Prerequisites
Before you begin, configure and run the JamfHound collector against your JAMF Pro tenant to generate a data payload for BloodHound.Register the Extension (BloodHound Enterprise Only)
The BloodHound extension feature is currently available in preview exclusively for BloodHound Enterprise customers. To get started, contact your Technical Account Manager to obtain the latest Enterprise release of JamfHound. The JamfHound extension includes a schema that tells BloodHound how to model and analyze data from your JAMF Pro tenant. You must register the extension before you upload data generated by the JamfHound collector. On the OpenGraph Management page, upload the JamfHound schema file (bhe-jamfhound-extension.json).
Register Custom Node Icons (Community Edition Only)
Skip this step if you already uploaded an extension schema, as the schema registers the node icons automatically. If you haven’t registered an extension schema, register the JamfHound custom node types using the create_jamf_icons.py script.Upload Data to BloodHound
After you complete the prerequisites and register the extension or node icons, upload the data collected by JamfHound to BloodHound. Upload the generatedCollection_xx_xx/JAMFcollection.json file from the output directory to BloodHound.
Import Cypher Queries
JamfHound provides custom Cypher queries to help you identify attack paths and misconfigurations in your JAMF Pro tenant. These queries are included in thecustom-queries directory of the JamfHound extension.
To use these queries, you must first import the custom-queries/*.json files into BloodHound. You can then run the queries on the Explore page.
Next Steps
- Explore the JamfHound node types and edge types in the schema reference
- Try the JamfHound Cypher queries on the Explore page
- Learn about JAMF Pro attack paths and what to look for
- Use JamfHound’s specialized queries to create or update Cypher-based Privilege Zone rules
- Join the
#jamfchannel on the BloodHound Community Slack for questions and discussion