` and "Status = Success'
+
+**User Rights Assignment**
+
+First, SharpHound connects via RPC with `LSAOpenPolicy`.
+
+* If unsuccessful, `compstatus.csv` will contain a line for the system with the result `Task = LSAOpenPolicy` and a status depending on the error type.
+ * `Status = StatusRpcServerUnavailable` means SharpHound cannot access RPC or SMB on the system. Ensure that the system running SharpHound can reach the system via SMB.
+* If successful, SharpHound continues with the method `LSAEnumerateAccountsWithUserRight` as detailed below.
+
+Next, sharpHound connects via RPC with `LSAEnumerateAccountsWithUserRight`.
+
+* If unsuccessful, `compstatus.csv` will contain a line for the system with the result `Task = LSAEnumerateAccountsWithUserRight` and a status depending on the error type.
+ * `Status = StatusAccessDenied` means SharpHound account is not in the Local Administrators group.
+* If successful, `compstatus.csv` will contain one line per local group in system with the result `Task = LSAEnumerateAccountsWithUserRight` and "Status = Success'
+
+### Sessions
+
+This collection gathers logon sessions via RPC with `NetWkstaUserEnum`.
+
+* If unsuccessful, `compstatus.csv` will contain a line for the system with the result `Task = NetWkstaUserEnum` and a status depending on the error type.
+ * `Status = ErrorAccessDenied` means SharpHound account is not in the Local Administrators group.
+ * `Status = 53` means SharpHound cannot access RPC or SMB on the system. Ensure that the system running SharpHound can reach the system via SMB.
+* If successful `compstatus.csv` will contain one line per local group with the result `Task = NetWkstaUserEnum` and "Status = Success'
+
diff --git a/docs/install-data-collector/overview.mdx b/docs/install-data-collector/overview.mdx
new file mode 100644
index 0000000000..7ba7afae8f
--- /dev/null
+++ b/docs/install-data-collector/overview.mdx
@@ -0,0 +1,41 @@
+---
+title: Deployment
+mode: wide
+sidebarTitle: Overview
+---
+
+Deploying a BloodHound instance (database and GUI) and the Enterprise collectors; SharpHound Enterprise and AzureHound Enterprise.
+
+## Deploying BloodHound Enterprise
+
+ Explore the security features of BloodHound Enterprise
+
+## Deploying SharpHound Enterprise
+
+
+ System requirements and deployment process for SharpHound Enterprise
+ Guide for installing and upgrading SharpHound Enterprise
+ Learn about tiered collector strategy deployment
+ Instructions for creating a group Managed Service Account
+ Configure SharpHound Enterprise locally
+ How to change the service account for SharpHound Enterprise
+
+
+[See all 8 articles](/install-data-collector/install-sharphound/overview)
+
+## Deploying AzureHound Enterprise
+
+
+ System requirements and deployment process for AzureHound Enterprise
+ Configure AzureHound Enterprise for Azure
+ Steps to create an AzureHound configuration
+ Guide for installing and upgrading AzureHound on various platforms
+ How to run multiple AzureHound Enterprise collectors using Scheduled Tasks
+
+
+## Deploying BloodHound CE
+
+
+ Learn how to install BloodHound Community Edition using Docker Compose
+
+
diff --git a/docs/hc/en-us/articles/BloodHound-JSON-Formats.mdx b/docs/integrations/bloodhound-api/json-formats.mdx
similarity index 97%
rename from docs/hc/en-us/articles/BloodHound-JSON-Formats.mdx
rename to docs/integrations/bloodhound-api/json-formats.mdx
index e2f9d8a178..728b716f40 100644
--- a/docs/hc/en-us/articles/BloodHound-JSON-Formats.mdx
+++ b/docs/integrations/bloodhound-api/json-formats.mdx
@@ -3,7 +3,7 @@ title: BloodHound JSON Formats
---
- 
+ 
BloodHound requires collected data to be in in a specific JSON format, which is documented in this article.
diff --git a/docs/hc/en-us/articles/Working-with-the-BloodHound-API.mdx b/docs/integrations/bloodhound-api/working-with-api.mdx
similarity index 91%
rename from docs/hc/en-us/articles/Working-with-the-BloodHound-API.mdx
rename to docs/integrations/bloodhound-api/working-with-api.mdx
index 010803db6e..9c5d01236f 100644
--- a/docs/hc/en-us/articles/Working-with-the-BloodHound-API.mdx
+++ b/docs/integrations/bloodhound-api/working-with-api.mdx
@@ -3,7 +3,7 @@ title: Working with the BloodHound API
---
-
+
The BloodHound product family are API-first products, meaning everything functions on the underlying API layer. All data displayed in the portal, all commands given to SharpHound or AzureHound Enterprise collectors, and all data uploaded pass through the BloodHound APIs. Customers may utilize these APIs to extend the use of the BloodHound product to function with other tools in their environment. This article will show how to access the API and include some example use cases.
@@ -13,7 +13,7 @@ The BloodHound product family are API-first products, meaning everything functio
API documentation is hosted utilizing Swagger behind authentication within your tenant environment. After logging in, you may access it by clicking the cog in the top right corner of your tenant and clicking **API Explorer.**
- 
+ 
@@ -26,7 +26,7 @@ The BloodHound API accepts two forms of authentication, each with its own limita
BloodHound users should understand that there are two methods of creating API key/ID pairs, each serving a different purpose:
-- Non-personal API key/ID pairs, for integrations like [Splunk](/hc/en-us/articles/Integrate-BloodHound-Enterprise-with-Splunk) or [Sentinel](/hc/en-us/articles/Overview-of-BloodHound-Integrations)
+- Non-personal API key/ID pairs, for integrations like [Splunk](/integrations/integrations/splunk) or [Sentinel](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/BloodHound%20Enterprise)
- [Personal API key/ID pairs](#create-a-personal-api-key-id-pair), for day-to-day use like [BloodHound Operator](https://www.youtube.com/watch?v=9Og-6_qyw_A)
## Create a non-personal API key/ID pair
@@ -42,7 +42,7 @@ Administrators can create non-personal BloodHound users solely meant for API int
6. On the API user, click the hamburger menu and select **Generate / Revoke API Tokens**.
- 
+ 
7. Select **Create Token**.
@@ -57,25 +57,25 @@ BloodHound users can create personal API Key/ID pairs from their "My Profile" se
1. In the top-right corner click **My Profile**.
- 
+ 
2. Click **API Key Management**.
- 
+ 
3. Click **Create Token**.
- 
+ 
4. Give the token a descriptive name and click **Save**.
- 
+ 
5. Save the presented API key/ID pair and click **Close**.
- The API key will never be shown again. If you lose it, you must revoke the previous key and regenerate a new one.
- 
+ 
6. You may now utilize this key/ID pair for calling the API.
@@ -167,7 +167,7 @@ def_request(self, method: str, uri: str, body: Optional[bytes] = None) -> reques
diff --git a/docs/hc/en-us/articles/Overview-of-BloodHound-Integrations.mdx b/docs/integrations/integrations/overview.mdx
similarity index 59%
rename from docs/hc/en-us/articles/Overview-of-BloodHound-Integrations.mdx
rename to docs/integrations/integrations/overview.mdx
index 142b25f172..6166296efc 100644
--- a/docs/hc/en-us/articles/Overview-of-BloodHound-Integrations.mdx
+++ b/docs/integrations/integrations/overview.mdx
@@ -3,16 +3,38 @@ title: Overview of BloodHound Integrations
---
-
+
+# Integrations Overview
+
+BloodHound Enterprise integrates with several third-party tools and services to help you get the most out of your security investments.
+
+## Available Integrations
+
+### Splunk
+
+BloodHound Enterprise integrates with Splunk to provide visibility into your Active Directory and Azure security posture. The integration allows you to:
+
+- View BloodHound Enterprise data in Splunk
+- Create alerts based on BloodHound Enterprise data
+- Correlate BloodHound Enterprise data with other security data
+
+Learn more about [Integrating BloodHound Enterprise with Splunk](/integrations/integrations/splunk).
+
+## Community Integrations
+
+The BloodHound community has created several integrations with other tools and services. These integrations are not officially supported by BloodHound, but may be useful for your organization.
+
+Please share your integrations with us in the [BloodHound Gang community Slack](https://support.bloodhoundenterprise.io/hc/en-us/articles/16730536907547).
+
## Supported integrations
Integrations developed and officially supported by SpecterOps.
- Splunk × BloodHound Enterprise
- [BloodHound Enterprise on Splunkbase](https://splunkbase.splunk.com/app/6609)
- - [Integrate BloodHound Enterprise with Splunk](/hc/en-us/articles/Integrate-BloodHound-Enterprise-with-Splunk)
+ - [Integrate BloodHound Enterprise with Splunk](/integrations/integrations/splunk)
- Azure Sentinel × BloodHound Enterprise
- [BloodHound Enterprise Sentinel Integration on GitHub](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/BloodHound%20Enterprise)
- BloodHound Enterprise on the Sentinel app store (Coming soon!)
@@ -31,8 +53,6 @@ Integrations developed by the community.
- [wineventhound](https://medium.com/@RantaSec/bloodhound-for-blue-teams-windows-event-id-4624-a259c76ee09e), by @RantaSec
- [FalconHound](https://github.com/FalconForceTeam/FalconHound), by @falconforceteam
-Please do share your integrations with us in the [BloodHound Gang community Slack](/hc/en-us/articles/Getting-Help-and-the-BloodHound-community).
-
The legacy BloodHound (< v5.0) had limited integration support; however, many were created and maintained by the community. Here are some of our favorites:
- [Impacket BloodHound.py](https://github.com/dirkjanm/BloodHound.py), by Dirk-Jan Mollema (@_dirkjan)
diff --git a/docs/hc/en-us/articles/Integrate-BloodHound-Enterprise-with-Splunk.mdx b/docs/integrations/integrations/splunk.mdx
similarity index 50%
rename from docs/hc/en-us/articles/Integrate-BloodHound-Enterprise-with-Splunk.mdx
rename to docs/integrations/integrations/splunk.mdx
index 5c57e634d9..600cfa6f36 100644
--- a/docs/hc/en-us/articles/Integrate-BloodHound-Enterprise-with-Splunk.mdx
+++ b/docs/integrations/integrations/splunk.mdx
@@ -3,14 +3,75 @@ title: Integrate BloodHound Enterprise with Splunk
---
- 
+ 
-The BloodHound Enterprise Splunk app ingests your BloodHound Enterprise data into Splunk.
+The BloodHound Enterprise Splunk app allows you to view and analyze BloodHound Enterprise data in Splunk. This integration provides:
-* Use the dashboards to track the Active Directory and Azure attack paths of your environment
-* Create alerts to detect when new attack paths emerge or exposure increases
-* Enrich your SIEM data with information about the attack paths to and from principals
+- Dashboards for visualizing attack paths and security posture
+- Alerts for new attack paths and security issues
+- Correlation with other security data in Splunk
+
+## Prerequisites
+
+Before you begin, ensure you have:
+
+1. A BloodHound Enterprise instance
+2. A Splunk instance
+3. Admin access to both systems
+4. The BloodHound Enterprise Splunk app installed
+5. A BloodHound Enterprise API key with appropriate permissions
+
+## Configuration
+
+1. Install the BloodHound Enterprise Splunk app from Splunkbase.
+
+2. Configure the app in Splunk:
+ - Navigate to **Settings** > **Data inputs** > **BloodHound Enterprise**
+ - Click **New**
+ - Enter your BloodHound Enterprise URL and API key
+ - Configure the polling interval
+ - Click **Save**
+
+3. Create a non-personal API key/ID pair in BloodHound Enterprise:
+ - Navigate to **Settings** > **API Keys**
+ - Click **Create API Key**
+ - Select appropriate permissions
+ - Save the key securely
+
+4. Verify the integration:
+ - Check the Splunk logs for successful API connections
+ - View the BloodHound Enterprise dashboards in Splunk
+ - Test alerts and data collection
+
+## Using the Integration
+
+The BloodHound Enterprise Splunk app provides several dashboards and features:
+
+1. **Attack Path Dashboard**
+ - View current attack paths
+ - Track changes over time
+ - Filter by severity and type
+
+2. **Security Posture Dashboard**
+ - Monitor overall security metrics
+ - Track remediation progress
+ - View trend analysis
+
+3. **Alerts and Reports**
+ - Configure alerts for new attack paths
+ - Generate compliance reports
+ - Track security improvements
+
+## Troubleshooting
+
+If you encounter issues:
+
+1. Check API connectivity
+2. Verify API key permissions
+3. Review Splunk logs
+4. Ensure proper network access
+5. Validate data input configuration
**Note: Version 2.0+ introduces ingest of BHE Audit Log data. To successfully ingest this data the BHE API user must be assigned the 'Administrator' role in BHE.**
@@ -18,31 +79,31 @@ The BloodHound Enterprise Splunk app ingests your BloodHound Enterprise data int
1. Log into your Splunk installation and click on the **Find More Apps** button.
- 
+ 
2. Search for "BloodHound Enterprise" and hit Enter. The first result should be the app.
- 
+ 
3. Click **Install**. If not already logged in, you will be prompted for your Splunk.com username and password.
- 
+ 
4. After installation completes, click **Open the App**.
- 
+ 
5. The App will prompt you to configure itself. Click **Continue to the app setup page**.
- 
+ 
-6. If you have not already, create an API key/ID pair, following [Create a non-personal API key/ID pair](/hc/en-us/articles/Working-with-the-BloodHound-API#:~:text=Create%20a%20non%2Dpersonal%20API%20key/ID%20pair)
+6. If you have not already, create an API key/ID pair, following [Create an API Key](/reference/api-tokens)
* The API user must at least have the **_read-only_** role. The **_Administrator_** role is required to collect BloodHound Enterprise audit logs.
7. In the setup screen, enter your BloodHound Enterprise domain name (`CODENAME.bloodhoundenterprise.io`), the API key/ID pair you created and click **Submit**
**Please note the warning—the initial collection can take some time, particularly for longer-term BloodHound Enterprise customers.**
- 
+ 
## Create Index (Splunk cloud only)
@@ -58,15 +119,15 @@ The index "bhe-splunk-app" will be created automatically if running Splunk on-pr
1. In Splunk Web, go to **Settings > Data inputs**.
- 
+ 
2. Scroll down, locate, and click on **BloodHound Enterprise**.
- 
+ 
3. Click **Enable** to enable the data input.
- 
+ 
Data will now begin flowing into the environment. You can monitor this progress through Splunk itself with the following query:
diff --git a/docs/integrations/overview.mdx b/docs/integrations/overview.mdx
new file mode 100644
index 0000000000..f2320f5b65
--- /dev/null
+++ b/docs/integrations/overview.mdx
@@ -0,0 +1,28 @@
+---
+title: API and Integrations
+description: "Interacting with BloodHound through it's REST API and integrations which uses the API."
+mode: wide
+sidebarTitle: Overview
+---
+
+## [BloodHound API](/integrations/integrations/overview)
+
+
+
+
+
+
+
+
+
+
+
+## [BloodHound Integrations](/integrations/integrations/overview)
+
+
+
+
+
+
+
+
diff --git a/docs/hc/en-us/articles/Enable-Disable-Multi-Factor-Authentication.mdx b/docs/manage-bloodhound/auth/mfa.mdx
similarity index 79%
rename from docs/hc/en-us/articles/Enable-Disable-Multi-Factor-Authentication.mdx
rename to docs/manage-bloodhound/auth/mfa.mdx
index 712badcd2b..b07c169efa 100644
--- a/docs/hc/en-us/articles/Enable-Disable-Multi-Factor-Authentication.mdx
+++ b/docs/manage-bloodhound/auth/mfa.mdx
@@ -3,7 +3,7 @@ title: Enable/Disable Multi-Factor Authentication
---
- 
+ 
## Purpose
@@ -17,13 +17,13 @@ This article describes how to enable/disable Multi-Factor Authentication (MFA) f
1. Log into your BloodHound tenant.
2. In the top right, click settings **My Profile**
- 
+ 
3. Toggle the Multi-Factor Authentication switch
- 
+ 
4. Continue in one of the two headings below:
@@ -34,22 +34,22 @@ This article describes how to enable/disable Multi-Factor Authentication (MFA) f
1. In the pop-up, confirm your user's password and click on **Next**
-
+
2. Scan the QR code with your multi-factor authentication application, enter the 6-digit one-time password, and click **Next**
-
+
3. Multi-factor authentication is now enabled, click **Close**
-
+
### **Disabling MFA**
1. In the pop-up, confirm your user's password and click on **Disable Multi-Factor Authentication**
-
+
2. Multi-factor authentication is now disabled
@@ -60,5 +60,5 @@ If enabling MFA, next time you log in, you'll need to use both your password and
If you lose your authentication code device, you'll need to contact an Administrator of your BloodHound tenant who can reset your MFA configuration.
-
+
diff --git a/docs/hc/en-us/articles/OIDC-in-BloodHound.mdx b/docs/manage-bloodhound/auth/oidc.mdx
similarity index 75%
rename from docs/hc/en-us/articles/OIDC-in-BloodHound.mdx
rename to docs/manage-bloodhound/auth/oidc.mdx
index 19a2fe55b0..95b8406c28 100644
--- a/docs/hc/en-us/articles/OIDC-in-BloodHound.mdx
+++ b/docs/manage-bloodhound/auth/oidc.mdx
@@ -3,7 +3,7 @@ title: OIDC in BloodHound
description: 'BloodHound supports OIDC for Single Sign On to authenticate users to your tenant environment.'
---
-
+
This integration only provides authentication; user creation and role management will still occur within BloodHound's "Manage Users" interface.
@@ -21,15 +21,15 @@ Currently, BloodHound requires the configuration of OIDC system in the following
2. Configure Identity Provider for BloodHound.
* You will need the Client ID and Issuer provided by your IDP to move foward.
3. Create the OIDC Configuration in BloodHound.
-4. [Create new users or modify existing users](/hc/en-us/articles/Administering-users-and-roles) to utilize the newly created OIDC provider.
+4. [Create new users or modify existing users](/manage-bloodhound/auth/users-and-roles) to utilize the newly created OIDC provider.
* You must ensure OIDC users do not share email with built-in or SAML users.
## BloodHound Icons
If your IDP supports custom icons for configured applications, please feel free to utilize either of the two logos below:
-* [Dark-colored icon](/hc/article_attachments/31630065613339.png)
-* [Light-colored icon](/hc/article_attachments/31630065618075.png)
+* [Dark-colored icon](/assets/31630065613339.png)
+* [Light-colored icon](/assets/31630065618075.png)
## Create the OIDC Configuration
@@ -37,19 +37,19 @@ Before proceeding, please make sure you have set up an Identity Provider for Blo
1. While logged in as an Administrator, click on the gear icon in the top right, then click "Administration."
- 
+ 
2. Under the "Authentication" section, choose "SAML Configuration."
- 
+ 
-3. Click “Create Provider,” then "OIDC Provider."
+3. Click "Create Provider," then "OIDC Provider."
- 
+ 
-4. Give the OIDC provider the name you used in the (‘test-idp’ in this example) and provide the Client ID and issuer from your IDP. Click "Submit."
+4. Give the OIDC provider the name you used in the (‘test-idp' in this example) and provide the Client ID and issuer from your IDP. Click "Submit."
- 
+ 
5. BloodHound will provide the URLs related to this new OIDC provider integration.
@@ -59,18 +59,18 @@ By default, all users will use a username and password via the built-in authenti
1. While logged in as an Administrator, click on the gear icon in the top right, then click "Administration."
- 
+ 
2. Under the "Authentication" section, choose "SAML Configuration."
- 
+ 
3. Locate the user you wish to configure for SAML authentication, click the hamburger menu button on the right side of the row, then "Update User."
- 
+ 
4. In the following dialog, modify the authentication method to "Single Sign-On," then select the appropriate SSO provider against which the user's account can authenticate.
- 
+ 
5. Click "Save."
diff --git a/docs/hc/en-us/sections/Authentication-and-Authorization.mdx b/docs/manage-bloodhound/auth/overview.mdx
similarity index 66%
rename from docs/hc/en-us/sections/Authentication-and-Authorization.mdx
rename to docs/manage-bloodhound/auth/overview.mdx
index f0f7cf60d5..1f56adc29c 100644
--- a/docs/hc/en-us/sections/Authentication-and-Authorization.mdx
+++ b/docs/manage-bloodhound/auth/overview.mdx
@@ -9,63 +9,63 @@ mode: wide
diff --git a/docs/manage-bloodhound/auth/saml-adfs.mdx b/docs/manage-bloodhound/auth/saml-adfs.mdx
new file mode 100644
index 0000000000..29490627d8
--- /dev/null
+++ b/docs/manage-bloodhound/auth/saml-adfs.mdx
@@ -0,0 +1,85 @@
+---
+title: "SAML: ADFS Configuration"
+description: "This document provides instructions for creating an application within ADFS for compatibility with BloodHound Enterprise."
+---
+
+
+
+
+
+For general instructions on adding a SAML provider to BloodHound Enterprise or for configuring users to utilize a SAML provider, see [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml).
+
+See [SAML Order of Operations and Quick Reference](/manage-bloodhound/auth/saml) before starting.
+
+## Create an Application
+
+1. In the AD FS management console, right-click on Relaying Party Trust and click "Add Relaying Party Trust".
+
+ 
+
+2. Choose "Claims aware" and click "Start".
+
+ 
+
+3. Insert the metadata URL based on your chosen name and click "Next."
+
+ 
+
+4. Enter the preferred display name and click "Next."
+
+ 
+
+5. Choose the desired Access Control Policy. (Note that access and permissions are configured within BloodHound Enterprise).
+
+ 
+
+6. Review the information presented and click "Next".
+
+ 
+
+7. Leave the "Configure claims issuance policy for this application" box checked and click "Close".
+
+ 
+
+
+## Complete SAML Integration Configuration
+
+1. On the "Edit Claim Issuance Policy" dialog box, click "Add Rule...".
+
+ 
+
+2. Choose "Send LDAP Attributes as Claims" and click "Next".
+
+ 
+
+3. Fill out the following and click "Finish".
+
+ LDAP Attribute: E-Mail-Addresses
+ Outgoing Claim Type : E-Mail Address
+
+
+ 
+
+4. Click "Add Rule" to add another claim rule.
+
+ 
+
+5. Choose "Transform and Incoming Claim" and click "Next".
+
+ 
+
+6. Fill out the following and click "Finish".
+
+ Incoming claim type: E-Mail Address
+ Outgoing claim type: Name ID
+ Outgoing name ID format: Email
+ Choose "Pass through all claim values"
+
+ 
+
+7. Click "Apply".
+
+ 
+
+8. Download the metadata file provided by your ADFS environment. By default, this is hosted at: https://YOURDOMAIN/federationmetadata/2007-06/federationmetadata.xml
+9. Follow the instructions at [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml) to create the SAML provider in BloodHound Enterprise.
diff --git a/docs/manage-bloodhound/auth/saml-auth0.mdx b/docs/manage-bloodhound/auth/saml-auth0.mdx
new file mode 100644
index 0000000000..d34df67ffb
--- /dev/null
+++ b/docs/manage-bloodhound/auth/saml-auth0.mdx
@@ -0,0 +1,26 @@
+---
+title: Configure SAML with Auth0
+description: Configure SAML authentication with Auth0
+---
+
+# Configure SAML with Auth0
+
+For general information about SAML in BloodHound Enterprise, see [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml).
+
+See [SAML Order of Operations and Quick Reference](/manage-bloodhound/auth/saml) before starting.
+
+## Configure Auth0
+
+1. Log in to your Auth0 dashboard.
+
+2. Navigate to **Applications** > **Applications**.
+
+3. Click **Create Application**.
+
+4. Enter the following information:
+ * **Name**: BloodHound Enterprise
+ * **Choose an application type**: Regular Web Application
+
+5. Click **Create**.
+
+6. Follow the instructions at [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml) to create the SAML provider in BloodHound Enterprise.
diff --git a/docs/hc/en-us/articles/SAML-Entra-ID-Configuration.mdx b/docs/manage-bloodhound/auth/saml-entra-id.mdx
similarity index 55%
rename from docs/hc/en-us/articles/SAML-Entra-ID-Configuration.mdx
rename to docs/manage-bloodhound/auth/saml-entra-id.mdx
index 79f7c185fc..c7b378786a 100644
--- a/docs/hc/en-us/articles/SAML-Entra-ID-Configuration.mdx
+++ b/docs/manage-bloodhound/auth/saml-entra-id.mdx
@@ -1,15 +1,42 @@
---
-Title: "SAML: Entra ID Configuration"
-description: "This document provides instructions for creating an application within Entra ID for compatibility with BloodHound Enterprise."
+title: Configure SAML with Entra ID
+description: Configure SAML authentication with Microsoft Entra ID (formerly Azure AD)
---
-
-
-
+# Configure SAML with Entra ID
+
+For general information about SAML in BloodHound Enterprise, see [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml).
+
+See [SAML Order of Operations and Quick Reference](/manage-bloodhound/auth/saml) before starting.
+
+## Configure Entra ID
+
+1. Log in to the Azure portal.
+
+2. Navigate to **Microsoft Entra ID** > **Enterprise applications** > **New application**.
+
+3. Click **Create your own application**.
+
+4. Enter the following information:
+ * **Name**: BloodHound Enterprise
+ * **Integration type**: Non-gallery application
+
+5. Click **Create**.
+
+6. Navigate to **Single sign-on** and select **SAML**.
+
+7. Under **Basic SAML Configuration**, enter the following information:
+ * **Identifier (Entity ID)**: `https:///api/v2/saml/metadata`
+ * **Reply URL (Assertion Consumer Service URL)**: `https:///api/v2/saml/acs`
+ * **Sign on URL**: `https://`
+ * **Relay State**: Leave blank
-For general instructions on adding a SAML provider to BloodHound Enterprise or for configuring users to utilize a SAML provider, see [SAML in BloodHound Enterprise](/hc/en-us/articles/SAML-in-BloodHound).
+8. Under **User Attributes & Claims**, ensure the following claims are present:
+ * **Unique User Identifier (Name ID)**: user.userprincipalname
+ * **email**: user.mail
+ * **groups**: user.groups
-See [SAML Order of Operations and Quick Reference](/hc/en-us/articles/SAML-in-BloodHound) before starting.
+9. Use the downloaded metadata.xml file and follow the instructions at [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml) to Create the SAML Configuration in BloodHound.
## SAML Settings
@@ -27,60 +54,60 @@ The following SAML settings are required for Entra ID to integrate with BloodHou
1. Login to Azure at [https://portal.azure.com](https://portal.azure.com)
2. Navigate to the **Enterprise Applications** section of Entra ID.
- 
+ 
3. Click **New Application**.
- 
+ 
4. Click **Create your own application**.
- 
+ 
5. Provide a name for your application and click **Create**.
- 
+ 
## Configure Single Sign-On Settings
1. Your browser should redirect you to your newly created application. Click on **Single sign-on**.
- 
+ 
2. Click on **SAML**.
- 
+ 
3. Click **Edit** under the Basic SAML Configuration section.
- 
+ 
4. Configure SAML. The following screenshot shows the tenant codename is "demo" and the provider name is "azure".
- 
+ 
5. Azure will inform you the settings have saved successfully.
- 
+ 
6. Click the **X** to close the dialog.
- 
+ 
7. Scroll down to the **SAML Certificates** section and download the **Metadata XML**.
- 
+ 
8. Use the **Users and Groups** section to configure groups and users which you would like to grant access to BloodHound Enterprise.
- 
+ 
-9. Use the downloaded metadata.xml file and follow the instructions at [SAML in BloodHound Enterprise](/hc/en-us/articles/SAML-in-BloodHound) to Create the SAML Configuration in BloodHound.
+9. Use the downloaded metadata.xml file and follow the instructions at [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml) to Create the SAML Configuration in BloodHound.
## Troubleshooting
Verify your attributes and claims use a proper schema in the claim name, and that you have a properly mapped claim for "user.mail" as in the example below. An indicator that this is necessary is when an authentication attempt returns the response: "_assertion does not meet requirements for user lookup_".
- 
+ 
diff --git a/docs/manage-bloodhound/auth/saml-google.mdx b/docs/manage-bloodhound/auth/saml-google.mdx
new file mode 100644
index 0000000000..b65c41a7e7
--- /dev/null
+++ b/docs/manage-bloodhound/auth/saml-google.mdx
@@ -0,0 +1,49 @@
+---
+title: Configure SAML with Google
+description: Configure SAML authentication with Google Workspace
+---
+
+# Configure SAML with Google
+
+For general information about SAML in BloodHound Enterprise, see [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml).
+
+See [SAML Order of Operations and Quick Reference](/manage-bloodhound/auth/saml) before starting.
+
+## Configure Google Workspace
+
+1. Log in to your Google Admin console.
+
+2. Navigate to **Apps** > **Web and mobile apps**.
+
+3. Click **Add app** > **Add custom SAML app**.
+
+4. Enter the following information:
+ * **App name**: BloodHound Enterprise
+ * **App icon**: Optional
+
+5. Click **Continue**.
+
+6. Download the IDP metadata by clicking **Download metadata**.
+
+7. Enter the following information:
+ * **ACS URL**: `https:///api/v2/saml/acs`
+ * **Entity ID**: `https:///api/v2/saml/metadata`
+ * **Start URL**: `https://`
+
+8. Under **Name ID**, select:
+ * **Name ID format**: EMAIL
+ * **Name ID**: Basic Information > Primary email
+
+9. Under **Attributes**, add:
+ * **Primary email** mapped to **email**
+ * **Groups** mapped to **groups**
+
+10. Click **Continue**.
+
+11. Under **Google Directory attributes**, select:
+ * **Primary email**
+ * **Groups**
+
+12. Click **Finish**.
+
+13. Follow the instructions at [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml) to create the SAML provider in BloodHound Enterprise.
diff --git a/docs/hc/en-us/articles/SAML-Okta-Configuration.mdx b/docs/manage-bloodhound/auth/saml-okta.mdx
similarity index 81%
rename from docs/hc/en-us/articles/SAML-Okta-Configuration.mdx
rename to docs/manage-bloodhound/auth/saml-okta.mdx
index ab977395ff..2237aeaf23 100644
--- a/docs/hc/en-us/articles/SAML-Okta-Configuration.mdx
+++ b/docs/manage-bloodhound/auth/saml-okta.mdx
@@ -4,22 +4,22 @@ description: "This document provides instructions for creating an application wi
---
-
+
- For general instructions on adding a SAML provider to BloodHound Enterprise, or for configuring users to utilize a SAML provider, see [SAML in BloodHound Enterprise](/hc/en-us/articles/SAML-in-BloodHound).
+ For general instructions on adding a SAML provider to BloodHound Enterprise, or for configuring users to utilize a SAML provider, see [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml).
-See [SAML Order of Operations and Quick Reference](/hc/en-us/articles/SAML-in-BloodHound) before starting.
+See [SAML Order of Operations and Quick Reference](/manage-bloodhound/auth/saml) before starting.
## Create an Okta Application
1. Navigate to the organization applications page and create a new SAML application integration.
- 
+ 
2. Give the application a name and an icon if desired.
- 
+ 
3. Once finished, click next to begin setting the SAML configuration for this application.
@@ -47,20 +47,20 @@ Complete SAML Integration Configuration
1. Once all the information is entered, your screen should look similar to the example below. Once confirmed, click next to continue.
- 
+ 
2. Complete creation of the SAML integration with the following options below:
- 
+ 
3. Once completed you should now see the application home page. You may then click on **View Setup Instructions** to view the integration setup details.
- 
+ 
4. Copy the metadata provided by Okta and save it into a metadata.xml file.
**ATTENTION FIREFOX USERS:** FireFox may prepend an additional heading to the metadata.xml file, resulting in an error creating the SAML integration within BloodHound Enterprise. If your extracted metadata.xml looks like the following, delete line 1 try again. See [https://support.mozilla.org/en-US/questions/1387904](https://support.mozilla.org/en-US/questions/1387904) for more details.
- 
+ 
-5. Follow the instructions at [SAML in BloodHound Enterprise](/hc/en-us/articles/SAML-in-BloodHound) to create the SAML provider in BloodHound Enterprise.
