [GH_ManageDiscussionBadges](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_managediscussionbadges.md): [Repository] Repo role can manage discussion badges - [GH_ManageOrganizationWebhooks](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_manageorganizationwebhooks.md): [Organization] Org role can manage organization webhooks - [GH_ManageRepoSecurityProducts](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_managereposecurityproducts.md): Repo role can manage repo-level security products - [GH_ManageSecurityProducts](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_managesecurityproducts.md): Repo role can manage security products - [GH_ManageSettingsMergeTypes](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_managesettingsmergetypes.md): [Repository] Repo role can manage allowed merge types - [GH_ManageSettingsPages](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_managesettingspages.md): [Repository] Repo role can manage GitHub Pages settings - [GH_ManageSettingsProjects](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_managesettingsprojects.md): [Repository] Repo role can manage project settings - [GH_ManageSettingsWiki](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_managesettingswiki.md): [Repository] Repo role can manage wiki settings - [GH_ManageTopics](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_managetopics.md): [Repository] Repo role can manage repository topics - [GH_ManageWebhooks](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_managewebhooks.md): [Repository] Repo role can manage repository webhooks - [GH_MapsToUser](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_mapstouser.md): External identity maps to a GitHub user or identity provider user - [GH_MarkAsDuplicate](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_markasduplicate.md): [Repository] Repo role can mark issues or pull requests as duplicates - [GH_MemberOf](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_memberof.md): Team role is a member of a team, or team is a nested member of a parent team - [GH_OrgBypassCodeScanningDismissalRequests](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_orgbypasscodescanningdismissalrequests.md): [Organization] Org role can bypass code scanning dismissal requests - [GH_OrgBypassSecretScanningClosureRequests](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_orgbypasssecretscanningclosurerequests.md): [Organization] Org role can bypass secret scanning closure requests - [GH_OrgReviewAndManageSecretScanningBypassRequests](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_orgreviewandmanagesecretscanningbypassrequests.md): [Organization] Org role can review and manage secret scanning bypass requests - [GH_OrgReviewAndManageSecretScanningClosureRequests](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_orgreviewandmanagesecretscanningclosurerequests.md): [Organization] Org role can review and manage secret scanning closure requests - [GH_Owns](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_owns.md): Organization owns a repository - [GH_ProtectedBy](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_protectedby.md): Branch protection rule protects this branch - [GH_PushProtectedBranch](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_pushprotectedbranch.md): [Repository] Repo role can push to branches with push restrictions. Not affected by enforce_admins. - [GH_ReadCodeScanning](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_readcodescanning.md): [Repository] Repo role can read code scanning results - [GH_ReadOrganizationActionsUsageMetrics](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_readorganizationactionsusagemetrics.md): [Organization] Org role can read Actions usage metrics - [GH_ReadOrganizationCustomOrgRole](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_readorganizationcustomorgrole.md): [Organization] Org role can read custom org role definitions - [GH_ReadOrganizationCustomRepoRole](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_readorganizationcustomreporole.md): [Organization] Org role can read custom repo role definitions - [GH_ReadRepoContents](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_readrepocontents.md): [Repository] Repo role can read repository contents - [GH_RemoveAssignee](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_removeassignee.md): [Repository] Repo role can remove assignees from issues and pull requests - [GH_RemoveLabel](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_removelabel.md): [Repository] Repo role can remove labels from issues and pull requests - [GH_ReopenDiscussion](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_reopendiscussion.md): [Repository] Repo role can reopen discussions - [GH_ReopenIssue](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_reopenissue.md): [Repository] Repo role can reopen closed issues - [GH_ReopenPullRequest](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_reopenpullrequest.md): [Repository] Repo role can reopen closed pull requests - [GH_RequestPrReview](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_requestprreview.md): [Repository] Repo role can request pull request reviews - [GH_ResolveDependabotAlerts](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_resolvedependabotalerts.md): [Repository] Repo role can resolve Dependabot alerts - [GH_ResolveSecretScanningAlerts](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_resolvesecretscanningalerts.md): [Organization] Org role can resolve secret scanning alerts - [GH_RestrictionsCanPush](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_restrictionscanpush.md): User or team is allowed to push to branches protected by this rule - [GH_RunOrgMigration](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_runorgmigration.md): [Repository] Repo role can run organization migrations - [GH_SetInteractionLimits](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_setinteractionlimits.md): [Repository] Repo role can set interaction limits on the repository - [GH_SetIssueType](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_setissuetype.md): [Repository] Repo role can set issue types - [GH_SetMilestone](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_setmilestone.md): [Repository] Repo role can set milestones on issues and pull requests - [GH_SetSocialPreview](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_setsocialpreview.md): [Repository] Repo role can set the repository social preview image - [GH_SyncedTo](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_syncedto.md): External identity (Azure, Okta, PingOne) is synced to this GitHub user via SSO/SCIM - [GH_ToggleDiscussionAnswer](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_togglediscussionanswer.md): [Repository] Repo role can toggle discussion answers - [GH_ToggleDiscussionCommentMinimize](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_togglediscussioncommentminimize.md): [Repository] Repo role can minimize discussion comments - [GH_TransferRepository](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_transferrepository.md): [Organization] Org role can transfer repositories - [GH_UsesSecret](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_usessecret.md): [Workflow] Step references a secret by name — GH_WorkflowStep → GH_RepoSecret / GH_OrgSecret (name match) - [GH_UsesVariable](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_usesvariable.md): [Workflow] Step references a variable by name — GH_WorkflowStep → GH_RepoVariable / GH_OrgVariable (name match) - [GH_ValidToken](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_validtoken.md): Secret scanning alert contains a valid, active token belonging to this user - [GH_ViewDependabotAlerts](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_viewdependabotalerts.md): [Repository] Repo role can view Dependabot alerts - [GH_ViewSecretScanningAlerts](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_viewsecretscanningalerts.md): [Repository] Role can view secret scanning alerts - [GH_WriteCodeScanning](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_writecodescanning.md): [Repository] Repo role can upload code scanning results - [GH_WriteOrganizationActionsSecrets](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_writeorganizationactionssecrets.md): [Organization] Org role can write Actions secrets - [GH_WriteOrganizationActionsSettings](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_writeorganizationactionssettings.md): [Organization] Org role can write Actions settings - [GH_WriteOrganizationActionsVariables](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_writeorganizationactionsvariables.md): [Organization] Org role can write Actions variables - [GH_WriteOrganizationCustomOrgRole](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_writeorganizationcustomorgrole.md): [Organization] Org role can write custom org role definitions - [GH_WriteOrganizationCustomRepoRole](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_writeorganizationcustomreporole.md): [Organization] Org role can write custom repo role definitions - [GH_WriteOrganizationNetworkConfigurations](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_writeorganizationnetworkconfigurations.md): [Organization] Org role can write network configurations - [GH_WriteRepoContents](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_writerepocontents.md): [Repository] Repo role can write repository contents - [GH_WriteRepoPullRequests](https://bloodhound.specterops.io/opengraph/extensions/github/edges/gh_writerepopullrequests.md): [Repository] Repo role can create and merge pull requests - [Getting Started](https://bloodhound.specterops.io/opengraph/extensions/github/getting-started.md): Learn how to get started with the GitHub OpenGraph extension in BloodHound. - [Mitigating Controls](https://bloodhound.specterops.io/opengraph/extensions/github/mitigating-controls.md): Branch protection analysis and attack path mitigation for GitHub organizations - [GH_App](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_app.md): A GitHub App definition representing the registered application. The app owner controls the private key used to generate installation tokens. - [GH_AppInstallation](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_appinstallation.md): A GitHub App installed on the organization with specific permissions and repository access - [GH_Branch](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_branch.md): A named reference in a repository representing a line of development - [GH_BranchProtectionRule](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_branchprotectionrule.md): A branch protection rule that applies to one or more branches via pattern matching - [GH_Environment](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_environment.md): A GitHub Actions deployment environment with protection rules and deployment branch policies - [GH_EnvironmentSecret](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_environmentsecret.md): An environment-level GitHub Actions secret scoped to a specific deployment environment - [GH_EnvironmentVariable](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_environmentvariable.md): An environment-level GitHub Actions variable scoped to a specific deployment environment. Unlike secrets, variable values are readable. - [GH_ExternalIdentity](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_externalidentity.md): An external identity from a SAML/SCIM provider linked to a GitHub user for SSO authentication - [GH_Organization](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_organization.md): A GitHub Organization—top-level container for repositories, teams, and settings - [GH_OrgRole](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_orgrole.md): The role a user has at the organization level (e.g., admin, member) - [GH_OrgSecret](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_orgsecret.md): An organization-level GitHub Actions secret that can be scoped to all, private, or selected repositories - [GH_OrgVariable](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_orgvariable.md): An organization-level GitHub Actions variable that can be scoped to all, private, or selected repositories. Unlike secrets, variable values are readable. - [GH_PersonalAccessToken](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_personalaccesstoken.md): A fine-grained personal access token granted access to organization resources - [GH_PersonalAccessTokenRequest](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_personalaccesstokenrequest.md): A pending request from an organization member to access organization resources with a fine-grained personal access token - [GH_RepoRole](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_reporole.md): The permission granted to a user or team on a repository (e.g., admin, write, read) - [GH_RepoSecret](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_reposecret.md): A repository-level GitHub Actions secret accessible only to workflows in that repository - [GH_Repository](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_repository.md): A code repository in an organization, containing files, issues, and other resources - [GH_RepoVariable](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_repovariable.md): A repository-level GitHub Actions variable accessible only to workflows in that repository. Unlike secrets, variable values are readable. - [GH_SamlIdentityProvider](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_samlidentityprovider.md): A SAML identity provider configured for the organization, enabling SSO - [GH_SecretScanningAlert](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_secretscanningalert.md): A GitHub Advanced Security alert indicating a secret was accidentally committed to a repository - [GH_Team](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_team.md): A team within an organization, grouping users for shared access and collaboration - [GH_TeamRole](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_teamrole.md): The role a user has within a team (e.g., maintainer, member) - [GH_User](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_user.md): An individual GitHub user account - [GH_Workflow](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_workflow.md): A GitHub Actions workflow defined in a repository - [GH_WorkflowJob](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_workflowjob.md): A job within a GitHub Actions workflow, with a runner, permissions, and an ordered list of steps - [GH_WorkflowStep](https://bloodhound.specterops.io/opengraph/extensions/github/nodes/gh_workflowstep.md): A single step within a GitHub Actions job — either a uses: action reference or a run: shell command - [Overview](https://bloodhound.specterops.io/opengraph/extensions/github/overview.md): Learn about the GitHub OpenGraph extension for BloodHound. - [Privilege Zone Rules](https://bloodhound.specterops.io/opengraph/extensions/github/privilege-zone-rules.md): GitHub extension Privilege Zone rules - [Cypher Queries](https://bloodhound.specterops.io/opengraph/extensions/github/queries.md): GitHub extension Cypher queries - [Schema](https://bloodhound.specterops.io/opengraph/extensions/github/schema.md): GitHub extension definition schema - [Tier Zero Classification](https://bloodhound.specterops.io/opengraph/extensions/github/tier-zero.md): Tier Zero asset classification for GitHub organizations - [jamf_AdminTo](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_adminto.md): Represents full administrative control over the target and all resources controlled by the target. - [jamf_AdminToSite](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_admintosite.md): The source has administrative control over the site and all resources controlled by the site. This includes creating policies that impact resources of the site, send or clear MDM commands, remotely administer site devices and computers, create computer objects for the site. - [jamf_AssignedUser](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_assigneduser.md): Represents the user assignment relationship on a jamf-managed computer. - [jamf_AZMatchedEmail](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_azmatchedemail.md): Represents a cross-platform identity correlation where the Jamf principal's email attribute matches an Azure AD account's email. - [jamf_Contains](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_contains.md): Represents a structural containment relationship where the source node contains