Attack Path
Attack paths are chains of abusable privileges and user behaviors that create direct and indirect connections between computers and users. In BloodHound, attack paths are visualized in the graph by nodes and edges. Learn more in What is Attack Path Management.Attack Path Management (APM)
Attack Path Management is the process of identifying, analyzing, and managing the attack paths that an adversary might exploit to reach high-value objects or compromise the network’s security. BloodHound helps visualize and manage attack paths through Attack Path Management.Choke Point
A choke point is a privilege or user behavior (called edges) that, like the driveway to a house, connects the rest of the environment through an object or collection of objects (called nodes). For example, any Edge into the collection of Tier Zero nodes is a Tier Zero Choke Point. This is a privilege or user behavior the adversary must abuse to compromise a Tier Zero object. Choke points are significant points of control and defense in the network security architecture. They represent the optimal location to block the largest number of attack paths. BloodHound Enterprise calculates exposurefor all choke points.Cypher
Cypher is a graph query language used to interact with BloodHound’s database. It’s similar to SQL for traditional databases. To use it, see Searching with Cypher.Collector / Client
A Collector, Collector Client, or Data Collector is software that collects attack path-related data from a directory. For example, SharpHound and AzureHound.Directory
A directory of identities or an identity provider, like Active Directory (AD) and Entra ID (formerly Azure Active Directory).Edge
An edge is part of the graph construct and represents a relationship between two nodes, indicating some form of interaction. See About BloodHound Edges.Enterprise Access Model (EAM)
A security framework developed by Microsoft that defines a privileged access strategy[1] with the ultimate goal of preventing privilege escalation through identity-based attack paths. In most cases, EAM supersedes and replaces tiering.Exposure
The percentage of principals in a directory with a Tier Zero attack path. It encompasses both principals with one-step paths (UserA -[ForceChangePassword]-> TierZero
), and multi-step paths (UserA -[ForceChangePassword]-> UserB -[GenericAll]-> TierZero
). BloodHound Enterprise calculates Exposure for all choke points.