+5. Follow the instructions at [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml) to create the SAML provider in BloodHound Enterprise.
diff --git a/docs/hc/en-us/articles/SAML-in-BloodHound.mdx b/docs/manage-bloodhound/auth/saml.mdx
similarity index 76%
rename from docs/hc/en-us/articles/SAML-in-BloodHound.mdx
rename to docs/manage-bloodhound/auth/saml.mdx
index e12c186552..d1ec025aeb 100644
--- a/docs/hc/en-us/articles/SAML-in-BloodHound.mdx
+++ b/docs/manage-bloodhound/auth/saml.mdx
@@ -4,7 +4,7 @@ description: "BloodHound supports SAML 2.0 for Single Sign On to authenticate us
---
-
+
This integration provides authentication only, user creation and role management will still occur from within BloodHound's "Manage Users" interface.
@@ -20,12 +20,12 @@ Currently, BloodHound requires the configuration of SAML system in the following
1. Determine the Provider Name you will utilize for the SAML configuration.
* The same value must be configured in both the Identity Provider and BloodHound.
2. Configure Identity Provider for BloodHound.
- * [SAML: ADFS Configuration](/hc/en-us/articles/SAML-ADFS-Configuration)
- * [SAML: Auth0 Configuration](/hc/en-us/articles/SAML-Auth0-Configuration)
- * [SAML: Entra ID Configuration](/hc/en-us/articles/SAML-Entra-ID-Configuration)
- * [SAML: Google IDP Configuration](/hc/en-us/articles/SAML-Google-IDP-Configuration)
+ * [SAML: ADFS Configuration](/manage-bloodhound/auth/saml-adfs)
+ * [SAML: Auth0 Configuration](/manage-bloodhound/auth/saml-auth0)
+ * [SAML: Entra ID Configuration](/manage-bloodhound/auth/saml-entra-id)
+ * [SAML: Google IDP Configuration](/manage-bloodhound/auth/saml-google)
3. [Create the SAML Configuration in BloodHound](#h_01HCX8STC69AP9T3TSXRRPJGJW).
-4. [Create new users or modify existing users](/hc/en-us/articles/Administering-users-and-roles) to utilize the newly created SAML provider.
+4. [Create new users or modify existing users](/manage-bloodhound/auth/users-and-roles) to utilize the newly created SAML provider.
* You must ensure SAML users do not share email with built-in users.
## SAML Attribute Quick Reference
@@ -41,8 +41,8 @@ Currently, BloodHound requires the configuration of SAML system in the following
If your IDP supports custom icons for configured applications, please feel free to utilize either of the two logos below:
-* [Dark-colored icon](/hc/article_attachments/19622280069019.png)
-* [Light-colored icon](/hc/article_attachments/19622280078363.png)
+* [Dark-colored icon](/assets/19622280069019.png)
+* [Light-colored icon](/assets/19622280078363.png)
## Create the SAML Configuration
@@ -50,19 +50,19 @@ Ensure you have configured an Identity Provider for BloodHound as described in [
1. While logged in as an Administrator, click on the gear icon in the top right, then click "Administration."
- 
+ 
2. Under the "Authentication" section, choose "SAML Configuration."
- 
+ 
3. Click “Create SAML Provider.”
- 
+ 
4. Give the SAML provider the name you used in the ACS URL (‘okta’ in this example) and upload the metadata.xml you created previously. Click "Submit."
- 
+ 
5. BloodHound will provide the URLs related to this new SAML provider integration. Please take a moment to verify that the **ACS URL** matches the **Single sign on URL** specified in the SAML application integration page during setup of the Okta SAML integration.
@@ -72,19 +72,19 @@ By default, all users will utilize username and password via the built-in authen
1. While logged in as an Administrator, click on the gear icon in the top right, then click "Administration."
- 
+ 
2. Under the "Authentication" section, choose "SAML Configuration."
- 
+ 
3. Locate the user you wish to configure for SAML authentication, click the hamburger menu button on the right side of the row, then "Update User."
- 
+ 
4. In the following dialog, modify the Authentication Method to "SAML" then select the appropriate SAML provider you wish the user's account to authenticate against.
- 
+ 
5. Click "Save."
@@ -92,14 +92,14 @@ By default, all users will utilize username and password via the built-in authen
diff --git a/docs/hc/en-us/articles/Administering-users-and-roles.mdx b/docs/manage-bloodhound/auth/users-and-roles.mdx
similarity index 96%
rename from docs/hc/en-us/articles/Administering-users-and-roles.mdx
rename to docs/manage-bloodhound/auth/users-and-roles.mdx
index 0187b392b1..a16a702b4f 100644
--- a/docs/hc/en-us/articles/Administering-users-and-roles.mdx
+++ b/docs/manage-bloodhound/auth/users-and-roles.mdx
@@ -3,7 +3,7 @@ title: Administering users and roles
---
-
+
## Purpose
@@ -21,7 +21,7 @@ The following properties must be set on each user:
| Principal Name | Text field for the username used for logging into BloodHound. Can be the same as email address. |
| First Name | Text field for the user's first name. |
| Last Name | Text field for the user's first name. |
-| Authentication Method | Drop-down selection for one of the available authentication methods to be used for the user.
* Username / Password - Built-in authentication via username and password, supports TOTP-based multi-factor authentication.
* SAML - SAML 2.0-based Single-Sign-On as described in SAML in BloodHound Enterprise.
Read more in the article [SAML in BloodHound Enterprise](/hc/en-us/articles/SAML-in-BloodHound). |
+| Authentication Method | Drop-down selection for one of the available authentication methods to be used for the user.
* Username / Password - Built-in authentication via username and password, supports TOTP-based multi-factor authentication.
* SAML - SAML 2.0-based Single-Sign-On as described in SAML in BloodHound Enterprise.
Read more in the article [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml). |
| Initial Password | Text field for the user's initial password. |
| Force Password Reset? | Selecting this check box forces the user to reset their password on the next logon. Must comply with password requirements:
* At least 12 characters long
* Contain at least 1 lowercase character, 1 uppercase character, 1 number and 1 special character (!@#$%^&*) |
| Role | Drop-down selection for one the available roles.
For role access control definitions, see [User Role Definitions](#h_01H6P9MK1XME9F91NR95XJXR3Z). |
diff --git a/docs/hc/en-us/articles/Bloodhound-Enterprise-NIST-CSF-v1-1-Compliance-Resource.mdx b/docs/manage-bloodhound/compliance-framework/nist-csf-v1-1.mdx
similarity index 92%
rename from docs/hc/en-us/articles/Bloodhound-Enterprise-NIST-CSF-v1-1-Compliance-Resource.mdx
rename to docs/manage-bloodhound/compliance-framework/nist-csf-v1-1.mdx
index f706614494..9350eb3cee 100644
--- a/docs/hc/en-us/articles/Bloodhound-Enterprise-NIST-CSF-v1-1-Compliance-Resource.mdx
+++ b/docs/manage-bloodhound/compliance-framework/nist-csf-v1-1.mdx
@@ -1,5 +1,5 @@
---
-title: Bloodhound Enterprise NIST CSF v1.1 Compliance Resource
+title: BloodHound Enterprise NIST CSF v1.1 Compliance Resource
description: The Following information is meant to provide a more detailed and in-depth view of compliance items that BloodHound Enterprise can provide coverage for.
---
@@ -15,7 +15,7 @@ Physical Devices and systems within the organization are inventoried.
#### Solution
-BloodHound Enterprise collects information on all physical systems operating within a Windows Active Directory environment/Azure Environment. Bloodhound Enterprise monitors the addition/removal of physical assets connecting to the organizations environment.
+BloodHound Enterprise collects information on all physical systems operating within a Windows Active Directory environment/Azure Environment. BloodHound Enterprise monitors the addition/removal of physical assets connecting to the organizations environment.
###### **References**
@@ -34,7 +34,7 @@ Inventory of Software, Services, and Systems managed by the organization are mai
#### Solution
-Bloodhound Enterprise collects information on all Systems in a domain that are connected to the organizations Active Directory/Azure Environment. BloodHound Enterprise monitors the environment for the addition/removal of systems from the organizations environment.
+BloodHound Enterprise collects information on all Systems in a domain that are connected to the organizations Active Directory/Azure Environment. BloodHound Enterprise monitors the environment for the addition/removal of systems from the organizations environment.
###### **References**
@@ -53,7 +53,7 @@ Resources are prioritized based on their classification, criticality, and busine
#### Solution
-Bloodhound Enterprise allows organizations to assign assets to Tier Zero (T0) based on the organizations classification, criticality, and business value. Prioritized resources are audited and accounted for during BloodHound Enterprise collection scans.
+BloodHound Enterprise allows organizations to assign assets to Tier Zero (T0) based on the organizations classification, criticality, and business value. Prioritized resources are audited and accounted for during BloodHound Enterprise collection scans.
###### **References**
@@ -77,7 +77,7 @@ Asset vulnerabilities are identified and documented.
#### Solution
-Bloodhound Enterprise analyzes the Active Directory/Azure environment for identity attack paths that potentially impact an organizations security posture. All Identity vulnerabilities are identified during BloodHound collection activities and presented in the reporting dashboard with additional information to support documenting threats.
+BloodHound Enterprise analyzes the Active Directory/Azure environment for identity attack paths that potentially impact an organizations security posture. All Identity vulnerabilities are identified during BloodHound collection activities and presented in the reporting dashboard with additional information to support documenting threats.
###### **References**
@@ -95,7 +95,7 @@ Threats, both internal and external, are identified and documented.
#### Solution
-Bloodhound Enterprise analyzes the Active Directory/Azure environment for identity attack paths that potentially impact an organizations security posture. All Identity threat vectors are identified during BloodHound collection activities and presented in the reporting dashboard with additional information to support documenting threats.
+BloodHound Enterprise analyzes the Active Directory/Azure environment for identity attack paths that potentially impact an organizations security posture. All Identity threat vectors are identified during BloodHound collection activities and presented in the reporting dashboard with additional information to support documenting threats.
###### **References**
@@ -134,7 +134,7 @@ Employ the principal of least privilege, allowing only authorized access for use
#### Solution
-Bloodhound Enterprise audits and reports the health of organizational privilege access models and identifies potential vulnerable attack paths and misconfigurations within the privilege access architecture scheme.
+BloodHound Enterprise audits and reports the health of organizational privilege access models and identifies potential vulnerable attack paths and misconfigurations within the privilege access architecture scheme.
###### **References**
@@ -184,7 +184,7 @@ A baseline of network operations and expected data flows for users and systems i
#### Solution
-BloodHound Enterprise collects information on all physical systems and Active Directory/Azure users operating within a Windows Active Directory environment/Azure Environment. Bloodhound Enterprises configurable scan options allows organizations to establish and monitor their organizational baseline of systems, users, and groups.
+BloodHound Enterprise collects information on all physical systems and Active Directory/Azure users operating within a Windows Active Directory environment/Azure Environment. BloodHound Enterprises configurable scan options allows organizations to establish and monitor their organizational baseline of systems, users, and groups.
###### **References**
@@ -223,7 +223,7 @@ Event data is collected and correlated from multiple sources and sensors.
#### Solution
-Bloodhound Enterprise's Identity Attack Path solution provides unique graph based representations of the logical relationships that may be vulnerable to identity attacks. The information provided by BloodHound Enterprise can be used in combination with other defense appliance output and correlated to assist in satisfying this requirement.
+BloodHound Enterprise's Identity Attack Path solution provides unique graph based representations of the logical relationships that may be vulnerable to identity attacks. The information provided by BloodHound Enterprise can be used in combination with other defense appliance output and correlated to assist in satisfying this requirement.
###### **References**
@@ -241,7 +241,7 @@ Impact of events is determined.
#### Solution
-Bloodhound Enterprise will assign a severity rating category and exposure percentage for all identified attack paths within an organizations Active Directory/Azure environment.
+BloodHound Enterprise will assign a severity rating category and exposure percentage for all identified attack paths within an organizations Active Directory/Azure environment.
###### **References**
@@ -361,7 +361,7 @@ Incidents are mitigated.
#### Solution
-Bloodhound Enterprise provides remediation guidance related to scan findings to mitigate the impact of organizational identity attack path exposure.
+BloodHound Enterprise provides remediation guidance related to scan findings to mitigate the impact of organizational identity attack path exposure.
###### **References**
diff --git a/docs/hc/en-us/articles/Bloodhound-Enterprise-NIST-CSF-v2-Compliance-Resource.mdx b/docs/manage-bloodhound/compliance-framework/nist-csf-v2.mdx
similarity index 92%
rename from docs/hc/en-us/articles/Bloodhound-Enterprise-NIST-CSF-v2-Compliance-Resource.mdx
rename to docs/manage-bloodhound/compliance-framework/nist-csf-v2.mdx
index 2e61f23276..b7a8b63f6f 100644
--- a/docs/hc/en-us/articles/Bloodhound-Enterprise-NIST-CSF-v2-Compliance-Resource.mdx
+++ b/docs/manage-bloodhound/compliance-framework/nist-csf-v2.mdx
@@ -1,5 +1,5 @@
---
-title: Bloodhound Enterprise NIST CSF v2 Compliance Resource
+title: BloodHound Enterprise NIST CSF v2 Compliance Resource
description: "The Following information is meant to provide a more detailed and in-depth view of compliance items that BloodHound Enterprise can provide coverage for."
---
@@ -16,7 +16,7 @@ Inventories of hardware managed by the organization are maintained.
##### Solution
-BloodHound Enterprise collects information on all physical systems operating within a Windows Active Directory environment/Azure Environment. Bloodhound Enterprise monitors the addition/removal of physical assets connecting to the organizations environment.
+BloodHound Enterprise collects information on all physical systems operating within a Windows Active Directory environment/Azure Environment. BloodHound Enterprise monitors the addition/removal of physical assets connecting to the organizations environment.
##### **References/Previous Versions**
@@ -31,7 +31,7 @@ are maintained
##### Solution
-Bloodhound Enterprise collects information on all Systems in a domain that are connected to the organizations Active Directory/Azure Environment. BloodHound Enterprise monitors the environment for the addition/removal of systems from the organizations environment.
+BloodHound Enterprise collects information on all Systems in a domain that are connected to the organizations Active Directory/Azure Environment. BloodHound Enterprise monitors the environment for the addition/removal of systems from the organizations environment.
##### **References**
@@ -45,7 +45,7 @@ Assets are prioritized based on classification, criticality, resources, and impa
##### Solution
-Bloodhound Enterprise allows organizations to assign assets to Tier Zero (T0) based on the organizations classification, criticality, and business value. Prioritized resources are audited and accounted for during BloodHound Enterprise collection scans.
+BloodHound Enterprise allows organizations to assign assets to Tier Zero (T0) based on the organizations classification, criticality, and business value. Prioritized resources are audited and accounted for during BloodHound Enterprise collection scans.
##### **References**
@@ -64,7 +64,7 @@ Vulnerabilities in assets are identified, validated, and recorded
##### Solution
-Bloodhound Enterprise analyzes the Active Directory/Azure environment for identity attack paths that potentially impact an organizations security posture. All Identity vulnerabilities are identified during BloodHound collection activities and presented in the reporting dashboard with additional information to support documenting threats.
+BloodHound Enterprise analyzes the Active Directory/Azure environment for identity attack paths that potentially impact an organizations security posture. All Identity vulnerabilities are identified during BloodHound collection activities and presented in the reporting dashboard with additional information to support documenting threats.
##### **References**
@@ -78,7 +78,7 @@ Internal and external threats to the organization are identified and recorded.
##### Solution
-Bloodhound Enterprise analyzes the Active Directory/Azure environment for identity attack paths that potentially impact an organizations security posture. All Identity threat vectors are identified during BloodHound collection activities and presented in the reporting dashboard with additional information to support documenting threats.
+BloodHound Enterprise analyzes the Active Directory/Azure environment for identity attack paths that potentially impact an organizations security posture. All Identity threat vectors are identified during BloodHound collection activities and presented in the reporting dashboard with additional information to support documenting threats.
##### **References**
@@ -111,7 +111,7 @@ Access permissions, entitlements, and authorizations are defined in a policy, ma
#### Solution
-Bloodhound Enterprise audits and reports the health of organizational privilege access models and identifies potential vulnerable attack paths and misconfigurations within the privilege access architecture scheme.
+BloodHound Enterprise audits and reports the health of organizational privilege access models and identifies potential vulnerable attack paths and misconfigurations within the privilege access architecture scheme.
##### **References**
@@ -211,7 +211,7 @@ Networks and network services are monitored to find potentially adverse events.
#### Solution
-BloodHound Enterprise collects information on all physical systems and Active Directory/Azure users operating within a Windows Active Directory environment/Azure Environment. Bloodhound Enterprises configurable scan options allows organizations to establish and monitor their organizational baseline of systems, users, and groups and monitor that baseline via the reporting dashboard to identify adverse and unsafe events.
+BloodHound Enterprise collects information on all physical systems and Active Directory/Azure users operating within a Windows Active Directory environment/Azure Environment. BloodHound Enterprises configurable scan options allows organizations to establish and monitor their organizational baseline of systems, users, and groups and monitor that baseline via the reporting dashboard to identify adverse and unsafe events.
##### **References**
@@ -225,7 +225,7 @@ Computing hardware and software, runtime environments, and their data are monito
#### Solution
-BloodHound Enterprise collects information on all Active Directory/Azure systems operating within a Windows Active Directory environment/Azure Environment. Bloodhound Enterprise monitors the various assets for trust violations and other identity based events.
+BloodHound Enterprise collects information on all Active Directory/Azure systems operating within a Windows Active Directory environment/Azure Environment. BloodHound Enterprise monitors the various assets for trust violations and other identity based events.
##### **References**
@@ -253,7 +253,7 @@ Analysis is performed to establish what has taken place during an incident and t
#### Solution
-BloodHound Enterprise collects information on all physical systems and Active Directory/Azure users operating within a Windows Active Directory environment/Azure Environment. Bloodhound Enterprises configurable scan options and reporting features provide insights for determining the impact of an incident and understanding the root cause.
+BloodHound Enterprise collects information on all physical systems and Active Directory/Azure users operating within a Windows Active Directory environment/Azure Environment. BloodHound Enterprises configurable scan options and reporting features provide insights for determining the impact of an incident and understanding the root cause.
##### **References**
@@ -267,7 +267,7 @@ An incident’s magnitude is estimated and validated
#### Solution
-Bloodhound Enterprise will audit all identities and objects within your AD environment/Azure environment and provide risk metrics quantifying exposure to identity vulnerabilities as part of your incident validation and estimation activities.
+BloodHound Enterprise will audit all identities and objects within your AD environment/Azure environment and provide risk metrics quantifying exposure to identity vulnerabilities as part of your incident validation and estimation activities.
##### **References**
@@ -286,7 +286,7 @@ Mitigation is performed to restore what has taken place during an incident and a
#### Solution
-BloodHound Enterprise collects information on all physical systems and Active Directory/Azure users operating within a Windows Active Directory environment/Azure Environment. Bloodhound Enterprises configurable scan options and reporting features provide insights for determining the impact of an incident and understanding the root cause. BloodHound Enterprise provides actionable remediation guidance which enables analysts and responders to proactively prevent and mitigate incidents as they are discovered.
+BloodHound Enterprise collects information on all physical systems and Active Directory/Azure users operating within a Windows Active Directory environment/Azure Environment. BloodHound Enterprises configurable scan options and reporting features provide insights for determining the impact of an incident and understanding the root cause. BloodHound Enterprise provides actionable remediation guidance which enables analysts and responders to proactively prevent and mitigate incidents as they are discovered.
##### **References**
diff --git a/docs/hc/en-us/articles/Bloodhound-Enterprise-NIST-SP-800-171-Compliance-Resource.mdx b/docs/manage-bloodhound/compliance-framework/nist-sp-800-171.mdx
similarity index 95%
rename from docs/hc/en-us/articles/Bloodhound-Enterprise-NIST-SP-800-171-Compliance-Resource.mdx
rename to docs/manage-bloodhound/compliance-framework/nist-sp-800-171.mdx
index 53bbba222d..f3c8bad241 100644
--- a/docs/hc/en-us/articles/Bloodhound-Enterprise-NIST-SP-800-171-Compliance-Resource.mdx
+++ b/docs/manage-bloodhound/compliance-framework/nist-sp-800-171.mdx
@@ -1,5 +1,5 @@
---
-title: Bloodhound Enterprise NIST SP 800-171 Compliance Resource
+title: BloodHound Enterprise NIST SP 800-171 Compliance Resource
description: "The Following information is meant to provide a more detailed and in-depth view of compliance items that BloodHound Enterprise can assist in providing coverage for."
---
@@ -26,7 +26,7 @@ type (e.g., privileged verses non-privileged) are addressed in requirement 3.1.2
#### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access levels and validate access permissions.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access levels and validate access permissions.
### 3.1.2
@@ -47,7 +47,7 @@ zone differences, customer requirements, remote access to support travel require
#### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access levels and validate access permissions.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access levels and validate access permissions.
### 3.1.5
@@ -76,7 +76,7 @@ sufficiently mitigate risk.
#### Solution
-Bloodhound Enterprise audits and reports the health of organizational privilege access models and identifies potential vulnerable attack paths and misconfigurations within the privilege access architecture scheme.
+BloodHound Enterprise audits and reports the health of organizational privilege access models and identifies potential vulnerable attack paths and misconfigurations within the privilege access architecture scheme.
### 3.1.6
#### Basic Requirement
@@ -93,7 +93,7 @@ would be provided by a change between a privileged and non-privileged account.
#### Solution
-Bloodhound Enterprise audits and reports the health of organizational privilege access models and identifies potential vulnerable attack paths and misconfigurations within the privilege access architecture scheme.
+BloodHound Enterprise audits and reports the health of organizational privilege access models and identifies potential vulnerable attack paths and misconfigurations within the privilege access architecture scheme.
### 3.1.7
@@ -114,7 +114,7 @@ requirement represents a condition to be achieved by the definition of authorize
#### Solution
-Bloodhound Enterprise audits and reports the health of organizational privilege access models and identifies potential vulnerable attack paths and misconfigurations within the privilege access architecture scheme when used in conjunction with external logging solutions to satisfy this requirement.
+BloodHound Enterprise audits and reports the health of organizational privilege access models and identifies potential vulnerable attack paths and misconfigurations within the privilege access architecture scheme when used in conjunction with external logging solutions to satisfy this requirement.
## 3.3 - AUDIT AND ACCOUNTABILITY
@@ -162,7 +162,7 @@ important information to organizations to facilitate risk-based decision making.
#### Solution
-Bloodhound Enterprise audits and reports the health of organizational privilege access models and identifies potential vulnerable attack paths and misconfigurations within the privilege access architecture scheme when used in conjunction with external logging solutions to satisfy this requirement.
+BloodHound Enterprise audits and reports the health of organizational privilege access models and identifies potential vulnerable attack paths and misconfigurations within the privilege access architecture scheme when used in conjunction with external logging solutions to satisfy this requirement.
### 3.3.2
@@ -240,7 +240,7 @@ device type, model, serial number, and physical location.
#### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound Enterprise’s initial collection and scheduled collections can be used to establish and monitor your organizations identity baseline.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound Enterprise’s initial collection and scheduled collections can be used to establish and monitor your organizations identity baseline.
### 3.4.5
@@ -265,7 +265,7 @@ manage the configuration.
#### Solution
-Bloodhound Enterprise collects information on all systems, users, and objects in a domain that are connected to the organizations Active Directory/Azure Environment. BloodHound Enterprise monitors the environment for the addition/removal of systems from the organizations environment.
+BloodHound Enterprise collects information on all systems, users, and objects in a domain that are connected to the organizations Active Directory/Azure Environment. BloodHound Enterprise monitors the environment for the addition/removal of systems from the organizations environment.
### 3.4.6
@@ -292,7 +292,7 @@ functions, ports, protocols, and services
#### Solution
-Bloodhound Enterprise audits and reports the health of organizational privilege access models and identifies potential vulnerable attack paths and misconfigurations within the privilege access architecture scheme.
+BloodHound Enterprise audits and reports the health of organizational privilege access models and identifies potential vulnerable attack paths and misconfigurations within the privilege access architecture scheme.
## 3.6 - INCIDENT RESPONSE
@@ -385,7 +385,7 @@ the system development life cycle.
#### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound Enterprise’s scheduled collection feature is designed to continuously monitor your environment for Tier Zero risk exposure.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound Enterprise’s scheduled collection feature is designed to continuously monitor your environment for Tier Zero risk exposure.
### 3.11.2
@@ -424,7 +424,7 @@ sensitive nature of such scanning.
#### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound Enterprise’s scheduled collection feature is designed to continuously monitor your environment for Tier Zero risk exposure.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound Enterprise’s scheduled collection feature is designed to continuously monitor your environment for Tier Zero risk exposure.
### 3.11.3
@@ -441,7 +441,7 @@ remediation for specific vulnerabilities.
#### Solution
-Bloodhound Enterprise provides remediation guidance related to scan findings to mitigate the impact of organizational identity attack path exposure.
+BloodHound Enterprise provides remediation guidance related to scan findings to mitigate the impact of organizational identity attack path exposure.
## 3.12 - SECURITY ASSESSMENT
@@ -479,7 +479,7 @@ the system life cycle.
#### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound Enterprise’s scheduled collection feature is designed to continuously monitor your environment for Tier Zero risk exposure. Bloodhound Enterprise’s reporting feature can be used to asses the effectiveness identity and access control systems.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound Enterprise’s scheduled collection feature is designed to continuously monitor your environment for Tier Zero risk exposure. BloodHound Enterprise’s reporting feature can be used to asses the effectiveness identity and access control systems.
### 3.12.2
@@ -502,7 +502,7 @@ the nonfederal organization. \[NIST CUI\] provides supplemental material for Spe
#### Solution
-Bloodhound Enterprise provides remediation guidance related to scan findings to mitigate the impact of organizational identity attack path exposure. Findings are given a criticality rating based on identity exposure contributing to the prioritization of remedial actions when executing a response plan.
+BloodHound Enterprise provides remediation guidance related to scan findings to mitigate the impact of organizational identity attack path exposure. Findings are given a criticality rating based on identity exposure contributing to the prioritization of remedial actions when executing a response plan.
### 3.12.3
diff --git a/docs/hc/en-us/articles/Bloodhound-Enterprise-NIST-SP-800-53-Rev-8-Compliance-Resource.mdx b/docs/manage-bloodhound/compliance-framework/nist-sp-800-53.mdx
similarity index 92%
rename from docs/hc/en-us/articles/Bloodhound-Enterprise-NIST-SP-800-53-Rev-8-Compliance-Resource.mdx
rename to docs/manage-bloodhound/compliance-framework/nist-sp-800-53.mdx
index b3dea06a23..c9df6c12af 100644
--- a/docs/hc/en-us/articles/Bloodhound-Enterprise-NIST-SP-800-53-Rev-8-Compliance-Resource.mdx
+++ b/docs/manage-bloodhound/compliance-framework/nist-sp-800-53.mdx
@@ -1,5 +1,5 @@
---
-title: Bloodhound Enterprise NIST SP 800-53 Rev.8 Compliance Resource
+title: BloodHound Enterprise NIST SP 800-53 Rev.8 Compliance Resource
---
The Following information is meant to provide a more detailed and in-depth view of compliance items that BloodHound Enterprise can provide coverage for.
@@ -12,7 +12,7 @@ Accounts are assigned, managed, and maintained in accordance with organizational
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit and verify access levels for users and groups throughout the enterprise.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit and verify access levels for users and groups throughout the enterprise.
Related Controls: IA-1, PM-9, PM-24, PS-8, SI-12.
@@ -29,7 +29,7 @@ in accordance with applicable access control policies.
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access levels and validate access enforcement controls.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access levels and validate access enforcement controls.
#### **References**
@@ -43,7 +43,7 @@ Enforce approved authorizations for controlling the flow of information within t
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. The logical relationships between AD/Azure objects and Tier Zero assets aid in validating information flow enforcement architecture.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. The logical relationships between AD/Azure objects and Tier Zero assets aid in validating information flow enforcement architecture.
#### **References**
@@ -57,7 +57,7 @@ Security Assessments, mandates regular evaluations of security controls within a
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. Dashboard and reporting features in Bloodhound Enterprise provide continuous evaluation of relationships in your environment and provide actionable data in support of organizational security assessment activities and policies.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. Dashboard and reporting features in BloodHound Enterprise provide continuous evaluation of relationships in your environment and provide actionable data in support of organizational security assessment activities and policies.
#### **References**
@@ -71,7 +71,7 @@ System Interconnections, requires the management, approval, and monitoring of co
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound Enterprises dashboard and reports both illustrate the logical system interconnections within the environment and evaluates and reports any discovered risk.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound Enterprises dashboard and reports both illustrate the logical system interconnections within the environment and evaluates and reports any discovered risk.
#### **References**
@@ -85,7 +85,7 @@ Continuous Monitoring, mandates the establishment of a continuous monitoring str
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound Enterprise’s scheduled collection feature is designed to continuously monitor your environment for Tier Zero risk exposure.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound Enterprise’s scheduled collection feature is designed to continuously monitor your environment for Tier Zero risk exposure.
#### **References**
@@ -99,7 +99,7 @@ Penetration Testing, involves conducting simulated attacks on systems to identif
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment. BloodHound Enterprise provides actionable intelligence on the risks present in your environment which can both aid penetration test assessment functions and activities.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment. BloodHound Enterprise provides actionable intelligence on the risks present in your environment which can both aid penetration test assessment functions and activities.
#### **References**
@@ -113,7 +113,7 @@ Baseline Configuration, mandates the development, documentation, and maintenance
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound Enterprise’s initial collection and scheduled collections can be used to establish and monitor your organizations identity baseline.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound Enterprise’s initial collection and scheduled collections can be used to establish and monitor your organizations identity baseline.
#### **References**
@@ -127,7 +127,7 @@ Information System Component Inventory, requires organizations to maintain an ac
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
#### **References**
@@ -141,7 +141,7 @@ Contingency Plan, requires organizations to develop, document, and implement pla
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and inform the development of organizational contingency plans.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and inform the development of organizational contingency plans.
#### **References**
@@ -155,7 +155,7 @@ Identification and Authentication Policy and Procedures, mandates that organizat
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
#### **References**
@@ -169,7 +169,7 @@ Identification and Authentication (Organizational Users), requires that the iden
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
#### **References**
@@ -183,7 +183,7 @@ Identifier Management, requires the management of user identifiers by ensuring t
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment and highlight instances of misconfigured identities.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment and highlight instances of misconfigured identities.
#### **References**
@@ -197,7 +197,7 @@ Identification and Authentication (Non-Organizational Users), focuses on ensurin
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
#### **References**
@@ -211,7 +211,7 @@ Incident Monitoring, requires organizations to establish and maintain the capabi
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
#### **References**
@@ -225,7 +225,7 @@ Information System Inventory, requires organizations to develop, document, maint
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
#### **References**
@@ -239,7 +239,7 @@ Security Categorization, requires organizations to categorize information and in
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
#### **References**
@@ -253,7 +253,7 @@ Risk Assessment, mandates organizations to conduct comprehensive assessments of
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
#### **References**
@@ -267,7 +267,7 @@ RA-5, Vulnerability Scanning, requires organizations to periodically scan inform
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
#### **References**
@@ -281,7 +281,7 @@ Information System Documentation, mandates that organizations maintain documenta
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
#### **References**
@@ -295,7 +295,7 @@ Developer Security Testing and Evaluation, requires organizations to require dev
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
#### **References**
@@ -309,7 +309,7 @@ Flaw Remediation, requires organizations to identify, report, and correct inform
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
#### **References**
@@ -323,7 +323,7 @@ Information System Monitoring, mandates continuous monitoring activities to dete
### Solution
-Bloodhound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
+BloodHound Enterprise identifies and catalogues all Active Directory/Azure accounts during its collection process. The collected accounts are analyzed and displayed in graph format to illustrate the various relationships and permission profiles in order to easily audit/verify access and authorization levels within the enterprise. BloodHound enterprise will assign a risk metric, represented as exposure to tier 0 assets, and report the overall level of exposure present in an environment.