the target resource. - [jamf_Create_API_Client_and_Assign_Role](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_create_api_client_and_assign_role.md): Represents a privilege escalation path where the source possesses 'Create API Integrations' permission and at least one role exists allowing the creation of new API clients to assume existing role permissions. - [jamf_Create_API_Client_and_Create_Role](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_create_api_client_and_create_role.md): Represents a combined privilege escalation path, where the source possesses the 'Create API Integrations' and 'Create API Roles' permissions, that allow the creation of new API clients with any permissions in newly assigned roles and retrieving API client credentials to authenticate. - [jamf_Create_API_Client_and_Update_Role](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_create_api_client_and_update_role.md): Represents a combined privilege escalation path where the source possesses 'Create API Integrations' and 'Update API Roles' permissions and at least one API role exists allowing the creation of new API clients to assume roles, modifying the permissions of existing roles, and retrieving API client cr… - [jamf_CreateAccounts](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_createaccounts.md): Represents possession of the 'Create Accounts' JSS Object permission which allows creating new accounts, including administrators, as well as creating new groups with any permissions. - [jamf_CreateAPIRoles](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_createapiroles.md): Represents the ability to create API roles in the Jamf tenant. Non-traversable because creating roles without the ability to create or update API integrations does not provide a credential retrieval mechanism. - [jamf_CreateComputerExtensions](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_createcomputerextensions.md): Represents the ability to create computer extension attributes which can execute code on all computers in the Jamf tenant. - [jamf_CreatePolicies](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_createpolicies.md): Represents possession of the 'Create Policies' JSSObject privilege allowing code execution on target computers. - [jamf_MatchedEmail](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_matchedemail.md): Represents an identity correlation where the Jamf computer user's email attribute matches the Jamf account's email. - [jamf_MatchedName](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_matchedname.md): Represents an identity correlation where the Jamf computer user's displayname matches the Jamf account's name or displayname. - [jamf_MemberOf](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_memberof.md): Represents group membership where the source inherits the group's permissions and assignments. - [jamf_Okta_Same_Device](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_okta_same_device.md): Represents a hybrid cross-platform device correlation where the Jamf Pro registered computer's UDID matches the registered device UDID in Okta. - [jamf_ScriptsNonTraversable](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_scriptsnontraversable.md): Represents the ability to create or update scripts on the target. This edge is non-traversable because script creation/modification alone does not enable code execution. - [jamf_SSO_Login](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_sso_login.md): Represents the ability of an SSO identity provider to authenticate as and inherit the privileges of Jamf accounts and groups. - [jamf_Update_API_Client_and_Assign_Role](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_update_api_client_and_assign_role.md): Represents posession of the 'Update API Integrations' permission and at least one role has been created in the tenant. Combined these allow updating existing API clients to assume the permissions of existing roles. Non-traversable because these permissions alone cannot retrieve API client credential… - [jamf_Update_API_Client_and_Create_Roles](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_update_api_client_and_create_roles.md): Represents combined possession of 'Update API Integrations' and 'Create API Roles' permissions and at least one API client exists in the tenant allowing updates of existing API clients and assigning new roles created with any included permissions. Non-traversable because these permissions alone cann… - [jamf_Update_API_Client_and_Update_Roles](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_update_api_client_and_update_roles.md): Represents combined possession of 'Update API Integrations' and 'Update API Roles' permissions and at least one Api Client and Role exist in the tenant allowing updates of existing API clients with any permissions by updating existing roles. Non-traversable because these permissions alone cannot ret… - [jamf_Update_Recurring_Scripts](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_update_recurring_scripts.md): Represents a code execution path where the source has 'Update Scripts' JSSObject permission and there are scripts configured to run repeatedly on target computers via enabled policies allowing code execution. - [jamf_Update_Roles_Assigned_To_Self](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_update_roles_assigned_to_self.md): Represents an API client possessing the 'Update API Roles' permission which allows updating existing API roles with any permissions, including roles assigned to itself. - [jamf_Update_Self_and_Assign_Roles](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_update_self_and_assign_roles.md): Represents an API client that possesses 'Update API Integrations' permission and at least one role exists, allowing the client to assume the permissions of existing roles. - [jamf_Update_Self_and_Create_Roles](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_update_self_and_create_roles.md): Represents an API client that possesses 'Update API Integrations' and 'Create API Roles' permissions, allowing the client to assign new roles with any included permissions. - [jamf_Update_Self_and_Update_Roles](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_update_self_and_update_roles.md): Represents an API client that possesses 'Update API Integrations' and 'Update API Roles' permissions and at least one role exists, allowing the client to assign any permissions by modifying existing roles. - [jamf_UpdateAccounts](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_updateaccounts.md): Represents possession of the 'Update Accounts' JSS Object permission which allows altering the passwords, enabled status, permissions, and memberships of existing accounts or groups. - [jamf_UpdateAPIRoles](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_updateapiroles.md): Represents the ability to update existing API roles in the Jamf tenant. Non-traversable because modifying roles without the ability to create or update API clients does not provide a credential retrieval mechanism. - [jamf_UpdateComputerExtensions](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_updatecomputerextensions.md): Represents the ability to update existing computer extension attributes and at least one extension attribute exists, allowing execution of code on all computers in the Jamf tenant during inventory collection. - [jamf_UpdatePolicies](https://bloodhound.specterops.io/opengraph/extensions/jamf/edges/jamf_updatepolicies.md): Represents possession of the 'Update Policies' JSSObject privilege and at least one policy already exists in the tenant, allowing modification of existing policies for code execution on target computers. - [Getting Started](https://bloodhound.specterops.io/opengraph/extensions/jamf/getting-started.md): Learn how to get started with the Jamf OpenGraph extension in BloodHound. - [jamf_Account](https://bloodhound.specterops.io/opengraph/extensions/jamf/nodes/jamf_account.md): Represents an enabled Jamf Pro local or directory account. Accounts are identity principals that hold permissions and can perform actions within the Jamf Pro environment. - [jamf_ApiClient](https://bloodhound.specterops.io/opengraph/extensions/jamf/nodes/jamf_apiclient.md): Represents an enabled Jamf Pro API client integration. API clients authenticate via OAuth client credentials and hold permissions through assigned API roles. They can perform programmatic actions holding the same permissions as accounts and groups and cannot be scoped to sites. - [jamf_Computer](https://bloodhound.specterops.io/opengraph/extensions/jamf/nodes/jamf_computer.md): Represents a computer managed by Jamf Pro, commonly macOS. Computers are the primary target resources for policy execution, script deployment, and MDM management commands. - [jamf_ComputerUser](https://bloodhound.specterops.io/opengraph/extensions/jamf/nodes/jamf_computeruser.md): Represents a user assigned to a jamf-managed computer. Computer users are derived from the location/user assignment on the computer record. - [jamf_DisabledAccount](https://bloodhound.specterops.io/opengraph/extensions/jamf/nodes/jamf_disabledaccount.md): Represents a disabled Jamf Pro account. Disabled accounts retain their permission configuration but cannot actively authenticate. If re-enabled, they regain all assigned privileges. - [jamf_DisabledApiClient](https://bloodhound.specterops.io/opengraph/extensions/jamf/nodes/jamf_disabledapiclient.md): Represents a disabled Jamf Pro API client integration. Disabled API clients retain their role assignments but cannot authenticate. If re-enabled, they regain all assigned permissions. - [jamf_Group](https://bloodhound.specterops.io/opengraph/extensions/jamf/nodes/jamf_group.md): Represents a Jamf Pro account group. Groups aggregate accounts and hold shared permissions that are inherited by their members. Groups can have Full Access or Site Access privilege levels. - [jamf_Site](https://bloodhound.specterops.io/opengraph/extensions/jamf/nodes/jamf_site.md): Represents a Jamf Pro site. Sites are organizational containers that segment resources within a Jamf tenant. Accounts and resources can be scoped to specific sites, limiting their access and management boundaries. - [jamf_SSOIntegration](https://bloodhound.specterops.io/opengraph/extensions/jamf/nodes/jamf_ssointegration.md): Represents the Single Sign-On (SSO) integration configured in the Jamf Pro tenant. When enabled, the SSO provider can map attributes to authenticate as any Jamf account or group, making it a Tier 0 node with significant security implications. - [jamf_Tenant](https://bloodhound.specterops.io/opengraph/extensions/jamf/nodes/jamf_tenant.md): Represents the top-level Jamf Pro tenant environment. This is the root container node for all Jamf resources. - [Overview](https://bloodhound.specterops.io/opengraph/extensions/jamf/overview.md): Learn about the Jamf OpenGraph extension for BloodHound. - [Privilege Zone Rules](https://bloodhound.specterops.io/opengraph/extensions/jamf/privilege-zone-rules.md): Jamf extension Privilege Zone rules - [Cypher Queries](https://bloodhound.specterops.io/opengraph/extensions/jamf/queries.md): Jamf extension Cypher queries - [Schema](https://bloodhound.specterops.io/opengraph/extensions/jamf/schema.md): Jamf extension schema definition - [Graph Structure](https://bloodhound.specterops.io/opengraph/extensions/manage.md): Learn how to manage the structures that model your OpenGraph data in BloodHound. - [Okta_AddMember](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_addmember.md): Ability to add or remove members in scoped Okta groups - [Okta_AgentMemberOf](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_agentmemberof.md): Membership of an Okta agent in an agent pool - [Okta_AgentPoolFor](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_agentpoolfor.md): Relationship between an AD agent pool and its backing AD application - [Okta_ApiTokenFor](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_apitokenfor.md): User ownership of an Okta API token - [Okta_AppAdmin](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_appadmin.md): Application administrator role assignment - [Okta_AppAssignment](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_appassignment.md): Assignment of users or groups to an Okta application - [Okta_Contains](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_contains.md): Contains relationship between the Okta organization and its objects - [Okta_CreatorOf](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_creatorof.md): Creator relationship for API service integrations - [Okta_DeviceOf](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_deviceof.md): Ownership relationship between a device and its assigned user - [Okta_GroupAdmin](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_groupadmin.md): Group administrator role assignment - [Okta_GroupMembershipAdmin](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_groupmembershipadmin.md): Group membership administrator role assignment - [Okta_GroupPull](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_grouppull.md): Import of group memberships from an external application - [Okta_GroupPush](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_grouppush.md): Provisioning of group memberships to an external application - [Okta_HasRole](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_hasrole.md): Assignment of a built-in or custom role to a principal - [Okta_HasRoleAssignment](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_hasroleassignment.md): Relationship between a principal and a role assignment - [Okta_HelpDeskAdmin](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_helpdeskadmin.md): Help desk administrator role assignment - [Okta_HostsAgent](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_hostsagent.md): Relationship between an AD server and the Okta agent running on that host - [Okta_IdentityProviderFor](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_identityproviderfor.md): Trust relationship between an identity provider and Okta users - [Okta_IdpGroupAssignment](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_idpgroupassignment.md): Identity provider group assignment to an Okta group - [Okta_InboundOrgSSO](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_inboundorgsso.md): Single sign-on from an external organization into Okta - [Okta_InboundSSO](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_inboundsso.md): Single sign-on from an external identity provider into Okta - [Okta_KerberosSSO](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_kerberossso.md): Agentless desktop SSO relationship from on-prem AD user account to Okta AD application - [Okta_KeyOf](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_keyof.md): JSON Web Key associated with an Okta application - [Okta_ManageApp](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_manageapp.md): Ability to manage scoped Okta applications - [Okta_ManagerOf](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_managerof.md): Manager relationship between Okta users - [Okta_MemberOf](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_memberof.md): Membership of a user in an Okta group - [Okta_MembershipSync](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_membershipsync.md): Bidirectional synchronization between Okta groups and external groups - [Okta_MobileAdmin](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_mobileadmin.md): Mobile administrator role assignment - [Okta_OrgAdmin](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_orgadmin.md): Organization administrator role assignment - [Okta_OrgSWA](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_orgswa.md): Secure Web Authentication from an Okta application to an external organization - [Okta_OutboundOrgSSO](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_outboundorgsso.md): Single sign-on from an Okta application to an external organization - [Okta_OutboundSSO](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_outboundsso.md): Single sign-on from Okta to an external identity provider - [Okta_PasswordSync](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_passwordsync.md): Password synchronization between user accounts via AD integration, Org2Org, or SCIM - [Okta_PolicyMapping](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_policymapping.md): Association of a policy with an Okta application - [Okta_ReadClientSecret](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_readclientsecret.md): Ability to read client secrets for scoped Okta applications - [Okta_ReadPasswordUpdates](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_readpasswordupdates.md): Application can read password updates over the SCIM protocol - [Okta_RealmContains](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_realmcontains.md): Contains relationship between an Okta realm and its users - [Okta_ResetFactors](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_resetfactors.md): Ability to reset MFA factors for scoped Okta users - [Okta_ResetPassword](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_resetpassword.md): Ability to reset passwords or temporary credentials for scoped Okta users - [Okta_ResourceSetContains](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_resourcesetcontains.md): Membership of objects within an Okta resource set - [Okta_ScopedTo](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_scopedto.md): Scope relationship between a role assignment and its target - [Okta_SecretOf](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_secretof.md): Client secret associated with an application or service integration - [Okta_SuperAdmin](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_superadmin.md): Super administrator role assignment - [Okta_SWA](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_swa.md): Secure Web Authentication from Okta to an external application - [Okta_UserPull](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_userpull.md): Import of users from an external application - [Okta_UserPush](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_userpush.md): Provisioning of users to an external application - [Okta_UserSync](https://bloodhound.specterops.io/opengraph/extensions/okta/edges/okta_usersync.md): Bidirectional synchronization between Okta users and external identities - [Getting Started](https://bloodhound.specterops.io/opengraph/extensions/okta/getting-started.md): Learn how to get started with the Okta OpenGraph extension in BloodHound. - [Okta_Agent](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_agent.md): A synchronization or authentication agent in Okta - [Okta_AgentPool](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_agentpool.md): A pool of synchronization or authentication agents in Okta - [Okta_ApiServiceIntegration](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_apiserviceintegration.md): An API service integration - [Okta_ApiToken](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_apitoken.md): A secret used by users to authenticate to the Okta API - [Okta_Application](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_application.md): An application registered in Okta, such as a SAML app or an OIDC app - [Okta_AuthorizationServer](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_authorizationserver.md): An authorization server in Okta - [Okta_ClientSecret](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_clientsecret.md): A secret used by applications to authenticate to the Okta API - [Okta_CustomRole](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_customrole.md): A custom role in Okta created by an administrator - [Okta_Device](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_device.md): A device registered in Okta, such as a mobile phone or a computer - [Okta_Group](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_group.md): An Okta user group - [Okta_IdentityProvider](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_identityprovider.md): An identity provider trusted by Okta for authentication - [Okta_JWK](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_jwk.md): An Okta JSON Web Key - [Okta_Organization](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_organization.md): An Okta organization - [Okta_Policy](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_policy.md): A policy defining rules for authentication, password, or other features in Okta - [Okta_Realm](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_realm.md): An Okta realm - [Okta_ResourceSet](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_resourceset.md): A resource set containing users, groups, applications, and other Okta objects - [Okta_Role](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_role.md): A built-in role in Okta, such as Super Admin or Group Admin - [Okta_RoleAssignment](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_roleassignment.md): A set of permissions assigned to a user, group, or an application in Okta - [Okta_User](https://bloodhound.specterops.io/opengraph/extensions/okta/nodes/okta_user.md): An Okta user account - [Overview](https://bloodhound.specterops.io/opengraph/extensions/okta/overview.md): Learn about the Okta OpenGraph extension for BloodHound. - [Privilege Zone Rules](https://bloodhound.specterops.io/opengraph/extensions/okta/privilege-zone-rules.md): Okta extension Privilege Zone rules - [Cypher Queries](https://bloodhound.specterops.io/opengraph/extensions/okta/queries.md): Okta extension Cypher queries - [Schema](https://bloodhound.specterops.io/opengraph/extensions/okta/schema.md): Okta extension schema definition - [SCIM_Contains](https://bloodhound.specterops.io/opengraph/extensions/scim/edges/scim_contains.md): Organization contains a SCIM resource - [SCIM_HasRole](https://bloodhound.specterops.io/opengraph/extensions/scim/edges/scim_hasrole.md): User is assigned to a role - [SCIM_ManagerOf](https://bloodhound.specterops.io/opengraph/extensions/scim/edges/scim_managerof.md): User is a manager of another user - [SCIM_MemberOf](https://bloodhound.specterops.io/opengraph/extensions/scim/edges/scim_memberof.md): User or group is a member of a group - [SCIM_Provisioned](https://bloodhound.specterops.io/opengraph/extensions/scim/edges/scim_provisioned.md): SCIM resource is provisioned to a target system - [SCIM_Group](https://bloodhound.specterops.io/opengraph/extensions/scim/nodes/scim_group.md): A group provisioned via SCIM - [SCIM_Organization](https://bloodhound.specterops.io/opengraph/extensions/scim/nodes/scim_organization.md): An organization or tenant in the IdP - [SCIM_Role](https://bloodhound.specterops.io/opengraph/extensions/scim/nodes/scim_role.md): A role assigned to users - [SCIM_User](https://bloodhound.specterops.io/opengraph/extensions/scim/nodes/scim_user.md): A user account provisioned via SCIM - [Overview](https://bloodhound.specterops.io/opengraph/extensions/scim/overview.md): Learn about the SCIM extension schema for BloodHound, representing SCIM-provisioned users, groups, and roles in the graph. - [Schema](https://bloodhound.specterops.io/opengraph/extensions/scim/schema.md): SCIM extension definition schema - [OpenGraph FAQ](https://bloodhound.specterops.io/opengraph/faq.md): The following are common questions about OpenGraph - [OpenGraph Library](https://bloodhound.specterops.io/opengraph/library.md): List of the OpenGraph models available to the community - [OpenGraph Overview](https://bloodhound.specterops.io/opengraph/overview.md): Learn about OpenGraph in BloodHound. - [Configure the Collector](https://bloodhound.specterops.io/openhound/collectors/github/collect-data.md): Configure the GitHub collector to gather data from your GitHub organization. - [Configure a GitHub App Installation](https://bloodhound.specterops.io/openhound/collectors/github/configure-app.md): Set up a GitHub App for data collection with higher rate limits. - [Configure a Personal Access Token](https://bloodhound.specterops.io/openhound/collectors/github/configure-pat.md): Create a Fine-grained Personal Access Token for GitHub data collection. - [Overview](https://bloodhound.specterops.io/openhound/collectors/github/overview.md): Learn about the SpecterOps-supported OpenHound GitHub collector for BloodHound. - [Troubleshooting](https://bloodhound.specterops.io/openhound/collectors/github/troubleshooting.md): Common issues and solutions when running the OpenHound GitHub collector. - [Configure the Collector](https://bloodhound.specterops.io/openhound/collectors/jamf/collect-data.md): Configure the OpenHound Jamf collector to gather data from your Jamf Pro tenant. - [Overview](https://bloodhound.specterops.io/openhound/collectors/jamf/overview.md): Learn about the SpecterOps-supported OpenHound Jamf collector for BloodHound. - [Configure the Collector](https://bloodhound.specterops.io/openhound/collectors/okta/collect-data.md): Configure the OpenHound Okta collector to gather data from your Okta organization. - [Okta App Registration](https://bloodhound.specterops.io/openhound/collectors/okta/okta-app-registration.md): Create an API service application in Okta to authenticate the OpenHound Okta collector. - [Overview](https://bloodhound.specterops.io/openhound/collectors/okta/overview.md): Learn about the SpecterOps-supported OpenHound Okta collector for BloodHound. - [OpenHound for BloodHound Community Edition](https://bloodhound.specterops.io/openhound/community.md): Learn about the OpenHound framework for BHCE. - [Configuration](https://bloodhound.specterops.io/openhound/configuration.md): Learn about configuring the OpenHound framework. - [OpenHound for BloodHound Enterprise](https://bloodhound.specterops.io/openhound/enterprise.md): Learn about the OpenHound framework for BloodHound Enterprise. - [OpenHound Overview](https://bloodhound.specterops.io/openhound/overview.md): Learn about the OpenHound framework. - [Get entity controllables](https://bloodhound.specterops.io/reference/ad-base-entities/get-entity-controllables.md): Get a list, graph, or count of the principals this node can control. - [Get entity controllers](https://bloodhound.specterops.io/reference/ad-base-entities/get-entity-controllers.md): Get a list, graph, or count of the principals that can control this node. - [Get entity info](https://bloodhound.specterops.io/reference/ad-base-entities/get-entity-info.md): Get basic info and counts for this node. - [Get User entity admin rights](https://bloodhound.specterops.io/reference/ad-users/get-user-entity-admin-rights.md): Get a list, graph, or count of the systems this user has admin rights to. - [Get User entity constrained delegation rights](https://bloodhound.specterops.io/reference/ad-users/get-user-entity-constrained-delegation-rights.md): Get a list, graph, or count of the systems this user has constrained delegation rights to. - [Get User entity controllables](https://bloodhound.specterops.io/reference/ad-users/get-user-entity-controllables.md): Get a list, graph, or count of the principals this user can control. - [Get User entity controllers](https://bloodhound.specterops.io/reference/ad-users/get-user-entity-controllers.md): Get a list, graph, or count of the principals that can control this User. - [Get User entity DCOM rights](https://bloodhound.specterops.io/reference/ad-users/get-user-entity-dcom-rights.md): Get a list, graph, or count of the systems this user can execute DCOM on. - [Get User entity info](https://bloodhound.specterops.io/reference/ad-users/get-user-entity-info.md): Get info and counts for this User node. - [Get User entity membership](https://bloodhound.specterops.io/reference/ad-users/get-user-entity-membership.md): Get a list, graph, or count of the groups this user is a member of. - [Get User entity PowerShell remote rights](https://bloodhound.specterops.io/reference/ad-users/get-user-entity-powershell-remote-rights.md): Get a list, graph, or count of the systems this user can execute PowerShell remote on. - [Get User entity RDP rights](https://bloodhound.specterops.io/reference/ad-users/get-user-entity-rdp-rights.md): Get a list, graph, or count of the systems this user has RDP rights to. - [Get User entity sessions](https://bloodhound.specterops.io/reference/ad-users/get-user-entity-sessions.md): Get a list, graph, or count of the systems this user has an active session on. - [Get User entity SQL admin rights](https://bloodhound.specterops.io/reference/ad-users/get-user-entity-sql-admin-rights.md): Get a list, graph, or count of the systems this user has SQL admin rights to. - [Get AIA CA entity controllers](https://bloodhound.specterops.io/reference/aia-cas/get-aia-ca-entity-controllers.md): Get a list, graph, or count of the principals that can control this AIA CA. - [Get AIA CA entity info](https://bloodhound.specterops.io/reference/aia-cas/get-aia-ca-entity-info.md): Get info and counts for this AIA CA node. - [Get PKI hierarchy of AIA CA entity](https://bloodhound.specterops.io/reference/aia-cas/get-pki-hierarchy-of-aia-ca-entity.md): Get a list, graph, or count of the PKI hierarchy of this AIA CA. - [Get latest tier zero combo node](https://bloodhound.specterops.io/reference/analysis/get-latest-tier-zero-combo-node.md): Get latest tier zero combo node - [Get the combo tree for an asset group](https://bloodhound.specterops.io/reference/analysis/get-the-combo-tree-for-an-asset-group.md): **Deprecated**: This endpoint will no longer be supported in future releases. - [Get the graph for meta tree](https://bloodhound.specterops.io/reference/analysis/get-the-graph-for-meta-tree.md): Gets meta nodes and connecting edges - [Get API Spec](https://bloodhound.specterops.io/reference/api-info/get-api-spec.md): Returns an Open API 3.0 compatible BloodHound API spec - [Get API version](https://bloodhound.specterops.io/reference/api-info/get-api-version.md): Returns the supported API versions. - [Create Token for User](https://bloodhound.specterops.io/reference/api-tokens/create-token-for-user.md): Create a new token to use with request signing based authentication for a given user. - [Delete a User Token](https://bloodhound.specterops.io/reference/api-tokens/delete-a-user-token.md): Delete a request signing token for a given user. - [List Auth Tokens](https://bloodhound.specterops.io/reference/api-tokens/list-auth-tokens.md): Get all auth tokens. - [Certify or Revoke Certification of Objects](https://bloodhound.specterops.io/reference/asset-isolation/certify-or-revoke-certification-of-objects.md): Manually certify/revoke certification of objects as belonging to the Zone they're selected by - [Create an asset group](https://bloodhound.specterops.io/reference/asset-isolation/create-an-asset-group.md): Creates an asset group - [Create Asset Group Tag](https://bloodhound.specterops.io/reference/asset-isolation/create-asset-group-tag.md): Creates an asset group tag ie. a tier or label - [Create Asset Group Tag Selector](https://bloodhound.specterops.io/reference/asset-isolation/create-asset-group-tag-selector.md): Creates an asset group tag selector. - [Delete an asset group](https://bloodhound.specterops.io/reference/asset-isolation/delete-an-asset-group.md): Deletes an asset group - [Delete an asset group selector](https://bloodhound.specterops.io/reference/asset-isolation/delete-an-asset-group-selector.md): Deletes an asset group selector - [Delete an Asset Group Tag](https://bloodhound.specterops.io/reference/asset-isolation/delete-an-asset-group-tag.md): Deletes an asset group tag - [Delete Asset Group Tag Selector](https://bloodhound.specterops.io/reference/asset-isolation/delete-asset-group-tag-selector.md): Delete an asset group tag selector - [Get asset group by ID](https://bloodhound.specterops.io/reference/asset-isolation/get-asset-group-by-id.md): Retrieve asset group by ID - [Get asset group custom member count](https://bloodhound.specterops.io/reference/asset-isolation/get-asset-group-custom-member-count.md): Get asset group custom member count - [Get Asset Group Tag](https://bloodhound.specterops.io/reference/asset-isolation/get-asset-group-tag.md): Retrieves an asset group tag by ID - [Get Asset Group Tag Selector](https://bloodhound.specterops.io/reference/asset-isolation/get-asset-group-tag-selector.md): Retrieves an asset group tag selector by ID - [Get Asset Group Tag selectors](https://bloodhound.specterops.io/reference/asset-isolation/get-asset-group-tag-selectors.md): Get a list of selectors for this group. - [Get asset group tag selectors of a specific object by member id](https://bloodhound.specterops.io/reference/asset-isolation/get-asset-group-tag-selectors-of-a-specific-object-by-member-id.md): Get a list of selectors for an object by member id. - [Get Asset Group Tags](https://bloodhound.specterops.io/reference/asset-isolation/get-asset-group-tags.md): Get a list of asset groups - [Get certifications for privilege zones](https://bloodhound.specterops.io/reference/asset-isolation/get-certifications-for-privilege-zones.md): Retrieves certification status for nodes selected by a zone - [Get history records](https://bloodhound.specterops.io/reference/asset-isolation/get-history-records.md): Retrieves history records for actions