Skip to main content

BloodHound Enterprise

Identity Management

The BloodHound Enterprise connector integrates with BloodHound Enterprise, SpecterOps' Attack Path Management platform for Active Directory and Azure AD/Entra ID environments. It syncs attack-path findings and the identity assets involved in those paths.

For each attack-path finding it pulls from the BloodHound Enterprise API, the connector emits:

  • Findings — individual attack-path exposures, modeled as violations.
  • Violation Definitions — the finding catalog entries (descriptions, remediation, references).
  • Computers, Users, and Groups — the Active Directory / Azure identity assets that are the targets of findings.

All data is derived from the attack-path details feed; the connector parses that feed once per sync and routes each record to the appropriate model.

Data retrieved from BloodHound Enterprise

Connector ObjectRequiredMaps to Data Model
FindingYesViolation
Violation DefinitionYesViolation Definition
ComputerYesHost
UserYesPerson
GroupYesTeam

Model relationships

note

For detailed steps on how to view the data retrieved from BloodHound Enterprise in the Brinqa Platform, see How to view your data.