#### **References**
diff --git a/docs/manage-bloodhound/compliance-framework/overview.mdx b/docs/manage-bloodhound/compliance-framework/overview.mdx
new file mode 100644
index 0000000000..0fd5525ea4
--- /dev/null
+++ b/docs/manage-bloodhound/compliance-framework/overview.mdx
@@ -0,0 +1,66 @@
+---
+title: BloodHound Enterprise Compliance Framework
+mode: wide
+sidebarTitle: Overview
+---
+
+BloodHound Enterprise helps organizations meet their compliance requirements by providing visibility into identity attack paths and enabling organizations to remediate them. BloodHound Enterprise can help satisfy controls across multiple compliance frameworks, including:
+
+- [NIST CSF v1.1](/manage-bloodhound/compliance-framework/nist-csf-v1-1)
+- [NIST CSF v2](/manage-bloodhound/compliance-framework/nist-csf-v2)
+- [NIST SP 800-171](/manage-bloodhound/compliance-framework/nist-sp-800-171)
+- [NIST SP 800-53 Rev. 8](/manage-bloodhound/compliance-framework/nist-sp-800-53)
+
+## How BloodHound Enterprise Helps with Compliance
+
+BloodHound Enterprise helps organizations meet their compliance requirements in several ways:
+
+1. **Asset Management**: BloodHound Enterprise provides a comprehensive inventory of Active Directory and Azure assets through automated scans of the environment.
+
+2. **Risk Assessment**: BloodHound Enterprise's attack path analysis and risk scoring help organizations understand and quantify their cybersecurity risk.
+
+3. **Configuration Management**: BloodHound Enterprise helps establish access and identity baselines and detects deviations from those baselines.
+
+4. **Monitoring**: BloodHound Enterprise provides routine and on-demand scans to continuously monitor for identity attack paths.
+
+5. **Incident Response**: BloodHound Enterprise's attack path analysis helps organizations understand and respond to identity-based threats.
+
+For more information about how BloodHound Enterprise maps to specific compliance controls, see the [Compliance Resources](/manage-bloodhound/compliance-framework/resources) page.
+
+
+
+
+
+
+
+
diff --git a/docs/manage-bloodhound/compliance-framework/resources.mdx b/docs/manage-bloodhound/compliance-framework/resources.mdx
new file mode 100644
index 0000000000..fb8847fa27
--- /dev/null
+++ b/docs/manage-bloodhound/compliance-framework/resources.mdx
@@ -0,0 +1,47 @@
+---
+title: BloodHound Enterprise Compliance Framework Resource
+description: "BloodHound Enterprise aids numerous organizations in meeting their compliance requirements through our continuous monitoring of identity Attack Path exposure within their environments. We're eager to support you and your auditors in gaining a deeper understanding of the inner workings of BloodHound Enterprise and how we can help you meet your compliance goals."
+---
+
+Below, you'll find tables outlining various standard controls, detailing how BloodHound Enterprise supports these controls, and mapping them to relevant sections within the specific compliance frameworks.
+
+Within each table, the specific controls can be expanded to learn how BloodHound Enterprise satisfies each particular control.
+
+## Asset Management
+
+| | | | | | | |
+| --- | --- | --- | --- | --- | --- | --- |
+| **Control Category/Activity** | **How Does BloodHound Enterprise Satisfy This Control?** | **[NIST CSF v1.1](/manage-bloodhound/compliance-framework/nist-csf-v1-1)** | **[NIST CSF v2](/manage-bloodhound/compliance-framework/nist-csf-v2)** | **[NIST 800-171](/manage-bloodhound/compliance-framework/nist-sp-800-171)** | **[NIST 800-53 rev 8](/manage-bloodhound/compliance-framework/nist-sp-800-53)** | |
+| Asset Management
The organization retains control over a system of devices, which undergoes reconciliation at intervals defined by the organization. | BloodHound Enterprise provides a comprehensive inventory of Active Directory and Azure assets through automated scans of the environment. | [ID.AM-1](/manage-bloodhound/compliance-framework/nist-csf-v1-1#ID.AM-1)
[ID.AM-2](/manage-bloodhound/compliance-framework/nist-csf-v1-1#ID.AM-2)
[ID.AM-5](/manage-bloodhound/compliance-framework/nist-csf-v1-1#ID.AM-5)
[PR.IP-1](/manage-bloodhound/compliance-framework/nist-csf-v1-1#PR.IP-1) | [ID.AM-01](/manage-bloodhound/compliance-framework/nist-csf-v2#ID.AM-01)
[ID.AM-02](/manage-bloodhound/compliance-framework/nist-csf-v2#ID.AM-02)
[ID.AM-05](/manage-bloodhound/compliance-framework/nist-csf-v2#ID.AM-05) | [3.1.1](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.1.1)
[3.4.1](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.4.1) | [CM-8](/manage-bloodhound/compliance-framework/nist-sp-800-53#CM-8-Information-System-Component-Inventory)
[CP-2](/manage-bloodhound/compliance-framework/nist-sp-800-53#CP-2-Contingency-Plan)
[PM-5](/manage-bloodhound/compliance-framework/nist-sp-800-53#PM-5-Information-System-Inventory)
[RA-2](/manage-bloodhound/compliance-framework/nist-sp-800-53#RA-2-Security-Categorization) | |
+
+## Risk Assessment
+
+| | | | | | | |
+| --- | --- | --- | --- | --- | --- | --- |
+| **Control Category/Activity** | **How Does BloodHound Enterprise Satisfy This Control?** | **[NIST CSF v1.1](/manage-bloodhound/compliance-framework/nist-csf-v1-1)** | **[NIST CSF v2](/manage-bloodhound/compliance-framework/nist-csf-v2)** | **[NIST 800-171](/manage-bloodhound/compliance-framework/nist-sp-800-171)** | **[NIST 800-53 rev 8](/manage-bloodhound/compliance-framework/nist-sp-800-53)** | |
+| Risk Assessment
The organization employs mechanisms to understand the cybersecurity risk to operations, assets, and individuals. | BloodHound Enterprise's attack path analysis and risk scoring help to satisfy this control. | [ID.RA-1](/manage-bloodhound/compliance-framework/nist-csf-v1-1#ID.RA-1)
[ID.RA-3](/manage-bloodhound/compliance-framework/nist-csf-v1-1#ID.RA-3)
[ID.RA-5](/manage-bloodhound/compliance-framework/nist-csf-v1-1#ID.RA-5) | [ID.RA-01](/manage-bloodhound/compliance-framework/nist-csf-v2#ID.RA-01)
[ID.RA-03](/manage-bloodhound/compliance-framework/nist-csf-v2#ID.RA-03)
[ID.RA-05](/manage-bloodhound/compliance-framework/nist-csf-v2#ID.RA-05) | [3.11.1](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.11.1)
[3.11.2](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.11.2)
[3.11.3](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.11.3)
[3.12.1](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.12.1)
[3.12.2](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.12.1)
[3.12.3](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.12.3)
[3.14.1](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.14.1)
[3.14.2](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.14.2) | [CA-2](/manage-bloodhound/compliance-framework/nist-sp-800-53#CA-2---Security-Assessments)
[CA-7](/manage-bloodhound/compliance-framework/nist-sp-800-53#CA-7---Continuous-Monitoring)
[CA-8](/manage-bloodhound/compliance-framework/nist-sp-800-53#CA-8-Penetration-Testing)
[RA-3](/manage-bloodhound/compliance-framework/nist-sp-800-53#RA-3-Risk-Assessment)
[RA-5](/manage-bloodhound/compliance-framework/nist-sp-800-53#RA-5-Vulnerability-Scanning)
[SA-5](/manage-bloodhound/compliance-framework/nist-sp-800-53#SA-5-Information-System-Documentation)
[SA-11](/manage-bloodhound/compliance-framework/nist-sp-800-53#SA-11-Security-Testing-and-Evaluation)
[SI-2](/manage-bloodhound/compliance-framework/nist-sp-800-53#SI-2-Flaw-Remediation)
[SI-4](/manage-bloodhound/compliance-framework/nist-sp-800-53#SI-4-Information-Systems-Monitoring) | |
+
+## Configuration Management
+
+| | | | | | | |
+| --- | --- | --- | --- | --- | --- | --- |
+| **Control Category/Activity** | **How Does BloodHound Enterprise Satisfy This Control?** | **[NIST CSF v1.1](/manage-bloodhound/compliance-framework/nist-csf-v1-1)** | **[NIST CSF v2](/manage-bloodhound/compliance-framework/nist-csf-v2)** | **[NIST 800-171](/manage-bloodhound/compliance-framework/nist-sp-800-171)** | **[NIST 800-53 rev 8](/manage-bloodhound/compliance-framework/nist-sp-800-53)** | |
+| Configuration Management
The organization employs proactive mechanisms to detect deviations from baseline configurations within production environments. | Analysis of Active Directory/Azure Identities audits user and object permissions for deviations from established access and identity baselines | [PR.AC-4](/manage-bloodhound/compliance-framework/nist-csf-v1-1#PR.AC-4)
[PR.IP-1](/manage-bloodhound/compliance-framework/nist-csf-v1-1#PR.IP-1)
[DE.AE-1](/manage-bloodhound/compliance-framework/nist-csf-v1-1#DE.AE-1) | [PR.PS-01](/manage-bloodhound/compliance-framework/nist-csf-v2#PR.PS-01) | [3.1.1](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.12.3)
[3.1.2](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.1.2)
[3.1.5](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.1.2)
[3.1.6](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.1.6)
[3.1.7](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.1.7)
[3.4.5](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.4.5)
[3.4.6](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.4.6) | [AC-2](/manage-bloodhound/compliance-framework/nist-sp-800-53#AC-2----Account-Management)
[AC-3](/manage-bloodhound/compliance-framework/nist-sp-800-53#AC-3---Access-Enforcement)
[IA-1](/manage-bloodhound/compliance-framework/nist-sp-800-53#IA-1-Identification-and-Authentication)
[IA-2](/manage-bloodhound/compliance-framework/nist-sp-800-53#IA-2-Identification-and-Authentication-(Organizational-Users))
[IA-4](/manage-bloodhound/compliance-framework/nist-sp-800-53#IA-4-Identifier-Management)
[IA-8](/manage-bloodhound/compliance-framework/nist-sp-800-53#IA-8-Identification-and-Authentication) | |
+
+## Detection
+
+| | | | | | | |
+| --- | --- | --- | --- | --- | --- | --- |
+
+| | | | | | | |
+| --- | --- | --- | --- | --- | --- | --- |
+| **Control Category/Activity** | **How Does BloodHound Enterprise Satisfy This Control?** | **[NIST CSF v1.1](/manage-bloodhound/compliance-framework/nist-csf-v1-1)** | **[NIST CSF v2](/manage-bloodhound/compliance-framework/nist-csf-v2)** | **[NIST 800-171](/manage-bloodhound/compliance-framework/nist-sp-800-171)** | **[NIST 800-53 rev 8](/manage-bloodhound/compliance-framework/nist-sp-800-53)** | |
+| **Control Category/Activity** | **How Does BloodHound Enterprise Satisfy This Control?** | **[NIST CSF v1.1](/manage-bloodhound/compliance-framework/nist-csf-v1-1)** | **[NIST CSF v2](/manage-bloodhound/compliance-framework/nist-csf-v2)** | **[NIST 800-171](/manage-bloodhound/compliance-framework/nist-sp-800-171)** | **[NIST 800-53 rev 8](/manage-bloodhound/compliance-framework/nist-sp-800-53)** | |
+| Detection
The organization employs mechanisms within the environment that continuously monitor for anomalies and events. | Identity Attack Path vectors are assigned a severity rating in BloodHound Enterprise when detected during routine and on-demand scans | [DE.AE-2](/manage-bloodhound/compliance-framework/nist-csf-v1-1#DE.AE-2)
[DE.AE-4](/manage-bloodhound/compliance-framework/nist-csf-v1-1#DE.AE-4)
[DE.AE-5](/manage-bloodhound/compliance-framework/nist-csf-v1-1#DE.AE-5)
[DE.CM-1](/manage-bloodhound/compliance-framework/nist-csf-v1-1#DE.CM-1)
[DE.CM-8](/manage-bloodhound/compliance-framework/nist-csf-v1-1#DE.CM-8) | [DE.AE-02](/manage-bloodhound/compliance-framework/nist-csf-v2#DE.AE-02)
[DE.AE-04](/manage-bloodhound/compliance-framework/nist-csf-v2#DE.AE-04)
[DE.AE-08](/manage-bloodhound/compliance-framework/nist-csf-v2#DE.AE-08) | [3.3.1](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.4.6)
[3.3.2](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.4.6)
[3.3.5](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.3.5) | [CA-3](/manage-bloodhound/compliance-framework/nist-sp-800-53#IA-8-Identification-and-Authentication)
[CM-2](/manage-bloodhound/compliance-framework/nist-sp-800-53#IA-8-Identification-and-Authentication) | |
+
+## Respond
+
+| | | | | | | |
+| --- | --- | --- | --- | --- | --- | --- |
+| **Control Category/Activity** | **How Does BloodHound Enterprise Satisfy This Control?** | **[NIST CSF v1.1](/manage-bloodhound/compliance-framework/nist-csf-v1-1)** | **[NIST CSF v2](/manage-bloodhound/compliance-framework/nist-csf-v2)** | **[NIST 800-171](/manage-bloodhound/compliance-framework/nist-sp-800-171)** | **[NIST 800-53 rev 8](/manage-bloodhound/compliance-framework/nist-sp-800-53)** | |
+| Respond
Activities are performed to ensure effective response, support recovery activities, and mitigating steps are taken to prevent the expansion of an incident. | BloodHound Enterprise detects and reports identified attack paths with a quantifiable risk metric and inventory of all impacted systems. Relevant remediation and mitigation documentation provided during analysis may help to satisfy this control. | [RS.AN-1](/manage-bloodhound/compliance-framework/nist-csf-v1-1#RS.AN-1)
[RS.AN-2](/manage-bloodhound/compliance-framework/nist-csf-v1-1#RS.AN-2)
[RS.MI-2](/manage-bloodhound/compliance-framework/nist-csf-v1-1#RS.MI-2) | [RS.MI-02](/manage-bloodhound/compliance-framework/nist-csf-v2#RS.AN-03) | [3.3.1](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.3.1)
[3.3.2](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.3.1)
[3.3.5](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.3.5)
[3.6.1](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.3.5)
[3.6.2](/manage-bloodhound/compliance-framework/nist-sp-800-171#3.3.5) | [CA-7](/manage-bloodhound/compliance-framework/nist-sp-800-53#CA-7---Continuous-Monitoring)
[IR-5](/manage-bloodhound/compliance-framework/nist-sp-800-53#IR-5-Incident-Monitoring) | |
diff --git a/docs/hc/en-us/categories/Administration.mdx b/docs/manage-bloodhound/overview.mdx
similarity index 51%
rename from docs/hc/en-us/categories/Administration.mdx
rename to docs/manage-bloodhound/overview.mdx
index fc9a94b94b..41e0c83e84 100644
--- a/docs/hc/en-us/categories/Administration.mdx
+++ b/docs/manage-bloodhound/overview.mdx
@@ -7,90 +7,90 @@ sidebarTitle: Overview
-## [Bloodhound Enterprise Compliance Framework](/hc/en-us/sections/Bloodhound-Enterprise-Compliance-Framework)
+## [BloodHound Enterprise Compliance Framework](/manage-bloodhound/compliance-framework/overview)
-## [Authentication and Authorization](/hc/en-us/sections/Authentication-and-Authorization)
+## [Authentication and Authorization](/manage-bloodhound/auth/overview)
@@ -99,7 +99,7 @@ sidebarTitle: Overview
@@ -108,7 +108,7 @@ sidebarTitle: Overview
diff --git a/docs/hc/en-us/sections/Securing-BloodHound-and-collectors.mdx b/docs/manage-bloodhound/securing-bloodhound-and-collectors/overview.mdx
similarity index 77%
rename from docs/hc/en-us/sections/Securing-BloodHound-and-collectors.mdx
rename to docs/manage-bloodhound/securing-bloodhound-and-collectors/overview.mdx
index cd61d05ba1..e7e00aee5b 100644
--- a/docs/hc/en-us/sections/Securing-BloodHound-and-collectors.mdx
+++ b/docs/manage-bloodhound/securing-bloodhound-and-collectors/overview.mdx
@@ -9,7 +9,7 @@ sidebarTitle: Overview
diff --git a/docs/hc/en-us/articles/SharpHound-Enterprise-Service-Hardening.mdx b/docs/manage-bloodhound/securing-bloodhound-and-collectors/sharphound-hardening.mdx
similarity index 76%
rename from docs/hc/en-us/articles/SharpHound-Enterprise-Service-Hardening.mdx
rename to docs/manage-bloodhound/securing-bloodhound-and-collectors/sharphound-hardening.mdx
index a0938906af..e665b130e9 100644
--- a/docs/hc/en-us/articles/SharpHound-Enterprise-Service-Hardening.mdx
+++ b/docs/manage-bloodhound/securing-bloodhound-and-collectors/sharphound-hardening.mdx
@@ -4,7 +4,7 @@ description: "The BloodHound team recommends the hardening actions described on
---
- 
+ 
Many of the attacks involve privileged collection, in which the SharpHound service account gathers data from domain-joined Windows computers. During privileged collection, an attacker with administrative access to a computer in the domain could attempt to compromise the SharpHound service account, as the account will log in on the computer during the collection.
@@ -16,7 +16,7 @@ This page will describe the attacks we want to prevent and the remediations that
We recommend using a [Group Managed Service Account](https://learn.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview) (gMSA) for the SharpHound service account rather than a regular AD user.
-Follow the article: [Create a GMSA for use with SharpHound Enterprise](/hc/en-us/articles/Create-a-gMSA-for-use-with-SharpHound-Enterprise).
+Follow the article: [Create a gMSA for SharpHound](/install-data-collector/install-sharphound/create-gmsa).
A gMSA is a type of service account where the password is managed by Active Directory, eliminating the need for manual password management. This will ensure the service account password is:
@@ -38,9 +38,9 @@ Our testing has shown that adding the SharpHound service account to Protected Us
### Tiering SharpHound
-We recommend tiering the SharpHound service account to follow the principle of “[elevated user accounts should not be used to log on to lower Tier assets](https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/protecting-domain-administrative-credentials/ba-p/259210)”.
+We recommend tiering the SharpHound service account to follow the principle of "[elevated user accounts should not be used to log on to lower Tier assets](https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/protecting-domain-administrative-credentials/ba-p/259210)".
-Follow the article: [Deploying a tiered SharpHound Enterprise collector strategy](/hc/en-us/articles/Deploying-a-tiered-SharpHound-Enterprise-collector-strategy).
+Follow the article: [Tiered SharpHound Strategy](/install-data-collector/install-sharphound/tiered-collector-strategy).
This recommendation is especially for organizations seeking to implement the [Active Directory Tier Model](https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/tier-model-for-partitioning-administrative-privileges) or [Enterprise Access Model](https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-access-model)
@@ -62,7 +62,7 @@ When the password is strong, it decreases the risk of an attacker guessing the p
### Attack 2: Kerberos delegation attacks
-When collecting data, the SharpHound service account will only perform a network logon (type 3) on remote computers. This logon type will not save the service account credentials in the remote computer’s memory. However, Kerberos delegation breaks this rule if the remote computer is configured with Kerberos unconstrained delegation. In that case, the remote computer will receive a copy of the service account’s Kerberos session ticket (TGT), which an attacker can extract from memory and utilize to authenticate as the service account. If the computer is configured with unconstrained delegation, the service account does not need to log on to the computer – the attacker can obtain service tickets as any user for services it is allowed to delegate to.
+When collecting data, the SharpHound service account will only perform a network logon (type 3) on remote computers. This logon type will not save the service account credentials in the remote computer's memory. However, Kerberos delegation breaks this rule if the remote computer is configured with Kerberos unconstrained delegation. In that case, the remote computer will receive a copy of the service account's Kerberos session ticket (TGT), which an attacker can extract from memory and utilize to authenticate as the service account. If the computer is configured with unconstrained delegation, the service account does not need to log on to the computer – the attacker can obtain service tickets as any user for services it is allowed to delegate to.
#### Preferred remediation: Protected Users group (gMSA only)
@@ -70,17 +70,17 @@ Members of the Protected Users group cannot be delegated, as described by Micros
#### Alternative remediation: Mark the account as sensitive
-It is possible to prevent an AD principal from using Kerberos delegation services by enabling the account option “Account is sensitive and cannot be delegated”:
+It is possible to prevent an AD principal from using Kerberos delegation services by enabling the account option "Account is sensitive and cannot be delegated":
- 
+ 
On a Group Manages Service Account (gMSA), this account option is not visible in the GUI, but you can set the account option through PowerShell:
- 
+ 
-The value should be _True_ for the account to be protected.
+The value should be _True_ for the account to be protected.
### Attack 3: Authentication relaying
@@ -90,14 +90,14 @@ It is possible to relay Kerberos authentication under specific circumstances, bu
#### Preferred remediation: Protected Users group (gMSA only)
-Members of the Protected Users group cannot authenticate with NTLM, as described by Microsoft [here](https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group#domain-controller-protections-for-protected-users). This means the SharpHound service account will not be vulnerable to NTLM attacks. This remediation will break the SharpHound service if a regular AD is used instead of a gMSA.
+Members of the Protected Users group cannot authenticate with NTLM, as described by Microsoft [here](https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group#domain-controller-protections-for-protected-users). This means the SharpHound service account will not be vulnerable to NTLM attacks. This remediation will break the SharpHound service if a regular AD is used instead of a gMSA.
#### Alternative remediation: Block outgoing NTLM
-Outgoing NTLM can be denied entirely from the SharpHound server by configuring the security option [Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers](https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers) to _Deny All:_
+Outgoing NTLM can be denied entirely from the SharpHound server by configuring the security option [Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers](https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers) to _Deny All:_
- 
+ 
This prevents the attacker from downgrading the Kerberos authentication to NTLM and remediates NTLM attacks.
@@ -112,7 +112,7 @@ _See the remediation of the previous attack (Authentication relaying)._
### Attack 5: Reusable credentials in LSASS
-When an account logs in on a Windows computer, the account’s credentials will be cached in LSASS memory in a reusable format, such that Windows can reauthenticate the user without the user having to type in their password again and again. This is known as Single Sign-On (SSO).
+When an account logs in on a Windows computer, the account's credentials will be cached in LSASS memory in a reusable format, such that Windows can reauthenticate the user without the user having to type in their password again and again. This is known as Single Sign-On (SSO).
An attacker with administrative access to the computer can read the cached credentials out of LSASS and thereby compromise the account.
@@ -122,7 +122,7 @@ The SharpHound service account performs only a network logon (type 3) when it co
### Attack 6: Cached Domain Credentials Cracking
-Normally, when a domain user logs in on a domain-joined Windows computer, the authentication will involve a Domain Controller telling the computer if the account’s credentials are valid. But if the computer cannot reach a Domain Controller (due to network issues etc.), this authentication process does not work. Windows will, by default, cache the account’s credentials in the security registry hive in a non-reusable format (MS-Cache v2 hash), such that the computer can verify the credential even if it cannot reach any Domain Controller.
+Normally, when a domain user logs in on a domain-joined Windows computer, the authentication will involve a Domain Controller telling the computer if the account's credentials are valid. But if the computer cannot reach a Domain Controller (due to network issues etc.), this authentication process does not work. Windows will, by default, cache the account's credentials in the security registry hive in a non-reusable format (MS-Cache v2 hash), such that the computer can verify the credential even if it cannot reach any Domain Controller.
An attacker with administrative access to the computer can read the cached credentials out of the registry hive, crack the password hash, and thereby compromise the account.
@@ -132,7 +132,7 @@ The SharpHound service account performs only a Network logon (type 3) when it co
### Attack 7: Kerberoasting
-Any AD user can request and receive a Kerberos service ticket of any user (service account) with a Service Principal Name (SPN) attribute set. This service ticket is encrypted with a Kerberos key derived from the service account’s password. An attacker can obtain the password of the service account by cracking the service ticket (guessing the password that decrypts the ticket). This attack is known as Kerberoasting.
+Any AD user can request and receive a Kerberos service ticket of any user (service account) with a Service Principal Name (SPN) attribute set. This service ticket is encrypted with a Kerberos key derived from the service account's password. An attacker can obtain the password of the service account by cracking the service ticket (guessing the password that decrypts the ticket). This attack is known as Kerberoasting.