on asset group tags - [List all asset isolation group members](https://bloodhound.specterops.io/reference/asset-isolation/list-all-asset-isolation-group-members.md): **Deprecated**: This endpoint will no longer be supported in a future release. Please use `GET /api/v2/asset-group-tags/{asset_group_tag_id}/members` or `GET /api/v2/asset-group-tags/{asset_group_tag_id}/selectors/{asset_group_tag_selector_id}/members` instead. - [List all asset isolation groups](https://bloodhound.specterops.io/reference/asset-isolation/list-all-asset-isolation-groups.md): Lists all asset isolation groups. - [List asset group collections](https://bloodhound.specterops.io/reference/asset-isolation/list-asset-group-collections.md): Returns all historical memberships if no URL params are specified. - [List asset group member count by kind](https://bloodhound.specterops.io/reference/asset-isolation/list-asset-group-member-count-by-kind.md): List counts of members of an asset isolation group by primary kind. - [List asset group tag member count by kind](https://bloodhound.specterops.io/reference/asset-isolation/list-asset-group-tag-member-count-by-kind.md): List counts of members of an asset group tag by primary kind. - [List asset group tag members by ID](https://bloodhound.specterops.io/reference/asset-isolation/list-asset-group-tag-members-by-id.md): List members of an asset group tag by ID - [List asset group tag members by selector](https://bloodhound.specterops.io/reference/asset-isolation/list-asset-group-tag-members-by-selector.md): List members of an asset group tag by selector - [List asset group tag selector member count by kind](https://bloodhound.specterops.io/reference/asset-isolation/list-asset-group-tag-selector-member-count-by-kind.md): List counts of members of an asset group tag selector by primary kind. - [Preview Selectors](https://bloodhound.specterops.io/reference/asset-isolation/preview-selectors.md): Sample preview of members selected by provided selector seeds. - [Search Asset Group Tags](https://bloodhound.specterops.io/reference/asset-isolation/search-asset-group-tags.md): Supports searching by name on asset group tags and selectors, and by name or object ID on members. - [Search history records](https://bloodhound.specterops.io/reference/asset-isolation/search-history-records.md): Retrieves history records via search string input and filtering by action, asset_group_tag_id, email, and actor - [Update an asset group](https://bloodhound.specterops.io/reference/asset-isolation/update-an-asset-group.md): Updates an asset group - [Update asset group selectors](https://bloodhound.specterops.io/reference/asset-isolation/update-asset-group-selectors.md): Updates asset group selectors - [Update asset group selectors](https://bloodhound.specterops.io/reference/asset-isolation/update-asset-group-selectors-1.md): DEPRECATED use PUT instead. Updates asset group selectors. - [Update Asset Group Tag](https://bloodhound.specterops.io/reference/asset-isolation/update-asset-group-tag.md): Updates an asset group tag by ID - [Update Asset Group Tag Selector](https://bloodhound.specterops.io/reference/asset-isolation/update-asset-group-tag-selector.md): Update an asset group tag selector's properties - [Export attack path findings](https://bloodhound.specterops.io/reference/attack-paths/export-attack-path-findings.md): Export the finding table for a given attack path - [Get all attack path findings](https://bloodhound.specterops.io/reference/attack-paths/get-all-attack-path-findings.md): Fetches all attack path findings and their associated details, including documentation. - [List all attack path types](https://bloodhound.specterops.io/reference/attack-paths/list-all-attack-path-types.md): Lists all possible attack path types - [List attack path sparkline values](https://bloodhound.specterops.io/reference/attack-paths/list-attack-path-sparkline-values.md): List the values that represent the sparklines for individual attack paths - [List available attack paths](https://bloodhound.specterops.io/reference/attack-paths/list-available-attack-paths.md): Lists available attack path types for a domain - [List domain attack paths details](https://bloodhound.specterops.io/reference/attack-paths/list-domain-attack-paths-details.md): Lists detailed data about attack paths for a domain. - [List finding trends](https://bloodhound.specterops.io/reference/attack-paths/list-finding-trends.md): Lists findings and their changes in between two dates for an environment - [Start analysis](https://bloodhound.specterops.io/reference/attack-paths/start-analysis.md): Starts generating attack paths - [Update attack path risk](https://bloodhound.specterops.io/reference/attack-paths/update-attack-path-risk.md): Updates an attack path as an accepted or unaccepted risk until a given time. - [List audit logs](https://bloodhound.specterops.io/reference/audit/list-audit-logs.md): Returns a list of audit logs. - [Create a New SAML Provider from Metadata](https://bloodhound.specterops.io/reference/auth/create-a-new-saml-provider-from-metadata.md): **Deprecated**: This endpoint will no longer be supported in a future release. Please use `POST /api/v2/sso-providers/saml` instead. - [Create a New SAML Provider from Metadata](https://bloodhound.specterops.io/reference/auth/create-a-new-saml-provider-from-metadata-1.md): Creates a new SAML provider with the given name and metadata XML. - [Create OIDC Provider](https://bloodhound.specterops.io/reference/auth/create-oidc-provider.md): Creates a new OIDC provider for SSO authentication - [Delete a SAML Provider](https://bloodhound.specterops.io/reference/auth/delete-a-saml-provider.md): **Deprecated**: This endpoint will no longer be supported in a future release. Please use `DELETE /api/v2/sso-providers/{sso_provider_id}` instead. - [Delete SSO Provider](https://bloodhound.specterops.io/reference/auth/delete-sso-provider.md): Deletes an existing SSO provider - [Get all SAML sign on endpoints](https://bloodhound.specterops.io/reference/auth/get-all-saml-sign-on-endpoints.md): **Deprecated**: This endpoint will no longer be supported in a future release. Please use `GET /api/v2/sso-providers` instead to list available SSO endpoints. - [Get SAML Provider](https://bloodhound.specterops.io/reference/auth/get-saml-provider.md): **Deprecated**: This endpoint will no longer be supported in a future release. Please use `GET /api/v2/sso-providers` to list all SAML providers instead. - [Get SAML Provider Signing Certificate](https://bloodhound.specterops.io/reference/auth/get-saml-provider-signing-certificate.md): Download the SAML Provider Signing Certificate. Only applies to SAML providers. - [Get self](https://bloodhound.specterops.io/reference/auth/get-self.md): Get the currently authenticated requester details. For Community, this will only ever be valid for users. In Enterprise, this could be either a BloodHound user or a client (collector). - [List SAML Providers](https://bloodhound.specterops.io/reference/auth/list-saml-providers.md): **Deprecated**: This endpoint will no longer be supported in a future release. Please use `GET /api/v2/sso-providers` instead. - [List SSO Providers](https://bloodhound.specterops.io/reference/auth/list-sso-providers.md): Lists all available SSO providers (SAML and OIDC) - [Login to BloodHound](https://bloodhound.specterops.io/reference/auth/login-to-bloodhound.md): Login to BloodHound with user credentials or a one time password. - [Logout of BloodHound](https://bloodhound.specterops.io/reference/auth/logout-of-bloodhound.md): Logout of BloodHound and delete the user session JWT. - [Update SSO Provider](https://bloodhound.specterops.io/reference/auth/update-sso-provider.md): Updates an existing SSO provider. Updating saml provider requires a "multipart/form-data" body. Updating oidc provider requires "application/json" body. Response is respective provider - [Get Azure entity](https://bloodhound.specterops.io/reference/azure-entities/get-azure-entity.md): Retrieves entity information for the given Azure object ID. If `related_entity_type` parameter is not set, this endpoint will return information about a single entity. Using the `counts` boolean parameter will further modify the response. If `related_entity_type` parameter is set, this endpoint will… - [Activates MFA for an enrolled user](https://bloodhound.specterops.io/reference/bloodhound-users/activates-mfa-for-an-enrolled-user.md): Activates multi-factor authentication for an enrolled user - [Create a New User](https://bloodhound.specterops.io/reference/bloodhound-users/create-a-new-user.md): Create a new BloodHound user. - [Create or Set User Secret](https://bloodhound.specterops.io/reference/bloodhound-users/create-or-set-user-secret.md): Create or set a user's secret to use as a login password. - [Delete a User](https://bloodhound.specterops.io/reference/bloodhound-users/delete-a-user.md): Deletes an existing BloodHound user. - [Enrolls user in multi-factor authentication](https://bloodhound.specterops.io/reference/bloodhound-users/enrolls-user-in-multi-factor-authentication.md): Enrolls user in multi-factor authentication - [Expire User Secret](https://bloodhound.specterops.io/reference/bloodhound-users/expire-user-secret.md): Expire a user's secret to use as a login password. - [Get a user](https://bloodhound.specterops.io/reference/bloodhound-users/get-a-user.md): Get a BloodHound user's details. - [List Users](https://bloodhound.specterops.io/reference/bloodhound-users/list-users.md): Gets all BloodHound user details. - [List Users Minimal](https://bloodhound.specterops.io/reference/bloodhound-users/list-users-minimal.md): Returns all BloodHound user details without any sensitive data. - [Returns MFA activation status for a user](https://bloodhound.specterops.io/reference/bloodhound-users/returns-mfa-activation-status-for-a-user.md): Returns multi-factor authentication status for a user - [Unenroll user from multi-factor authentication](https://bloodhound.specterops.io/reference/bloodhound-users/unenroll-user-from-multi-factor-authentication.md): Unenrolls user from multi-factor authentication - [Update a User](https://bloodhound.specterops.io/reference/bloodhound-users/update-a-user.md): Update a BloodHound user's properties'. - [Get Cert Template entity controllers](https://bloodhound.specterops.io/reference/cert-templates/get-cert-template-entity-controllers.md): Get a list, graph, or count of the principals that can control this Cert Template. - [Get Cert Template entity info](https://bloodhound.specterops.io/reference/cert-templates/get-cert-template-entity-info.md): Get info and counts for this Cert Template node. - [Get Enterprise CAs having Cert Template entity published](https://bloodhound.specterops.io/reference/cert-templates/get-enterprise-cas-having-cert-template-entity-published.md): Get a list, graph, or count of the Enterprise CAs having this Cert Template published. - [Endpoint for data ingestion](https://bloodhound.specterops.io/reference/client-ingest/endpoint-for-data-ingestion.md): Ingests data from collector clients - [Client Error](https://bloodhound.specterops.io/reference/clients/client-error.md): Endpoint for clients to log enumeration errors. - [Create Client](https://bloodhound.specterops.io/reference/clients/create-client.md): Creates a client for collection events - [Creates a scheduled job](https://bloodhound.specterops.io/reference/clients/creates-a-scheduled-job.md): Creates a new scheduled job - [Creates a scheduled task](https://bloodhound.specterops.io/reference/clients/creates-a-scheduled-task.md): **Deprecated**: This endpoint will no longer be supported in future releases. Please use `POST /api/v2/clients/{client_id}/jobs` instead. - [Delete Client](https://bloodhound.specterops.io/reference/clients/delete-client.md): Delete a client for processing collection events - [Get Client](https://bloodhound.specterops.io/reference/clients/get-client.md): Gets given client for processing collection events - [List all completed jobs for a client](https://bloodhound.specterops.io/reference/clients/list-all-completed-jobs-for-a-client.md): List all completed jobs for a client - [List all completed tasks for a client](https://bloodhound.specterops.io/reference/clients/list-all-completed-tasks-for-a-client.md): **Deprecated**: This endpoint will no longer be supported in future releases. Please use `GET /api/v2/clients/{client_id}/completed_jobs` instead. - [List Clients](https://bloodhound.specterops.io/reference/clients/list-clients.md): Lists available clients for processing collection events. - [Regenerate the authentication token for a client](https://bloodhound.specterops.io/reference/clients/regenerate-the-authentication-token-for-a-client.md): Regenerate the authentication token for a client - [Update Client](https://bloodhound.specterops.io/reference/clients/update-client.md): Update a client for processing collection events - [Update Client Values](https://bloodhound.specterops.io/reference/clients/update-client-values.md): Endpoint for clients to update their own information at startup. - [Create File Upload Job](https://bloodhound.specterops.io/reference/collection-uploads/create-file-upload-job.md): Creates a file upload job for sending collection files - [End File Upload Job](https://bloodhound.specterops.io/reference/collection-uploads/end-file-upload-job.md): End a file upload job - [List accepted file upload types](https://bloodhound.specterops.io/reference/collection-uploads/list-accepted-file-upload-types.md): List accepted file types for collection file uploads - [List File Upload Jobs](https://bloodhound.specterops.io/reference/collection-uploads/list-file-upload-jobs.md): Lists available file upload jobs - [Upload File To Job](https://bloodhound.specterops.io/reference/collection-uploads/upload-file-to-job.md): Saves a collection file to a file upload job - [Download asset](https://bloodhound.specterops.io/reference/collectors/download-asset.md): Downloads an enterprise asset (collector or checksum) - [Get collector checksum by version](https://bloodhound.specterops.io/reference/collectors/get-collector-checksum-by-version.md): Retrieves the checksum file for a given collector with given version - [Get collector download by version](https://bloodhound.specterops.io/reference/collectors/get-collector-download-by-version.md): Retrieves the download for a given collector with given version - [Get collector manifest](https://bloodhound.specterops.io/reference/collectors/get-collector-manifest.md): Retrieves the version manifest for a given collector - [Get kennel enterprise manifest](https://bloodhound.specterops.io/reference/collectors/get-kennel-enterprise-manifest.md): Retrieves a manifest of enterprise collectors - [Get kennel manifest](https://bloodhound.specterops.io/reference/collectors/get-kennel-manifest.md): Retrieves a manifest of community collectors - [Get computer entity admin rights](https://bloodhound.specterops.io/reference/computers/get-computer-entity-admin-rights.md): Get a list, graph, or count of the systems this computer has admin rights to. - [Get computer entity admins](https://bloodhound.specterops.io/reference/computers/get-computer-entity-admins.md): Get a list, graph, or count of the principals that have admin rights on this computer. - [Get computer entity constrained delegation rights](https://bloodhound.specterops.io/reference/computers/get-computer-entity-constrained-delegation-rights.md): Get a list, graph, or count of the principals that this computer has constrained delegations rights to. - [Get computer entity constrained users](https://bloodhound.specterops.io/reference/computers/get-computer-entity-constrained-users.md): Get a list, graph, or count of the principals that have constrained delegation rights to this computer. - [Get computer entity controllables](https://bloodhound.specterops.io/reference/computers/get-computer-entity-controllables.md): Get a list, graph, or count of the principals this computer can control. - [Get computer entity controllers](https://bloodhound.specterops.io/reference/computers/get-computer-entity-controllers.md): Get a list, graph, or count of the principals that can control this computer. - [Get computer entity DCOM rights](https://bloodhound.specterops.io/reference/computers/get-computer-entity-dcom-rights.md): Get a list, graph, or count of the systems this computer can execute DCOM on. - [Get computer entity DCOM users](https://bloodhound.specterops.io/reference/computers/get-computer-entity-dcom-users.md): Get a list, graph, or count of the principals that can execute DCOM on this computer. - [Get