Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix collection for az user objects #48

Merged
merged 4 commits into from
Aug 31, 2023
Merged

Fix collection for az user objects #48

merged 4 commits into from
Aug 31, 2023

Conversation

ddlees
Copy link
Collaborator

@ddlees ddlees commented Aug 31, 2023

Updates #42

LuemmelSec and others added 4 commits May 25, 2023 10:30
@LuemmelSec
Update users.go
07ca518 
Added an array containing "onPremisesSecurityIdentifier" and onPremisesSyncEnabled" to fill the $select variable when querying the Graph API at /v1.0/users

As both, Microsoft and the AzureHound, document and state, both datasets are not included in the "default" query and need to be specified as a GET parameter of $select.
Please refer to here: 
https://learn.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=http#optional-query-parameters

And here:
https://github.com/BloodHoundAD/AzureHound/blob/main/models/azure/user.go?plain=1#L323

So this was not fetched, as AzureHound is currently only doing the "default" fetch without $select. 

But BloodHound and the ingestor part are already taken both values into consideration. Please see:
https://github.com/BloodHoundAD/BloodHound/blob/69786fa46fa18090e7641e086cd2aed70a530748/src/js/ingestion_types.js?plain=1#L523

and:
https://github.com/BloodHoundAD/BloodHound/blob/69786fa46fa18090e7641e086cd2aed70a530748/src/js/newingestion.js?plain=1#L2896
@LuemmelSec
Update users.go
c54bf44
@LuemmelSec
Update users.go
9501192 
The account enabled info slot was also included per default in BloodHound, but the actual data was never fetched by AzureHound as it also is an optional feature via the $select parameter.
@ddlees
fix: select properties that are used in bloodhound ingest
f92070e
@ddlees ddlees mentioned this pull request Aug 31, 2023
Closed
@ddlees ddlees merged commit a6a603c into main Aug 31, 2023
@ddlees ddlees deleted the Fix-collection-for-AZUser-objects branch August 31, 2023 18:02
@github-actions github-actions bot locked and limited conversation to collaborators Aug 31, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@elikmiller elikmiller elikmiller approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ddlees @elikmiller @LuemmelSec