#### Remediation - No remediation required
diff --git a/docs/mint.json b/docs/mint.json
index 2a9847f0c0..2628aa2784 100644
--- a/docs/mint.json
+++ b/docs/mint.json
@@ -43,13 +43,17 @@
"style": "roundedRectangle"
},
"tabs": [
+ {
+ "name": "Home",
+ "url": "/home"
+ },
{
"name": "BloodHound",
- "url": "hc"
+ "url": "/"
},
{
"name": "API Reference",
- "url": "hc/en-us/reference"
+ "url": "reference"
}
],
"anchors": [
@@ -73,58 +77,58 @@
"name": "Home"
},
"navigation": [
- {
+ {
"group": "Home",
- "pages": ["home"]
+ "pages": ["/home"]
},
{
"group": "Get Started with BloodHound",
"pages": [
- "hc/en-us/get-started/introduction-to-bloodhound",
+ "get-started/introduction",
{
"group": "Quickstart",
"pages": [
- "hc/en-us/get-started/bloodhound-enterprise-quickstart",
- "hc/en-us/get-started/bloodhound-community-edition-quickstart"
+ "get-started/quickstart/enterprise-quickstart",
+ "get-started/quickstart/community-edition-quickstart"
]
},
{
- "group": "BloodHound and Security Boundaries",
+ "group": "Security Boundaries",
"pages": [
- "hc/en-us/articles/BloodHound-Enterprise-Security-Overview",
- "hc/en-us/articles/Modifying-Tier-Zero",
- "hc/en-us/articles/Tier-Zero-Members-and-Modification"
+ "get-started/security-boundaries/enterprise-security-overview",
+ "get-started/security-boundaries/modifying-tier-zero",
+ "get-started/security-boundaries/tier-zero-members"
]
}
]
},
{
- "group": "Install a Data Collector",
+ "group": "Install Data Collector",
"pages": [
- "hc/en-us/categories/Deployment",
+ "install-data-collector/overview",
{
"group": "Install SharpHound",
"pages": [
- "hc/en-us/sections/Deploying-SharpHound-Enterprise",
- "hc/en-us/articles/SharpHound-Enterprise-System-Requirements-and-Deployment-Process",
- "hc/en-us/articles/Install-and-Upgrade-SharpHound-Enterprise",
- "hc/en-us/articles/Deploying-a-tiered-SharpHound-Enterprise-collector-strategy",
- "hc/en-us/articles/Create-a-gMSA-for-use-with-SharpHound-Enterprise",
- "hc/en-us/articles/SharpHound-Enterprise-Local-Configuration",
- "hc/en-us/articles/Modify-the-service-account-used-by-SharpHound-Enterprise",
- "hc/en-us/articles/SharpHound-Enterprise-Tenant-Configuration",
- "hc/en-us/articles/Troubleshooting-Local-Collection-Coverage"
+ "install-data-collector/install-sharphound/overview",
+ "install-data-collector/install-sharphound/system-requirements",
+ "install-data-collector/install-sharphound/installation-upgrade",
+ "install-data-collector/install-sharphound/tiered-collector-strategy",
+ "install-data-collector/install-sharphound/create-gmsa",
+ "install-data-collector/install-sharphound/local-configuration",
+ "install-data-collector/install-sharphound/modify-service-account",
+ "install-data-collector/install-sharphound/tenant-configuration",
+ "install-data-collector/install-sharphound/troubleshooting"
]
},
{
"group": "Install AzureHound",
"pages": [
- "hc/en-us/sections/Deploying-AzureHound-Enterprise",
- "hc/en-us/articles/AzureHound-Enterprise-System-Requirements-and-Deployment-Process",
- "hc/en-us/articles/AzureHound-Enterprise-Azure-Configuration",
- "hc/en-us/articles/Create-an-AzureHound-Configuration",
- "hc/en-us/articles/Install-and-Upgrade-AzureHound-Windows-Docker-or-Kubernetes",
- "hc/en-us/articles/Running-multiple-AzureHound-Enterprise-collectors-on-one-server-with-Scheduled-Tasks"
+ "install-data-collector/install-azurehound/overview",
+ "install-data-collector/install-azurehound/system-requirements",
+ "install-data-collector/install-azurehound/azure-configuration",
+ "install-data-collector/install-azurehound/create-configuration",
+ "install-data-collector/install-azurehound/installation-options",
+ "install-data-collector/install-azurehound/multiple-collectors"
]
}
]
@@ -132,30 +136,30 @@
{
"group": "Collect Data",
"pages": [
- "hc/en-us/categories/Data-Collection",
+ "collect-data/overview",
{
"group": "BloodHound Enterprise Collection",
"pages": [
- "hc/en-us/sections/BloodHound-Enterprise-Collection",
- "hc/en-us/articles/SharpHound-Enterprise-Data-Collection-and-Permissions",
- "hc/en-us/articles/Data-reconciliation-and-retention",
- "hc/en-us/articles/Ad-hoc-BHE-Data-Collection-with-SharpHound-CE",
- "hc/en-us/articles/Run-an-On-Demand-Scan",
- "hc/en-us/articles/Create-a-BloodHound-Enterprise-collector-client",
- "hc/en-us/articles/Create-a-data-collection-schedule",
- "hc/en-us/articles/Why-perform-privileged-collection-in-SharpHound",
- "hc/en-us/articles/SharpHound-Enterprise-Cross-Trust-Collection",
- "hc/en-us/articles/SharpHound-Collection-FAQ"
+ "collect-data/enterprise-collection/overview",
+ "collect-data/enterprise-collection/permissions",
+ "collect-data/enterprise-collection/data-retention",
+ "collect-data/enterprise-collection/ad-hoc-collection",
+ "collect-data/enterprise-collection/on-demand-scan",
+ "collect-data/enterprise-collection/create-collector",
+ "collect-data/enterprise-collection/collection-schedule",
+ "collect-data/enterprise-collection/privileged-collection",
+ "collect-data/enterprise-collection/cross-trust",
+ "collect-data/enterprise-collection/faq"
]
},
{
- "group": "BloodHound CE Collection",
+ "group": "Community Edition Collection",
"pages": [
- "hc/en-us/sections/BloodHound-CE-Collection",
- "hc/en-us/articles/SharpHound-Community-Edition",
- "hc/en-us/articles/All-SharpHound-Community-Edition-Flags-Explained",
- "hc/en-us/articles/AzureHound-Community-Edition",
- "hc/en-us/articles/All-AzureHound-Community-Edition-Flags-Explained"
+ "collect-data/ce-collection/overview",
+ "collect-data/ce-collection/sharphound",
+ "collect-data/ce-collection/sharphound-flags",
+ "collect-data/ce-collection/azurehound",
+ "collect-data/ce-collection/azurehound-flags"
]
}
]
@@ -163,16 +167,16 @@
{
"group": "Analyze Attack Path Data",
"pages": [
- "hc/en-us/categories/Data-Analysis",
+ "analyze-data/overview",
{
- "group": "The BloodHound GUI",
+ "group": "BloodHound GUI",
"pages": [
- "hc/en-us/sections/The-BloodHound-GUI",
- "hc/en-us/articles/Posture-Page",
- "hc/en-us/articles/BloodHound-Configuration",
- "hc/en-us/articles/Mute-unmute-attack-path-finding",
- "hc/en-us/articles/Searching-with-Cypher",
- "hc/en-us/articles/Explore-Search-for-Objects"
+ "analyze-data/bloodhound-gui/overview",
+ "analyze-data/bloodhound-gui/posture-page",
+ "analyze-data/bloodhound-gui/configuration",
+ "analyze-data/bloodhound-gui/mute-paths",
+ "analyze-data/bloodhound-gui/cypher-search",
+ "analyze-data/bloodhound-gui/explore-objects"
]
}
]
@@ -180,60 +184,58 @@
{
"group": "Manage BloodHound",
"pages": [
- "hc/en-us/categories/Administration",
+ "manage-bloodhound/overview",
{
- "group": " Bloodhound Enterprise Compliance Framework",
+ "group": "BloodHound Enterprise Compliance Framework",
"pages": [
- "hc/en-us/sections/Bloodhound-Enterprise-Compliance-Framework",
- "hc/en-us/articles/Bloodhound-Enterprise-Compliance-Framework-Resource",
- "hc/en-us/articles/Bloodhound-Enterprise-NIST-SP-800-171-Compliance-Resource",
- "hc/en-us/articles/Bloodhound-Enterprise-NIST-SP-800-53-Rev-8-Compliance-Resource",
- "hc/en-us/articles/Bloodhound-Enterprise-NIST-CSF-v2-Compliance-Resource",
- "hc/en-us/articles/Bloodhound-Enterprise-NIST-CSF-v1-1-Compliance-Resource"
+ "manage-bloodhound/compliance-framework/overview",
+ "manage-bloodhound/compliance-framework/resources",
+ "manage-bloodhound/compliance-framework/nist-sp-800-171",
+ "manage-bloodhound/compliance-framework/nist-sp-800-53",
+ "manage-bloodhound/compliance-framework/nist-csf-v2",
+ "manage-bloodhound/compliance-framework/nist-csf-v1-1"
]
},
{
"group": "Authentication and Authorization",
"pages": [
- "hc/en-us/sections/Authentication-and-Authorization",
- "hc/en-us/articles/Administering-users-and-roles",
- "hc/en-us/articles/Enable-Disable-Multi-Factor-Authentication",
- "hc/en-us/articles/OIDC-in-BloodHound",
- "hc/en-us/articles/SAML-in-BloodHound",
- "hc/en-us/articles/SAML-ADFS-Configuration",
- "hc/en-us/articles/SAML-Auth0-Configuration",
- "hc/en-us/articles/SAML-Entra-ID-Configuration",
- "hc/en-us/articles/SAML-Google-IDP-Configuration",
- "hc/en-us/articles/SAML-Okta-Configuration"
+ "manage-bloodhound/auth/overview",
+ "manage-bloodhound/auth/users-and-roles",
+ "manage-bloodhound/auth/mfa",
+ "manage-bloodhound/auth/oidc",
+ "manage-bloodhound/auth/saml",
+ "manage-bloodhound/auth/saml-adfs",
+ "manage-bloodhound/auth/saml-auth0",
+ "manage-bloodhound/auth/saml-entra-id",
+ "manage-bloodhound/auth/saml-google",
+ "manage-bloodhound/auth/saml-okta"
]
},
{
"group": "Securing BloodHound and collectors",
"pages": [
- "hc/en-us/sections/Securing-BloodHound-and-collectors",
- "hc/en-us/articles/SharpHound-Enterprise-Service-Hardening"
+ "manage-bloodhound/securing-bloodhound-and-collectors/overview",
+ "manage-bloodhound/securing-bloodhound-and-collectors/sharphound-hardening"
]
}
]
},
{
- "group": " API & Integrations",
+ "group": "API & Integrations",
"pages": [
- "hc/en-us/categories/API-and-Integrations",
+ "integrations/overview",
{
"group": "BloodHound API",
"pages": [
- "hc/en-us/sections/BloodHound-API",
- "hc/en-us/articles/BloodHound-JSON-Formats",
- "hc/en-us/articles/Working-with-the-BloodHound-API"
+ "integrations/bloodhound-api/json-formats",
+ "integrations/bloodhound-api/working-with-api"
]
},
{
- "group": "BloodHound Integrations",
+ "group": "Integrations",
"pages": [
- "hc/en-us/sections/BloodHound-Integrations",
- "hc/en-us/articles/Overview-of-BloodHound-Integrations",
- "hc/en-us/articles/Integrate-BloodHound-Enterprise-with-Splunk"
+ "integrations/integrations/overview",
+ "integrations/integrations/splunk"
]
}
]
@@ -241,634 +243,633 @@
{
"group": "Resources",
"pages": [
- "hc/en-us/categories/resources",
+ "resources/overview",
{
"group": "Nodes",
"pages": [
- "hc/en-us/sections/Nodes",
- "hc/en-us/articles/About-BloodHound-Nodes",
- "hc/en-us/articles/ADLocalGroup",
- "hc/en-us/articles/ADLocalUser",
- "hc/en-us/articles/AIACA",
- "hc/en-us/articles/AZApp",
- "hc/en-us/articles/AZAutomationAccount",
- "hc/en-us/articles/AZBase",
- "hc/en-us/articles/AZContainerRegistry",
- "hc/en-us/articles/AZDevice",
- "hc/en-us/articles/AZFunctionApp",
- "hc/en-us/articles/AZGroup",
- "hc/en-us/articles/AZKeyVault",
- "hc/en-us/articles/AZLogicApp",
- "hc/en-us/articles/AZManagedCluster",
- "hc/en-us/articles/AZManagementGroup",
- "hc/en-us/articles/AZResourceGroup",
- "hc/en-us/articles/AZRole",
- "hc/en-us/articles/AZServicePrincipal",
- "hc/en-us/articles/AZSubscription",
- "hc/en-us/articles/AZTenant",
- "hc/en-us/articles/AZUser",
- "hc/en-us/articles/AZVM",
- "hc/en-us/articles/AZVMScaleSet",
- "hc/en-us/articles/AZWebApp",
- "hc/en-us/articles/Base",
- "hc/en-us/articles/CertTemplate",
- "hc/en-us/articles/Computer",
- "hc/en-us/articles/Container",
- "hc/en-us/articles/Domain",
- "hc/en-us/articles/EnterpriseCA",
- "hc/en-us/articles/GPO",
- "hc/en-us/articles/Group",
- "hc/en-us/articles/IssuancePolicy",
- "hc/en-us/articles/NTAuthStore",
- "hc/en-us/articles/OU",
- "hc/en-us/articles/RootCA",
- "hc/en-us/articles/User"
+ "resources/nodes/overview",
+ "resources/nodes/ad-local-group",
+ "resources/nodes/ad-local-user",
+ "resources/nodes/aiaca",
+ "resources/nodes/az-app",
+ "resources/nodes/az-automation-account",
+ "resources/nodes/az-base",
+ "resources/nodes/az-container-registry",
+ "resources/nodes/az-device",
+ "resources/nodes/az-function-app",
+ "resources/nodes/az-group",
+ "resources/nodes/az-key-vault",
+ "resources/nodes/az-logic-app",
+ "resources/nodes/az-managed-cluster",
+ "resources/nodes/az-management-group",
+ "resources/nodes/az-resource-group",
+ "resources/nodes/az-role",
+ "resources/nodes/az-service-principal",
+ "resources/nodes/az-subscription",
+ "resources/nodes/az-tenant",
+ "resources/nodes/az-user",
+ "resources/nodes/az-vm",
+ "resources/nodes/az-vm-scale-set",
+ "resources/nodes/az-web-app",
+ "resources/nodes/base",
+ "resources/nodes/cert-template",
+ "resources/nodes/computer",
+ "resources/nodes/container",
+ "resources/nodes/domain",
+ "resources/nodes/enterprise-ca",
+ "resources/nodes/gpo",
+ "resources/nodes/group",
+ "resources/nodes/issuance-policy",
+ "resources/nodes/nt-auth-store",
+ "resources/nodes/ou",
+ "resources/nodes/root-ca",
+ "resources/nodes/user"
]
},
{
"group": "Edges",
"pages": [
- "hc/en-us/sections/Edges",
- "hc/en-us/articles/About-BloodHound-Edges",
- "hc/en-us/articles/Traversable-and-Non-Traversable-Edge-Types",
- "hc/en-us/articles/ADCSESC1",
- "hc/en-us/articles/ADCSESC10a",
- "hc/en-us/articles/ADCSESC10b",
- "hc/en-us/articles/ADCSESC13",
- "hc/en-us/articles/ADCSESC3",
- "hc/en-us/articles/ADCSESC4",
- "hc/en-us/articles/ADCSESC6a",
- "hc/en-us/articles/ADCSESC6b",
- "hc/en-us/articles/ADCSESC9a",
- "hc/en-us/articles/ADCSESC9b",
- "hc/en-us/articles/AZAKSContributor",
- "hc/en-us/articles/AZAddMembers",
- "hc/en-us/articles/AZAddOwner",
- "hc/en-us/articles/AZAddSecret",
- "hc/en-us/articles/AZAppAdmin",
- "hc/en-us/articles/AZAutomationContributor",
- "hc/en-us/articles/AZAvereContributor",
- "hc/en-us/articles/AZCloudAppAdmin",
- "hc/en-us/articles/AZContains",
- "hc/en-us/articles/AZContributor",
- "hc/en-us/articles/AZExecuteCommand",
- "hc/en-us/articles/AZGetCertificates",
- "hc/en-us/articles/AZGetKeys",
- "hc/en-us/articles/AZGetSecrets",
- "hc/en-us/articles/AZGlobalAdmin",
- "hc/en-us/articles/AZHasRole",
- "hc/en-us/articles/AZKeyVaultContributor",
- "hc/en-us/articles/AZLogicAppContributor",
- "hc/en-us/articles/AZMGAddMember",
- "hc/en-us/articles/AZMGAddOwner",
- "hc/en-us/articles/AZMGAddSecret",
- "hc/en-us/articles/AZMGAppRoleAssignment-ReadWrite-All",
- "hc/en-us/articles/AZMGApplication-ReadWrite-All",
- "hc/en-us/articles/AZMGDirectory-ReadWrite-All",
- "hc/en-us/articles/AZMGGrantAppRoles",
- "hc/en-us/articles/AZMGGrantRole",
- "hc/en-us/articles/AZMGGroupMember-ReadWrite-All",
- "hc/en-us/articles/AZMGGroup-ReadWrite-All",
- "hc/en-us/articles/AZMGRoleManagement-ReadWrite-Directory",
- "hc/en-us/articles/AZMGServicePrincipalEndpoint-ReadWrite-All",
- "hc/en-us/articles/AZManagedIdentity",
- "hc/en-us/articles/AZMemberOf",
- "hc/en-us/articles/AZNodeResourceGroup",
- "hc/en-us/articles/AZOwner",
- "hc/en-us/articles/AZOwns",
- "hc/en-us/articles/AZPrivilegedAuthAdmin",
- "hc/en-us/articles/AZPrivilegedRoleAdmin",
- "hc/en-us/articles/AZResetPassword",
- "hc/en-us/articles/AZRunAs",
- "hc/en-us/articles/AZScopedTo",
- "hc/en-us/articles/AZUserAccessAdministrator",
- "hc/en-us/articles/AZVMAdminLogin",
- "hc/en-us/articles/AZVMContributor",
- "hc/en-us/articles/AZWebsiteContributor",
- "hc/en-us/articles/AddAllowedToAct",
- "hc/en-us/articles/AddKeyCredentialLink",
- "hc/en-us/articles/AddMember",
- "hc/en-us/articles/AddSelf",
- "hc/en-us/articles/AdminTo",
- "hc/en-us/articles/AllExtendedRights",
- "hc/en-us/articles/AllowedToAct",
- "hc/en-us/articles/AllowedToDelegate",
- "hc/en-us/articles/CanPSRemote",
- "hc/en-us/articles/CanRDP",
- "hc/en-us/articles/CoerceToTGT",
- "hc/en-us/articles/Contains",
- "hc/en-us/articles/DCFor",
- "hc/en-us/articles/DCSync",
- "hc/en-us/articles/DelegatedEnrollmentAgent",
- "hc/en-us/articles/DumpSMSAPassword",
- "hc/en-us/articles/Enroll",
- "hc/en-us/articles/EnrollOnBehalfOf",
- "hc/en-us/articles/EnterpriseCAFor",
- "hc/en-us/articles/ExecuteDCOM",
- "hc/en-us/articles/ExtendedByPolicy",
- "hc/en-us/articles/ForceChangePassword",
- "hc/en-us/articles/GPLink",
- "hc/en-us/articles/GenericAll",
- "hc/en-us/articles/GenericWrite",
- "hc/en-us/articles/GetChanges",
- "hc/en-us/articles/GetChangesAll",
- "hc/en-us/articles/GetChangesInFilteredSet",
- "hc/en-us/articles/GoldenCert",
- "hc/en-us/articles/HasSIDHistory",
- "hc/en-us/articles/HasSession",
- "hc/en-us/articles/HostsCAService",
- "hc/en-us/articles/IssuedSignedBy",
- "hc/en-us/articles/LocalToComputer",
- "hc/en-us/articles/ManageCA",
- "hc/en-us/articles/ManageCertificates",
- "hc/en-us/articles/MemberOf",
- "hc/en-us/articles/MemberOfLocalGroup",
- "hc/en-us/articles/NTAuthStoreFor",
- "hc/en-us/articles/OIDGroupLink",
- "hc/en-us/articles/Owns",
- "hc/en-us/articles/PublishedTo",
- "hc/en-us/articles/ReadGMSAPassword",
- "hc/en-us/articles/ReadLAPSPassword",
- "hc/en-us/articles/RemoteInteractiveLogonPrivilege",
- "hc/en-us/articles/RootCAFor",
- "hc/en-us/articles/SQLAdmin",
- "hc/en-us/articles/SyncLAPSPassword",
- "hc/en-us/articles/SyncedToADUser",
- "hc/en-us/articles/SyncedToEntraUser",
- "hc/en-us/articles/TrustedBy",
- "hc/en-us/articles/TrustedForNTAuth",
- "hc/en-us/articles/WriteAccountRestrictions",
- "hc/en-us/articles/WriteDacl",
- "hc/en-us/articles/WriteGPLink",
- "hc/en-us/articles/WriteOwner",
- "hc/en-us/articles/WritePKIEnrollmentFlag",
- "hc/en-us/articles/WritePKINameFlag",
- "hc/en-us/articles/WriteSPN"
+ "resources/edges/overview",
+ "resources/edges/traversable-edges",
+ "resources/edges/adcs-esc1",
+ "resources/edges/adcs-esc10a",
+ "resources/edges/adcs-esc10b",
+ "resources/edges/adcs-esc13",
+ "resources/edges/adcs-esc3",
+ "resources/edges/adcs-esc4",
+ "resources/edges/adcs-esc6a",
+ "resources/edges/adcs-esc6b",
+ "resources/edges/adcs-esc9a",
+ "resources/edges/adcs-esc9b",
+ "resources/edges/aks-contributor",
+ "resources/edges/add-members",
+ "resources/edges/add-owner",
+ "resources/edges/add-secret",
+ "resources/edges/app-admin",
+ "resources/edges/automation-contributor",
+ "resources/edges/avere-contributor",
+ "resources/edges/cloud-app-admin",
+ "resources/edges/contains",
+ "resources/edges/contributor",
+ "resources/edges/execute-command",
+ "resources/edges/get-certificates",
+ "resources/edges/get-keys",
+ "resources/edges/get-secrets",
+ "resources/edges/global-admin",
+ "resources/edges/has-role",
+ "resources/edges/key-vault-contributor",
+ "resources/edges/logic-app-contributor",
+ "resources/edges/managed-identity",
+ "resources/edges/member-of",
+ "resources/edges/node-resource-group",
+ "resources/edges/owner",
+ "resources/edges/owns",
+ "resources/edges/privileged-auth-admin",
+ "resources/edges/privileged-role-admin",
+ "resources/edges/reset-password",
+ "resources/edges/run-as",
+ "resources/edges/scoped-to",
+ "resources/edges/user-access-administrator",
+ "resources/edges/vm-admin-login",
+ "resources/edges/vm-contributor",
+ "resources/edges/website-contributor",
+
+ "resources/edges/add-member",
+ "resources/edges/add-owner",
+ "resources/edges/add-secret",
+ "resources/edges/app-role-assignment-readwrite-all",
+ "resources/edges/application-readwrite-all",
+ "resources/edges/directory-readwrite-all",
+ "resources/edges/grant-app-roles",
+ "resources/edges/grant-role",
+ "resources/edges/group-member-readwrite-all",
+ "resources/edges/group-readwrite-all",
+ "resources/edges/role-management-readwrite-directory",
+ "resources/edges/service-principal-endpoint-readwrite-all",
+ "resources/edges/add-allowed-to-act",
+ "resources/edges/add-key-credential-link",
+ "resources/edges/add-member",
+ "resources/edges/add-self",
+ "resources/edges/admin-to",
+ "resources/edges/all-extended-rights",
+ "resources/edges/allowed-to-act",
+ "resources/edges/allowed-to-delegate",
+ "resources/edges/can-ps-remote",
+ "resources/edges/can-rdp",
+ "resources/edges/coerce-to-tgt",
+ "resources/edges/contains",
+ "resources/edges/dc-for",
+ "resources/edges/dc-sync",
+ "resources/edges/delegated-enrollment-agent",
+ "resources/edges/dump-smsa-password",
+ "resources/edges/enroll",
+ "resources/edges/enroll-on-behalf-of",
+ "resources/edges/enterprise-ca-for",
+ "resources/edges/execute-dcom",
+ "resources/edges/extended-by-policy",
+ "resources/edges/force-change-password",
+ "resources/edges/gp-link",
+ "resources/edges/generic-all",
+ "resources/edges/generic-write",
+ "resources/edges/get-changes",
+ "resources/edges/get-changes-all",
+ "resources/edges/get-changes-in-filtered-set",
+ "resources/edges/golden-cert",
+ "resources/edges/has-sid-history",
+ "resources/edges/has-session",
+ "resources/edges/hosts-ca-service",
+ "resources/edges/issued-signed-by",
+ "resources/edges/local-to-computer",
+ "resources/edges/manage-ca",
+ "resources/edges/manage-certificates",
+ "resources/edges/member-of",
+ "resources/edges/member-of-local-group",
+ "resources/edges/nt-auth-store-for",
+ "resources/edges/oid-group-link",
+ "resources/edges/owns",
+ "resources/edges/published-to",
+ "resources/edges/read-gmsa-password",
+ "resources/edges/read-laps-password",
+ "resources/edges/remote-interactive-logon-privilege",
+ "resources/edges/root-ca-for",
+ "resources/edges/sql-admin",
+ "resources/edges/sync-laps-password",
+ "resources/edges/synced-to-ad-user",
+ "resources/edges/synced-to-entra-user",
+ "resources/edges/trusted-by",
+ "resources/edges/trusted-for-nt-auth",
+ "resources/edges/write-account-restrictions",
+ "resources/edges/write-dacl",
+ "resources/edges/write-gp-link",
+ "resources/edges/write-owner",
+ "resources/edges/write-pki-enrollment-flag",
+ "resources/edges/write-pki-name-flag",
+ "resources/edges/write-spn"
]
},
{
"group": "Glossary",
"pages": [
- "hc/en-us/get-started/bloodhound-glossary"
+ "resources/glossary/overview"
]
},
{
"group": "Community and Support",
"pages": [
- "hc/en-us/sections/Community-and-Support",
- "hc/en-us/articles/Additional-Training-and-Resources",
- "hc/en-us/articles/Getting-Help-and-the-BloodHound-community"
+ "resources/community-support/overview",
+ "resources/community-support/training-resources",
+ "resources/community-support/getting-help"
]
},
{
"group": "Release Notes",
"pages": [
- "hc/en-us/sections/BloodHound-Release-Notes",
- "hc/en-us/articles/Release-Notes-Summary-Overview",
- "hc/en-us/articles/2024-12-09-Release-Notes-v6-3-0",
- "hc/en-us/articles/2024-11-14-Release-Notes-v6-2-0",
- "hc/en-us/articles/2024-10-22-Release-Notes-v6-1-0",
- "hc/en-us/articles/2024-09-30-Release-Notes-v6-0-0",
- "hc/en-us/articles/2024-09-10-Release-Notes-v5-15-0",
- "hc/en-us/articles/2024-08-20-Release-Notes-v5-14-0",
- "hc/en-us/articles/2024-08-06-Release-Notes-v5-13-1",
- "hc/en-us/articles/2024-08-01-Release-Notes-v5-13-0",
- "hc/en-us/articles/2024-07-17-Release-Notes-v5-12-0",
- "hc/en-us/articles/2024-06-17-Release-Notes-v5-11-0",
- "hc/en-us/articles/2024-05-28-Release-Notes-v5-10-0",
- "hc/en-us/articles/2024-05-09-Release-Notes-v5-9-0",
- "hc/en-us/articles/2024-04-15-Release-Notes-v5-8-1",
- "hc/en-us/articles/2024-03-27-Release-Notes-v5-8-0",
- "hc/en-us/articles/2024-03-04-Release-Notes-v5-7-0",
- "hc/en-us/articles/2024-02-14-Release-Notes-v5-6-0",
- "hc/en-us/articles/2024-01-23-Release-Notes-v5-5-0",
- "hc/en-us/articles/2024-01-04-Release-Notes-v5-4-0",
- "hc/en-us/articles/2023-12-05-Release-Notes-v5-3-0",
- "hc/en-us/articles/2023-11-06-Release-v5-2-0-BHE-Only",
- "hc/en-us/articles/2023-10-16-Release-notes-v5-1-0",
- "hc/en-us/articles/2023-09-19-Release-Notes-v5-0-9",
- "hc/en-us/articles/2023-08-31-Release-Notes-v5-0-8",
- "hc/en-us/articles/2023-08-30-Release-Notes-v5-0-7",
- "hc/en-us/articles/2023-08-08-Release-Notes",
- "hc/en-us/articles/2023-06-20-Release-Notes",
- "hc/en-us/articles/2023-05-16-Release-Notes",
- "hc/en-us/articles/2023-04-25-Release-Notes",
- "hc/en-us/articles/2023-04-13-Release-Notes",
- "hc/en-us/articles/2023-03-27-Release-Notes",
- "hc/en-us/articles/2023-03-06-Release-Notes",
- "hc/en-us/articles/2023-02-21-Release-Notes",
- "hc/en-us/articles/2023-02-07-Release-Notes",
- "hc/en-us/articles/2023-01-31-Release-Notes",
- "hc/en-us/articles/2023-01-18-Release-Notes",
- "hc/en-us/articles/2022-12-19-Release-Notes",
- "hc/en-us/articles/2022-12-13-Release-Notes",
- "hc/en-us/articles/2022-11-21-Release-Notes",
- "hc/en-us/articles/2022-11-03-Release-Notes",
- "hc/en-us/articles/2022-10-24-Release-Notes",
- "hc/en-us/articles/2022-10-11-Release-Notes"
+ "resources/release-notes/overview",
+ "resources/release-notes/summary",
+ "resources/release-notes/2024-12-09-v6-3-0",
+ "resources/release-notes/2024-11-14-v6-2-0",
+ "resources/release-notes/2024-10-22-v6-1-0",
+ "resources/release-notes/2024-09-30-v6-0-0",
+ "resources/release-notes/2024-09-10-v5-15-0",
+ "resources/release-notes/2024-08-20-v5-14-0",
+ "resources/release-notes/2024-08-06-v5-13-1",
+ "resources/release-notes/2024-08-01-v5-13-0",
+ "resources/release-notes/2024-07-17-v5-12-0",
+ "resources/release-notes/2024-06-17-v5-11-0",
+ "resources/release-notes/2024-05-28-v5-10-0",
+ "resources/release-notes/2024-05-09-v5-9-0",
+ "resources/release-notes/2024-04-15-v5-8-1",
+ "resources/release-notes/2024-03-27-v5-8-0",
+ "resources/release-notes/2024-03-04-v5-7-0",
+ "resources/release-notes/2024-02-14-v5-6-0",
+ "resources/release-notes/2024-01-23-v5-5-0",
+ "resources/release-notes/2024-01-04-v5-4-0",
+ "resources/release-notes/2023-12-05-v5-3-0",
+ "resources/release-notes/2023-11-06-v5-2-0",
+ "resources/release-notes/2023-10-16-v5-1-0",
+ "resources/release-notes/2023-09-19-v5-0-9",
+ "resources/release-notes/2023-08-31-v5-0-8",
+ "resources/release-notes/2023-08-30-v5-0-7",
+ "resources/release-notes/2023-08-08",
+ "resources/release-notes/2023-06-20",
+ "resources/release-notes/2023-05-16",
+ "resources/release-notes/2023-04-25",
+ "resources/release-notes/2023-04-13",
+ "resources/release-notes/2023-03-27",
+ "resources/release-notes/2023-03-06",
+ "resources/release-notes/2023-02-21",
+ "resources/release-notes/2023-02-07",
+ "resources/release-notes/2023-01-31",
+ "resources/release-notes/2023-01-18",
+ "resources/release-notes/2022-12-19",
+ "resources/release-notes/2022-12-13",
+ "resources/release-notes/2022-11-21",
+ "resources/release-notes/2022-11-03",
+ "resources/release-notes/2022-10-24",
+ "resources/release-notes/2022-10-11"
]
}
]
},
{
- "group": "Auth",
- "pages": [
- "hc/en-us/reference/auth/login-to-bloodhound",
- "hc/en-us/reference/auth/logout-of-bloodhound",
- "hc/en-us/reference/auth/get-self",
- "hc/en-us/reference/auth/list-saml-providers",
- "hc/en-us/reference/auth/get-all-saml-sign-on-endpoints",
- "hc/en-us/reference/auth/create-a-new-saml-provider-from-metadata",
- "hc/en-us/reference/auth/get-saml-provider",
- "hc/en-us/reference/auth/delete-a-saml-provider",
- "hc/en-us/reference/auth/list-sso-providers",
- "hc/en-us/reference/auth/create-oidc-provider",
- "hc/en-us/reference/auth/create-a-new-saml-provider-from-metadata-1",
- "hc/en-us/reference/auth/delete-sso-provider",
- "hc/en-us/reference/auth/update-sso-provider",
- "hc/en-us/reference/auth/get-saml-provider-signing-certificate"
- ]
- },
- {
- "group": "Permissions",
- "pages": [
- "hc/en-us/reference/permissions/list-permissions",
- "hc/en-us/reference/permissions/get-permission"
- ]
- },
- {
- "group": "Roles",
- "pages": [
- "hc/en-us/reference/roles/list-roles",
- "hc/en-us/reference/roles/get-role"
- ]
- },
- {
- "group": "API Tokens",
- "pages": [
- "hc/en-us/reference/api-tokens/list-auth-tokens",
- "hc/en-us/reference/api-tokens/create-token-for-user",
- "hc/en-us/reference/api-tokens/delete-a-user-token"
- ]
- },
- {
- "group": "BloodHound Users",
- "pages": [
- "hc/en-us/reference/bloodhound-users/list-users",
- "hc/en-us/reference/bloodhound-users/create-a-new-user",
- "hc/en-us/reference/bloodhound-users/get-a-user",
- "hc/en-us/reference/bloodhound-users/delete-a-user",
- "hc/en-us/reference/bloodhound-users/update-a-user",
- "hc/en-us/reference/bloodhound-users/create-or-set-user-secret",
- "hc/en-us/reference/bloodhound-users/expire-user-secret",
- "hc/en-us/reference/bloodhound-users/enrolls-user-in-multi-factor-authentication",
- "hc/en-us/reference/bloodhound-users/unenroll-user-from-multi-factor-authentication",
- "hc/en-us/reference/bloodhound-users/returns-mfa-activation-status-for-a-user",
- "hc/en-us/reference/bloodhound-users/activates-mfa-for-an-enrolled-user"
- ]
- },
- {
- "group": "Collectors",
- "pages": [
- "hc/en-us/reference/collectors/get-collector-manifest",
- "hc/en-us/reference/collectors/get-collector-download-by-version",
- "hc/en-us/reference/collectors/get-collector-checksum-by-version"
- ]
- },
- {
- "group": "Collection Uploads",
- "pages": [
- "hc/en-us/reference/collection-uploads/list-file-upload-jobs",
- "hc/en-us/reference/collection-uploads/create-file-upload-job",
- "hc/en-us/reference/collection-uploads/upload-file-to-job",
- "hc/en-us/reference/collection-uploads/end-file-upload-job",
- "hc/en-us/reference/collection-uploads/list-accepted-file-upload-types"
- ]
- },
- {
- "group": "API Info",
- "pages": [
- "hc/en-us/reference/api-info/get-api-version",
- "hc/en-us/reference/api-info/get-api-spec"
- ]
- },
- {
- "group": "Search",
- "pages": [
- "hc/en-us/reference/search/search-for-objects",
- "hc/en-us/reference/search/get-available-domains"
- ]
- },
- {
- "group": "Audit",
- "pages": [
- "hc/en-us/reference/audit/list-audit-logs"
- ]
- },
- {
- "group": "Config",
- "pages": [
- "hc/en-us/reference/config/list-application-config-parameters",
- "hc/en-us/reference/config/write-application-configuration-parameters",
- "hc/en-us/reference/config/list-feature-flags",
- "hc/en-us/reference/config/toggle-a-feature-flags-enabled-status-to-either-enable-or-disable-it"
- ]
- },
- {
- "group": "Asset Isolation",
- "pages": [
- "hc/en-us/reference/asset-isolation/list-all-asset-isolation-groups",
- "hc/en-us/reference/asset-isolation/create-an-asset-group",
- "hc/en-us/reference/asset-isolation/get-asset-group-by-id",
- "hc/en-us/reference/asset-isolation/update-an-asset-group",
- "hc/en-us/reference/asset-isolation/delete-an-asset-group",
- "hc/en-us/reference/asset-isolation/list-asset-group-collections",
- "hc/en-us/reference/asset-isolation/update-asset-group-selectors",
- "hc/en-us/reference/asset-isolation/update-asset-group-selectors-1",
- "hc/en-us/reference/asset-isolation/delete-an-asset-group-selector",
- "hc/en-us/reference/asset-isolation/get-asset-group-custom-member-count",
- "hc/en-us/reference/asset-isolation/list-all-asset-isolation-group-members",
- "hc/en-us/reference/asset-isolation/list-asset-group-member-count-by-kind"
- ]
- },
- {
- "group": "Graph",
- "pages": [
- "hc/en-us/reference/graph/get-pathfinding-result",
- "hc/en-us/reference/graph/get-search-result",
- "hc/en-us/reference/graph/get-the-shortest-path-graph",
- "hc/en-us/reference/graph/get-path-composition"
- ]
- },
- {
- "group": "Cypher",
- "pages": [
- "hc/en-us/reference/cypher/list-saved-queries",
- "hc/en-us/reference/cypher/create-a-saved-query",
- "hc/en-us/reference/cypher/update-a-saved-query",
- "hc/en-us/reference/cypher/delete-a-saved-query",
- "hc/en-us/reference/cypher/share-a-saved-query-or-set-it-to-public",
- "hc/en-us/reference/cypher/revokes-permission-of-a-saved-query-from-users",
- "hc/en-us/reference/cypher/run-a-cypher-query"
- ]
- },
- {
- "group": "Azure Entities",
- "pages": [
- "hc/en-us/reference/azure-entities/get-azure-entity"
- ]
- },
- {
- "group": "AD Base Entities",
- "pages": [
- "hc/en-us/reference/ad-base-entities/get-entity-info",
- "hc/en-us/reference/ad-base-entities/get-entity-controllables",
- "hc/en-us/reference/ad-base-entities/get-entity-controllers"
- ]
- },
- {
- "group": "Computers",
- "pages": [
- "hc/en-us/reference/computers/get-computer-entity-info",
- "hc/en-us/reference/computers/get-computer-entity-admin-rights",