computer entity group membership](https://bloodhound.specterops.io/reference/computers/get-computer-entity-group-membership.md): Get a list, graph, or count of the groups this computer is a member of. - [Get computer entity info](https://bloodhound.specterops.io/reference/computers/get-computer-entity-info.md): Get info and counts for this computer node. - [Get computer entity RDP rights](https://bloodhound.specterops.io/reference/computers/get-computer-entity-rdp-rights.md): Get a list, graph, or count of the systems this computer can RDP to. - [Get computer entity RDP users](https://bloodhound.specterops.io/reference/computers/get-computer-entity-rdp-users.md): Get a list, graph, or count of the principals that have RDP rights on this computer. - [Get computer entity remote PowerShell rights](https://bloodhound.specterops.io/reference/computers/get-computer-entity-remote-powershell-rights.md): Get a list, graph, or count of the systems this computer has remote PowerShell rights on. - [Get computer entity remote PowerShell users](https://bloodhound.specterops.io/reference/computers/get-computer-entity-remote-powershell-users.md): Get a list, graph, or count of the principals that have remote PowerShell rights on this computer. - [Get computer entity sessions](https://bloodhound.specterops.io/reference/computers/get-computer-entity-sessions.md): Get a list, graph, or count of the principals with active sessions on this computer. - [Get computer entity SQL admins](https://bloodhound.specterops.io/reference/computers/get-computer-entity-sql-admins.md): Get a list, graph, or count of the principals that have SQL admin rights on this computer. - [List application config parameters](https://bloodhound.specterops.io/reference/config/list-application-config-parameters.md): Lists application configuration parameters for this instance - [List feature flags](https://bloodhound.specterops.io/reference/config/list-feature-flags.md): Lists all feature flags for this instance - [Toggle a feature flag's enabled status to either enable or disable it.](https://bloodhound.specterops.io/reference/config/toggle-a-feature-flags-enabled-status-to-either-enable-or-disable-it.md): Writes application configuration parameters for this instance - [Write application configuration parameters](https://bloodhound.specterops.io/reference/config/write-application-configuration-parameters.md): Writes application configuration parameters for this instance - [Get container entity controllers](https://bloodhound.specterops.io/reference/containers/get-container-entity-controllers.md): Get a list, graph, or count of the principals that can control this container. - [Get container entity info](https://bloodhound.specterops.io/reference/containers/get-container-entity-info.md): Get basic info and counts for this container node. - [Create custom nodes](https://bloodhound.specterops.io/reference/custom-node-management/create-custom-nodes.md): This endpoint registers new node kinds along with optional display metadata such as icons and colors. The provided configuration controls how nodes of the specified kinds are interpreted and rendered in the UI. Only free, solid-style Font Awesome icons are supported. Hex color codes must follow the… - [Delete custom node](https://bloodhound.specterops.io/reference/custom-node-management/delete-custom-node.md): Delete the configuration for a specific custom node kind. - [Get custom node](https://bloodhound.specterops.io/reference/custom-node-management/get-custom-node.md): Retrieve the configuration for a specific custom node kind. Returns the display settings and metadata for the requested node kind. - [Get custom nodes](https://bloodhound.specterops.io/reference/custom-node-management/get-custom-nodes.md): Retrieve a list of all custom node configurations. This endpoint returns the current set of registered node kinds and their display settings. - [Update custom node](https://bloodhound.specterops.io/reference/custom-node-management/update-custom-node.md): This endpoint updates an existing node kind along with optional display metadata such as icons and colors. The provided configuration controls how nodes of the specified kinds are interpreted and rendered in the UI. Only free, solid-style Font Awesome icons are supported. Hex color codes must follow… - [Create a saved query](https://bloodhound.specterops.io/reference/cypher/create-a-saved-query.md): Create a new saved query - [Delete a saved query](https://bloodhound.specterops.io/reference/cypher/delete-a-saved-query.md): Delete an existing saved query by ID - [Export a saved query](https://bloodhound.specterops.io/reference/cypher/export-a-saved-query.md): Export an existing saved query by ID - [Export one or more saved queries](https://bloodhound.specterops.io/reference/cypher/export-one-or-more-saved-queries.md): Export existing saved queries using the scope parameter. - [Import one or more cypher queries.](https://bloodhound.specterops.io/reference/cypher/import-one-or-more-cypher-queries.md): Import one or more cypher queries. - [List saved queries](https://bloodhound.specterops.io/reference/cypher/list-saved-queries.md): Get all saved queries for the current user - [Revokes permission of a saved query from users](https://bloodhound.specterops.io/reference/cypher/revokes-permission-of-a-saved-query-from-users.md): Revokes permission of a saved query from a given set of users - [Run a cypher query](https://bloodhound.specterops.io/reference/cypher/run-a-cypher-query.md): Runs a manual cypher query directly against the database. - [Share a saved query or set it to public](https://bloodhound.specterops.io/reference/cypher/share-a-saved-query-or-set-it-to-public.md): Shares an existing saved query or makes it public - [Update a saved query](https://bloodhound.specterops.io/reference/cypher/update-a-saved-query.md): Update an existing saved query by ID - [Get AD domain data quality stats](https://bloodhound.specterops.io/reference/data-quality/get-ad-domain-data-quality-stats.md): Time series list of data quality stats for a given AD domain - [Get Azure tenant data quality stats](https://bloodhound.specterops.io/reference/data-quality/get-azure-tenant-data-quality-stats.md): Time series list of data quality stats for a given Azure tenant - [Get database completeness stats](https://bloodhound.specterops.io/reference/data-quality/get-database-completeness-stats.md): Get the percentage of local admins and sessions collected - [Get platform data quality aggregate](https://bloodhound.specterops.io/reference/data-quality/get-platform-data-quality-aggregate.md): Time series list of aggregate data quality stats for a given platform - [Delete your BloodHound data](https://bloodhound.specterops.io/reference/database/delete-your-bloodhound-data.md): Wipes your BloodHound data permanently. Specify the data to delete in the request body. Possible data includes collected graph data, relationships of specific types, custom high value selectors, file ingest history, and data quality history. - [Cancels an analysis request](https://bloodhound.specterops.io/reference/datapipe/cancels-an-analysis-request.md): Flags the API to request the cancellation of analyzing ingest data. - [Get datapipe status](https://bloodhound.specterops.io/reference/datapipe/get-datapipe-status.md): Gets the current status of the datapipe - [Gets analysis request information](https://bloodhound.specterops.io/reference/datapipe/gets-analysis-request-information.md): Flags the API to request the information of an analysis request. - [Start analysis](https://bloodhound.specterops.io/reference/datapipe/start-analysis.md): Flags the API to begin analyzing ingest data. - [Get ADCS escalations of Domain entity](https://bloodhound.specterops.io/reference/domains/get-adcs-escalations-of-domain-entity.md): Get a list, graph, or count of the ADCS escalations of this Domain. - [Get domain entity computers](https://bloodhound.specterops.io/reference/domains/get-domain-entity-computers.md): Get a list or count of the computers that belong to this domain. - [Get domain entity controllers](https://bloodhound.specterops.io/reference/domains/get-domain-entity-controllers.md): Get a list, graph, or count of the principals that can control this domain. - [Get domain entity DC Syncers](https://bloodhound.specterops.io/reference/domains/get-domain-entity-dc-syncers.md): Get a list, graph, or count of the principals that can DC sync this domain. - [Get domain entity foregin groups](https://bloodhound.specterops.io/reference/domains/get-domain-entity-foregin-groups.md): Get a list, graph, or count of the groups outside of this domain that are members of groups inside this domain. - [Get domain entity foreign admins](https://bloodhound.specterops.io/reference/domains/get-domain-entity-foreign-admins.md): Get a list, graph, or count of the principals outside of this domain that have admin rights on principals in this domain. - [Get domain entity foreign GPO controllers](https://bloodhound.specterops.io/reference/domains/get-domain-entity-foreign-gpo-controllers.md): Get a list, graph, or count of the principals outside of this domain that can control GPOs inside this domain. - [Get domain entity foreign users](https://bloodhound.specterops.io/reference/domains/get-domain-entity-foreign-users.md): Get a list, graph, or count of the users outside of this domain that are members of groups inside this domain. - [Get domain entity GPOs](https://bloodhound.specterops.io/reference/domains/get-domain-entity-gpos.md): Get a list or count of the GPOs in this domain. - [Get domain entity groups](https://bloodhound.specterops.io/reference/domains/get-domain-entity-groups.md): Get a list or count of the groups in this domain. - [Get domain entity inbound trusts](https://bloodhound.specterops.io/reference/domains/get-domain-entity-inbound-trusts.md): Get a list, graph, or count of the inbound trusts for this domain. - [Get domain entity info](https://bloodhound.specterops.io/reference/domains/get-domain-entity-info.md): Get basic info and counts for this domain node. - [Get domain entity linked GPOs](https://bloodhound.specterops.io/reference/domains/get-domain-entity-linked-gpos.md): Get a list, graph, or count of the GPOs linked to this domain. - [Get domain entity OUs](https://bloodhound.specterops.io/reference/domains/get-domain-entity-ous.md): Get a list or count of the OUs in this domain. - [Get domain entity outbound trusts](https://bloodhound.specterops.io/reference/domains/get-domain-entity-outbound-trusts.md): Get a list, graph, or count of the outbound trusts for this domain. - [Get domain entity users](https://bloodhound.specterops.io/reference/domains/get-domain-entity-users.md): Get a list or count of the users in this domain. - [Update the Domain entity](https://bloodhound.specterops.io/reference/domains/update-the-domain-entity.md): Updates the supported properties on the Domain entity. - [Get Enterprise CA entity controllers](https://bloodhound.specterops.io/reference/enterprise-cas/get-enterprise-ca-entity-controllers.md): Get a list, graph, or count of the principals that can control this Enterprise CA. - [Get Enterprise CA entity info](https://bloodhound.specterops.io/reference/enterprise-cas/get-enterprise-ca-entity-info.md): Get info and counts for this Enterprise CA node. - [Get PKI hierarchy of Enterprise CA entity](https://bloodhound.specterops.io/reference/enterprise-cas/get-pki-hierarchy-of-enterprise-ca-entity.md): Get a list, graph, or count of the PKI hierarchy of this Enterprise CA. - [Get published certificate templates of Enterprise CA entity](https://bloodhound.specterops.io/reference/enterprise-cas/get-published-certificate-templates-of-enterprise-ca-entity.md): Get a list, graph, or count of the published certificate templates of this Enterprise CA. - [Accept EULA](https://bloodhound.specterops.io/reference/eula/accept-eula.md): Accept BloodHound Enterprise EULA for logged in user (EULA applies to BHE customers only). - [Create Event](https://bloodhound.specterops.io/reference/events-schedules/create-event.md): Creates a scheduled event for data collection - [Delete Event](https://bloodhound.specterops.io/reference/events-schedules/delete-event.md): Deletes a scheduled event and associated tasks by id - [Get Event](https://bloodhound.specterops.io/reference/events-schedules/get-event.md): Gets a scheduled job event by ID. - [List events](https://bloodhound.specterops.io/reference/events-schedules/list-events.md): Gets all client scheduled events. - [Update Event](https://bloodhound.specterops.io/reference/events-schedules/update-event.md): Updates a scheduled event - [Get GPO entity computer](https://bloodhound.specterops.io/reference/gpos/get-gpo-entity-computer.md): Get a list, graph, or count of the computers affected by this GPO. - [Get GPO entity controllers](https://bloodhound.specterops.io/reference/gpos/get-gpo-entity-controllers.md): Get a list, graph, or count of the principals that can control this OU. - [Get GPO entity info](https://bloodhound.specterops.io/reference/gpos/get-gpo-entity-info.md): Get info and counts for this GPO node. - [Get GPO entity OUs](https://bloodhound.specterops.io/reference/gpos/get-gpo-entity-ous.md): Get a list, graph, or count of the OUs affected by this GPO. - [Get GPO entity tier-zero](https://bloodhound.specterops.io/reference/gpos/get-gpo-entity-tier-zero.md): Get a list, graph, or count of the tier-zero principals associated with this GPO. - [Get GPO entity users](https://bloodhound.specterops.io/reference/gpos/get-gpo-entity-users.md): Get a list, graph, or count of the users affected by this GPO. - [Get ACL inheritance path](https://bloodhound.specterops.io/reference/graph/get-acl-inheritance-path.md): Returns a graph representing the path that an ACE is inherited through for a given edge. - [Get kinds](https://bloodhound.specterops.io/reference/graph/get-kinds.md): Gets kinds - [Get path composition](https://bloodhound.specterops.io/reference/graph/get-path-composition.md): Returns a graph representing the various nodes and edges that make up the complex post-processed edge. - [Get pathfinding result](https://bloodhound.specterops.io/reference/graph/get-pathfinding-result.md): DEPRECATED use GetShortestPath instead. Get the result of pathfinding between two nodes in graph format. - [Get relay targets](https://bloodhound.specterops.io/reference/graph/get-relay-targets.md): Returns a graph representing the various nodes that are valid relay targets for this edge - [Get search result](https://bloodhound.specterops.io/reference/graph/get-search-result.md): Get the result of searching a graph for a node by name - [Get the shortest path graph](https://bloodhound.specterops.io/reference/graph/get-the-shortest-path-graph.md): A graph of the shortest path from `start_node` to `end_node`. - [Get Group entity admin rights](https://bloodhound.specterops.io/reference/groups/get-group-entity-admin-rights.md): Get a list, graph, or count of the systems this group has admin rights to. - [Get Group entity controllables](https://bloodhound.specterops.io/reference/groups/get-group-entity-controllables.md): Get a list, graph, or count of the principals this group can control. - [Get Group entity controllers](https://bloodhound.specterops.io/reference/groups/get-group-entity-controllers.md): Get a list, graph, or count of the principals that can control this group. - [Get Group entity DCOMRights](https://bloodhound.specterops.io/reference/groups/get-group-entity-dcomrights.md): Get a list, graph, or count of the systems this group can execute DCOM on. - [Get Group entity info](https://bloodhound.specterops.io/reference/groups/get-group-entity-info.md): Get info and counts for this Group node. - [Get Group entity members](https://bloodhound.specterops.io/reference/groups/get-group-entity-members.md): Get a list, graph, or count of the principals that are a member of this group. - [Get Group entity memberships](https://bloodhound.specterops.io/reference/groups/get-group-entity-memberships.md): Get a list, graph, or count of the groups this group is a member of. - [Get Group entity PowerShell remote rights](https://bloodhound.specterops.io/reference/groups/get-group-entity-powershell-remote-rights.md): Get a list, graph, or count of the systems this group can execute PowerShell remote on. - [Get Group entity RDP rights](https://bloodhound.specterops.io/reference/groups/get-group-entity-rdp-rights.md): Get a list, graph, or count of the systems this group can RDP to. - [Get Group entity sessions](https://bloodhound.specterops.io/reference/groups/get-group-entity-sessions.md): Get