Documentation Index
Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
Use this file to discover all available pages before exploring further.
On-premises deployments of BloodHound Enterprise give you full control over your deployment infrastructure while maintaining the same powerful identity security capabilities as the SaaS version.
Deployment architecture
On-premises deployments of BloodHound Enterprise consist of two primary parts:- BloodHound Enterprise host - Runs the BloodHound application, database, and supporting infrastructure
- Collector hosts - Run lightweight collector services (SharpHound, AzureHound, or OpenHound) to gather data from your identity infrastructure
Core components
All on-premises deployments include the following core application components:| Component | Purpose |
|---|---|
| BloodHound Enterprise API | Application server, UI, graph analysis, and collector ingestion |
| PostgreSQL 18.x | Database server for application data and graph storage |
Deployment-specific components
Embedded cluster deployments include the following infrastructure and management components:| Component | Purpose |
|---|---|
| k0s Kubernetes distribution | Bundled Kubernetes distribution that runs BloodHound Enterprise on your Linux host |
| Embedded ingress controller | Exposes the BloodHound Enterprise application endpoint and terminates HTTPS for the configured FQDN by default |
| Installation Wizard | Host-local web UI that completes configuration and runs |
| SpecterOps - BloodHound Enterprise Portal | Hosted portal that provides installer access, generates deployment-specific installation commands, and tracks online installations and updates |
Data collectors
Collectors run separately from the BloodHound Enterprise host and gather configuration data from your identity infrastructure:| Collector | Target Environment | Data Collected |
|---|---|---|
| SharpHound Enterprise | Active Directory | AD objects, relationships, ACLs, sessions |
| AzureHound Enterprise | Azure / Entra ID | Azure AD objects, role assignments, resource relationships |
| OpenHound | Other identity providers, platforms, and custom sources | Varies by source; data collected and converted into BloodHound Enterprise-compatible graphs |
Data flow
Data flows through the system in the following sequence:- Collection - Collectors gather configuration data from Active Directory, Entra ID, or other identity sources
- Transmission - Data is transmitted over encrypted HTTPS/TLS to the BloodHound Enterprise API
- Processing - The BloodHound Enterprise API processes and stores data in PostgreSQL
- Analysis - Graph analysis identifies privilege relationships and Attack Paths
- Visualization - Results are displayed in the BloodHound Enterprise UI
Collectors have zero local storage of collected data. All data is transmitted directly to the BloodHound Enterprise host and stored in PostgreSQL.