- "hc/en-us/reference/computers/get-computer-entity-admins",
- "hc/en-us/reference/computers/get-computer-entity-constrained-delegation-rights",
- "hc/en-us/reference/computers/get-computer-entity-constrained-users",
- "hc/en-us/reference/computers/get-computer-entity-controllables",
- "hc/en-us/reference/computers/get-computer-entity-controllers",
- "hc/en-us/reference/computers/get-computer-entity-dcom-rights",
- "hc/en-us/reference/computers/get-computer-entity-dcom-users",
- "hc/en-us/reference/computers/get-computer-entity-group-membership",
- "hc/en-us/reference/computers/get-computer-entity-remote-powershell-rights",
- "hc/en-us/reference/computers/get-computer-entity-remote-powershell-users",
- "hc/en-us/reference/computers/get-computer-entity-rdp-rights",
- "hc/en-us/reference/computers/get-computer-entity-rdp-users",
- "hc/en-us/reference/computers/get-computer-entity-sessions",
- "hc/en-us/reference/computers/get-computer-entity-sql-admins"
- ]
- },
- {
- "group": "Containers",
- "pages": [
- "hc/en-us/reference/containers/get-container-entity-info",
- "hc/en-us/reference/containers/get-container-entity-controllers"
- ]
- },
- {
- "group": "Domains",
- "pages": [
- "hc/en-us/reference/domains/get-domain-entity-info",
- "hc/en-us/reference/domains/update-the-domain-entity",
- "hc/en-us/reference/domains/get-domain-entity-computers",
- "hc/en-us/reference/domains/get-domain-entity-controllers",
- "hc/en-us/reference/domains/get-domain-entity-dc-syncers",
- "hc/en-us/reference/domains/get-domain-entity-foreign-admins",
- "hc/en-us/reference/domains/get-domain-entity-foreign-gpo-controllers",
- "hc/en-us/reference/domains/get-domain-entity-foregin-groups",
- "hc/en-us/reference/domains/get-domain-entity-foreign-users",
- "hc/en-us/reference/domains/get-domain-entity-gpos",
- "hc/en-us/reference/domains/get-domain-entity-groups",
- "hc/en-us/reference/domains/get-domain-entity-inbound-trusts",
- "hc/en-us/reference/domains/get-domain-entity-linked-gpos",
- "hc/en-us/reference/domains/get-domain-entity-ous",
- "hc/en-us/reference/domains/get-domain-entity-outbound-trusts",
- "hc/en-us/reference/domains/get-domain-entity-users"
- ]
- },
- {
- "group": "GPOs",
- "pages": [
- "hc/en-us/reference/gpos/get-gpo-entity-info",
- "hc/en-us/reference/gpos/get-gpo-entity-computer",
- "hc/en-us/reference/gpos/get-gpo-entity-controllers",
- "hc/en-us/reference/gpos/get-gpo-entity-ous",
- "hc/en-us/reference/gpos/get-gpo-entity-tier-zero",
- "hc/en-us/reference/gpos/get-gpo-entity-users"
- ]
- },
- {
- "group": "AIA CAs",
- "pages": [
- "hc/en-us/reference/aia-cas/get-aia-ca-entity-info",
- "hc/en-us/reference/aia-cas/get-aia-ca-entity-controllers"
- ]
- },
- {
- "group": "Root CAs",
- "pages": [
- "hc/en-us/reference/root-cas/get-root-ca-entity-info",
- "hc/en-us/reference/root-cas/get-root-ca-entity-controllers"
- ]
- },
- {
- "group": "Enterprise CAs",
- "pages": [
- "hc/en-us/reference/enterprise-cas/get-enterprise-ca-entity-info",
- "hc/en-us/reference/enterprise-cas/get-enterprise-ca-entity-controllers"
- ]
- },
- {
- "group": "NT Auth Stores",
- "pages": [
- "hc/en-us/reference/nt-auth-stores/get-nt-auth-store-entity-info",
- "hc/en-us/reference/nt-auth-stores/get-nt-auth-store-entity-controllers"
- ]
- },
- {
- "group": "Cert Templates",
- "pages": [
- "hc/en-us/reference/cert-templates/get-cert-template-entity-info",
- "hc/en-us/reference/cert-templates/get-cert-template-entity-controllers"
- ]
- },
- {
- "group": "OUs",
- "pages": [
- "hc/en-us/reference/ous/get-ou-entity-info",
- "hc/en-us/reference/ous/get-ou-entity-computers",
- "hc/en-us/reference/ous/get-ou-entity-gpos",
- "hc/en-us/reference/ous/get-ou-entity-groups",
- "hc/en-us/reference/ous/get-ou-entity-users"
- ]
- },
- {
- "group": "AD Users",
- "pages": [
- "hc/en-us/reference/ad-users/get-user-entity-info",
- "hc/en-us/reference/ad-users/get-user-entity-admin-rights",
- "hc/en-us/reference/ad-users/get-user-entity-constrained-delegation-rights",
- "hc/en-us/reference/ad-users/get-user-entity-controllables",
- "hc/en-us/reference/ad-users/get-user-entity-controllers",
- "hc/en-us/reference/ad-users/get-user-entity-dcom-rights",
- "hc/en-us/reference/ad-users/get-user-entity-membership",
- "hc/en-us/reference/ad-users/get-user-entity-powershell-remote-rights",
- "hc/en-us/reference/ad-users/get-user-entity-rdp-rights",
- "hc/en-us/reference/ad-users/get-user-entity-sessions",
- "hc/en-us/reference/ad-users/get-user-entity-sql-admin-rights"
- ]
- },
- {
- "group": "Groups",
- "pages": [
- "hc/en-us/reference/groups/get-group-entity-info",
- "hc/en-us/reference/groups/get-group-entity-admin-rights",
- "hc/en-us/reference/groups/get-group-entity-controllables",
- "hc/en-us/reference/groups/get-group-entity-controllers",
- "hc/en-us/reference/groups/get-group-entity-dcomrights",
- "hc/en-us/reference/groups/get-group-entity-members",
- "hc/en-us/reference/groups/get-group-entity-memberships",
- "hc/en-us/reference/groups/get-group-entity-powershell-remote-rights",
- "hc/en-us/reference/groups/get-group-entity-rdp-rights",
- "hc/en-us/reference/groups/get-group-entity-sessions"
- ]
- },
- {
- "group": "Data Quality",
- "pages": [
- "hc/en-us/reference/data-quality/get-database-completeness-stats",
- "hc/en-us/reference/data-quality/get-ad-domain-data-quality-stats",
- "hc/en-us/reference/data-quality/get-azure-tenant-data-quality-stats",
- "hc/en-us/reference/data-quality/get-platform-data-quality-aggregate"
- ]
- },
- {
- "group": "Database",
- "pages": [
- "hc/en-us/reference/database/delete-your-bloodhound-data"
- ]
- },
- {
- "group": "Datapipe",
- "pages": [
- "hc/en-us/reference/datapipe/get-datapipe-status",
- "hc/en-us/reference/datapipe/start-analysis"
- ]
- },
- {
- "group": "EULA",
- "pages": [
- "hc/en-us/reference/eula/accept-eula"
- ]
- },
- {
- "group": "Analysis",
- "pages": [
- "hc/en-us/reference/analysis/get-latest-tier-zero-combo-node",
- "hc/en-us/reference/analysis/get-the-graph-for-meta-tree",
- "hc/en-us/reference/analysis/get-the-combo-tree-for-an-asset-group"
- ]
- },
- {
- "group": "Client Ingest",
- "pages": [
- "hc/en-us/reference/client-ingest/endpoint-for-data-ingestion"
- ]
- },
- {
- "group": "Clients",
- "pages": [
- "hc/en-us/reference/clients/list-clients",
- "hc/en-us/reference/clients/create-client",
- "hc/en-us/reference/clients/client-error",
- "hc/en-us/reference/clients/update-client-values",
- "hc/en-us/reference/clients/get-client",
- "hc/en-us/reference/clients/update-client",
- "hc/en-us/reference/clients/delete-client",
- "hc/en-us/reference/clients/regenerate-the-authentication-token-for-a-client",
- "hc/en-us/reference/clients/list-all-completed-tasks-for-a-client",
- "hc/en-us/reference/clients/list-all-completed-jobs-for-a-client",
- "hc/en-us/reference/clients/creates-a-scheduled-task",
- "hc/en-us/reference/clients/creates-a-scheduled-job"
- ]
- },
- {
- "group": "Jobs",
- "pages": [
- "hc/en-us/reference/jobs/list-available-client-jobs",
- "hc/en-us/reference/jobs/list-finished-jobs",
- "hc/en-us/reference/jobs/get-jobs",
- "hc/en-us/reference/jobs/get-client-current-job",
- "hc/en-us/reference/jobs/notifies-the-api-of-a-job-start",
- "hc/en-us/reference/jobs/notifies-the-api-of-a-job-ending",
- "hc/en-us/reference/jobs/get-client-job",
- "hc/en-us/reference/jobs/cancels-a-scheduled-job",
- "hc/en-us/reference/jobs/get-job-log-file"
- ]
- },
- {
- "group": "Events (Schedules)",
- "pages": [
- "hc/en-us/reference/events-schedules/list-events",
- "hc/en-us/reference/events-schedules/create-event",
- "hc/en-us/reference/events-schedules/get-event",
- "hc/en-us/reference/events-schedules/update-event",
- "hc/en-us/reference/events-schedules/delete-event"
- ]
- },
- {
- "group": "Attack Paths",
- "pages": [
- "hc/en-us/reference/attack-paths/export-attack-path-findings",
- "hc/en-us/reference/attack-paths/list-all-attack-path-types",
- "hc/en-us/reference/attack-paths/start-analysis",
- "hc/en-us/reference/attack-paths/list-available-attack-paths",
- "hc/en-us/reference/attack-paths/list-domain-attack-paths-details",
- "hc/en-us/reference/attack-paths/list-attack-path-sparkline-values",
- "hc/en-us/reference/attack-paths/update-attack-path-risk"
- ]
- },
- {
- "group": "Risk Posture",
- "pages": [
- "hc/en-us/reference/risk-posture/get-posture-statistics"
- ]
- },
- {
- "group": "Meta Entities",
- "pages": [
- "hc/en-us/reference/meta-entities/get-meta-entity-info"
- ]
- }
+ "group": "Auth",
+ "pages": [
+ "reference/auth/login-to-bloodhound",
+ "reference/auth/logout-of-bloodhound",
+ "reference/auth/get-self",
+ "reference/auth/list-saml-providers",
+ "reference/auth/get-all-saml-sign-on-endpoints",
+ "reference/auth/create-a-new-saml-provider-from-metadata",
+ "reference/auth/get-saml-provider",
+ "reference/auth/delete-a-saml-provider",
+ "reference/auth/list-sso-providers",
+ "reference/auth/create-oidc-provider",
+ "reference/auth/create-a-new-saml-provider-from-metadata-1",
+ "reference/auth/delete-sso-provider",
+ "reference/auth/update-sso-provider",
+ "reference/auth/get-saml-provider-signing-certificate"
+ ]
+ },
+ {
+ "group": "Permissions",
+ "pages": [
+ "reference/permissions/list-permissions",
+ "reference/permissions/get-permission"
+ ]
+ },
+ {
+ "group": "Roles",
+ "pages": [
+ "reference/roles/list-roles",
+ "reference/roles/get-role"
+ ]
+ },
+ {
+ "group": "API Tokens",
+ "pages": [
+ "reference/api-tokens/list-auth-tokens",
+ "reference/api-tokens/create-token-for-user",
+ "reference/api-tokens/delete-a-user-token"
+ ]
+ },
+ {
+ "group": "BloodHound Users",
+ "pages": [
+ "reference/bloodhound-users/list-users",
+ "reference/bloodhound-users/create-a-new-user",
+ "reference/bloodhound-users/get-a-user",
+ "reference/bloodhound-users/delete-a-user",
+ "reference/bloodhound-users/update-a-user",
+ "reference/bloodhound-users/create-or-set-user-secret",
+ "reference/bloodhound-users/expire-user-secret",
+ "reference/bloodhound-users/enrolls-user-in-multi-factor-authentication",
+ "reference/bloodhound-users/unenroll-user-from-multi-factor-authentication",
+ "reference/bloodhound-users/returns-mfa-activation-status-for-a-user",
+ "reference/bloodhound-users/activates-mfa-for-an-enrolled-user"
+ ]
+ },
+ {
+ "group": "Collectors",
+ "pages": [
+ "reference/collectors/get-collector-manifest",
+ "reference/collectors/get-collector-download-by-version",
+ "reference/collectors/get-collector-checksum-by-version"
+ ]
+ },
+ {
+ "group": "Collection Uploads",
+ "pages": [
+ "reference/collection-uploads/list-file-upload-jobs",
+ "reference/collection-uploads/create-file-upload-job",
+ "reference/collection-uploads/upload-file-to-job",
+ "reference/collection-uploads/end-file-upload-job",
+ "reference/collection-uploads/list-accepted-file-upload-types"
+ ]
+ },
+ {
+ "group": "API Info",
+ "pages": [
+ "reference/api-info/get-api-version",
+ "reference/api-info/get-api-spec"
+ ]
+ },
+ {
+ "group": "Search",
+ "pages": [
+ "reference/search/search-for-objects",
+ "reference/search/get-available-domains"
+ ]
+ },
+ {
+ "group": "Audit",
+ "pages": [
+ "reference/audit/list-audit-logs"
+ ]
+ },
+ {
+ "group": "Config",
+ "pages": [
+ "reference/config/list-application-config-parameters",
+ "reference/config/write-application-configuration-parameters",
+ "reference/config/list-feature-flags",
+ "reference/config/toggle-a-feature-flags-enabled-status-to-either-enable-or-disable-it"
+ ]
+ },
+ {
+ "group": "Asset Isolation",
+ "pages": [
+ "reference/asset-isolation/list-all-asset-isolation-groups",
+ "reference/asset-isolation/create-an-asset-group",
+ "reference/asset-isolation/get-asset-group-by-id",
+ "reference/asset-isolation/update-an-asset-group",
+ "reference/asset-isolation/delete-an-asset-group",
+ "reference/asset-isolation/list-asset-group-collections",
+ "reference/asset-isolation/update-asset-group-selectors",
+ "reference/asset-isolation/update-asset-group-selectors-1",
+ "reference/asset-isolation/delete-an-asset-group-selector",
+ "reference/asset-isolation/get-asset-group-custom-member-count",
+ "reference/asset-isolation/list-all-asset-isolation-group-members",
+ "reference/asset-isolation/list-asset-group-member-count-by-kind"
+ ]
+ },
+ {
+ "group": "Graph",
+ "pages": [
+ "reference/graph/get-pathfinding-result",
+ "reference/graph/get-search-result",
+ "reference/graph/get-the-shortest-path-graph",
+ "reference/graph/get-path-composition"
+ ]
+ },
+ {
+ "group": "Cypher",
+ "pages": [
+ "reference/cypher/list-saved-queries",
+ "reference/cypher/create-a-saved-query",
+ "reference/cypher/update-a-saved-query",
+ "reference/cypher/delete-a-saved-query",
+ "reference/cypher/share-a-saved-query-or-set-it-to-public",
+ "reference/cypher/revokes-permission-of-a-saved-query-from-users",
+ "reference/cypher/run-a-cypher-query"
+ ]
+ },
+ {
+ "group": "Azure Entities",
+ "pages": [
+ "reference/azure-entities/get-azure-entity"
+ ]
+ },
+ {
+ "group": "AD Base Entities",
+ "pages": [
+ "reference/ad-base-entities/get-entity-info",
+ "reference/ad-base-entities/get-entity-controllables",
+ "reference/ad-base-entities/get-entity-controllers"
+ ]
+ },
+ {
+ "group": "Computers",
+ "pages": [
+ "reference/computers/get-computer-entity-info",
+ "reference/computers/get-computer-entity-admin-rights",
+ "reference/computers/get-computer-entity-admins",
+ "reference/computers/get-computer-entity-constrained-delegation-rights",
+ "reference/computers/get-computer-entity-constrained-users",
+ "reference/computers/get-computer-entity-controllables",
+ "reference/computers/get-computer-entity-controllers",
+ "reference/computers/get-computer-entity-dcom-rights",
+ "reference/computers/get-computer-entity-dcom-users",
+ "reference/computers/get-computer-entity-group-membership",
+ "reference/computers/get-computer-entity-remote-powershell-rights",
+ "reference/computers/get-computer-entity-remote-powershell-users",
+ "reference/computers/get-computer-entity-rdp-rights",
+ "reference/computers/get-computer-entity-rdp-users",
+ "reference/computers/get-computer-entity-sessions",
+ "reference/computers/get-computer-entity-sql-admins"
+ ]
+ },
+ {
+ "group": "Containers",
+ "pages": [
+ "reference/containers/get-container-entity-info",
+ "reference/containers/get-container-entity-controllers"
+ ]
+ },
+ {
+ "group": "Domains",
+ "pages": [
+ "reference/domains/get-domain-entity-info",
+ "reference/domains/update-the-domain-entity",
+ "reference/domains/get-domain-entity-computers",
+ "reference/domains/get-domain-entity-controllers",
+ "reference/domains/get-domain-entity-dc-syncers",
+ "reference/domains/get-domain-entity-foreign-admins",
+ "reference/domains/get-domain-entity-foreign-gpo-controllers",
+ "reference/domains/get-domain-entity-foregin-groups",
+ "reference/domains/get-domain-entity-foreign-users",
+ "reference/domains/get-domain-entity-gpos",
+ "reference/domains/get-domain-entity-groups",
+ "reference/domains/get-domain-entity-inbound-trusts",
+ "reference/domains/get-domain-entity-linked-gpos",
+ "reference/domains/get-domain-entity-ous",
+ "reference/domains/get-domain-entity-outbound-trusts",
+ "reference/domains/get-domain-entity-users"
+ ]
+ },
+ {
+ "group": "GPOs",
+ "pages": [
+ "reference/gpos/get-gpo-entity-info",
+ "reference/gpos/get-gpo-entity-computer",
+ "reference/gpos/get-gpo-entity-controllers",
+ "reference/gpos/get-gpo-entity-ous",
+ "reference/gpos/get-gpo-entity-tier-zero",
+ "reference/gpos/get-gpo-entity-users"
+ ]
+ },
+ {
+ "group": "AIA CAs",
+ "pages": [
+ "reference/aia-cas/get-aia-ca-entity-info",
+ "reference/aia-cas/get-aia-ca-entity-controllers"
+ ]
+ },
+ {
+ "group": "Root CAs",
+ "pages": [
+ "reference/root-cas/get-root-ca-entity-info",
+ "reference/root-cas/get-root-ca-entity-controllers"
+ ]
+ },
+ {
+ "group": "Enterprise CAs",
+ "pages": [
+ "reference/enterprise-cas/get-enterprise-ca-entity-info",
+ "reference/enterprise-cas/get-enterprise-ca-entity-controllers"
+ ]
+ },
+ {
+ "group": "NT Auth Stores",
+ "pages": [
+ "reference/nt-auth-stores/get-nt-auth-store-entity-info",
+ "reference/nt-auth-stores/get-nt-auth-store-entity-controllers"
+ ]
+ },
+ {
+ "group": "Cert Templates",
+ "pages": [
+ "reference/cert-templates/get-cert-template-entity-info",
+ "reference/cert-templates/get-cert-template-entity-controllers"
+ ]
+ },
+ {
+ "group": "OUs",
+ "pages": [
+ "reference/ous/get-ou-entity-info",
+ "reference/ous/get-ou-entity-computers",
+ "reference/ous/get-ou-entity-gpos",
+ "reference/ous/get-ou-entity-groups",
+ "reference/ous/get-ou-entity-users"
+ ]
+ },
+ {
+ "group": "AD Users",
+ "pages": [
+ "reference/ad-users/get-user-entity-info",
+ "reference/ad-users/get-user-entity-admin-rights",
+ "reference/ad-users/get-user-entity-constrained-delegation-rights",
+ "reference/ad-users/get-user-entity-controllables",
+ "reference/ad-users/get-user-entity-controllers",
+ "reference/ad-users/get-user-entity-dcom-rights",
+ "reference/ad-users/get-user-entity-membership",
+ "reference/ad-users/get-user-entity-powershell-remote-rights",
+ "reference/ad-users/get-user-entity-rdp-rights",
+ "reference/ad-users/get-user-entity-sessions",
+ "reference/ad-users/get-user-entity-sql-admin-rights"
+ ]
+ },
+ {
+ "group": "Groups",
+ "pages": [
+ "reference/groups/get-group-entity-info",
+ "reference/groups/get-group-entity-admin-rights",
+ "reference/groups/get-group-entity-controllables",
+ "reference/groups/get-group-entity-controllers",
+ "reference/groups/get-group-entity-dcomrights",
+ "reference/groups/get-group-entity-members",
+ "reference/groups/get-group-entity-memberships",
+ "reference/groups/get-group-entity-powershell-remote-rights",
+ "reference/groups/get-group-entity-rdp-rights",
+ "reference/groups/get-group-entity-sessions"
+ ]
+ },
+ {
+ "group": "Data Quality",
+ "pages": [
+ "reference/data-quality/get-database-completeness-stats",
+ "reference/data-quality/get-ad-domain-data-quality-stats",
+ "reference/data-quality/get-azure-tenant-data-quality-stats",
+ "reference/data-quality/get-platform-data-quality-aggregate"
+ ]
+ },
+ {
+ "group": "Database",
+ "pages": [
+ "reference/database/delete-your-bloodhound-data"
+ ]
+ },
+ {
+ "group": "Datapipe",
+ "pages": [
+ "reference/datapipe/get-datapipe-status",
+ "reference/datapipe/start-analysis"
+ ]
+ },
+ {
+ "group": "EULA",
+ "pages": [
+ "reference/eula/accept-eula"
+ ]
+ },
+ {
+ "group": "Analysis",
+ "pages": [
+ "reference/analysis/get-latest-tier-zero-combo-node",
+ "reference/analysis/get-the-graph-for-meta-tree",
+ "reference/analysis/get-the-combo-tree-for-an-asset-group"
+ ]
+ },
+ {
+ "group": "Client Ingest",
+ "pages": [
+ "reference/client-ingest/endpoint-for-data-ingestion"
+ ]
+ },
+ {
+ "group": "Clients",
+ "pages": [
+ "reference/clients/list-clients",
+ "reference/clients/create-client",
+ "reference/clients/client-error",
+ "reference/clients/update-client-values",
+ "reference/clients/get-client",
+ "reference/clients/update-client",
+ "reference/clients/delete-client",
+ "reference/clients/regenerate-the-authentication-token-for-a-client",
+ "reference/clients/list-all-completed-tasks-for-a-client",
+ "reference/clients/list-all-completed-jobs-for-a-client",
+ "reference/clients/creates-a-scheduled-task",
+ "reference/clients/creates-a-scheduled-job"
+ ]
+ },
+ {
+ "group": "Jobs",
+ "pages": [
+ "reference/jobs/list-available-client-jobs",
+ "reference/jobs/list-finished-jobs",
+ "reference/jobs/get-jobs",
+ "reference/jobs/get-client-current-job",
+ "reference/jobs/notifies-the-api-of-a-job-start",
+ "reference/jobs/notifies-the-api-of-a-job-ending",
+ "reference/jobs/get-client-job",
+ "reference/jobs/cancels-a-scheduled-job",
+ "reference/jobs/get-job-log-file"
+ ]
+ },
+ {
+ "group": "Events (Schedules)",
+ "pages": [
+ "reference/events-schedules/list-events",
+ "reference/events-schedules/create-event",
+ "reference/events-schedules/get-event",
+ "reference/events-schedules/update-event",
+ "reference/events-schedules/delete-event"
+ ]
+ },
+ {
+ "group": "Attack Paths",
+ "pages": [
+ "reference/attack-paths/export-attack-path-findings",
+ "reference/attack-paths/list-all-attack-path-types",
+ "reference/attack-paths/start-analysis",
+ "reference/attack-paths/list-available-attack-paths",
+ "reference/attack-paths/list-domain-attack-paths-details",
+ "reference/attack-paths/list-attack-path-sparkline-values",
+ "reference/attack-paths/update-attack-path-risk"
+ ]
+ },
+ {
+ "group": "Risk Posture",
+ "pages": [
+ "reference/risk-posture/get-posture-statistics"
+ ]
+ },
+ {
+ "group": "Meta Entities",
+ "pages": [
+ "reference/meta-entities/get-meta-entity-info"
+ ]
+ }
],
"footerSocials": {
"x": "https://twitter.com/specterops",
diff --git a/docs/hc/en-us/reference/ad-base-entities/get-entity-controllables.mdx b/docs/reference/ad-base-entities/get-entity-controllables.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ad-base-entities/get-entity-controllables.mdx
rename to docs/reference/ad-base-entities/get-entity-controllables.mdx
diff --git a/docs/hc/en-us/reference/ad-base-entities/get-entity-controllers.mdx b/docs/reference/ad-base-entities/get-entity-controllers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ad-base-entities/get-entity-controllers.mdx
rename to docs/reference/ad-base-entities/get-entity-controllers.mdx
diff --git a/docs/hc/en-us/reference/ad-base-entities/get-entity-info.mdx b/docs/reference/ad-base-entities/get-entity-info.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ad-base-entities/get-entity-info.mdx
rename to docs/reference/ad-base-entities/get-entity-info.mdx
diff --git a/docs/hc/en-us/reference/ad-users/get-user-entity-admin-rights.mdx b/docs/reference/ad-users/get-user-entity-admin-rights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ad-users/get-user-entity-admin-rights.mdx
rename to docs/reference/ad-users/get-user-entity-admin-rights.mdx
diff --git a/docs/hc/en-us/reference/ad-users/get-user-entity-constrained-delegation-rights.mdx b/docs/reference/ad-users/get-user-entity-constrained-delegation-rights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ad-users/get-user-entity-constrained-delegation-rights.mdx
rename to docs/reference/ad-users/get-user-entity-constrained-delegation-rights.mdx
diff --git a/docs/hc/en-us/reference/ad-users/get-user-entity-controllables.mdx b/docs/reference/ad-users/get-user-entity-controllables.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ad-users/get-user-entity-controllables.mdx
rename to docs/reference/ad-users/get-user-entity-controllables.mdx
diff --git a/docs/hc/en-us/reference/ad-users/get-user-entity-controllers.mdx b/docs/reference/ad-users/get-user-entity-controllers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ad-users/get-user-entity-controllers.mdx
rename to docs/reference/ad-users/get-user-entity-controllers.mdx
diff --git a/docs/hc/en-us/reference/ad-users/get-user-entity-dcom-rights.mdx b/docs/reference/ad-users/get-user-entity-dcom-rights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ad-users/get-user-entity-dcom-rights.mdx
rename to docs/reference/ad-users/get-user-entity-dcom-rights.mdx
diff --git a/docs/hc/en-us/reference/ad-users/get-user-entity-info.mdx b/docs/reference/ad-users/get-user-entity-info.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ad-users/get-user-entity-info.mdx
rename to docs/reference/ad-users/get-user-entity-info.mdx
diff --git a/docs/hc/en-us/reference/ad-users/get-user-entity-membership.mdx b/docs/reference/ad-users/get-user-entity-membership.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ad-users/get-user-entity-membership.mdx
rename to docs/reference/ad-users/get-user-entity-membership.mdx
diff --git a/docs/hc/en-us/reference/ad-users/get-user-entity-powershell-remote-rights.mdx b/docs/reference/ad-users/get-user-entity-powershell-remote-rights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ad-users/get-user-entity-powershell-remote-rights.mdx
rename to docs/reference/ad-users/get-user-entity-powershell-remote-rights.mdx
diff --git a/docs/hc/en-us/reference/ad-users/get-user-entity-rdp-rights.mdx b/docs/reference/ad-users/get-user-entity-rdp-rights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ad-users/get-user-entity-rdp-rights.mdx
rename to docs/reference/ad-users/get-user-entity-rdp-rights.mdx
diff --git a/docs/hc/en-us/reference/ad-users/get-user-entity-sessions.mdx b/docs/reference/ad-users/get-user-entity-sessions.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ad-users/get-user-entity-sessions.mdx
rename to docs/reference/ad-users/get-user-entity-sessions.mdx
diff --git a/docs/hc/en-us/reference/ad-users/get-user-entity-sql-admin-rights.mdx b/docs/reference/ad-users/get-user-entity-sql-admin-rights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ad-users/get-user-entity-sql-admin-rights.mdx
rename to docs/reference/ad-users/get-user-entity-sql-admin-rights.mdx
diff --git a/docs/hc/en-us/reference/aia-cas/get-aia-ca-entity-controllers.mdx b/docs/reference/aia-cas/get-aia-ca-entity-controllers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/aia-cas/get-aia-ca-entity-controllers.mdx
rename to docs/reference/aia-cas/get-aia-ca-entity-controllers.mdx
diff --git a/docs/hc/en-us/reference/aia-cas/get-aia-ca-entity-info.mdx b/docs/reference/aia-cas/get-aia-ca-entity-info.mdx
similarity index 100%
rename from docs/hc/en-us/reference/aia-cas/get-aia-ca-entity-info.mdx
rename to docs/reference/aia-cas/get-aia-ca-entity-info.mdx
diff --git a/docs/hc/en-us/reference/analysis/get-latest-tier-zero-combo-node.mdx b/docs/reference/analysis/get-latest-tier-zero-combo-node.mdx
similarity index 100%
rename from docs/hc/en-us/reference/analysis/get-latest-tier-zero-combo-node.mdx
rename to docs/reference/analysis/get-latest-tier-zero-combo-node.mdx
diff --git a/docs/hc/en-us/reference/analysis/get-the-combo-tree-for-an-asset-group.mdx b/docs/reference/analysis/get-the-combo-tree-for-an-asset-group.mdx
similarity index 100%
rename from docs/hc/en-us/reference/analysis/get-the-combo-tree-for-an-asset-group.mdx
rename to docs/reference/analysis/get-the-combo-tree-for-an-asset-group.mdx
diff --git a/docs/hc/en-us/reference/analysis/get-the-graph-for-meta-tree.mdx b/docs/reference/analysis/get-the-graph-for-meta-tree.mdx
similarity index 100%
rename from docs/hc/en-us/reference/analysis/get-the-graph-for-meta-tree.mdx
rename to docs/reference/analysis/get-the-graph-for-meta-tree.mdx
diff --git a/docs/hc/en-us/reference/api-info/get-api-spec.mdx b/docs/reference/api-info/get-api-spec.mdx
similarity index 100%
rename from docs/hc/en-us/reference/api-info/get-api-spec.mdx
rename to docs/reference/api-info/get-api-spec.mdx
diff --git a/docs/hc/en-us/reference/api-info/get-api-version.mdx b/docs/reference/api-info/get-api-version.mdx
similarity index 100%
rename from docs/hc/en-us/reference/api-info/get-api-version.mdx
rename to docs/reference/api-info/get-api-version.mdx
diff --git a/docs/hc/en-us/reference/api-tokens/create-token-for-user.mdx b/docs/reference/api-tokens/create-token-for-user.mdx
similarity index 100%
rename from docs/hc/en-us/reference/api-tokens/create-token-for-user.mdx
rename to docs/reference/api-tokens/create-token-for-user.mdx
diff --git a/docs/hc/en-us/reference/api-tokens/delete-a-user-token.mdx b/docs/reference/api-tokens/delete-a-user-token.mdx
similarity index 100%
rename from docs/hc/en-us/reference/api-tokens/delete-a-user-token.mdx
rename to docs/reference/api-tokens/delete-a-user-token.mdx
diff --git a/docs/hc/en-us/reference/api-tokens/list-auth-tokens.mdx b/docs/reference/api-tokens/list-auth-tokens.mdx
similarity index 100%
rename from docs/hc/en-us/reference/api-tokens/list-auth-tokens.mdx
rename to docs/reference/api-tokens/list-auth-tokens.mdx
diff --git a/docs/hc/en-us/reference/asset-isolation/create-an-asset-group.mdx b/docs/reference/asset-isolation/create-an-asset-group.mdx
similarity index 100%
rename from docs/hc/en-us/reference/asset-isolation/create-an-asset-group.mdx
rename to docs/reference/asset-isolation/create-an-asset-group.mdx
diff --git a/docs/hc/en-us/reference/asset-isolation/delete-an-asset-group-selector.mdx b/docs/reference/asset-isolation/delete-an-asset-group-selector.mdx
similarity index 100%
rename from docs/hc/en-us/reference/asset-isolation/delete-an-asset-group-selector.mdx
rename to docs/reference/asset-isolation/delete-an-asset-group-selector.mdx
diff --git a/docs/hc/en-us/reference/asset-isolation/delete-an-asset-group.mdx b/docs/reference/asset-isolation/delete-an-asset-group.mdx
similarity index 100%
rename from docs/hc/en-us/reference/asset-isolation/delete-an-asset-group.mdx
rename to docs/reference/asset-isolation/delete-an-asset-group.mdx
diff --git a/docs/hc/en-us/reference/asset-isolation/get-asset-group-by-id.mdx b/docs/reference/asset-isolation/get-asset-group-by-id.mdx
similarity index 100%
rename from docs/hc/en-us/reference/asset-isolation/get-asset-group-by-id.mdx
rename to docs/reference/asset-isolation/get-asset-group-by-id.mdx
diff --git a/docs/hc/en-us/reference/asset-isolation/get-asset-group-custom-member-count.mdx b/docs/reference/asset-isolation/get-asset-group-custom-member-count.mdx
similarity index 100%
rename from docs/hc/en-us/reference/asset-isolation/get-asset-group-custom-member-count.mdx
rename to docs/reference/asset-isolation/get-asset-group-custom-member-count.mdx
diff --git a/docs/hc/en-us/reference/asset-isolation/list-all-asset-isolation-group-members.mdx b/docs/reference/asset-isolation/list-all-asset-isolation-group-members.mdx
similarity index 100%
rename from docs/hc/en-us/reference/asset-isolation/list-all-asset-isolation-group-members.mdx
rename to docs/reference/asset-isolation/list-all-asset-isolation-group-members.mdx
diff --git a/docs/hc/en-us/reference/asset-isolation/list-all-asset-isolation-groups.mdx b/docs/reference/asset-isolation/list-all-asset-isolation-groups.mdx
similarity index 100%
rename from docs/hc/en-us/reference/asset-isolation/list-all-asset-isolation-groups.mdx
rename to docs/reference/asset-isolation/list-all-asset-isolation-groups.mdx
diff --git a/docs/hc/en-us/reference/asset-isolation/list-asset-group-collections.mdx b/docs/reference/asset-isolation/list-asset-group-collections.mdx
similarity index 100%
rename from docs/hc/en-us/reference/asset-isolation/list-asset-group-collections.mdx
rename to docs/reference/asset-isolation/list-asset-group-collections.mdx
diff --git a/docs/hc/en-us/reference/asset-isolation/list-asset-group-member-count-by-kind.mdx b/docs/reference/asset-isolation/list-asset-group-member-count-by-kind.mdx
similarity index 100%
rename from docs/hc/en-us/reference/asset-isolation/list-asset-group-member-count-by-kind.mdx
rename to docs/reference/asset-isolation/list-asset-group-member-count-by-kind.mdx
diff --git a/docs/hc/en-us/reference/asset-isolation/update-an-asset-group.mdx b/docs/reference/asset-isolation/update-an-asset-group.mdx
similarity index 100%
rename from docs/hc/en-us/reference/asset-isolation/update-an-asset-group.mdx
rename to docs/reference/asset-isolation/update-an-asset-group.mdx