a list, graph, or count of the active sessions for users that belong to this group. - [Cancels a scheduled job](https://bloodhound.specterops.io/reference/jobs/cancels-a-scheduled-job.md): Cancels a scheduled job - [Get client current job](https://bloodhound.specterops.io/reference/jobs/get-client-current-job.md): Gets the current job for the authenticated client. - [Get client job](https://bloodhound.specterops.io/reference/jobs/get-client-job.md): Gets client job - [Get Job Log File](https://bloodhound.specterops.io/reference/jobs/get-job-log-file.md): Get the log file from a SharpHound run - [Get jobs](https://bloodhound.specterops.io/reference/jobs/get-jobs.md): Gets client jobs - [List available client jobs](https://bloodhound.specterops.io/reference/jobs/list-available-client-jobs.md): Endpoint for clients to get next available jobs. - [List finished jobs](https://bloodhound.specterops.io/reference/jobs/list-finished-jobs.md): Gets all finished jobs - [Notifies the API of a job ending](https://bloodhound.specterops.io/reference/jobs/notifies-the-api-of-a-job-ending.md): Endpoint for clients to end a job and mark the end time. - [Notifies the API of a job start](https://bloodhound.specterops.io/reference/jobs/notifies-the-api-of-a-job-start.md): Endpoint for clients to start a new job and mark the start time. - [Get Meta entity info](https://bloodhound.specterops.io/reference/meta-entities/get-meta-entity-info.md): Get info and counts for this Meta node. - [Get NT Auth Store entity controllers](https://bloodhound.specterops.io/reference/nt-auth-stores/get-nt-auth-store-entity-controllers.md): Get a list, graph, or count of the principals that can control this NT Auth Store. - [Get NT Auth Store entity info](https://bloodhound.specterops.io/reference/nt-auth-stores/get-nt-auth-store-entity-info.md): Get info and counts for this NT Auth Store node. - [Get trusted Enterprise CAs of NT Auth Store entity](https://bloodhound.specterops.io/reference/nt-auth-stores/get-trusted-enterprise-cas-of-nt-auth-store-entity.md): Get a list, graph, or count of the trusted Enterprise CAs of this NT Auth Store. - [Delete OpenGraph Extension](https://bloodhound.specterops.io/reference/opengraph-experimental/delete-opengraph-extension.md): **Experimental** - Deletes an OpenGraph Extension by Extension ID - [List Edge Kinds](https://bloodhound.specterops.io/reference/opengraph-experimental/list-edge-kinds.md): **Experimental** - List all Edge Kinds across OpenGraph Schemas - [List OpenGraph Extensions Information](https://bloodhound.specterops.io/reference/opengraph-experimental/list-opengraph-extensions-information.md): **Experimental** - Lists pertinent OpenGraph extension information such as id, name, version, and if it is a built-in extension - [Upserts the OpenGraph Extension](https://bloodhound.specterops.io/reference/opengraph-experimental/upserts-the-opengraph-extension.md): **Experimental** - Upserts the OpenGraph extension - [Get OU entity computers](https://bloodhound.specterops.io/reference/ous/get-ou-entity-computers.md): Get a list, graph, or count of the computers contained by this OU. - [Get OU entity GPOs](https://bloodhound.specterops.io/reference/ous/get-ou-entity-gpos.md): Get a list, graph, or count of the GPOs that affect this OU. - [Get OU entity groups](https://bloodhound.specterops.io/reference/ous/get-ou-entity-groups.md): Get a list, graph, or count of the groups contained by this OU. - [Get OU entity info](https://bloodhound.specterops.io/reference/ous/get-ou-entity-info.md): Get info and counts for this OU node. - [Get OU entity users](https://bloodhound.specterops.io/reference/ous/get-ou-entity-users.md): Get a list, graph, or count of the users contained by this OU. - [Use the BloodHound API](https://bloodhound.specterops.io/reference/overview.md) - [Get Permission](https://bloodhound.specterops.io/reference/permissions/get-permission.md): Gets an authorization permission's details. - [List Permissions](https://bloodhound.specterops.io/reference/permissions/list-permissions.md): List all authorization permissions. - [Get Posture History](https://bloodhound.specterops.io/reference/risk-posture/get-posture-history.md): Gets posture data count changes over a time period - [Get Posture Statistics](https://bloodhound.specterops.io/reference/risk-posture/get-posture-statistics.md): Gets the history of database stats saved in the database - [Get Role](https://bloodhound.specterops.io/reference/roles/get-role.md): Gets an authorization role's details. - [List Roles](https://bloodhound.specterops.io/reference/roles/list-roles.md): List all authorization roles. - [Get PKI hierarchy of Root CA entity](https://bloodhound.specterops.io/reference/root-cas/get-pki-hierarchy-of-root-ca-entity.md): Get a list, graph, or count of the PKI hierarchy of this Root CA. - [Get Root CA entity controllers](https://bloodhound.specterops.io/reference/root-cas/get-root-ca-entity-controllers.md): Get a list, graph, or count of the principals that can control this Root CA. - [Get Root CA entity info](https://bloodhound.specterops.io/reference/root-cas/get-root-ca-entity-info.md): Get info and counts for this Root CA node. - [Get available domains](https://bloodhound.specterops.io/reference/search/get-available-domains.md): Gets available domains along with their collection status - [Search for objects](https://bloodhound.specterops.io/reference/search/search-for-objects.md): Search for graph objects by name or object ID, filtered by type. - [Cancels a scheduled task](https://bloodhound.specterops.io/reference/tasks/cancels-a-scheduled-task.md): **Deprecated**: This endpoint will no longer be supported in future releases. Please use `PUT /api/v2/jobs/{job_id}/cancel` instead. - [Get client current task](https://bloodhound.specterops.io/reference/tasks/get-client-current-task.md): **Deprecated**: This endpoint will no longer be supported in future releases. Please use `GET /api/v2/jobs/current` instead. - [Get client task](https://bloodhound.specterops.io/reference/tasks/get-client-task.md): **Deprecated**: This endpoint will no longer be supported in future releases. Please use `GET /api/v2/jobs/{job_id}` instead. - [Get Task Log File](https://bloodhound.specterops.io/reference/tasks/get-task-log-file.md): **Deprecated**: This endpoint will no longer be supported in future releases. Please use `GET /api/v2/jobs/{job_id}/log` instead. - [Get tasks](https://bloodhound.specterops.io/reference/tasks/get-tasks.md): **Deprecated**: This endpoint will no longer be supported in future releases. Please use `GET /api/v2/jobs` instead. - [List available client tasks](https://bloodhound.specterops.io/reference/tasks/list-available-client-tasks.md): **Deprecated**: This endpoint will no longer be supported in future releases. Please use `GET /api/v2/jobs/available` instead. - [List finished tasks](https://bloodhound.specterops.io/reference/tasks/list-finished-tasks.md): **Deprecated**: This endpoint will no longer be supported in future releases. Please use `GET /api/v2/jobs/finished` instead. - [Notifies the API of a task ending](https://bloodhound.specterops.io/reference/tasks/notifies-the-api-of-a-task-ending.md): **Deprecated**: This endpoint will no longer be supported in future releases. Please use `POST /api/v2/jobs/end` instead. - [Notifies the API of a task start](https://bloodhound.specterops.io/reference/tasks/notifies-the-api-of-a-task-start.md): **Deprecated**: This endpoint will no longer be supported in future releases. Please use `POST /api/v2/jobs/start` instead. - [Get Help and Use the BloodHound Community](https://bloodhound.specterops.io/resources/community-support/getting-help.md) - [Community and Support](https://bloodhound.specterops.io/resources/community-support/overview.md): Connect with the BloodHound community, seek assistance, and find resources for support and collaboration. - [Additional Training and Resources](https://bloodhound.specterops.io/resources/community-support/training-resources.md) - [AbuseTGTDelegation](https://bloodhound.specterops.io/resources/edges/abuse-tgt-delegation.md): The trust from the target node domain to the source node domain has TGT delegation enabled. When a resource in the source node domain is configured with unconstrained delegation, principals from the target node domain will automatically forward their Ticket Granting Ticket (TGT) to that resource upo… - [ADCSESC1](https://bloodhound.specterops.io/resources/edges/adcs-esc1.md): This edge indicates that the principal has permission to enroll on one or more certificate templates, allowing them to specify an alternate subject name and use the certificate for authentication. They also have enrollment permission for an enterprise CA with the necessary templates published. - [ADCSESC10a](https://bloodhound.specterops.io/resources/edges/adcs-esc10a.md): This edge indicates that the principal has control over a victim principal with permission to enroll on one or more certificate templates, configured to enable certificate authentication and require the userPrincipalName (UPN) of the enrollee included in the Subject Alternative Name (SAN). - [ADCSESC10b](https://bloodhound.specterops.io/resources/edges/adcs-esc10b.md): The principal has control over a victim computer with permission to enroll on one or more certificate templates, configured to enable certificate authentication, and require the `dNSHostName` of the enrollee included in the Subject Alternative Name (SAN). - [ADCSESC13](https://bloodhound.specterops.io/resources/edges/adcs-esc13.md): The ADCSESC13 edge indicates that the principal has the privileges to perform the ADCS ESC13 abuse against the target AD group. The principal has enrollment rights on a certificate template configured with an issuance policy extension. - [ADCSESC3](https://bloodhound.specterops.io/resources/edges/adcs-esc3.md): The principal has permission to enroll on a certificate allowing them to obtain an enrollment agent certificate. - [ADCSESC4](https://bloodhound.specterops.io/resources/edges/adcs-esc4.md): The ADCSESC4 edge indicates that the principal has the privileges to perform the ADCS ESC4 abuse against the target AD domain. - [ADCSESC6a](https://bloodhound.specterops.io/resources/edges/adcs-esc6a.md): The principal has permission to enroll on one or more certificate templates allowing for authentication. - [ADCSESC6b](https://bloodhound.specterops.io/resources/edges/adcs-esc6b.md): The principal has permission to enroll on one or more certificate templates allowing for authentication. - [ADCSESC9a](https://bloodhound.specterops.io/resources/edges/adcs-esc9a.md): The principal has control over a victim principal with permission to enroll on one or more certificate templates, configured to: 1) enable certificate authentication, 2) require the `userPrincipalName` (UPN) of the enrollee included in the Subject Alternative Name (SAN), and 3) do not have the secur… - [ADCSESC9b](https://bloodhound.specterops.io/resources/edges/adcs-esc9b.md): The principal has control over a victim computer with permission to enroll on one or more certificate templates, configured to: 1) enable certificate authentication, 2) require the `dNSHostName`  of the enrollee included in the Subject Alternative Name (SAN), and 3) not have the security extension e… - [AddAllowedToAct](https://bloodhound.specterops.io/resources/edges/add-allowed-to-act.md): This edge means it's possible to modify the msDS-AllowedToActOnBehalfOfOtherIdentity property of a target. - [AddKeyCredentialLink](https://bloodhound.specterops.io/resources/edges/add-key-credential-link.md): The ability to write to the “msds-KeyCredentialLink” property on a user or computer. Writing to this property allows an attacker to create “Shadow Credentials” on the object and authenticate as the principal using kerberos PKINIT. - [AddMember](https://bloodhound.specterops.io/resources/edges/add-member.md): This edge indicates the principal has the ability to add arbitrary principals to the target security group. Because of security group delegation, the members of a security group have the same privileges as that group. - [AddSelf](https://bloodhound.specterops.io/resources/edges/add-self.md): This edge indicates the principal has the ability to add itself to the target security group. Because of security group delegation, the members of a security group have the same privileges as that group. - [AdminTo](https://bloodhound.specterops.io/resources/edges/admin-to.md): This edge indicates that principal is a local administrator on the target computer. - [AllExtendedRights](https://bloodhound.specterops.io/resources/edges/all-extended-rights.md): Extended rights are special rights granted on objects which allow reading of privileged attributes, as well as performing special actions. - [AllowedToAct](https://bloodhound.specterops.io/resources/edges/allowed-to-act.md): This edge allows an attacker to abuse resource-based constrained delegation to compromise the target. This property is a binary DACL that controls what security principals can pretend to be any domain user to the particular computer object. - [AllowedToDelegate](https://bloodhound.specterops.io/resources/edges/allowed-to-delegate.md): The constrained delegation primitive allows a principal to authenticate as any user to specific services (found in the msds-AllowedToDelegateTo LDAP property in the source node tab) on the target computer. - [AZAddMembers](https://bloodhound.specterops.io/resources/edges/az-add-members.md): The ability to add other principals to an Azure security group - [AZAddOwner](https://bloodhound.specterops.io/resources/edges/az-add-owner.md): This edge is created during post-processing. - [AZAddSecret](https://bloodhound.specterops.io/resources/edges/az-add-secret.md): Azure provides several systems and mechanisms for granting control of securable objects within Entra ID, including tenant-scoped admin roles, object-scoped admin roles, explicit object ownership, and API permissions. - [AZAKSContributor](https://bloodhound.specterops.io/resources/edges/az-aks-contributor.md): The Azure Kubernetes Service Contributor role grants full control of the target Azure Kubernetes Service Managed Cluster. - [AZAppAdmin](https://bloodhound.specterops.io/resources/edges/az-app-admin.md): The principal has the Application Administrator Entra ID role active and can control tenant-resident apps. - [AZAuthenticatesTo](https://bloodhound.specterops.io/resources/edges/az-authenticates-to.md): The AZAuthenticatesTo edge indicates that a Federated Identity Credential (FIC) is configured on an Azure App Registration, allowing an external identity provider to authenticate as the application without a password or certificate. - [AZAutomationContributor](https://bloodhound.specterops.io/resources/edges/az-automation-contributor.md): The Azure Automation Contributor role grants full control of the target Azure Automation Account. This includes the ability to execute arbitrary commands on the Automation Account. - [AZAvereContributor](https://bloodhound.specterops.io/resources/edges/az-avere-contributor.md): Any principal granted the Avere Contributor role, scoped to the affected VM, can reset the built-in administrator password on the VM. - [AZCloudAppAdmin](https://bloodhound.specterops.io/resources/edges/az-cloud-app-admin.md): The principal has the Cloud Application Administrator Entra ID role active and can control tenant-resident apps. - [AZContains](https://bloodhound.specterops.io/resources/edges/az-contains.md): This indicates that the parent object contains the child object, such as a resource group containing a virtual machine, or a tenant “containing” a subscription. - [AZContributor](https://bloodhound.specterops.io/resources/edges/az-contributor.md): The contributor role grants almost all abusable privileges in all circumstances, with some exceptions. Those exceptions are not collected by AzureHound. - [AZExecuteCommand](https://bloodhound.specterops.io/resources/edges/az-execute-command.md): Principals with the Intune Administrators role are able to execute arbitrary PowerShell scripts on devices that are joined to the Azure tenant. - [AZGetCertificates](https://bloodhound.specterops.io/resources/edges/az-get-certificates.md): The ability to read certificates from key vaults. - [AZGetKeys](https://bloodhound.specterops.io/resources/edges/az-get-keys.md): The ability to read keys from key vaults. - [AZGetSecrets](https://bloodhound.specterops.io/resources/edges/az-get-secrets.md): The ability to read secrets from key vaults. - [AZGlobalAdmin](https://bloodhound.specterops.io/resources/edges/az-global-admin.md): The