Get Started with BloodHound
Install a Data Collector
Collect Data
OpenGraph
Analyze Attack Path Data
Manage BloodHound
API & Integrations
Resources
- Resources
- About BloodHound Edges
- Traversable and Non-Traversable Edge Types
- AbuseTGTDelegation
- ADCSESC1
- ADCSESC10a
- ADCSESC10b
- ADCSESC13
- ADCSESC3
- ADCSESC4
- ADCSESC6a
- ADCSESC6b
- ADCSESC9a
- ADCSESC9b
- AddAllowedToAct
- AddKeyCredentialLink
- AddMember
- AddSelf
- AdminTo
- AllExtendedRights
- AllowedToAct
- AllowedToDelegate
- AZAddMembers
- AZAddOwner
- AZAddSecret
- AZAKSContributor
- AZAppAdmin
- AZAutomationContributor
- AZAvereContributor
- AZCloudAppAdmin
- AZContains
- AZContributor
- AZExecuteCommand
- AZGetCertificates
- AZGetKeys
- AZGetSecrets
- AZGlobalAdmin
- AZHasRole
- AZKeyVaultKVContributor
- AZLogicAppContributor
- AZManagedIdentity
- AZMemberOf
- AZMGAddMember
- AZMGAddOwner
- AZMGAddSecret
- AZMGAppRoleAssignment_ReadWrite_All
- AZMGApplication_ReadWrite_All
- AZMGDirectory_ReadWrite_All
- AZMGGrantAppRoles
- AZMGGrantRole
- AZMGGroupMember_ReadWrite_All
- AZMGGroup_ReadWrite_All
- AZMGRoleManagement_ReadWrite_Directory
- AZMGServicePrincipalEndpoint_ReadWrite_All
- AZNodeResourceGroup
- AZOwner
- AZOwns
- AZPrivilegedAuthAdmin
- AZPrivilegedRoleAdmin
- AZResetPassword
- AZRoleApprover
- AZRoleEligible
- AZRunsAs
- AZScopedTo
- AZUserAccessAdministrator
- AZVMAdminLogin
- AZVMContributor
- AZWebsiteContributor
- CanPSRemote
- CanRDP
- ClaimSpecialIdentity
- CoerceAndRelayNTLMToADCS
- CoerceAndRelayNTLMToLDAP
- CoerceAndRelayNTLMToLDAPS
- CoerceAndRelayNTLMToSMB
- CoerceToTGT
- Contains
- CrossForestTrust
- DCFor
- DCSync
- DelegatedEnrollmentAgent
- DumpSMSAPassword
- Enroll
- EnrollOnBehalfOf
- EnterpriseCAFor
- ExecuteDCOM
- ExtendedByPolicy
- ForceChangePassword
- GenericAll
- GenericWrite
- GetChanges
- GetChangesAll
- GetChangesInFilteredSet
- GoldenCert
- GPLink
- HasSession
- HasSIDHistory
- HasTrustKeys
- HostsCAService
- IssuedSignedBy
- LocalToComputer
- ManageCA
- ManageCertificates
- MemberOf
- MemberOfLocalGroup
- NTAuthStoreFor
- OIDGroupLink
- Owns
- ProtectAdminGroups
- PublishedTo
- ReadGMSAPassword
- ReadLAPSPassword
- RemoteInteractiveLogonRight
- RootCAFor
- SameForestTrust
- SpoofSIDHistory
- SQLAdmin
- SyncLAPSPassword
- SyncedToADUser
- SyncedToEntraUser
- TrustedForNTAuth
- WriteAccountRestrictions
- WriteDacl
- WriteGPLink
- WriteOwner
- WritePKIEnrollmentFlag
- WritePKINameFlag
- WriteSPN
- Legacy BloodHound
Edges
AZHasRole
The principal has an active assignment to the Entra ID role. This includes permanent assignments, and temporary assignments via Privileged Identity Management (PIM). If the principal is assigned eligibility via PIM the principal will also have an AZRoleEligible edge to the role.
⌘I