diff --git a/docs/hc/en-us/reference/asset-isolation/update-asset-group-selectors-1.mdx b/docs/reference/asset-isolation/update-asset-group-selectors-1.mdx
similarity index 100%
rename from docs/hc/en-us/reference/asset-isolation/update-asset-group-selectors-1.mdx
rename to docs/reference/asset-isolation/update-asset-group-selectors-1.mdx
diff --git a/docs/hc/en-us/reference/asset-isolation/update-asset-group-selectors.mdx b/docs/reference/asset-isolation/update-asset-group-selectors.mdx
similarity index 100%
rename from docs/hc/en-us/reference/asset-isolation/update-asset-group-selectors.mdx
rename to docs/reference/asset-isolation/update-asset-group-selectors.mdx
diff --git a/docs/hc/en-us/reference/attack-paths/export-attack-path-findings.mdx b/docs/reference/attack-paths/export-attack-path-findings.mdx
similarity index 100%
rename from docs/hc/en-us/reference/attack-paths/export-attack-path-findings.mdx
rename to docs/reference/attack-paths/export-attack-path-findings.mdx
diff --git a/docs/hc/en-us/reference/attack-paths/list-all-attack-path-types.mdx b/docs/reference/attack-paths/list-all-attack-path-types.mdx
similarity index 100%
rename from docs/hc/en-us/reference/attack-paths/list-all-attack-path-types.mdx
rename to docs/reference/attack-paths/list-all-attack-path-types.mdx
diff --git a/docs/hc/en-us/reference/attack-paths/list-attack-path-sparkline-values.mdx b/docs/reference/attack-paths/list-attack-path-sparkline-values.mdx
similarity index 100%
rename from docs/hc/en-us/reference/attack-paths/list-attack-path-sparkline-values.mdx
rename to docs/reference/attack-paths/list-attack-path-sparkline-values.mdx
diff --git a/docs/hc/en-us/reference/attack-paths/list-available-attack-paths.mdx b/docs/reference/attack-paths/list-available-attack-paths.mdx
similarity index 100%
rename from docs/hc/en-us/reference/attack-paths/list-available-attack-paths.mdx
rename to docs/reference/attack-paths/list-available-attack-paths.mdx
diff --git a/docs/hc/en-us/reference/attack-paths/list-domain-attack-paths-details.mdx b/docs/reference/attack-paths/list-domain-attack-paths-details.mdx
similarity index 100%
rename from docs/hc/en-us/reference/attack-paths/list-domain-attack-paths-details.mdx
rename to docs/reference/attack-paths/list-domain-attack-paths-details.mdx
diff --git a/docs/hc/en-us/reference/attack-paths/start-analysis.mdx b/docs/reference/attack-paths/start-analysis.mdx
similarity index 100%
rename from docs/hc/en-us/reference/attack-paths/start-analysis.mdx
rename to docs/reference/attack-paths/start-analysis.mdx
diff --git a/docs/hc/en-us/reference/attack-paths/update-attack-path-risk.mdx b/docs/reference/attack-paths/update-attack-path-risk.mdx
similarity index 100%
rename from docs/hc/en-us/reference/attack-paths/update-attack-path-risk.mdx
rename to docs/reference/attack-paths/update-attack-path-risk.mdx
diff --git a/docs/hc/en-us/reference/audit/list-audit-logs.mdx b/docs/reference/audit/list-audit-logs.mdx
similarity index 100%
rename from docs/hc/en-us/reference/audit/list-audit-logs.mdx
rename to docs/reference/audit/list-audit-logs.mdx
diff --git a/docs/hc/en-us/reference/auth/create-a-new-saml-provider-from-metadata-1.mdx b/docs/reference/auth/create-a-new-saml-provider-from-metadata-1.mdx
similarity index 100%
rename from docs/hc/en-us/reference/auth/create-a-new-saml-provider-from-metadata-1.mdx
rename to docs/reference/auth/create-a-new-saml-provider-from-metadata-1.mdx
diff --git a/docs/hc/en-us/reference/auth/create-a-new-saml-provider-from-metadata.mdx b/docs/reference/auth/create-a-new-saml-provider-from-metadata.mdx
similarity index 100%
rename from docs/hc/en-us/reference/auth/create-a-new-saml-provider-from-metadata.mdx
rename to docs/reference/auth/create-a-new-saml-provider-from-metadata.mdx
diff --git a/docs/hc/en-us/reference/auth/create-oidc-provider.mdx b/docs/reference/auth/create-oidc-provider.mdx
similarity index 100%
rename from docs/hc/en-us/reference/auth/create-oidc-provider.mdx
rename to docs/reference/auth/create-oidc-provider.mdx
diff --git a/docs/hc/en-us/reference/auth/delete-a-saml-provider.mdx b/docs/reference/auth/delete-a-saml-provider.mdx
similarity index 100%
rename from docs/hc/en-us/reference/auth/delete-a-saml-provider.mdx
rename to docs/reference/auth/delete-a-saml-provider.mdx
diff --git a/docs/hc/en-us/reference/auth/delete-sso-provider.mdx b/docs/reference/auth/delete-sso-provider.mdx
similarity index 100%
rename from docs/hc/en-us/reference/auth/delete-sso-provider.mdx
rename to docs/reference/auth/delete-sso-provider.mdx
diff --git a/docs/hc/en-us/reference/auth/get-all-saml-sign-on-endpoints.mdx b/docs/reference/auth/get-all-saml-sign-on-endpoints.mdx
similarity index 100%
rename from docs/hc/en-us/reference/auth/get-all-saml-sign-on-endpoints.mdx
rename to docs/reference/auth/get-all-saml-sign-on-endpoints.mdx
diff --git a/docs/hc/en-us/reference/auth/get-saml-provider-signing-certificate.mdx b/docs/reference/auth/get-saml-provider-signing-certificate.mdx
similarity index 100%
rename from docs/hc/en-us/reference/auth/get-saml-provider-signing-certificate.mdx
rename to docs/reference/auth/get-saml-provider-signing-certificate.mdx
diff --git a/docs/hc/en-us/reference/auth/get-saml-provider.mdx b/docs/reference/auth/get-saml-provider.mdx
similarity index 100%
rename from docs/hc/en-us/reference/auth/get-saml-provider.mdx
rename to docs/reference/auth/get-saml-provider.mdx
diff --git a/docs/hc/en-us/reference/auth/get-self.mdx b/docs/reference/auth/get-self.mdx
similarity index 100%
rename from docs/hc/en-us/reference/auth/get-self.mdx
rename to docs/reference/auth/get-self.mdx
diff --git a/docs/hc/en-us/reference/auth/list-saml-providers.mdx b/docs/reference/auth/list-saml-providers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/auth/list-saml-providers.mdx
rename to docs/reference/auth/list-saml-providers.mdx
diff --git a/docs/hc/en-us/reference/auth/list-sso-providers.mdx b/docs/reference/auth/list-sso-providers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/auth/list-sso-providers.mdx
rename to docs/reference/auth/list-sso-providers.mdx
diff --git a/docs/hc/en-us/reference/auth/login-to-bloodhound.mdx b/docs/reference/auth/login-to-bloodhound.mdx
similarity index 100%
rename from docs/hc/en-us/reference/auth/login-to-bloodhound.mdx
rename to docs/reference/auth/login-to-bloodhound.mdx
diff --git a/docs/hc/en-us/reference/auth/logout-of-bloodhound.mdx b/docs/reference/auth/logout-of-bloodhound.mdx
similarity index 100%
rename from docs/hc/en-us/reference/auth/logout-of-bloodhound.mdx
rename to docs/reference/auth/logout-of-bloodhound.mdx
diff --git a/docs/hc/en-us/reference/auth/update-sso-provider.mdx b/docs/reference/auth/update-sso-provider.mdx
similarity index 100%
rename from docs/hc/en-us/reference/auth/update-sso-provider.mdx
rename to docs/reference/auth/update-sso-provider.mdx
diff --git a/docs/hc/en-us/reference/azure-entities/get-azure-entity.mdx b/docs/reference/azure-entities/get-azure-entity.mdx
similarity index 100%
rename from docs/hc/en-us/reference/azure-entities/get-azure-entity.mdx
rename to docs/reference/azure-entities/get-azure-entity.mdx
diff --git a/docs/hc/en-us/reference/bloodhound-users/activates-mfa-for-an-enrolled-user.mdx b/docs/reference/bloodhound-users/activates-mfa-for-an-enrolled-user.mdx
similarity index 100%
rename from docs/hc/en-us/reference/bloodhound-users/activates-mfa-for-an-enrolled-user.mdx
rename to docs/reference/bloodhound-users/activates-mfa-for-an-enrolled-user.mdx
diff --git a/docs/hc/en-us/reference/bloodhound-users/create-a-new-user.mdx b/docs/reference/bloodhound-users/create-a-new-user.mdx
similarity index 100%
rename from docs/hc/en-us/reference/bloodhound-users/create-a-new-user.mdx
rename to docs/reference/bloodhound-users/create-a-new-user.mdx
diff --git a/docs/hc/en-us/reference/bloodhound-users/create-or-set-user-secret.mdx b/docs/reference/bloodhound-users/create-or-set-user-secret.mdx
similarity index 100%
rename from docs/hc/en-us/reference/bloodhound-users/create-or-set-user-secret.mdx
rename to docs/reference/bloodhound-users/create-or-set-user-secret.mdx
diff --git a/docs/hc/en-us/reference/bloodhound-users/delete-a-user.mdx b/docs/reference/bloodhound-users/delete-a-user.mdx
similarity index 100%
rename from docs/hc/en-us/reference/bloodhound-users/delete-a-user.mdx
rename to docs/reference/bloodhound-users/delete-a-user.mdx
diff --git a/docs/hc/en-us/reference/bloodhound-users/enrolls-user-in-multi-factor-authentication.mdx b/docs/reference/bloodhound-users/enrolls-user-in-multi-factor-authentication.mdx
similarity index 100%
rename from docs/hc/en-us/reference/bloodhound-users/enrolls-user-in-multi-factor-authentication.mdx
rename to docs/reference/bloodhound-users/enrolls-user-in-multi-factor-authentication.mdx
diff --git a/docs/hc/en-us/reference/bloodhound-users/expire-user-secret.mdx b/docs/reference/bloodhound-users/expire-user-secret.mdx
similarity index 100%
rename from docs/hc/en-us/reference/bloodhound-users/expire-user-secret.mdx
rename to docs/reference/bloodhound-users/expire-user-secret.mdx
diff --git a/docs/hc/en-us/reference/bloodhound-users/get-a-user.mdx b/docs/reference/bloodhound-users/get-a-user.mdx
similarity index 100%
rename from docs/hc/en-us/reference/bloodhound-users/get-a-user.mdx
rename to docs/reference/bloodhound-users/get-a-user.mdx
diff --git a/docs/hc/en-us/reference/bloodhound-users/list-users.mdx b/docs/reference/bloodhound-users/list-users.mdx
similarity index 100%
rename from docs/hc/en-us/reference/bloodhound-users/list-users.mdx
rename to docs/reference/bloodhound-users/list-users.mdx
diff --git a/docs/hc/en-us/reference/bloodhound-users/returns-mfa-activation-status-for-a-user.mdx b/docs/reference/bloodhound-users/returns-mfa-activation-status-for-a-user.mdx
similarity index 100%
rename from docs/hc/en-us/reference/bloodhound-users/returns-mfa-activation-status-for-a-user.mdx
rename to docs/reference/bloodhound-users/returns-mfa-activation-status-for-a-user.mdx
diff --git a/docs/hc/en-us/reference/bloodhound-users/unenroll-user-from-multi-factor-authentication.mdx b/docs/reference/bloodhound-users/unenroll-user-from-multi-factor-authentication.mdx
similarity index 100%
rename from docs/hc/en-us/reference/bloodhound-users/unenroll-user-from-multi-factor-authentication.mdx
rename to docs/reference/bloodhound-users/unenroll-user-from-multi-factor-authentication.mdx
diff --git a/docs/hc/en-us/reference/bloodhound-users/update-a-user.mdx b/docs/reference/bloodhound-users/update-a-user.mdx
similarity index 100%
rename from docs/hc/en-us/reference/bloodhound-users/update-a-user.mdx
rename to docs/reference/bloodhound-users/update-a-user.mdx
diff --git a/docs/hc/en-us/reference/cert-templates/get-cert-template-entity-controllers.mdx b/docs/reference/cert-templates/get-cert-template-entity-controllers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/cert-templates/get-cert-template-entity-controllers.mdx
rename to docs/reference/cert-templates/get-cert-template-entity-controllers.mdx
diff --git a/docs/hc/en-us/reference/cert-templates/get-cert-template-entity-info.mdx b/docs/reference/cert-templates/get-cert-template-entity-info.mdx
similarity index 100%
rename from docs/hc/en-us/reference/cert-templates/get-cert-template-entity-info.mdx
rename to docs/reference/cert-templates/get-cert-template-entity-info.mdx
diff --git a/docs/hc/en-us/reference/client-ingest/endpoint-for-data-ingestion.mdx b/docs/reference/client-ingest/endpoint-for-data-ingestion.mdx
similarity index 100%
rename from docs/hc/en-us/reference/client-ingest/endpoint-for-data-ingestion.mdx
rename to docs/reference/client-ingest/endpoint-for-data-ingestion.mdx
diff --git a/docs/hc/en-us/reference/clients/client-error.mdx b/docs/reference/clients/client-error.mdx
similarity index 100%
rename from docs/hc/en-us/reference/clients/client-error.mdx
rename to docs/reference/clients/client-error.mdx
diff --git a/docs/hc/en-us/reference/clients/create-client.mdx b/docs/reference/clients/create-client.mdx
similarity index 100%
rename from docs/hc/en-us/reference/clients/create-client.mdx
rename to docs/reference/clients/create-client.mdx
diff --git a/docs/hc/en-us/reference/clients/creates-a-scheduled-job.mdx b/docs/reference/clients/creates-a-scheduled-job.mdx
similarity index 100%
rename from docs/hc/en-us/reference/clients/creates-a-scheduled-job.mdx
rename to docs/reference/clients/creates-a-scheduled-job.mdx
diff --git a/docs/hc/en-us/reference/clients/creates-a-scheduled-task.mdx b/docs/reference/clients/creates-a-scheduled-task.mdx
similarity index 100%
rename from docs/hc/en-us/reference/clients/creates-a-scheduled-task.mdx
rename to docs/reference/clients/creates-a-scheduled-task.mdx
diff --git a/docs/hc/en-us/reference/clients/delete-client.mdx b/docs/reference/clients/delete-client.mdx
similarity index 100%
rename from docs/hc/en-us/reference/clients/delete-client.mdx
rename to docs/reference/clients/delete-client.mdx
diff --git a/docs/hc/en-us/reference/clients/get-client.mdx b/docs/reference/clients/get-client.mdx
similarity index 100%
rename from docs/hc/en-us/reference/clients/get-client.mdx
rename to docs/reference/clients/get-client.mdx
diff --git a/docs/hc/en-us/reference/clients/list-all-completed-jobs-for-a-client.mdx b/docs/reference/clients/list-all-completed-jobs-for-a-client.mdx
similarity index 100%
rename from docs/hc/en-us/reference/clients/list-all-completed-jobs-for-a-client.mdx
rename to docs/reference/clients/list-all-completed-jobs-for-a-client.mdx
diff --git a/docs/hc/en-us/reference/clients/list-all-completed-tasks-for-a-client.mdx b/docs/reference/clients/list-all-completed-tasks-for-a-client.mdx
similarity index 100%
rename from docs/hc/en-us/reference/clients/list-all-completed-tasks-for-a-client.mdx
rename to docs/reference/clients/list-all-completed-tasks-for-a-client.mdx
diff --git a/docs/hc/en-us/reference/clients/list-clients.mdx b/docs/reference/clients/list-clients.mdx
similarity index 100%
rename from docs/hc/en-us/reference/clients/list-clients.mdx
rename to docs/reference/clients/list-clients.mdx
diff --git a/docs/hc/en-us/reference/clients/regenerate-the-authentication-token-for-a-client.mdx b/docs/reference/clients/regenerate-the-authentication-token-for-a-client.mdx
similarity index 100%
rename from docs/hc/en-us/reference/clients/regenerate-the-authentication-token-for-a-client.mdx
rename to docs/reference/clients/regenerate-the-authentication-token-for-a-client.mdx
diff --git a/docs/hc/en-us/reference/clients/update-client-values.mdx b/docs/reference/clients/update-client-values.mdx
similarity index 100%
rename from docs/hc/en-us/reference/clients/update-client-values.mdx
rename to docs/reference/clients/update-client-values.mdx
diff --git a/docs/hc/en-us/reference/clients/update-client.mdx b/docs/reference/clients/update-client.mdx
similarity index 100%
rename from docs/hc/en-us/reference/clients/update-client.mdx
rename to docs/reference/clients/update-client.mdx
diff --git a/docs/hc/en-us/reference/collection-uploads/create-file-upload-job.mdx b/docs/reference/collection-uploads/create-file-upload-job.mdx
similarity index 100%
rename from docs/hc/en-us/reference/collection-uploads/create-file-upload-job.mdx
rename to docs/reference/collection-uploads/create-file-upload-job.mdx
diff --git a/docs/hc/en-us/reference/collection-uploads/end-file-upload-job.mdx b/docs/reference/collection-uploads/end-file-upload-job.mdx
similarity index 100%
rename from docs/hc/en-us/reference/collection-uploads/end-file-upload-job.mdx
rename to docs/reference/collection-uploads/end-file-upload-job.mdx
diff --git a/docs/hc/en-us/reference/collection-uploads/list-accepted-file-upload-types.mdx b/docs/reference/collection-uploads/list-accepted-file-upload-types.mdx
similarity index 100%
rename from docs/hc/en-us/reference/collection-uploads/list-accepted-file-upload-types.mdx
rename to docs/reference/collection-uploads/list-accepted-file-upload-types.mdx
diff --git a/docs/hc/en-us/reference/collection-uploads/list-file-upload-jobs.mdx b/docs/reference/collection-uploads/list-file-upload-jobs.mdx
similarity index 100%
rename from docs/hc/en-us/reference/collection-uploads/list-file-upload-jobs.mdx
rename to docs/reference/collection-uploads/list-file-upload-jobs.mdx
diff --git a/docs/hc/en-us/reference/collection-uploads/upload-file-to-job.mdx b/docs/reference/collection-uploads/upload-file-to-job.mdx
similarity index 100%
rename from docs/hc/en-us/reference/collection-uploads/upload-file-to-job.mdx
rename to docs/reference/collection-uploads/upload-file-to-job.mdx
diff --git a/docs/hc/en-us/reference/collectors/get-collector-checksum-by-version.mdx b/docs/reference/collectors/get-collector-checksum-by-version.mdx
similarity index 100%
rename from docs/hc/en-us/reference/collectors/get-collector-checksum-by-version.mdx
rename to docs/reference/collectors/get-collector-checksum-by-version.mdx
diff --git a/docs/hc/en-us/reference/collectors/get-collector-download-by-version.mdx b/docs/reference/collectors/get-collector-download-by-version.mdx
similarity index 100%
rename from docs/hc/en-us/reference/collectors/get-collector-download-by-version.mdx
rename to docs/reference/collectors/get-collector-download-by-version.mdx
diff --git a/docs/hc/en-us/reference/collectors/get-collector-manifest.mdx b/docs/reference/collectors/get-collector-manifest.mdx
similarity index 100%
rename from docs/hc/en-us/reference/collectors/get-collector-manifest.mdx
rename to docs/reference/collectors/get-collector-manifest.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-admin-rights.mdx b/docs/reference/computers/get-computer-entity-admin-rights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-admin-rights.mdx
rename to docs/reference/computers/get-computer-entity-admin-rights.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-admins.mdx b/docs/reference/computers/get-computer-entity-admins.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-admins.mdx
rename to docs/reference/computers/get-computer-entity-admins.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-constrained-delegation-rights.mdx b/docs/reference/computers/get-computer-entity-constrained-delegation-rights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-constrained-delegation-rights.mdx
rename to docs/reference/computers/get-computer-entity-constrained-delegation-rights.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-constrained-users.mdx b/docs/reference/computers/get-computer-entity-constrained-users.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-constrained-users.mdx
rename to docs/reference/computers/get-computer-entity-constrained-users.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-controllables.mdx b/docs/reference/computers/get-computer-entity-controllables.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-controllables.mdx
rename to docs/reference/computers/get-computer-entity-controllables.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-controllers.mdx b/docs/reference/computers/get-computer-entity-controllers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-controllers.mdx
rename to docs/reference/computers/get-computer-entity-controllers.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-dcom-rights.mdx b/docs/reference/computers/get-computer-entity-dcom-rights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-dcom-rights.mdx
rename to docs/reference/computers/get-computer-entity-dcom-rights.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-dcom-users.mdx b/docs/reference/computers/get-computer-entity-dcom-users.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-dcom-users.mdx
rename to docs/reference/computers/get-computer-entity-dcom-users.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-group-membership.mdx b/docs/reference/computers/get-computer-entity-group-membership.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-group-membership.mdx
rename to docs/reference/computers/get-computer-entity-group-membership.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-info.mdx b/docs/reference/computers/get-computer-entity-info.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-info.mdx
rename to docs/reference/computers/get-computer-entity-info.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-rdp-rights.mdx b/docs/reference/computers/get-computer-entity-rdp-rights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-rdp-rights.mdx
rename to docs/reference/computers/get-computer-entity-rdp-rights.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-rdp-users.mdx b/docs/reference/computers/get-computer-entity-rdp-users.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-rdp-users.mdx
rename to docs/reference/computers/get-computer-entity-rdp-users.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-remote-powershell-rights.mdx b/docs/reference/computers/get-computer-entity-remote-powershell-rights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-remote-powershell-rights.mdx
rename to docs/reference/computers/get-computer-entity-remote-powershell-rights.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-remote-powershell-users.mdx b/docs/reference/computers/get-computer-entity-remote-powershell-users.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-remote-powershell-users.mdx
rename to docs/reference/computers/get-computer-entity-remote-powershell-users.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-sessions.mdx b/docs/reference/computers/get-computer-entity-sessions.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-sessions.mdx
rename to docs/reference/computers/get-computer-entity-sessions.mdx
diff --git a/docs/hc/en-us/reference/computers/get-computer-entity-sql-admins.mdx b/docs/reference/computers/get-computer-entity-sql-admins.mdx
similarity index 100%
rename from docs/hc/en-us/reference/computers/get-computer-entity-sql-admins.mdx
rename to docs/reference/computers/get-computer-entity-sql-admins.mdx
diff --git a/docs/hc/en-us/reference/config/list-application-config-parameters.mdx b/docs/reference/config/list-application-config-parameters.mdx
similarity index 100%
rename from docs/hc/en-us/reference/config/list-application-config-parameters.mdx
rename to docs/reference/config/list-application-config-parameters.mdx
diff --git a/docs/hc/en-us/reference/config/list-feature-flags.mdx b/docs/reference/config/list-feature-flags.mdx
similarity index 100%
rename from docs/hc/en-us/reference/config/list-feature-flags.mdx
rename to docs/reference/config/list-feature-flags.mdx
diff --git a/docs/hc/en-us/reference/config/toggle-a-feature-flags-enabled-status-to-either-enable-or-disable-it.mdx b/docs/reference/config/toggle-a-feature-flags-enabled-status-to-either-enable-or-disable-it.mdx
similarity index 100%
rename from docs/hc/en-us/reference/config/toggle-a-feature-flags-enabled-status-to-either-enable-or-disable-it.mdx
rename to docs/reference/config/toggle-a-feature-flags-enabled-status-to-either-enable-or-disable-it.mdx
diff --git a/docs/hc/en-us/reference/config/write-application-configuration-parameters.mdx b/docs/reference/config/write-application-configuration-parameters.mdx
similarity index 100%
rename from docs/hc/en-us/reference/config/write-application-configuration-parameters.mdx
rename to docs/reference/config/write-application-configuration-parameters.mdx
diff --git a/docs/hc/en-us/reference/containers/get-container-entity-controllers.mdx b/docs/reference/containers/get-container-entity-controllers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/containers/get-container-entity-controllers.mdx
rename to docs/reference/containers/get-container-entity-controllers.mdx
diff --git a/docs/hc/en-us/reference/containers/get-container-entity-info.mdx b/docs/reference/containers/get-container-entity-info.mdx
similarity index 100%
rename from docs/hc/en-us/reference/containers/get-container-entity-info.mdx
rename to docs/reference/containers/get-container-entity-info.mdx
diff --git a/docs/hc/en-us/reference/cypher/create-a-saved-query.mdx b/docs/reference/cypher/create-a-saved-query.mdx
similarity index 100%
rename from docs/hc/en-us/reference/cypher/create-a-saved-query.mdx
rename to docs/reference/cypher/create-a-saved-query.mdx
diff --git a/docs/hc/en-us/reference/cypher/delete-a-saved-query.mdx b/docs/reference/cypher/delete-a-saved-query.mdx
similarity index 100%
rename from docs/hc/en-us/reference/cypher/delete-a-saved-query.mdx
rename to docs/reference/cypher/delete-a-saved-query.mdx
diff --git a/docs/hc/en-us/reference/cypher/list-saved-queries.mdx b/docs/reference/cypher/list-saved-queries.mdx
similarity index 100%
rename from docs/hc/en-us/reference/cypher/list-saved-queries.mdx
rename to docs/reference/cypher/list-saved-queries.mdx
diff --git a/docs/hc/en-us/reference/cypher/revokes-permission-of-a-saved-query-from-users.mdx b/docs/reference/cypher/revokes-permission-of-a-saved-query-from-users.mdx
similarity index 100%
rename from docs/hc/en-us/reference/cypher/revokes-permission-of-a-saved-query-from-users.mdx
rename to docs/reference/cypher/revokes-permission-of-a-saved-query-from-users.mdx
diff --git a/docs/hc/en-us/reference/cypher/run-a-cypher-query.mdx b/docs/reference/cypher/run-a-cypher-query.mdx
similarity index 100%
rename from docs/hc/en-us/reference/cypher/run-a-cypher-query.mdx
rename to docs/reference/cypher/run-a-cypher-query.mdx
diff --git a/docs/hc/en-us/reference/cypher/share-a-saved-query-or-set-it-to-public.mdx b/docs/reference/cypher/share-a-saved-query-or-set-it-to-public.mdx
similarity index 100%
rename from docs/hc/en-us/reference/cypher/share-a-saved-query-or-set-it-to-public.mdx
rename to docs/reference/cypher/share-a-saved-query-or-set-it-to-public.mdx
diff --git a/docs/hc/en-us/reference/cypher/update-a-saved-query.mdx b/docs/reference/cypher/update-a-saved-query.mdx
similarity index 100%
rename from docs/hc/en-us/reference/cypher/update-a-saved-query.mdx
rename to docs/reference/cypher/update-a-saved-query.mdx
diff --git a/docs/hc/en-us/reference/data-quality/get-ad-domain-data-quality-stats.mdx b/docs/reference/data-quality/get-ad-domain-data-quality-stats.mdx
similarity index 100%
rename from docs/hc/en-us/reference/data-quality/get-ad-domain-data-quality-stats.mdx
rename to docs/reference/data-quality/get-ad-domain-data-quality-stats.mdx
diff --git a/docs/hc/en-us/reference/data-quality/get-azure-tenant-data-quality-stats.mdx b/docs/reference/data-quality/get-azure-tenant-data-quality-stats.mdx
similarity index 100%
rename from docs/hc/en-us/reference/data-quality/get-azure-tenant-data-quality-stats.mdx
rename to docs/reference/data-quality/get-azure-tenant-data-quality-stats.mdx
diff --git a/docs/hc/en-us/reference/data-quality/get-database-completeness-stats.mdx b/docs/reference/data-quality/get-database-completeness-stats.mdx
similarity index 100%
rename from docs/hc/en-us/reference/data-quality/get-database-completeness-stats.mdx
rename to docs/reference/data-quality/get-database-completeness-stats.mdx
diff --git a/docs/hc/en-us/reference/data-quality/get-platform-data-quality-aggregate.mdx b/docs/reference/data-quality/get-platform-data-quality-aggregate.mdx
similarity index 100%
rename from docs/hc/en-us/reference/data-quality/get-platform-data-quality-aggregate.mdx
rename to docs/reference/data-quality/get-platform-data-quality-aggregate.mdx
diff --git a/docs/hc/en-us/reference/database/delete-your-bloodhound-data.mdx b/docs/reference/database/delete-your-bloodhound-data.mdx
similarity index 100%
rename from docs/hc/en-us/reference/database/delete-your-bloodhound-data.mdx
rename to docs/reference/database/delete-your-bloodhound-data.mdx
diff --git a/docs/hc/en-us/reference/datapipe/get-datapipe-status.mdx b/docs/reference/datapipe/get-datapipe-status.mdx
similarity index 100%
rename from docs/hc/en-us/reference/datapipe/get-datapipe-status.mdx
rename to docs/reference/datapipe/get-datapipe-status.mdx
diff --git a/docs/hc/en-us/reference/datapipe/start-analysis.mdx b/docs/reference/datapipe/start-analysis.mdx
similarity index 100%
rename from docs/hc/en-us/reference/datapipe/start-analysis.mdx
rename to docs/reference/datapipe/start-analysis.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-computers.mdx b/docs/reference/domains/get-domain-entity-computers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-computers.mdx
rename to docs/reference/domains/get-domain-entity-computers.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-controllers.mdx b/docs/reference/domains/get-domain-entity-controllers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-controllers.mdx
rename to docs/reference/domains/get-domain-entity-controllers.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-dc-syncers.mdx b/docs/reference/domains/get-domain-entity-dc-syncers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-dc-syncers.mdx
rename to docs/reference/domains/get-domain-entity-dc-syncers.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-foregin-groups.mdx b/docs/reference/domains/get-domain-entity-foregin-groups.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-foregin-groups.mdx
rename to docs/reference/domains/get-domain-entity-foregin-groups.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-foreign-admins.mdx b/docs/reference/domains/get-domain-entity-foreign-admins.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-foreign-admins.mdx
rename to docs/reference/domains/get-domain-entity-foreign-admins.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-foreign-gpo-controllers.mdx b/docs/reference/domains/get-domain-entity-foreign-gpo-controllers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-foreign-gpo-controllers.mdx
rename to docs/reference/domains/get-domain-entity-foreign-gpo-controllers.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-foreign-users.mdx b/docs/reference/domains/get-domain-entity-foreign-users.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-foreign-users.mdx
rename to docs/reference/domains/get-domain-entity-foreign-users.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-gpos.mdx b/docs/reference/domains/get-domain-entity-gpos.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-gpos.mdx
rename to docs/reference/domains/get-domain-entity-gpos.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-groups.mdx b/docs/reference/domains/get-domain-entity-groups.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-groups.mdx
rename to docs/reference/domains/get-domain-entity-groups.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-inbound-trusts.mdx b/docs/reference/domains/get-domain-entity-inbound-trusts.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-inbound-trusts.mdx
rename to docs/reference/domains/get-domain-entity-inbound-trusts.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-info.mdx b/docs/reference/domains/get-domain-entity-info.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-info.mdx