principal has the Global Administrator Entra ID role active against the target tenant. In other words, the principal is a Global Admin. Global Admins can do almost anything against almost every object type in the tenant, this is the highest privilege role in Azure. - [AZHasRole](https://bloodhound.specterops.io/resources/edges/az-has-role.md): The principal has an active assignment to the Entra ID role. This includes permanent assignments, and temporary assignments via Privileged Identity Management (PIM). If the principal is assigned eligibility via PIM the principal will also have an [AZRoleEligible](/resources/edges/az-role-eligible) e… - [AZKeyVaultKVContributor](https://bloodhound.specterops.io/resources/edges/az-key-vault-contributor.md): The Key Vault Contributor role grants full control of the target Key Vault. This includes the ability to read all secrets stored on the Key Vault. - [AZLogicAppContributor](https://bloodhound.specterops.io/resources/edges/az-logic-app-contributor.md): The Logic Contributor role grants full control of the target Logic App. This includes the ability to execute arbitrary commands on the Logic App. - [AZManagedIdentity](https://bloodhound.specterops.io/resources/edges/az-managed-identity.md): Azure resources like Virtual Machines, Logic Apps, and Automation Accounts can be assigned to either System- or User-Assigned Managed Identities. - [AZMemberOf](https://bloodhound.specterops.io/resources/edges/az-member-of.md): The given asset is a member of the group. - [AZMGAddMember](https://bloodhound.specterops.io/resources/edges/az-mg-add-member.md): This edge is created during post-processing. - [AZMGAddOwner](https://bloodhound.specterops.io/resources/edges/az-mg-add-owner.md): This edge is created during post-processing. - [AZMGAddSecret](https://bloodhound.specterops.io/resources/edges/az-mg-add-secret.md): This edge is created during post-processing. - [AZMGAppRoleAssignment_ReadWrite_All](https://bloodhound.specterops.io/resources/edges/az-mg-app-role-assignment-readwrite-all.md): This edge is created when a Service Principal has been granted the AppRoleAssignment.ReadWrite.All edge. - [AZMGApplication_ReadWrite_All](https://bloodhound.specterops.io/resources/edges/az-mg-application-readwrite-all.md): This edge is created when a Service Principal has been granted the Application.ReadWrite.All edge. - [AZMGDirectory_ReadWrite_All](https://bloodhound.specterops.io/resources/edges/az-mg-directory-readwrite-all.md): This edge is created when a Service Principal has been granted the Directory.ReadWrite.All edge. - [AZMGGrantAppRoles](https://bloodhound.specterops.io/resources/edges/az-mg-grant-app-roles.md): This edge is created during post-processing. - [AZMGGrantRole](https://bloodhound.specterops.io/resources/edges/az-mg-grant-role.md): This edge is created during post-processing. - [AZMGGroupMember_ReadWrite_All](https://bloodhound.specterops.io/resources/edges/az-mg-group-member-readwrite-all.md): This edge is created when a Service Principal has been granted the GroupMember.ReadWrite.All edge. - [AZMGGroup_ReadWrite_All](https://bloodhound.specterops.io/resources/edges/az-mg-group-readwrite-all.md): This edge is created when a Service Principal has been granted the Group.ReadWrite.All edge. - [AZMGRoleManagement_ReadWrite_Directory](https://bloodhound.specterops.io/resources/edges/az-mg-role-management-readwrite-directory.md): This edge is created when a Service Principal has been granted the RoleManagement.ReadWrite.Directory edge. - [AZMGServicePrincipalEndpoint_ReadWrite_All](https://bloodhound.specterops.io/resources/edges/az-mg-service-principal-endpoint-readwrite-all.md): This edge is created when a Service Principal has been granted the ServicePrincipalEndpoint.ReadWrite.All edge. - [AZNodeResourceGroup](https://bloodhound.specterops.io/resources/edges/az-node-resource-group.md): This edge is created to link Azure Kubernetes Service Managed Clusters to the Virtual Machine Scale Sets they use to execute commands on. - [AZOwner](https://bloodhound.specterops.io/resources/edges/az-owner.md): An Entra principal has been granted the Azure Resource Manager role called "Owner" over an Azure Resource Manager asset. - [AZOwns](https://bloodhound.specterops.io/resources/edges/az-owns.md): An Entra principal has been added as an owner over an Entra asset. - [AZPrivilegedAuthAdmin](https://bloodhound.specterops.io/resources/edges/az-privileged-auth-admin.md): The principal has the Privileged Authentication Administrator Entra ID role active against the target tenant. - [AZPrivilegedRoleAdmin](https://bloodhound.specterops.io/resources/edges/az-privileged-role-admin.md): The principal has the Privileged Role Administrator Entra ID role active against the target tenant. - [AZResetPassword](https://bloodhound.specterops.io/resources/edges/az-reset-password.md): The ability to change another user’s password without knowing their current password. - [AZRoleApprover](https://bloodhound.specterops.io/resources/edges/az-role-approver.md): The principal is designated as an approver in the Privileged Identity Management (PIM) policy for the Entra ID role. PIM policies may require principals with the [AZRoleEligible](/resources/edges/az-role-eligible) edge to get approval from role approvers before activation takes effect. - [AZRoleEligible](https://bloodhound.specterops.io/resources/edges/az-role-eligible.md): The principal is eligible for assignment to the Entra ID role via Privileged Identity Management (PIM). When the role is active the principal will also have an [AZHasRole](/resources/edges/az-has-role) edge to the role. - [AZRunsAs](https://bloodhound.specterops.io/resources/edges/az-runs-as.md): The Azure App runs as the Service Principal when it needs to authenticate to the tenant. - [AZScopedTo](https://bloodhound.specterops.io/resources/edges/az-scoped-to.md): Is used to distinguish whether an EntraID (AzureAD) admin role such as Application Administrator or Cloud Application Administrator is scoped to the tenant or to a particular app registration or service principal. - [AZUserAccessAdministrator](https://bloodhound.specterops.io/resources/edges/az-user-access-administrator.md): The User Access Admin role can edit roles against many other objects. - [AZVMAdminLogin](https://bloodhound.specterops.io/resources/edges/az-vm-admin-login.md): When a virtual machine is configured to allow logon with Azure credentials, the VM automatically has certain principals added to its local administrators group, including any principal granted the Virtual Machine Administrator Login (or “VMAL”) admin role. - [AZVMContributor](https://bloodhound.specterops.io/resources/edges/az-vm-contributor.md): The Virtual Machine contributor role grants almost all abusable privileges against Virtual Machines. - [AZWebsiteContributor](https://bloodhound.specterops.io/resources/edges/az-website-contributor.md): The Website Contributor role grants full control of the target Function App or Web App. Full control of either of those types of resources allows for arbitrary command execution against the target resoruce. - [CanPSRemote](https://bloodhound.specterops.io/resources/edges/can-ps-remote.md): PS Session access allows you to enter an interactive session with the target computer. If authenticating as a low privilege user, a privilege escalation may allow you to gain high privileges on the system. - [CanRDP](https://bloodhound.specterops.io/resources/edges/can-rdp.md): Remote Desktop access allows you to enter an interactive session with the target computer. If authenticating as a low privilege user, a privilege escalation may allow you to gain high privileges on the system. - [ClaimSpecialIdentity](https://bloodhound.specterops.io/resources/edges/claim-special-identity.md): The ClaimSpecialIdentity edge represents the ability to obtain an access token containing a special identity (group) SID. - [CoerceAndRelayNTLMToADCS](https://bloodhound.specterops.io/resources/edges/coerce-and-relay-ntlm-to-adcs.md): The target computer can be coerced to authenticate via NTLM to an ADCS server, allowing an attacker to obtain a certificate for domain authentication. - [CoerceAndRelayNTLMToLDAP](https://bloodhound.specterops.io/resources/edges/coerce-and-relay-ntlm-to-ldap.md): The target computer can be coerced to authenticate via NTLM to an LDAP service on a domain controller that does not require LDAP signing, allowing an attacker to abuse Active Directory permissions or obtain administrative access to the target computer. - [CoerceAndRelayNTLMToLDAPS](https://bloodhound.specterops.io/resources/edges/coerce-and-relay-ntlm-to-ldaps.md): The target computer can be coerced to authenticate via NTLM to an LDAPS service on a domain controller that does not require LDAPS channel binding, allowing an attacker to abuse Active Directory permissions or obtain administrative access to the target computer. - [CoerceAndRelayNTLMToSMB](https://bloodhound.specterops.io/resources/edges/coerce-and-relay-ntlm-to-smb.md): An attacker can coerce a computer to authenticate via NTLM to an SMB service on a target computer that does not enforce SMB signing, allowing the attacker to gain administrative access to the target computer. - [CoerceToTGT](https://bloodhound.specterops.io/resources/edges/coerce-to-tgt.md): The computer/user account is configured with Kerberos unconstrained delegation. - [Contains](https://bloodhound.specterops.io/resources/edges/contains.md): GPOs linked to a container apply to all objects that are contained by the container. Additionally, ACEs set on a parent OU may inherit down to child objects. - [CrossForestTrust](https://bloodhound.specterops.io/resources/edges/cross-forest-trust.md): The CrossForestTrust edge represents a trust relationship between two domains/forests. In this relationship, the source node domain has a cross-forest (interforest) trust to the destination node domain, allowing principals (users and computers) from the destination domain to access resources in the… - [DCFor](https://bloodhound.specterops.io/resources/edges/dc-for.md): This edge indicates that the computer is a domain controller for the domain. This edge is not created for read-only domain controllers. - [DCSync](https://bloodhound.specterops.io/resources/edges/dc-sync.md): This edge represents the combination of GetChanges and GetChangesAll. The combination of both these privileges grants a principal the ability to perform the DCSync attack. - [DelegatedEnrollmentAgent](https://bloodhound.specterops.io/resources/edges/delegated-enrollment-agent.md): The source principal node is delegated the privilege to enroll certificates of the destination certificate template node as an enrollment agent. - [DumpSMSAPassword](https://bloodhound.specterops.io/resources/edges/dump-smsa-password.md): A computer with this indicates that a Standalone Managed Service Account (sMSA) is installed on it. - [Enroll](https://bloodhound.specterops.io/resources/edges/enroll.md): The target node may be a Certificate Template or an Enterprise Certification Authority. - [EnrollOnBehalfOf](https://bloodhound.specterops.io/resources/edges/enroll-on-behalf-of.md): The certificate template "A" is configured to be used as an enrollment agent. - [EnterpriseCAFor](https://bloodhound.specterops.io/resources/edges/enterprise-ca-for.md): The Enterprise Certification Authority node is the enrollment service LDAP object for the target Root Certification Authority node. - [ExecuteDCOM](https://bloodhound.specterops.io/resources/edges/execute-dcom.md): This can allow code execution under certain conditions by instantiating a COM object on a remote machine and invoking its methods. - [ExtendedByPolicy](https://bloodhound.specterops.io/resources/edges/extended-by-policy.md): The edge indicates that a certificate template includes an issuance policy as a certificate extension. - [ForceChangePassword](https://bloodhound.specterops.io/resources/edges/force-change-password.md): This edge indicates that the principal can reset the password of the target user without knowing the current password of that user. - [GenericAll](https://bloodhound.specterops.io/resources/edges/generic-all.md): This is also known as full control. This privilege allows the trustee to manipulate the target object however they wish. - [GenericWrite](https://bloodhound.specterops.io/resources/edges/generic-write.md): Generic Write access grants you the ability to write to any non-protected attribute on the target object, including "members" for a group, and "servicePrincipalNames" for a user. - [GetChanges](https://bloodhound.specterops.io/resources/edges/get-changes.md): The principal is granted the GetChanges right on the domain. - [GetChangesAll](https://bloodhound.specterops.io/resources/edges/get-changes-all.md): The principal is granted the GetChangesAll right on the domain. - [GetChangesInFilteredSet](https://bloodhound.specterops.io/resources/edges/get-changes-in-filtered-set.md): The principal is allowed to synchronize (DCSync) the Filtered Attribute Set (FAS), which are the attributes not replicated to RODCs. - [GoldenCert](https://bloodhound.specterops.io/resources/edges/golden-cert.md): The victim principal has a certificate private key that can be abused to sign "golden" certificates for authentication of any enabled principal in the AD forest of the domain. - [GPLink](https://bloodhound.specterops.io/resources/edges/gp-link.md): A linked GPO applies its settings to objects in the linked container. - [HasSession](https://bloodhound.specterops.io/resources/edges/has-session.md): When a user authenticates to a computer, they often leave credentials exposed on the system, which can be retrieved through LSASS injection, token manipulation or theft, or injecting into a user’s process. - [HasSIDHistory](https://bloodhound.specterops.io/resources/edges/has-sid-history.md): The given source principal has, in its SIDHistory attribute, the SID for the target principal. - [HasTrustKeys](https://bloodhound.specterops.io/resources/edges/has-trust-keys.md): The relationship's source node is a domain which has the trust keys for the end node trust account. - [HostsCAService](https://bloodhound.specterops.io/resources/edges/hosts-ca-service.md): The Enterprise Certification Authority node is the enrollment service LDAP object for CA hosted on the computer node. - [IssuedSignedBy](https://bloodhound.specterops.io/resources/edges/issued-signed-by.md): When Windows assesses the validity and trustworthiness of a certificate it verifies the certificate chain up to a trusted root certificate. The IssuedSignedBy edge represents a link within the certificate chain. - [LocalToComputer](https://bloodhound.specterops.io/resources/edges/local-to-computer.md): The LocalGroup is a local group on the Computer. - [ManageCA](https://bloodhound.specterops.io/resources/edges/manage-ca.md): The principal has the "Manage CA", also known as "CA Administrator", permission on the Enterprise CA. - [ManageCertificates](https://bloodhound.specterops.io/resources/edges/manage-certificates.md): The principal has the "Manage Certificates", also known as "CA Officer", permission on the Enterprise CA. - [MemberOf](https://bloodhound.specterops.io/resources/edges/member-of.md): Groups in active directory grant their members any privileges the group itself has. - [MemberOfLocalGroup](https://bloodhound.specterops.io/resources/edges/member-of-local-group.md): From a Principal to LocalGroup. Principal is a member of the LocalGroup. - [NTAuthStoreFor](https://bloodhound.specterops.io/resources/edges/nt-auth-store-for.md): The NTAuthStore is the Enterprise NTAuth store (NTAuthCertificates object) for the AD forest of the domain node. - [OIDGroupLink](https://bloodhound.specterops.io/resources/edges/oid-group-link.md): The edge indicates that an IssuancePolicy has an OID group link to a group. - [About BloodHound Edges](https://bloodhound.specterops.io/resources/edges/overview.md): Edges are part of the graph construct and are represented as links/relationships that connect one node to another node. - [Owns](https://bloodhound.specterops.io/resources/edges/owns.md): Object owners retain the ability to modify object security descriptors, regardless of permissions on the object’s DACL - [OwnsLimitedRights](https://bloodhound.specterops.io/resources/edges/owns-limited-rights.md): When specific privileges on an object's DACL are explicitly granted to the `OWNER RIGHTS` SID (S-1-3-4), implicit owner rights (e.g., WriteDacl) are blocked, and the owner is granted only the specific privileges granted