rename to docs/reference/domains/get-domain-entity-info.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-linked-gpos.mdx b/docs/reference/domains/get-domain-entity-linked-gpos.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-linked-gpos.mdx
rename to docs/reference/domains/get-domain-entity-linked-gpos.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-ous.mdx b/docs/reference/domains/get-domain-entity-ous.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-ous.mdx
rename to docs/reference/domains/get-domain-entity-ous.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-outbound-trusts.mdx b/docs/reference/domains/get-domain-entity-outbound-trusts.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-outbound-trusts.mdx
rename to docs/reference/domains/get-domain-entity-outbound-trusts.mdx
diff --git a/docs/hc/en-us/reference/domains/get-domain-entity-users.mdx b/docs/reference/domains/get-domain-entity-users.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/get-domain-entity-users.mdx
rename to docs/reference/domains/get-domain-entity-users.mdx
diff --git a/docs/hc/en-us/reference/domains/update-the-domain-entity.mdx b/docs/reference/domains/update-the-domain-entity.mdx
similarity index 100%
rename from docs/hc/en-us/reference/domains/update-the-domain-entity.mdx
rename to docs/reference/domains/update-the-domain-entity.mdx
diff --git a/docs/hc/en-us/reference/enterprise-cas/get-enterprise-ca-entity-controllers.mdx b/docs/reference/enterprise-cas/get-enterprise-ca-entity-controllers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/enterprise-cas/get-enterprise-ca-entity-controllers.mdx
rename to docs/reference/enterprise-cas/get-enterprise-ca-entity-controllers.mdx
diff --git a/docs/hc/en-us/reference/enterprise-cas/get-enterprise-ca-entity-info.mdx b/docs/reference/enterprise-cas/get-enterprise-ca-entity-info.mdx
similarity index 100%
rename from docs/hc/en-us/reference/enterprise-cas/get-enterprise-ca-entity-info.mdx
rename to docs/reference/enterprise-cas/get-enterprise-ca-entity-info.mdx
diff --git a/docs/hc/en-us/reference/eula/accept-eula.mdx b/docs/reference/eula/accept-eula.mdx
similarity index 100%
rename from docs/hc/en-us/reference/eula/accept-eula.mdx
rename to docs/reference/eula/accept-eula.mdx
diff --git a/docs/hc/en-us/reference/events-schedules/create-event.mdx b/docs/reference/events-schedules/create-event.mdx
similarity index 100%
rename from docs/hc/en-us/reference/events-schedules/create-event.mdx
rename to docs/reference/events-schedules/create-event.mdx
diff --git a/docs/hc/en-us/reference/events-schedules/delete-event.mdx b/docs/reference/events-schedules/delete-event.mdx
similarity index 100%
rename from docs/hc/en-us/reference/events-schedules/delete-event.mdx
rename to docs/reference/events-schedules/delete-event.mdx
diff --git a/docs/hc/en-us/reference/events-schedules/get-event.mdx b/docs/reference/events-schedules/get-event.mdx
similarity index 100%
rename from docs/hc/en-us/reference/events-schedules/get-event.mdx
rename to docs/reference/events-schedules/get-event.mdx
diff --git a/docs/hc/en-us/reference/events-schedules/list-events.mdx b/docs/reference/events-schedules/list-events.mdx
similarity index 100%
rename from docs/hc/en-us/reference/events-schedules/list-events.mdx
rename to docs/reference/events-schedules/list-events.mdx
diff --git a/docs/hc/en-us/reference/events-schedules/update-event.mdx b/docs/reference/events-schedules/update-event.mdx
similarity index 100%
rename from docs/hc/en-us/reference/events-schedules/update-event.mdx
rename to docs/reference/events-schedules/update-event.mdx
diff --git a/docs/hc/en-us/reference/gpos/get-gpo-entity-computer.mdx b/docs/reference/gpos/get-gpo-entity-computer.mdx
similarity index 100%
rename from docs/hc/en-us/reference/gpos/get-gpo-entity-computer.mdx
rename to docs/reference/gpos/get-gpo-entity-computer.mdx
diff --git a/docs/hc/en-us/reference/gpos/get-gpo-entity-controllers.mdx b/docs/reference/gpos/get-gpo-entity-controllers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/gpos/get-gpo-entity-controllers.mdx
rename to docs/reference/gpos/get-gpo-entity-controllers.mdx
diff --git a/docs/hc/en-us/reference/gpos/get-gpo-entity-info.mdx b/docs/reference/gpos/get-gpo-entity-info.mdx
similarity index 100%
rename from docs/hc/en-us/reference/gpos/get-gpo-entity-info.mdx
rename to docs/reference/gpos/get-gpo-entity-info.mdx
diff --git a/docs/hc/en-us/reference/gpos/get-gpo-entity-ous.mdx b/docs/reference/gpos/get-gpo-entity-ous.mdx
similarity index 100%
rename from docs/hc/en-us/reference/gpos/get-gpo-entity-ous.mdx
rename to docs/reference/gpos/get-gpo-entity-ous.mdx
diff --git a/docs/hc/en-us/reference/gpos/get-gpo-entity-tier-zero.mdx b/docs/reference/gpos/get-gpo-entity-tier-zero.mdx
similarity index 100%
rename from docs/hc/en-us/reference/gpos/get-gpo-entity-tier-zero.mdx
rename to docs/reference/gpos/get-gpo-entity-tier-zero.mdx
diff --git a/docs/hc/en-us/reference/gpos/get-gpo-entity-users.mdx b/docs/reference/gpos/get-gpo-entity-users.mdx
similarity index 100%
rename from docs/hc/en-us/reference/gpos/get-gpo-entity-users.mdx
rename to docs/reference/gpos/get-gpo-entity-users.mdx
diff --git a/docs/hc/en-us/reference/graph/get-path-composition.mdx b/docs/reference/graph/get-path-composition.mdx
similarity index 100%
rename from docs/hc/en-us/reference/graph/get-path-composition.mdx
rename to docs/reference/graph/get-path-composition.mdx
diff --git a/docs/hc/en-us/reference/graph/get-pathfinding-result.mdx b/docs/reference/graph/get-pathfinding-result.mdx
similarity index 100%
rename from docs/hc/en-us/reference/graph/get-pathfinding-result.mdx
rename to docs/reference/graph/get-pathfinding-result.mdx
diff --git a/docs/hc/en-us/reference/graph/get-search-result.mdx b/docs/reference/graph/get-search-result.mdx
similarity index 100%
rename from docs/hc/en-us/reference/graph/get-search-result.mdx
rename to docs/reference/graph/get-search-result.mdx
diff --git a/docs/hc/en-us/reference/graph/get-the-shortest-path-graph.mdx b/docs/reference/graph/get-the-shortest-path-graph.mdx
similarity index 100%
rename from docs/hc/en-us/reference/graph/get-the-shortest-path-graph.mdx
rename to docs/reference/graph/get-the-shortest-path-graph.mdx
diff --git a/docs/hc/en-us/reference/groups/get-group-entity-admin-rights.mdx b/docs/reference/groups/get-group-entity-admin-rights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/groups/get-group-entity-admin-rights.mdx
rename to docs/reference/groups/get-group-entity-admin-rights.mdx
diff --git a/docs/hc/en-us/reference/groups/get-group-entity-controllables.mdx b/docs/reference/groups/get-group-entity-controllables.mdx
similarity index 100%
rename from docs/hc/en-us/reference/groups/get-group-entity-controllables.mdx
rename to docs/reference/groups/get-group-entity-controllables.mdx
diff --git a/docs/hc/en-us/reference/groups/get-group-entity-controllers.mdx b/docs/reference/groups/get-group-entity-controllers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/groups/get-group-entity-controllers.mdx
rename to docs/reference/groups/get-group-entity-controllers.mdx
diff --git a/docs/hc/en-us/reference/groups/get-group-entity-dcomrights.mdx b/docs/reference/groups/get-group-entity-dcomrights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/groups/get-group-entity-dcomrights.mdx
rename to docs/reference/groups/get-group-entity-dcomrights.mdx
diff --git a/docs/hc/en-us/reference/groups/get-group-entity-info.mdx b/docs/reference/groups/get-group-entity-info.mdx
similarity index 100%
rename from docs/hc/en-us/reference/groups/get-group-entity-info.mdx
rename to docs/reference/groups/get-group-entity-info.mdx
diff --git a/docs/hc/en-us/reference/groups/get-group-entity-members.mdx b/docs/reference/groups/get-group-entity-members.mdx
similarity index 100%
rename from docs/hc/en-us/reference/groups/get-group-entity-members.mdx
rename to docs/reference/groups/get-group-entity-members.mdx
diff --git a/docs/hc/en-us/reference/groups/get-group-entity-memberships.mdx b/docs/reference/groups/get-group-entity-memberships.mdx
similarity index 100%
rename from docs/hc/en-us/reference/groups/get-group-entity-memberships.mdx
rename to docs/reference/groups/get-group-entity-memberships.mdx
diff --git a/docs/hc/en-us/reference/groups/get-group-entity-powershell-remote-rights.mdx b/docs/reference/groups/get-group-entity-powershell-remote-rights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/groups/get-group-entity-powershell-remote-rights.mdx
rename to docs/reference/groups/get-group-entity-powershell-remote-rights.mdx
diff --git a/docs/hc/en-us/reference/groups/get-group-entity-rdp-rights.mdx b/docs/reference/groups/get-group-entity-rdp-rights.mdx
similarity index 100%
rename from docs/hc/en-us/reference/groups/get-group-entity-rdp-rights.mdx
rename to docs/reference/groups/get-group-entity-rdp-rights.mdx
diff --git a/docs/hc/en-us/reference/groups/get-group-entity-sessions.mdx b/docs/reference/groups/get-group-entity-sessions.mdx
similarity index 100%
rename from docs/hc/en-us/reference/groups/get-group-entity-sessions.mdx
rename to docs/reference/groups/get-group-entity-sessions.mdx
diff --git a/docs/hc/en-us/reference/jobs/cancels-a-scheduled-job.mdx b/docs/reference/jobs/cancels-a-scheduled-job.mdx
similarity index 100%
rename from docs/hc/en-us/reference/jobs/cancels-a-scheduled-job.mdx
rename to docs/reference/jobs/cancels-a-scheduled-job.mdx
diff --git a/docs/hc/en-us/reference/jobs/get-client-current-job.mdx b/docs/reference/jobs/get-client-current-job.mdx
similarity index 100%
rename from docs/hc/en-us/reference/jobs/get-client-current-job.mdx
rename to docs/reference/jobs/get-client-current-job.mdx
diff --git a/docs/hc/en-us/reference/jobs/get-client-job.mdx b/docs/reference/jobs/get-client-job.mdx
similarity index 100%
rename from docs/hc/en-us/reference/jobs/get-client-job.mdx
rename to docs/reference/jobs/get-client-job.mdx
diff --git a/docs/hc/en-us/reference/jobs/get-job-log-file.mdx b/docs/reference/jobs/get-job-log-file.mdx
similarity index 100%
rename from docs/hc/en-us/reference/jobs/get-job-log-file.mdx
rename to docs/reference/jobs/get-job-log-file.mdx
diff --git a/docs/hc/en-us/reference/jobs/get-jobs.mdx b/docs/reference/jobs/get-jobs.mdx
similarity index 100%
rename from docs/hc/en-us/reference/jobs/get-jobs.mdx
rename to docs/reference/jobs/get-jobs.mdx
diff --git a/docs/hc/en-us/reference/jobs/list-available-client-jobs.mdx b/docs/reference/jobs/list-available-client-jobs.mdx
similarity index 100%
rename from docs/hc/en-us/reference/jobs/list-available-client-jobs.mdx
rename to docs/reference/jobs/list-available-client-jobs.mdx
diff --git a/docs/hc/en-us/reference/jobs/list-finished-jobs.mdx b/docs/reference/jobs/list-finished-jobs.mdx
similarity index 100%
rename from docs/hc/en-us/reference/jobs/list-finished-jobs.mdx
rename to docs/reference/jobs/list-finished-jobs.mdx
diff --git a/docs/hc/en-us/reference/jobs/notifies-the-api-of-a-job-ending.mdx b/docs/reference/jobs/notifies-the-api-of-a-job-ending.mdx
similarity index 100%
rename from docs/hc/en-us/reference/jobs/notifies-the-api-of-a-job-ending.mdx
rename to docs/reference/jobs/notifies-the-api-of-a-job-ending.mdx
diff --git a/docs/hc/en-us/reference/jobs/notifies-the-api-of-a-job-start.mdx b/docs/reference/jobs/notifies-the-api-of-a-job-start.mdx
similarity index 100%
rename from docs/hc/en-us/reference/jobs/notifies-the-api-of-a-job-start.mdx
rename to docs/reference/jobs/notifies-the-api-of-a-job-start.mdx
diff --git a/docs/hc/en-us/reference/meta-entities/get-meta-entity-info.mdx b/docs/reference/meta-entities/get-meta-entity-info.mdx
similarity index 100%
rename from docs/hc/en-us/reference/meta-entities/get-meta-entity-info.mdx
rename to docs/reference/meta-entities/get-meta-entity-info.mdx
diff --git a/docs/hc/en-us/reference/nt-auth-stores/get-nt-auth-store-entity-controllers.mdx b/docs/reference/nt-auth-stores/get-nt-auth-store-entity-controllers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/nt-auth-stores/get-nt-auth-store-entity-controllers.mdx
rename to docs/reference/nt-auth-stores/get-nt-auth-store-entity-controllers.mdx
diff --git a/docs/hc/en-us/reference/nt-auth-stores/get-nt-auth-store-entity-info.mdx b/docs/reference/nt-auth-stores/get-nt-auth-store-entity-info.mdx
similarity index 100%
rename from docs/hc/en-us/reference/nt-auth-stores/get-nt-auth-store-entity-info.mdx
rename to docs/reference/nt-auth-stores/get-nt-auth-store-entity-info.mdx
diff --git a/docs/hc/en-us/reference/ous/get-ou-entity-computers.mdx b/docs/reference/ous/get-ou-entity-computers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ous/get-ou-entity-computers.mdx
rename to docs/reference/ous/get-ou-entity-computers.mdx
diff --git a/docs/hc/en-us/reference/ous/get-ou-entity-gpos.mdx b/docs/reference/ous/get-ou-entity-gpos.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ous/get-ou-entity-gpos.mdx
rename to docs/reference/ous/get-ou-entity-gpos.mdx
diff --git a/docs/hc/en-us/reference/ous/get-ou-entity-groups.mdx b/docs/reference/ous/get-ou-entity-groups.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ous/get-ou-entity-groups.mdx
rename to docs/reference/ous/get-ou-entity-groups.mdx
diff --git a/docs/hc/en-us/reference/ous/get-ou-entity-info.mdx b/docs/reference/ous/get-ou-entity-info.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ous/get-ou-entity-info.mdx
rename to docs/reference/ous/get-ou-entity-info.mdx
diff --git a/docs/hc/en-us/reference/ous/get-ou-entity-users.mdx b/docs/reference/ous/get-ou-entity-users.mdx
similarity index 100%
rename from docs/hc/en-us/reference/ous/get-ou-entity-users.mdx
rename to docs/reference/ous/get-ou-entity-users.mdx
diff --git a/docs/hc/en-us/reference/permissions/get-permission.mdx b/docs/reference/permissions/get-permission.mdx
similarity index 100%
rename from docs/hc/en-us/reference/permissions/get-permission.mdx
rename to docs/reference/permissions/get-permission.mdx
diff --git a/docs/hc/en-us/reference/permissions/list-permissions.mdx b/docs/reference/permissions/list-permissions.mdx
similarity index 100%
rename from docs/hc/en-us/reference/permissions/list-permissions.mdx
rename to docs/reference/permissions/list-permissions.mdx
diff --git a/docs/hc/en-us/reference/risk-posture/get-posture-statistics.mdx b/docs/reference/risk-posture/get-posture-statistics.mdx
similarity index 100%
rename from docs/hc/en-us/reference/risk-posture/get-posture-statistics.mdx
rename to docs/reference/risk-posture/get-posture-statistics.mdx
diff --git a/docs/hc/en-us/reference/roles/get-role.mdx b/docs/reference/roles/get-role.mdx
similarity index 100%
rename from docs/hc/en-us/reference/roles/get-role.mdx
rename to docs/reference/roles/get-role.mdx
diff --git a/docs/hc/en-us/reference/roles/list-roles.mdx b/docs/reference/roles/list-roles.mdx
similarity index 100%
rename from docs/hc/en-us/reference/roles/list-roles.mdx
rename to docs/reference/roles/list-roles.mdx
diff --git a/docs/hc/en-us/reference/root-cas/get-root-ca-entity-controllers.mdx b/docs/reference/root-cas/get-root-ca-entity-controllers.mdx
similarity index 100%
rename from docs/hc/en-us/reference/root-cas/get-root-ca-entity-controllers.mdx
rename to docs/reference/root-cas/get-root-ca-entity-controllers.mdx
diff --git a/docs/hc/en-us/reference/root-cas/get-root-ca-entity-info.mdx b/docs/reference/root-cas/get-root-ca-entity-info.mdx
similarity index 100%
rename from docs/hc/en-us/reference/root-cas/get-root-ca-entity-info.mdx
rename to docs/reference/root-cas/get-root-ca-entity-info.mdx
diff --git a/docs/hc/en-us/reference/search/get-available-domains.mdx b/docs/reference/search/get-available-domains.mdx
similarity index 100%
rename from docs/hc/en-us/reference/search/get-available-domains.mdx
rename to docs/reference/search/get-available-domains.mdx
diff --git a/docs/hc/en-us/reference/search/search-for-objects.mdx b/docs/reference/search/search-for-objects.mdx
similarity index 100%
rename from docs/hc/en-us/reference/search/search-for-objects.mdx
rename to docs/reference/search/search-for-objects.mdx
diff --git a/docs/hc/en-us/articles/Getting-Help-and-the-BloodHound-community.mdx b/docs/resources/community-support/getting-help.mdx
similarity index 96%
rename from docs/hc/en-us/articles/Getting-Help-and-the-BloodHound-community.mdx
rename to docs/resources/community-support/getting-help.mdx
index f0caf4633c..c8f7767fc9 100644
--- a/docs/hc/en-us/articles/Getting-Help-and-the-BloodHound-community.mdx
+++ b/docs/resources/community-support/getting-help.mdx
@@ -3,7 +3,7 @@ title: Getting Help and the BloodHound community
---
-
+
## SpecterOps ❤️ Community
diff --git a/docs/hc/en-us/sections/Community-and-Support.mdx b/docs/resources/community-support/overview.mdx
similarity index 100%
rename from docs/hc/en-us/sections/Community-and-Support.mdx
rename to docs/resources/community-support/overview.mdx
diff --git a/docs/hc/en-us/articles/Additional-Training-and-Resources.mdx b/docs/resources/community-support/training-resources.mdx
similarity index 60%
rename from docs/hc/en-us/articles/Additional-Training-and-Resources.mdx
rename to docs/resources/community-support/training-resources.mdx
index 24464841be..c7bd3fc496 100644
--- a/docs/hc/en-us/articles/Additional-Training-and-Resources.mdx
+++ b/docs/resources/community-support/training-resources.mdx
@@ -4,45 +4,45 @@ title: Additional Training and Resources
## BloodHound and attack paths
-* [BloodHound Docs](/hc/en-us), searchable for various topics and documentation on edges/attack paths
-* [Bloodhound Enterprise: securing Active Directory using graph theory](https://specterops.io/blog/2023/10/20/bloodhound-enterprise-securing-active-directory-using-graph-theory/)
+* [BloodHound Docs](/), searchable for various topics and documentation on edges/attack paths
+* [BloodHound Enterprise: securing Active Directory using graph theory](https://specterops.io/blog/2023/10/20/bloodhound-enterprise-securing-active-directory-using-graph-theory/)
* [Attack Path management the BloodHound Enterprise Way](https://www.youtube.com/watch?v=O-Ucq-VLcj4)
* [The Ultimate Guide for BloodHound Community Edition](https://m4lwhere.medium.com/the-ultimate-guide-for-bloodhound-community-edition-bhce-80b574595acf)
* [Microsoft Breach — How Can I See This In BloodHound?](https://specterops.io/blog/2024/02/02/microsoft-breach-how-can-i-see-this-in-bloodhound/)
* [Hybrid Attack Paths, New Views and your favorite dog learns an old trick](https://specterops.io/blog/2024/08/02/hybrid-attack-paths-new-views-and-your-favorite-dog-learns-an-old-trick/)
-* On-prem Exchange attack paths: [Pwned by the Mail Carrier](https://specterops.io/blog/2024/03/20/pwned-by-the-mail-carrier/)
-* [The Dog Whisperer's Handbook](https://insinuator.net/2018/11/the-dog-whisperers-handbook/) \[PDF\] (created for the legacy community version, but the concepts still apply)
+* On-prem Exchange attack paths: [Pwned by the Mail Carrier](https://specterops.io/blog/2024/03/20/pwned-by-the-mail-carrier/)
+* [The Dog Whisperer's Handbook](https://insinuator.net/2018/11/the-dog-whisperers-handbook/) [PDF] (created for the legacy community version, but the concepts still apply)
* [BloodHound CE + AWS IAM Identity Center](https://www.linkedin.com/pulse/bloodhound-ce-aws-iam-identity-center-philipp-zinser-xywee/)
## Cypher
* [Cypher Queries in BloodHound Enterprise](https://specterops.io/blog/2024/01/10/cypher-queries-in-bloodhound-enterprise/)
-* [Searching with Cypher](/hc/en-us/articles/Searching-with-Cypher)
+* [Searching with Cypher](/analyze-data/bloodhound-gui/cypher-search)
* Search the internet for "BloodHound Cypher" for more community guides and cheat sheet
## Tiering
* "What is Tier Zero" series
-* Part 1 [blog post](https://specterops.io/blog/2023/06/22/what-is-tier-zero-part-1/) and [webinar recording](https://www.youtube.com/watch?v=5Ho83R9Jy68)
-* Part 2 [blog post](https://specterops.io/blog/2023/09/14/what-is-tier-zero-part-2/) and [webinar recording](https://www.youtube.com/watch?v=SAI3mXQgy_I)
-* Part 3 [webinar recording](https://www.youtube.com/watch?v=ykrse1rsvy4)
+* Part 1 [blog post](https://specterops.io/blog/2023/06/22/what-is-tier-zero-part-1/) and [webinar recording](https://www.youtube.com/watch?v=5Ho83R9Jy68)
+* Part 2 [blog post](https://specterops.io/blog/2023/09/14/what-is-tier-zero-part-2/) and [webinar recording](https://www.youtube.com/watch?v=SAI3mXQgy_I)
+* Part 3 [webinar recording](https://www.youtube.com/watch?v=ykrse1rsvy4)
* [Establish security boundaries in your on-prem AD and Azure environment](https://specterops.io/blog/2022/06/20/establish-security-boundaries-in-your-on-prem-ad-and-azure-environment/)
* [At the Edge of Tier Zero: The Curious Case of the RODC](https://specterops.io/blog/2023/01/25/at-the-edge-of-tier-zero-the-curious-case-of-the-rodc/)
## ADCS
* "ADCS Attack Paths in BloodHound" series
- * Part 1 [blog post](https://posts.specterops.io/adcs-attack-paths-in-bloodhound-part-1-799f3d3b03cf)
- * Part 2 [blog post](https://specterops.io/blog/2024/05/01/adcs-attack-paths-in-bloodhound-part-2/)
+ * Part 1 [blog post](https://posts.specterops.io/adcs-attack-paths-in-bloodhound-part-1-799f3d3b03cf)
+ * Part 2 [blog post](https://specterops.io/blog/2024/05/01/adcs-attack-paths-in-bloodhound-part-2/)
* Part 3 [blog post](https://posts.specterops.io/adcs-attack-paths-in-bloodhound-part-3-33efb00856ac)
-* [Webinar recording](https://www.youtube.com/watch?v=o4SSFv5Gfzs) and [slides](https://github.com/SpecterOps/presentations/blob/main/Webinars/2023%2012%2007%20ADCS%20Webinar.pdf)
+* [Webinar recording](https://www.youtube.com/watch?v=o4SSFv5Gfzs) and [slides](https://github.com/SpecterOps/presentations/blob/main/Webinars/2023%2012%2007%20ADCS%20Webinar.pdf)
* [ADCS ESC14 Abuse Technique](https://specterops.io/blog/2024/02/28/adcs-esc14-abuse-technique/)
* [ADCS ESC13 Abuse Technique](https://specterops.io/blog/2024/02/14/adcs-esc13-abuse-technique/)
## SpecterOps general resources
-* [SpecterOps blog](https://specterops.io/blog/) \- topics are BloodHound, detection and adversary tradecraft
-* [SpecterOps events](https://specterops.io/events/) \- upcoming talks, webinars, gatherings and our training courses
+* [SpecterOps blog](https://specterops.io/blog/) - topics are BloodHound, detection and adversary tradecraft
+* [SpecterOps events](https://specterops.io/events/) - upcoming talks, webinars, gatherings and our training courses
* [SpecterOps on YouTube](https://www.youtube.com/@specterops)
* [SpecterOps on X](https://x.com/SpecterOps)
diff --git a/docs/hc/en-us/articles/ADCSESC1.mdx b/docs/resources/edges/adcs-esc1.mdx
similarity index 96%
rename from docs/hc/en-us/articles/ADCSESC1.mdx
rename to docs/resources/edges/adcs-esc1.mdx
index ae87b58ff6..4a119eaa9d 100644
--- a/docs/hc/en-us/articles/ADCSESC1.mdx
+++ b/docs/resources/edges/adcs-esc1.mdx
@@ -4,7 +4,7 @@ description: "This edge indicates that the principal has permission to enroll on
---
-
+
This enterprise CA is trusted for NT authentication in the forest, along with the certificate chain up to the root CA certificate. This setup lets the principal enroll certificates for any AD forest user or computer, enabling authentication and impersonation of any AD forest user or computer without their credentials.
diff --git a/docs/hc/en-us/articles/ADCSESC10a.mdx b/docs/resources/edges/adcs-esc10a.mdx
similarity index 82%
rename from docs/hc/en-us/articles/ADCSESC10a.mdx
rename to docs/resources/edges/adcs-esc10a.mdx
index 25d5a30691..89bd0cba28 100644
--- a/docs/hc/en-us/articles/ADCSESC10a.mdx
+++ b/docs/resources/edges/adcs-esc10a.mdx
@@ -4,18 +4,18 @@ description: "This edge indicates that the principal has control over a victim p
---
-
+
The victim also has enrollment permission for an enterprise CA with the necessary templates published. This enterprise CA is trusted for NT authentication in the forest, and chains up to a root CA for the forest. There is an affected Domain Controller (DC) configured to allow UPN certificate mapping. This setup lets the principal impersonate any AD forest computer, or any user where UPN does not match their sAMAccountName, without knowing their credentials.
-The attacker principal can abuse their control over the victim principal to modify the victim’s UPN to match the sAMAccountName of a targeted principal followed by @CORP.LOCAL.
+The attacker principal can abuse their control over the victim principal to modify the victim's UPN to match the sAMAccountName of a targeted principal followed by @CORP.LOCAL.
Example: If the targeted principal is Administrator user of domain CORP.LOCAL, the victim's UPN will be populated with "Administrator@CORP.LOCAL". The attacker principal will then abuse their control over the victim principal to obtain the credentials of the victim principal, or a session as the victim principal, and enroll a certificate as the victim in one of the affected certificate templates. The UPN of the victim
("Administrator@CORP.LOCAL") will be included in the issued certificate under the SAN. Next, the attacker
principal will again set the UPN of the victim, this time to an arbitrary string (e.g. the original value).
-The issued certificate can now be used for authentication against an affected DC. The UPN certificate mapping configuration on the DC makes the DC use the SAN value to map the certificate to a principal when performing Schannel authentication. The DC will attempt to find a principal with a UPN matching the SAN value (“Administrator@CORP.LOCAL”) but as the victim’s UPN has been changed after the enrollment, there will be no principals with this UPN. The DC will then attempt to find a principal with a{' '}
+The issued certificate can now be used for authentication against an affected DC. The UPN certificate mapping configuration on the DC makes the DC use the SAN value to map the certificate to a principal when performing Schannel authentication. The DC will attempt to find a principal with a UPN matching the SAN value ("Administrator@CORP.LOCAL") but as the victim's UPN has been changed after the enrollment, there will be no principals with this UPN. The DC will then attempt to find a principal with a{' '}
sAMAccountName matching the SAN value and find the targeted user. In case the target is a computer, the DC will find it, and the DC will attempt sAMAccountName matching with a $ at the end of the SAN value as last resort. At last, the DC will authenticate the attacker as the targeted principal.
## Abuse Info
@@ -49,7 +49,7 @@ If the certificate template is of schema version 2 or above, and its attribute '
If the certificate template is of schema version 1 or does not have any of the email flags, then
continue to Step 4.
-If any of the two flags are present, you will need the victim’s mail attribute to be set. The value of
+If any of the two flags are present, you will need the victim's mail attribute to be set. The value of
the attribute will be included in the issues certificate but it is not used to identify the target
principal why it can be set to any arbitrary string.
@@ -67,18 +67,18 @@ If the victim does not has the mail attribute set, set it to a dummy mail using
Set-DomainObject -Identity VICTIM -Set @{'mail'='dummy@mail.com'}
```
-Step 4: Obtain a session as victim. There are several options for this step.
+Step 4: Obtain a session as victim. There are several options for this step.
If the victim is a computer, you can obtain the credentials of the computer account using the Shadow
-Credentials attack (see [AddKeyCredentialLink edge](/hc/en-us/articles/AddKeyCredentialLink) documentation).
+Credentials attack (see [AddKeyCredentialLink edge](/resources/edges/add-key-credential-link) documentation).
-Alternatively, you can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/hc/en-us/articles/GenericAll) documentation).
+Alternatively, you can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/resources/edges/generic-all) documentation).
If the victim is a user, you have the following options for obtaining the credentials:
-* Shadow Credentials attack (see [AddKeyCredentialLink edge](/hc/en-us/articles/AddKeyCredentialLink) documentation).
-* Password reset (see [ForceChangePassword edge](/hc/en-us/articles/ForceChangePassword) documentation).
-* Targeted Kerberoasting (see [WriteSPN edge](/hc/en-us/articles/WriteSPN) documentation).
+* Shadow Credentials attack (see [AddKeyCredentialLink edge](/resources/edges/add-key-credential-link) documentation).
+* Password reset (see [ForceChangePassword edge](/resources/edges/force-change-password) documentation).
+* Targeted Kerberoasting (see [WriteSPN edge](/resources/edges/write-spn) documentation).
Step 5: Enroll certificate as victim. Use Certipy as the victim principal to request enrollment in the affected template, specifying the affected EnterpriseCA:
@@ -120,7 +120,7 @@ If the certificate template is of schema version 2 or above, and its attribute '
If the certificate template is of schema version 1 or does not have any of the email flags, then
continue to Step 3.
-If any of the two flags are present, you will need the victim’s mail attribute to be set. The value of
+If any of the two flags are present, you will need the victim's mail attribute to be set. The value of
the attribute will be included in the issues certificate but it is not used to identify the target
principal why it can be set to any arbitrary string.
@@ -137,18 +137,18 @@ If the victim does not has the mail attribute set, set it to a dummy mail using
echo -e "dn: VICTIM-DN\nchangetype: modify\nreplace: mail\nmail: test@mail.com" | ldapmodify -x -D "ATTACKER-DN" -w 'PWD' -h DOMAIN-DNS-NAME
```
-Step 3: Obtain the credentials of victim. There are several options for this step.
+Step 3: Obtain the credentials of victim. There are several options for this step.
If the victim is a computer, you can obtain the credentials of the computer account using the Shadow
-Credentials attack (see [AddKeyCredentialLink edge](/hc/en-us/articles/AddKeyCredentialLink) documentation).
+Credentials attack (see [AddKeyCredentialLink edge](/resources/edges/add-key-credential-link) documentation).
-Alternatively, you can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/hc/en-us/articles/GenericAll) documentation).
+Alternatively, you can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/resources/edges/generic-all) documentation).
If the victim is a user, you have the following options for obtaining the credentials:
-* Shadow Credentials attack (see [AddKeyCredentialLink edge](/hc/en-us/articles/AddKeyCredentialLink) documentation).
-* Password reset (see [ForceChangePassword edge](/hc/en-us/articles/ForceChangePassword) documentation).
-* Targeted Kerberoasting (see [WriteSPN edge](/hc/en-us/articles/WriteSPN) documentation).
+* Shadow Credentials attack (see [AddKeyCredentialLink edge](/resources/edges/add-key-credential-link) documentation).
+* Password reset (see [ForceChangePassword edge](/resources/edges/force-change-password) documentation).
+* Targeted Kerberoasting (see [WriteSPN edge](/resources/edges/write-spn) documentation).