to OWNER RIGHTS. This can be used to limit the rights of the owner of an object. - [OwnsRaw](https://bloodhound.specterops.io/resources/edges/owns-raw.md): This edge is established from the principal that owns an object to the owned object. This edge is processed further to determine whether implicit owner rights (e.g., WriteDacl) are blocked, which may prevent the owner from compromising the destination object. - [ProtectAdminGroups](https://bloodhound.specterops.io/resources/edges/protect-admin-groups.md): The ProtectAdminGroups background task tattoos the AdminSDHolder security descriptor on this node. - [PublishedTo](https://bloodhound.specterops.io/resources/edges/published-to.md): The certificate template is published to an enterprise certification authority. - [ReadGMSAPassword](https://bloodhound.specterops.io/resources/edges/read-gmsa-password.md): This privilege allows you to read the password for a Group Managed Service Account (GMSA). - [ReadLAPSPassword](https://bloodhound.specterops.io/resources/edges/read-laps-password.md): This privilege allows a principal to read the LAPS password from a computer. - [RemoteInteractiveLogonRight](https://bloodhound.specterops.io/resources/edges/remote-interactive-logon-right.md): From Principal to Computer. Principal has the SeRemoteInteractiveLogonRight on the Computer. - [RootCAFor](https://bloodhound.specterops.io/resources/edges/root-ca-for.md): The CA is trusted as a root certification authority by the domain. - [SameForestTrust](https://bloodhound.specterops.io/resources/edges/same-forest-trust.md): The SameForestTrust edge represents a trust relationship between two domains within the same AD forest. - [SpoofSIDHistory](https://bloodhound.specterops.io/resources/edges/spoof-sid-history.md): The cross-forest trust from the target domain to the source domain has a weak SID filtering configuration (SpoofSIDHistoryBlocked = False). - [SQLAdmin](https://bloodhound.specterops.io/resources/edges/sql-admin.md): The user is a SQL admin on the target computer - [SyncLAPSPassword](https://bloodhound.specterops.io/resources/edges/sync-laps-password.md): A principal with this signifies the capability of retrieving, through a directory synchronization, the value of confidential and RODC filtered attributes, such as LAPS’ _ms-Mcs-AdmPwd_. - [SyncedToADUser](https://bloodhound.specterops.io/resources/edges/synced-to-ad-user.md): The Entra user is synchronized to the on-prem AD user. - [SyncedToEntraUser](https://bloodhound.specterops.io/resources/edges/synced-to-entra-user.md): The on-prem AD user is synchronized to the Entra ID user. - [Traversable and Non-Traversable Edge Types](https://bloodhound.specterops.io/resources/edges/traversable-edges.md): Details on traversable and non-traversable edge types in BloodHound - [TrustedForNTAuth](https://bloodhound.specterops.io/resources/edges/trusted-for-nt-auth.md): The NTAuthStore contains the certificate of the Enterprise CA. - [WriteAccountRestrictions](https://bloodhound.specterops.io/resources/edges/write-account-restrictions.md): This edge indicates the principal has the ability to modify several properties on the target principal, most notably the msDS-AllowedToActOnBehalfOfOtherIdentity attribute. - [WriteDacl](https://bloodhound.specterops.io/resources/edges/write-dacl.md): With write access to the target object’s DACL, you can grant yourself any privilege you want on the object. - [WriteGPLink](https://bloodhound.specterops.io/resources/edges/write-gp-link.md): The WriteGPLink edge indicates that the principal has the permissions to modify the gPLink attribute of the targeted OU/domain node. - [WriteOwner](https://bloodhound.specterops.io/resources/edges/write-owner.md): Object owners retain the ability to modify object security descriptors, regardless of permissions on the object’s DACL. - [WriteOwnerLimitedRights](https://bloodhound.specterops.io/resources/edges/write-owner-limited-rights.md): When specific privileges on an object's DACL are explicitly granted to the `OWNER RIGHTS` SID (S-1-3-4), and inheritance is configured for those permissions, they are inherited by the new object owner after a change in ownership. In this case, implicit owner rights are blocked, and the new owner is… - [WriteOwnerRaw](https://bloodhound.specterops.io/resources/edges/write-owner-raw.md): This edge is established from the principal that can change the owner of an object to the owned object. This edge is processed further to determine whether implicit owner rights (e.g., WriteDacl) are blocked, which may prevent the owner from compromising the destination object. - [WritePKIEnrollmentFlag](https://bloodhound.specterops.io/resources/edges/write-pki-enrollment-flag.md): The attacker principal has the ability to write to the msPKI-Enrollment-Flag attribute on the victim principal, which allows the attacker principal to configure "manager approval" for the certificate template and other settings. - [WritePKINameFlag](https://bloodhound.specterops.io/resources/edges/write-pki-name-flag.md): The attacker principal has the ability to write to the msPKI-Certificate-Name-Flag attribute on the victim principal, which allows the attacker principal to configure "enrollee supplies subject" for the certificate template and other settings. - [WriteSPN](https://bloodhound.specterops.io/resources/edges/write-spn.md): The ability to write directly to the servicePrincipalNames attribute on a user object. - [BloodHound Glossary](https://bloodhound.specterops.io/resources/glossary/overview.md): Learn the terminology used in BloodHound software and documentation. - [Legacy BloodHound](https://bloodhound.specterops.io/resources/legacy.md) - [ADLocalGroup](https://bloodhound.specterops.io/resources/nodes/ad-local-group.md) - [AIACA](https://bloodhound.specterops.io/resources/nodes/aiaca.md) - [AZApp](https://bloodhound.specterops.io/resources/nodes/az-app.md) - [AZAutomationAccount](https://bloodhound.specterops.io/resources/nodes/az-automation-account.md) - [AZBase](https://bloodhound.specterops.io/resources/nodes/az-base.md) - [AZContainerRegistry](https://bloodhound.specterops.io/resources/nodes/az-container-registry.md) - [AZDevice](https://bloodhound.specterops.io/resources/nodes/az-device.md) - [AZFederatedIdentityCredential](https://bloodhound.specterops.io/resources/nodes/az-federated-identity-credential.md): The AZFederatedIdentityCredential node represents a Federated Identity Credential (FIC) configured on an Azure App Registration, which allows an external identity provider to authenticate as the application without a password or certificate. - [AZFunctionApp](https://bloodhound.specterops.io/resources/nodes/az-function-app.md) - [AZGroup](https://bloodhound.specterops.io/resources/nodes/az-group.md) - [AZKeyVault](https://bloodhound.specterops.io/resources/nodes/az-key-vault.md) - [AZLogicApp](https://bloodhound.specterops.io/resources/nodes/az-logic-app.md) - [AZManagedCluster](https://bloodhound.specterops.io/resources/nodes/az-managed-cluster.md) - [AZManagementGroup](https://bloodhound.specterops.io/resources/nodes/az-management-group.md) - [AZResourceGroup](https://bloodhound.specterops.io/resources/nodes/az-resource-group.md) - [AZRole](https://bloodhound.specterops.io/resources/nodes/az-role.md) - [AZServicePrincipal](https://bloodhound.specterops.io/resources/nodes/az-service-principal.md) - [AZSubscription](https://bloodhound.specterops.io/resources/nodes/az-subscription.md) - [AZTenant](https://bloodhound.specterops.io/resources/nodes/az-tenant.md) - [AZUser](https://bloodhound.specterops.io/resources/nodes/az-user.md) - [AZVM](https://bloodhound.specterops.io/resources/nodes/az-vm.md) - [AZVMScaleSet](https://bloodhound.specterops.io/resources/nodes/az-vm-scale-set.md) - [AZWebApp](https://bloodhound.specterops.io/resources/nodes/az-web-app.md) - [Base](https://bloodhound.specterops.io/resources/nodes/base.md) - [CertTemplate](https://bloodhound.specterops.io/resources/nodes/cert-template.md) - [Computer](https://bloodhound.specterops.io/resources/nodes/computer.md) - [Container](https://bloodhound.specterops.io/resources/nodes/container.md) - [Domain](https://bloodhound.specterops.io/resources/nodes/domain.md) - [EnterpriseCA](https://bloodhound.specterops.io/resources/nodes/enterprise-ca.md) - [GPO](https://bloodhound.specterops.io/resources/nodes/gpo.md) - [Group](https://bloodhound.specterops.io/resources/nodes/group.md) - [IssuancePolicy](https://bloodhound.specterops.io/resources/nodes/issuance-policy.md) - [Meta](https://bloodhound.specterops.io/resources/nodes/meta.md): Nodes generated and used by analysis - [NTAuthStore](https://bloodhound.specterops.io/resources/nodes/nt-auth-store.md) - [OU](https://bloodhound.specterops.io/resources/nodes/ou.md) - [About BloodHound Nodes](https://bloodhound.specterops.io/resources/nodes/overview.md) - [RootCA](https://bloodhound.specterops.io/resources/nodes/root-ca.md) - [User](https://bloodhound.specterops.io/resources/nodes/user.md) - [Resources](https://bloodhound.specterops.io/resources/overview.md): Access comprehensive documentation about BloodHound graph components, terminology definitions, release information, and how to get help. - [2022-10-11 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2022-10-11.md) - [2022-10-24 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2022-10-24.md) - [2022-11-03 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2022-11-03.md) - [2022-11-21 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2022-11-21.md) - [2022-12-13 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2022-12-13.md) - [2022-12-19 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2022-12-19.md) - [2023-01-18 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2023-01-18.md) - [2023-01-31 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2023-01-31.md) - [2023-02-07 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2023-02-07.md) - [2023-02-21 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2023-02-21.md) - [2023-03-06 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2023-03-06.md) - [2023-03-27 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2023-03-27.md) - [2023-04-13 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2023-04-13.md) - [2023-04-25 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2023-04-25.md) - [2023-05-16 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2023-05-16.md) - [2023-06-20 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2023-06-20.md) - [2023-08-08 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2023-08-08.md) - [2023-08-30 Release Notes (v5.0.7)](https://bloodhound.specterops.io/resources/release-notes/2023-08-30-v5-0-7.md) - [2023-08-31 Release Notes (v5.0.8)](https://bloodhound.specterops.io/resources/release-notes/2023-08-31-v5-0-8.md) - [2023-09-19 Release Notes (v5.0.9)](https://bloodhound.specterops.io/resources/release-notes/2023-09-19-v5-0-9.md) - [2023-10-16 Release notes (v5.1.0)](https://bloodhound.specterops.io/resources/release-notes/2023-10-16-v5-1-0.md) - [2023-11-06 Release (v5.2.0 - BHE Only)](https://bloodhound.specterops.io/resources/release-notes/2023-11-06-v5-2-0.md) - [2023-12-05 Release Notes (v5.3.0)](https://bloodhound.specterops.io/resources/release-notes/2023-12-05-v5-3-0.md) - [2024-01-04 Release Notes (v5.4.0)](https://bloodhound.specterops.io/resources/release-notes/2024-01-04-v5-4-0.md) - [2024-01-23 Release Notes (v5.5.0)](https://bloodhound.specterops.io/resources/release-notes/2024-01-23-v5-5-0.md) - [2024-02-14 Release Notes (v5.6.0)](https://bloodhound.specterops.io/resources/release-notes/2024-02-14-v5-6-0.md) - [2024-03-04 Release Notes (v5.7.0)](https://bloodhound.specterops.io/resources/release-notes/2024-03-04-v5-7-0.md) - [2024-03-27 Release Notes (v5.8.0)](https://bloodhound.specterops.io/resources/release-notes/2024-03-27-v5-8-0.md) - [2024-04-15 Release Notes (v5.8.1)](https://bloodhound.specterops.io/resources/release-notes/2024-04-15-v5-8-1.md) - [2024-05-09 Release Notes (v5.9.0)](https://bloodhound.specterops.io/resources/release-notes/2024-05-09-v5-9-0.md) - [2024-05-28 Release Notes (v5.10.0)](https://bloodhound.specterops.io/resources/release-notes/2024-05-28-v5-10-0.md) - [2024-06-17 Release Notes (v5.11.0)](https://bloodhound.specterops.io/resources/release-notes/2024-06-17-v5-11-0.md) - [2024-07-17 Release Notes (v5.12.0)](https://bloodhound.specterops.io/resources/release-notes/2024-07-17-v5-12-0.md) - [2024-08-01 Release Notes (v5.13.0)](https://bloodhound.specterops.io/resources/release-notes/2024-08-01-v5-13-0.md) - [2024-08-06 Release Notes (v5.13.1)](https://bloodhound.specterops.io/resources/release-notes/2024-08-06-v5-13-1.md) - [2024-08-20 Release Notes (v5.14.0)](https://bloodhound.specterops.io/resources/release-notes/2024-08-20-v5-14-0.md) - [2024-09-10 Release Notes (v5.15.0)](https://bloodhound.specterops.io/resources/release-notes/2024-09-10-v5-15-0.md) - [2024-09-30 Release Notes (v6.0.0)](https://bloodhound.specterops.io/resources/release-notes/2024-09-30-v6-0-0.md) - [2024-10-22 Release Notes (v6.1.0)](https://bloodhound.specterops.io/resources/release-notes/2024-10-22-v6-1-0.md) - [2024-11-14 Release Notes (v6.2.0)](https://bloodhound.specterops.io/resources/release-notes/2024-11-14-v6-2-0.md) - [2024-12-09 Release Notes (v6.3.0)](https://bloodhound.specterops.io/resources/release-notes/2024-12-09-v6-3-0.md) - [2026-01-22 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2026-01-22.md): Learn about new features, enhancements, and fixed issues in BloodHound. - [2026-02-11 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2026-02-11.md): Learn about new features, enhancements, and fixed issues in BloodHound. - [2026-03-04 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2026-03-04.md): Learn about new features, enhancements, and fixed issues in BloodHound. - [2026-03-23 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2026-03-23.md): Learn about new features, enhancements, and fixed issues in BloodHound. - [2026-04-13 Release Notes](https://bloodhound.specterops.io/resources/release-notes/2026-04-13.md): Learn about new features, enhancements, and fixed issues in BloodHound. - [Release Summary](https://bloodhound.specterops.io/resources/release-notes/summary.md): Stay informed about new features, enhancements, and fixed issues for the latest BloodHound releases. - [2025-01-14 Release Notes (v6.4.0)](https://bloodhound.specterops.io/resources/release-notes/v6-4-0.md) - [2025-02-05 Release Notes (v7.0.0)](https://bloodhound.specterops.io/resources/release-notes/v7-0-0.md) - [2025-03-06 Release Notes (v7.1.0)](https://bloodhound.specterops.io/resources/release-notes/v7-1-0.md) - [2025-03-25 Release Notes (v7.2.0)](https://bloodhound.specterops.io/resources/release-notes/v7-2-0.md) - [2025-04-03 Release Notes (v7.2.1)](https://bloodhound.specterops.io/resources/release-notes/v7-2-1.md) - [2025-04-22 Release Notes (v7.3.0)](https://bloodhound.specterops.io/resources/release-notes/v7-3-0.md) - [2025-05-27 Release Notes (v7.4.0)](https://bloodhound.specterops.io/resources/release-notes/v7-4-0.md) - [2025-06-02 Release Notes (v7.4.1)](https://bloodhound.specterops.io/resources/release-notes/v7-4-1.md) - [2025-06-17 Release Notes (v7.5.0)](https://bloodhound.specterops.io/resources/release-notes/v7-5-0.md) - [2025-07-09 Release Notes (v7.6.0)](https://bloodhound.specterops.io/resources/release-notes/v7-6-0.md) - [2025-07-29 Release Notes (v8.0.0)](https://bloodhound.specterops.io/resources/release-notes/v8-0-0.md) - [2025-08-26 Release Notes (v8.1.0)](https://bloodhound.specterops.io/resources/release-notes/v8-1-0.md) - [2025-09-23 Release Notes (v8.2.0)](https://bloodhound.specterops.io/resources/release-notes/v8-2-0.md) - [2025-10-30 Release Notes (v8.3.0)](https://bloodhound.specterops.io/resources/release-notes/v8-3-0.md) - [2025-12-02 Release Notes (v8.4.0)](https://bloodhound.specterops.io/resources/release-notes/v8-4-0.md) ## OpenAPI Specs - [openapi](https://bloodhound.specterops.io/openapi.json) ## Optional - [Webinars](https://specterops.io/events/?_sft_event_type=webinar&_gl=1*1xuv31d*_up*MQ..*_ga*NTYxMzY4OTkxLjE3MzMzMDkyNTk.*_ga_53SGLN9EBJ*MTczMzMwOTI1Ny4xLjAuMTczMzMwOTI1Ny4wLjAuMA..) - [Community](https://slack.specterops.io/) - [Query Library](https://queries.specterops.io/) - [OpenGraph Library](https://bloodhound.specterops.io/opengraph/library) - [Blog](https://specterops.io/blog/?_gl=1*1qw21rw*_up*MQ..*_ga*NTYxMzY4OTkxLjE3MzMzMDkyNTk.*_ga_53SGLN9EBJ*MTczMzMwOTI1Ny4xLjAuMTczMzMwOTI1Ny4wLjAuMA..) - [Release Notes](https://bloodhound.specterops.io/resources/release-notes/summary)