Step 4: Enroll certificate as victim. Use Certipy as the victim principal to request enrollment in the affected template, specifying the affected EnterpriseCA:
diff --git a/docs/hc/en-us/articles/ADCSESC10b.mdx b/docs/resources/edges/adcs-esc10b.mdx
similarity index 92%
rename from docs/hc/en-us/articles/ADCSESC10b.mdx
rename to docs/resources/edges/adcs-esc10b.mdx
index 8b14b07e8b..df861093ac 100644
--- a/docs/hc/en-us/articles/ADCSESC10b.mdx
+++ b/docs/resources/edges/adcs-esc10b.mdx
@@ -5,7 +5,7 @@ description: "The principal has control over a victim computer with permission t
-
+
The victim computer also has enrollment permission for an enterprise CA with the necessary templates published. This enterprise CA is trusted for NT authentication in the forest, and chains up to a root CA for the forest. There is an affected Domain Controller (DC) configured to allow UPN certificate mapping. This setup lets the principal impersonate any AD forest computer without their credentials.
@@ -51,7 +51,7 @@ If the certificate template is of schema version 2 or above, and its attribute '
If the certificate template is of schema version 1 or does not have any of the email flags, then
continue to Step 5.
-If any of the two flags are present, you will need the victim’s mail attribute to be set. The value of
+If any of the two flags are present, you will need the victim's mail attribute to be set. The value of
the attribute will be included in the issues certificate but it is not used to identify the target
principal why it can be set to any arbitrary string.
@@ -69,7 +69,7 @@ Set-DomainObject -Identity VICTIM -Set @{'mail'='dummy@mail.com'}
```
Step 5: Obtain a session as victim. There are several options for this step.
-You can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/hc/en-us/articles/GenericAll) documentation).
+You can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/resources/edges/generic-all) documentation).
Step 6: Enroll certificate as victim.
@@ -83,7 +83,7 @@ The issued certificate will be saved to disk with the name of the targeted user.
Step 7 (Optional): Set `dNSHostName` and SPN of victim to the previous value.
-To avoid issues in the environment, set the `dNSHostName` and SPN of the victim computer back to it’s previous values using Certipy and PowerView:
+To avoid issues in the environment, set the `dNSHostName` and SPN of the victim computer back to it's previous values using Certipy and PowerView:
```bash
Certipy.exe account update -u ATTACKER@CORP.LOCAL -p PWD -user VICTIM$ -dns VICTIM.CORP.LOCAL
@@ -126,7 +126,7 @@ If the certificate template is of schema version 2 or above, and its attribute '
If the certificate template is of schema version 1 or does not have any of the email flags, then
continue to Step 4.
-If any of the two flags are present, you will need the victim’s mail attribute to be set. The value of
+If any of the two flags are present, you will need the victim's mail attribute to be set. The value of
the attribute will be included in the issues certificate but it is not used to identify the target
principal why it can be set to any arbitrary string.
@@ -146,7 +146,7 @@ echo -e "dn: VICTIM-DN\nchangetype: modify\nreplace: mail\nmail: test@mail.com"
Step 4: Obtain a session as victim. There are several options for this step.
-You can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/hc/en-us/articles/GenericAll) documentation).
+You can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/resources/edges/generic-all) documentation).
Step 5: Enroll certificate as victim.
@@ -160,7 +160,7 @@ The issued certificate will be saved to disk with the name of the targeted user.
Step 6 (Optional): Set `dNSHostName` and SPN of victim to the previous value.
-To avoid issues in the environment, set the `dNSHostName` and SPN of the victim computer back to it’s previous value using Certipy and ldapmodify:
+To avoid issues in the environment, set the `dNSHostName` and SPN of the victim computer back to it's previous value using Certipy and ldapmodify:
```bash
certipy account update -username ATTACKER@CORP.LOCAL -password PWD -user VICTIM -dns VICTIM.CORP.LOCAL
diff --git a/docs/hc/en-us/articles/ADCSESC13.mdx b/docs/resources/edges/adcs-esc13.mdx
similarity index 97%
rename from docs/hc/en-us/articles/ADCSESC13.mdx
rename to docs/resources/edges/adcs-esc13.mdx
index 7c1f423078..3aa4893f3c 100644
--- a/docs/hc/en-us/articles/ADCSESC13.mdx
+++ b/docs/resources/edges/adcs-esc13.mdx
@@ -4,7 +4,7 @@ description: "The ADCSESC13 edge indicates that the principal has the privileges
---
-
+
The issuance policy has an OID group link to an AD group. The principal also has enrollment permission for an enterprise CA with the necessary template published. This enterprise CA is trusted for NT authentication and chains up to a root CA for the forest. This setup allows the principal to enroll a certificate that the principal can use to obtain access to the environment as a member of the group specified in the OID group link.
diff --git a/docs/hc/en-us/articles/ADCSESC3.mdx b/docs/resources/edges/adcs-esc3.mdx
similarity index 97%
rename from docs/hc/en-us/articles/ADCSESC3.mdx
rename to docs/resources/edges/adcs-esc3.mdx
index 6e78e6cba8..2e797cd45a 100644
--- a/docs/hc/en-us/articles/ADCSESC3.mdx
+++ b/docs/resources/edges/adcs-esc3.mdx
@@ -5,7 +5,7 @@ certificate."
---
-
+
They also have permission to enroll for a certificate template that permits enrollment by
diff --git a/docs/hc/en-us/articles/ADCSESC4.mdx b/docs/resources/edges/adcs-esc4.mdx
similarity index 97%
rename from docs/hc/en-us/articles/ADCSESC4.mdx
rename to docs/resources/edges/adcs-esc4.mdx
index 2795adc74a..da098c4208 100644
--- a/docs/hc/en-us/articles/ADCSESC4.mdx
+++ b/docs/resources/edges/adcs-esc4.mdx
@@ -5,7 +5,7 @@ description: "The ADCSESC4 edge indicates that the principal has the privileges
-
+
The principal has permissions to modify the settings on one or more certificate templates, enabling the principal configure the certificate templates for ADCS ESC1 conditions, which allows them to specify an alternate subject name and use the certificate for authentication. They also has enrollment permission for an enterprise CA with the necessary templates published. This enterprise CA is trusted for NT authentication and chains up to a root CA for the forest. This setup lets the principal modify the certificate templates to allow enrollment as any targeted AD forest user or computer without knowing their credentials, and impersonation of those targets by certificate authentication.
@@ -176,7 +176,7 @@ certipy template -username john@corp.local -password Passw0rd -template ESC4-Tes
```
Restoring the configuration is vital as the the vulnerable configuration grants Full Control to Authenticated Users.
-The certificate template is now vulnerable to the ESC1 technique. See [ADCSESC1](/hc/en-us/articles/ADCSESC1) for instructions.
+The certificate template is now vulnerable to the ESC1 technique. See [ADCSESC1](/resources/edges/adcs-esc1) for instructions.
### Step 1: Ensure the certificate template allows for client authentication
@@ -625,7 +625,7 @@ The principal can now perform an ESC1 attack.
### Step 6: Perform ESC1 attack
-See [ADCSESC1](/hc/en-us/articles/ADCSESC1) for instructions.
+See [ADCSESC1](/resources/edges/adcs-esc1) for instructions.
## Opsec Considerations
diff --git a/docs/hc/en-us/articles/ADCSESC6a.mdx b/docs/resources/edges/adcs-esc6a.mdx
similarity index 97%
rename from docs/hc/en-us/articles/ADCSESC6a.mdx
rename to docs/resources/edges/adcs-esc6a.mdx
index 8622d12fe4..1e84405db3 100644
--- a/docs/hc/en-us/articles/ADCSESC6a.mdx
+++ b/docs/resources/edges/adcs-esc6a.mdx
@@ -4,7 +4,7 @@ description: The principal has permission to enroll on one or more certificate t
---
-
+
diff --git a/docs/hc/en-us/articles/ADCSESC6b.mdx b/docs/resources/edges/adcs-esc6b.mdx
similarity index 97%
rename from docs/hc/en-us/articles/ADCSESC6b.mdx
rename to docs/resources/edges/adcs-esc6b.mdx
index 0c160acf58..87a2806a96 100644
--- a/docs/hc/en-us/articles/ADCSESC6b.mdx
+++ b/docs/resources/edges/adcs-esc6b.mdx
@@ -5,7 +5,7 @@ description: The principal has permission to enroll on one or more certificate t
-
+
diff --git a/docs/hc/en-us/articles/ADCSESC9a.mdx b/docs/resources/edges/adcs-esc9a.mdx
similarity index 69%
rename from docs/hc/en-us/articles/ADCSESC9a.mdx
rename to docs/resources/edges/adcs-esc9a.mdx
index 33ce0cdc7c..144b915fac 100644
--- a/docs/hc/en-us/articles/ADCSESC9a.mdx
+++ b/docs/resources/edges/adcs-esc9a.mdx
@@ -4,10 +4,10 @@ description: "The principal has control over a victim principal with permission
---
-
+
-The victim also has enrollment permission for an enterprise CA with the necessary templates published. This enterprise CA is trusted for NT authentication in the forest, and chains up to a root CA for the forest. There is an affected Domain Controller (DC) configured to allow weak certificate binding enforcement. This setup lets the principal impersonate any AD forest principal (user or computer) without their credentials. The attacker principal can abuse their control over the victim principal to modify the victim’s UPN to match the `sAMAccountName` of a targeted principal. Example: If the targeted principal is Administrator@corp.local user, the victim's UPN will be populated with "Administrator" (without the @corp.local ending). The attacker principal will then abuse their control over the victim principal to obtain the credentials of the victim principal, or a session as the victim principal, and enroll a certificate as the victim in one of the affected certificate templates. The UPN of the victim ("Administrator") will be included in the issued certificate under the SAN. As the certificate template does not have the security extension, it will NOT include the SID of the victim user in the issued certificate. Next, the attacker principal will again set the UPN of the victim, this time to an arbitrary string (e.g. the original value). The issued certificate can now be used for authentication against an affected DC. The weak certificate binding configuration on the DC will make the DC accept that the SID of the victim user is not present in the issued certificate when performing Kerberos authentication, and it will use the SAN value to map the certificate to a principal. The DC will attempt to find a principal with a UPN matching the SAN value (“Administrator”) but as the victim’s UPN has been changed after the enrollment, there will be no principals with this UPN. The DC will then attempt to find a principal with a `sAMAccountName` matching the SAN value and find the targeted user. At last, the DC issues a Kerberos TGT as the targeted user to the attacker, which means the attacker now has a session as the targeted user. In case the target is a computer, the DC will find it as well as the DC will attempt `sAMAccountName` matching with a $ at the end of the SAN value as last resort.
+The victim also has enrollment permission for an enterprise CA with the necessary templates published. This enterprise CA is trusted for NT authentication in the forest, and chains up to a root CA for the forest. There is an affected Domain Controller (DC) configured to allow weak certificate binding enforcement. This setup lets the principal impersonate any AD forest principal (user or computer) without their credentials. The attacker principal can abuse their control over the victim principal to modify the victim's UPN to match the `sAMAccountName` of a targeted principal. Example: If the targeted principal is Administrator@corp.local user, the victim's UPN will be populated with "Administrator" (without the @corp.local ending). The attacker principal will then abuse their control over the victim principal to obtain the credentials of the victim principal, or a session as the victim principal, and enroll a certificate as the victim in one of the affected certificate templates. The UPN of the victim ("Administrator") will be included in the issued certificate under the SAN. As the certificate template does not have the security extension, it will NOT include the SID of the victim user in the issued certificate. Next, the attacker principal will again set the UPN of the victim, this time to an arbitrary string (e.g. the original value). The issued certificate can now be used for authentication against an affected DC. The weak certificate binding configuration on the DC will make the DC accept that the SID of the victim user is not present in the issued certificate when performing Kerberos authentication, and it will use the SAN value to map the certificate to a principal. The DC will attempt to find a principal with a UPN matching the SAN value ("Administrator") but as the victim's UPN has been changed after the enrollment, there will be no principals with this UPN. The DC will then attempt to find a principal with a `sAMAccountName` matching the SAN value and find the targeted user. At last, the DC issues a Kerberos TGT as the targeted user to the attacker, which means the attacker now has a session as the targeted user. In case the target is a computer, the DC will find it as well as the DC will attempt `sAMAccountName` matching with a $ at the end of the SAN value as last resort.
## Abuse Info
@@ -25,7 +25,7 @@ If the certificate template is of schema version 2 or above, and its attribute '
If the certificate template is of schema version 1 or does not have any of the email flags, then
continue to Step 3.
-If any of the two flags are present, you will need the victim’s mail attribute to be set. The value of
+If any of the two flags are present, you will need the victim's mail attribute to be set. The value of
the attribute will be included in the issues certificate but it is not used to identify the target
principal why it can be set to any arbitrary string.
@@ -41,18 +41,18 @@ If the victim does not has the mail attribute set, set it to a dummy mail using
```bash
Set-DomainObject -Identity VICTIM -Set @{'mail'='dummy@mail.com'}
```
-Step 3: Obtain a session as victim. There are several options for this step.
+Step 3: Obtain a session as victim. There are several options for this step.
If the victim is a computer, you can obtain the credentials of the computer account using the Shadow
-Credentials attack (see [AddKeyCredentialLink edge](/hc/en-us/articles/AddKeyCredentialLink) documentation).
+Credentials attack (see [AddKeyCredentialLink edge](/resources/edges/add-key-credential-link) documentation).
-Alternatively, you can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/hc/en-us/articles/GenericAll) documentation).
+Alternatively, you can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/resources/edges/generic-all) documentation).
If the victim is a user, you have the following options for obtaining the credentials:
-* Shadow Credentials attack (see [AddKeyCredentialLink edge](/hc/en-us/articles/AddKeyCredentialLink) documentation).
-* Password reset (see [ForceChangePassword edge](/hc/en-us/articles/ForceChangePassword) documentation).
-* Targeted Kerberoasting (see [WriteSPN edge](/hc/en-us/articles/WriteSPN) documentation).
+* Shadow Credentials attack (see [AddKeyCredentialLink edge](/resources/edges/add-key-credential-link) documentation).
+* Password reset (see [ForceChangePassword edge](/resources/edges/force-change-password) documentation).
+* Targeted Kerberoasting (see [WriteSPN edge](/resources/edges/write-spn) documentation).
Step 4: Enroll certificate as victim.
@@ -99,7 +99,7 @@ If the certificate template is of schema version 2 or above, and its attribute '
If the certificate template is of schema version 1 or does not have any of the email flags, then
continue to Step 3.
-If any of the two flags are present, you will need the victim’s mail attribute to be set. The value of
+If any of the two flags are present, you will need the victim's mail attribute to be set. The value of
the attribute will be included in the issues certificate but it is not used to identify the target
principal why it can be set to any arbitrary string.
@@ -116,18 +116,18 @@ If the victim does not has the mail attribute set, set it to a dummy mail using
```bash
echo -e "dn: VICTIM-DN\nchangetype: modify\nreplace: mail\nmail: test@mail.com" | ldapmodify -x -D "ATTACKER-DN" -w 'PWD' -h DOMAIN-DNS-NAME
```
-Step 3: Obtain a session as victim. There are several options for this step.
+Step 3: Obtain a session as victim. There are several options for this step.
If the victim is a computer, you can obtain the credentials of the computer account using the Shadow
-Credentials attack (see [AddKeyCredentialLink edge](/hc/en-us/articles/AddKeyCredentialLink) documentation).
+Credentials attack (see [AddKeyCredentialLink edge](/resources/edges/add-key-credential-link) documentation).
-Alternatively, you can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/hc/en-us/articles/GenericAll) documentation).
+Alternatively, you can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/resources/edges/generic-all) documentation).
If the victim is a user, you have the following options for obtaining the credentials:
-* Shadow Credentials attack (see [AddKeyCredentialLink edge](/hc/en-us/articles/AddKeyCredentialLink) documentation).
-* Password reset (see [ForceChangePassword edge](/hc/en-us/articles/ForceChangePassword) documentation).
-* Targeted Kerberoasting (see [WriteSPN edge](/hc/en-us/articles/WriteSPN) documentation).
+* Shadow Credentials attack (see [AddKeyCredentialLink edge](/resources/edges/add-key-credential-link) documentation).
+* Password reset (see [ForceChangePassword edge](/resources/edges/force-change-password) documentation).
+* Targeted Kerberoasting (see [WriteSPN edge](/resources/edges/write-spn) documentation).
Step 4: Enroll certificate as victim.
diff --git a/docs/hc/en-us/articles/ADCSESC9b.mdx b/docs/resources/edges/adcs-esc9b.mdx
similarity index 94%
rename from docs/hc/en-us/articles/ADCSESC9b.mdx
rename to docs/resources/edges/adcs-esc9b.mdx
index a3aae6526d..bb2578d4d6 100644
--- a/docs/hc/en-us/articles/ADCSESC9b.mdx
+++ b/docs/resources/edges/adcs-esc9b.mdx
@@ -4,7 +4,7 @@ description: "The principal has control over a victim computer with permission t
---
-
+
@@ -40,7 +40,7 @@ If the certificate template is of schema version 2 or above, and its attribute '
If the certificate template is of schema version 1 or does not have any of the email flags, then
continue to Step 4.
-If any of the two flags are present, you will need the victim’s mail attribute to be set. The value of
+If any of the two flags are present, you will need the victim's mail attribute to be set. The value of
the attribute will be included in the issues certificate but it is not used to identify the target
principal why it can be set to any arbitrary string.
@@ -59,7 +59,7 @@ Set-DomainObject -Identity VICTIM -Set @{'mail'='dummy@mail.com'}
```
Step 4: Obtain a session as victim.
-There are several options for this step. You can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/hc/en-us/articles/GenericAll) documentation).
+There are several options for this step. You can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/resources/edges/generic-all) documentation).
Step 5: Enroll certificate as victim.
@@ -121,7 +121,7 @@ If the certificate template is of schema version 2 or above, and its attribute '
If the certificate template is of schema version 1 or does not have any of the email flags, then
continue to Step 4.
-If any of the two flags are present, you will need the victim’s mail attribute to be set. The value of
+If any of the two flags are present, you will need the victim's mail attribute to be set. The value of
the attribute will be included in the issues certificate but it is not used to identify the target
principal why it can be set to any arbitrary string.
@@ -141,7 +141,7 @@ echo -e "dn: VICTIM-DN\nchangetype: modify\nreplace: mail\nmail: test@mail.com"
Step 4: Obtain a session as victim.
-There are several options for this step. You can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/hc/en-us/articles/GenericAll) documentation).
+There are several options for this step. You can obtain a session as SYSTEM on the host, which allows you to interact with AD as the computer account, by abusing control over the computer AD object (see [GenericAll edge](/resources/edges/generic-all) documentation).
Step 5: Enroll certificate as victim.
diff --git a/docs/hc/en-us/articles/AddAllowedToAct.mdx b/docs/resources/edges/add-allowed-to-act.mdx
similarity index 91%
rename from docs/hc/en-us/articles/AddAllowedToAct.mdx
rename to docs/resources/edges/add-allowed-to-act.mdx
index 01d3aa9ac0..f60d9dbe3a 100644
--- a/docs/hc/en-us/articles/AddAllowedToAct.mdx
+++ b/docs/resources/edges/add-allowed-to-act.mdx
@@ -4,9 +4,9 @@ description: "This edge means it's possible to modify the msDS-AllowedToActOnBeh
---
-
+
-For information on the abuse scenario of the property, see [AllowedToAct](/hc/en-us/articles/AllowedToAct).
+For information on the abuse scenario of the property, see [AllowedToAct](/resources/edges/allowed-to-act).
## Abuse Info
diff --git a/docs/hc/en-us/articles/AddKeyCredentialLink.mdx b/docs/resources/edges/add-key-credential-link.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AddKeyCredentialLink.mdx
rename to docs/resources/edges/add-key-credential-link.mdx
index ba76c390a0..157ae68478 100644
--- a/docs/hc/en-us/articles/AddKeyCredentialLink.mdx
+++ b/docs/resources/edges/add-key-credential-link.mdx
@@ -4,7 +4,7 @@ description: 'The ability to write to the “msds-KeyCredentialLink” property
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/AZMGAddMember.mdx b/docs/resources/edges/add-member.mdx
similarity index 96%
rename from docs/hc/en-us/articles/AZMGAddMember.mdx
rename to docs/resources/edges/add-member.mdx
index 351d538bcc..a4389b801d 100644
--- a/docs/hc/en-us/articles/AZMGAddMember.mdx
+++ b/docs/resources/edges/add-member.mdx
@@ -4,7 +4,7 @@ description: "This edge is created during post-processing."
---
-
+
It is created against non-role assignable Entra ID security groups when a Service Principal has one of the following MS Graph app role assignments:
diff --git a/docs/hc/en-us/articles/AZAddMembers.mdx b/docs/resources/edges/add-members.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZAddMembers.mdx
rename to docs/resources/edges/add-members.mdx
index 018a63d86c..c073dc59c3 100644
--- a/docs/hc/en-us/articles/AZAddMembers.mdx
+++ b/docs/resources/edges/add-members.mdx
@@ -4,7 +4,7 @@ description: "The ability to add other principals to an Azure security group"
---
-
+
diff --git a/docs/hc/en-us/articles/AZMGAddOwner.mdx b/docs/resources/edges/add-owner.mdx
similarity index 96%
rename from docs/hc/en-us/articles/AZMGAddOwner.mdx
rename to docs/resources/edges/add-owner.mdx
index 512d9b752d..46f77d7526 100644
--- a/docs/hc/en-us/articles/AZMGAddOwner.mdx
+++ b/docs/resources/edges/add-owner.mdx
@@ -4,7 +4,7 @@ description: "This edge is created during post-processing."
---
-
+
It is created against all App Registrations and Service Principals within the same tenant when a Service Principal has the following MS Graph app role:
diff --git a/docs/hc/en-us/articles/AZMGAddSecret.mdx b/docs/resources/edges/add-secret.mdx
similarity index 97%
rename from docs/hc/en-us/articles/AZMGAddSecret.mdx
rename to docs/resources/edges/add-secret.mdx
index d1280e5916..d0172a6d6c 100644
--- a/docs/hc/en-us/articles/AZMGAddSecret.mdx
+++ b/docs/resources/edges/add-secret.mdx
@@ -4,7 +4,7 @@ description: "This edge is created during post-processing."
---
-
+
diff --git a/docs/hc/en-us/articles/AddSelf.mdx b/docs/resources/edges/add-self.mdx
similarity index 97%
rename from docs/hc/en-us/articles/AddSelf.mdx
rename to docs/resources/edges/add-self.mdx
index ec3557cbb7..0512cce8df 100644
--- a/docs/hc/en-us/articles/AddSelf.mdx
+++ b/docs/resources/edges/add-self.mdx
@@ -5,7 +5,7 @@ description: "This edge indicates the principal has the ability to add itself to
-
+
By adding yourself to a group and refreshing your token, you gain all the same privileges that group has.
diff --git a/docs/hc/en-us/articles/AdminTo.mdx b/docs/resources/edges/admin-to.mdx
similarity index 98%
rename from docs/hc/en-us/articles/AdminTo.mdx
rename to docs/resources/edges/admin-to.mdx
index 0d3b766867..26e0a89259 100644
--- a/docs/hc/en-us/articles/AdminTo.mdx
+++ b/docs/resources/edges/admin-to.mdx
@@ -4,7 +4,7 @@ description: "This edge indicates that principal is a local administrator on the
---
-
+
By default, administrators have several ways to perform remote code execution on Windows systems, including via RDP, WMI, WinRM, the Service Control Manager, and remote DCOM execution.
diff --git a/docs/hc/en-us/articles/AZAKSContributor.mdx b/docs/resources/edges/aks-contributor.mdx
similarity index 96%
rename from docs/hc/en-us/articles/AZAKSContributor.mdx
rename to docs/resources/edges/aks-contributor.mdx
index 320dfe1af5..9919cfa466 100644
--- a/docs/hc/en-us/articles/AZAKSContributor.mdx
+++ b/docs/resources/edges/aks-contributor.mdx
@@ -4,7 +4,7 @@ description: "The Azure Kubernetes Service Contributor role grants full control
---
-
+
This includes the ability to remotely fetch administrator credentials for the cluster as well as the ability to execute arbitrary commands on compute nodes associated with the AKS Managed Cluster.
diff --git a/docs/hc/en-us/articles/AllExtendedRights.mdx b/docs/resources/edges/all-extended-rights.mdx
similarity index 95%
rename from docs/hc/en-us/articles/AllExtendedRights.mdx
rename to docs/resources/edges/all-extended-rights.mdx
index 140e2d4544..47a9a744f0 100644
--- a/docs/hc/en-us/articles/AllExtendedRights.mdx
+++ b/docs/resources/edges/all-extended-rights.mdx
@@ -5,7 +5,7 @@ description: "Extended rights are special rights granted on objects which allow
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/AllowedToAct.mdx b/docs/resources/edges/allowed-to-act.mdx
similarity index 97%
rename from docs/hc/en-us/articles/AllowedToAct.mdx
rename to docs/resources/edges/allowed-to-act.mdx
index 7d6a8d8d9c..f8f105cbf8 100644
--- a/docs/hc/en-us/articles/AllowedToAct.mdx
+++ b/docs/resources/edges/allowed-to-act.mdx
@@ -3,7 +3,7 @@ title: AllowedToAct
---
-
+
This edge allows an attacker to abuse resource-based constrained delegation to compromise the target. This property is a binary DACL that controls what security principals can pretend to be any domain user to the particular computer object.
diff --git a/docs/hc/en-us/articles/AllowedToDelegate.mdx b/docs/resources/edges/allowed-to-delegate.mdx
similarity index 97%
rename from docs/hc/en-us/articles/AllowedToDelegate.mdx
rename to docs/resources/edges/allowed-to-delegate.mdx
index c146cff7ca..84f54ae94d 100644
--- a/docs/hc/en-us/articles/AllowedToDelegate.mdx
+++ b/docs/resources/edges/allowed-to-delegate.mdx
@@ -4,7 +4,7 @@ description: "The constrained delegation primitive allows a principal to authent
---
-
+
diff --git a/docs/hc/en-us/articles/AZAppAdmin.mdx b/docs/resources/edges/app-admin.mdx
similarity index 90%
rename from docs/hc/en-us/articles/AZAppAdmin.mdx
rename to docs/resources/edges/app-admin.mdx
index 11e893510a..2bca61482d 100644
--- a/docs/hc/en-us/articles/AZAppAdmin.mdx
+++ b/docs/resources/edges/app-admin.mdx
@@ -4,7 +4,7 @@ description: "Principals with the Application Admin role can control tenant-resi
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/AZMGAppRoleAssignment-ReadWrite-All.mdx b/docs/resources/edges/app-role-assignment-readwrite-all.mdx
similarity index 91%
rename from docs/hc/en-us/articles/AZMGAppRoleAssignment-ReadWrite-All.mdx
rename to docs/resources/edges/app-role-assignment-readwrite-all.mdx
index 0e8ab155ea..48d7eb9977 100644
--- a/docs/hc/en-us/articles/AZMGAppRoleAssignment-ReadWrite-All.mdx
+++ b/docs/resources/edges/app-role-assignment-readwrite-all.mdx
@@ -4,7 +4,7 @@ description: "This edge is created when a Service Principal has been granted the
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/AZMGApplication-ReadWrite-All.mdx b/docs/resources/edges/application-readwrite-all.mdx
similarity index 91%
rename from docs/hc/en-us/articles/AZMGApplication-ReadWrite-All.mdx
rename to docs/resources/edges/application-readwrite-all.mdx
index 7745694e6c..61e6f2f9e3 100644
--- a/docs/hc/en-us/articles/AZMGApplication-ReadWrite-All.mdx
+++ b/docs/resources/edges/application-readwrite-all.mdx
@@ -4,7 +4,7 @@ description: "This edge is created when a Service Principal has been granted the
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/AZAutomationContributor.mdx b/docs/resources/edges/automation-contributor.mdx
similarity index 97%
rename from docs/hc/en-us/articles/AZAutomationContributor.mdx
rename to docs/resources/edges/automation-contributor.mdx
index 179b31405b..7ccb644f2c 100644
--- a/docs/hc/en-us/articles/AZAutomationContributor.mdx
+++ b/docs/resources/edges/automation-contributor.mdx
@@ -3,7 +3,7 @@ title: AZAutomationContributor
---
-
+
The Azure Automation Contributor role grants full control of the target Azure Automation Account. This includes the ability to execute arbitrary commands on the Automation Account.
diff --git a/docs/hc/en-us/articles/AZAvereContributor.mdx b/docs/resources/edges/avere-contributor.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZAvereContributor.mdx
rename to docs/resources/edges/avere-contributor.mdx
index cf637c3f87..896d0eecea 100644
--- a/docs/hc/en-us/articles/AZAvereContributor.mdx
+++ b/docs/resources/edges/avere-contributor.mdx
@@ -3,7 +3,7 @@ title: AZAvereContributor
---
-
+
diff --git a/docs/hc/en-us/articles/CanPSRemote.mdx b/docs/resources/edges/can-ps-remote.mdx
similarity index 96%
rename from docs/hc/en-us/articles/CanPSRemote.mdx
rename to docs/resources/edges/can-ps-remote.mdx
index 0bbdf76b3e..54c28f362c 100644
--- a/docs/hc/en-us/articles/CanPSRemote.mdx
+++ b/docs/resources/edges/can-ps-remote.mdx
@@ -4,7 +4,7 @@ description: "PS Session access allows you to enter an interactive session with
---
-
+
diff --git a/docs/hc/en-us/articles/CanRDP.mdx b/docs/resources/edges/can-rdp.mdx
similarity index 83%
rename from docs/hc/en-us/articles/CanRDP.mdx
rename to docs/resources/edges/can-rdp.mdx
index 4fdc0d15d9..2794ce7a9c 100644
--- a/docs/hc/en-us/articles/CanRDP.mdx
+++ b/docs/resources/edges/can-rdp.mdx
@@ -4,10 +4,10 @@ description: "Remote Desktop access allows you to enter an interactive session w
---
-
+
-This edge will be created under the condition that the user both has membership in Remote Desktop Users and is granted the URA SeRemoteInteractiveLogonRight. Respectively these two are visualized in BloodHound by the edges [MemberOfLocalGroup](/hc/en-us/articles/MemberOfLocalGroup) and [RemoteInteractiveLogonPrivilege](/hc/en-us/articles/RemoteInteractiveLogonPrivilege).
+This edge is created when BloodHound finds that a principal has RDP access to a computer through the edges [MemberOfLocalGroup](/resources/edges/member-of-local-group) and [RemoteInteractiveLogonPrivilege](/resources/edges/remote-interactive-logon-privilege).
**Note**
@@ -27,7 +27,7 @@ With plaintext credentials, the easiest way to exploit this privilege is using t
With a password hash, exploitation of this privilege will require local administrator privileges on a system, and the remote server must allow Restricted Admin Mode.
-First, inject the NTLM credential for the user you’re abusing into memory using mimikatz:
+First, inject the NTLM credential for the user you're abusing into memory using mimikatz:
```bash
lsadump::pth /user:dfm /domain:testlab.local /ntlm: /run:"mstsc.exe /restrictedadmin"
@@ -63,6 +63,6 @@ Remote desktop will create Logon and Logoff events with the access type RemoteIn
## References
-* [https://edermi.github.io/post/2018/native\_rdp\_pass\_the\_hash/](https://edermi.github.io/post/2018/native_rdp_pass_the_hash/)
+* [https://edermi.github.io/post/2018/native\_rdp\_pass\_the_hash/](https://edermi.github.io/post/2018/native_rdp_pass_the_hash/)
* [https://www.kali.org/blog/passing-hash-remote-desktop/](https://www.kali.org/blog/passing-hash-remote-desktop/)
* [https://blog.cptjesus.com/posts/userrightsassignment/](https://blog.cptjesus.com/posts/userrightsassignment/)
diff --git a/docs/hc/en-us/articles/AZCloudAppAdmin.mdx b/docs/resources/edges/cloud-app-admin.mdx
similarity index 91%
rename from docs/hc/en-us/articles/AZCloudAppAdmin.mdx
rename to docs/resources/edges/cloud-app-admin.mdx
index ba74a71dd8..4ce3089d87 100644
--- a/docs/hc/en-us/articles/AZCloudAppAdmin.mdx
+++ b/docs/resources/edges/cloud-app-admin.mdx
@@ -4,7 +4,7 @@ description: "Principals with the Cloud App Admin role can control tenant-reside
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/CoerceToTGT.mdx b/docs/resources/edges/coerce-to-tgt.mdx
similarity index 96%
rename from docs/hc/en-us/articles/CoerceToTGT.mdx
rename to docs/resources/edges/coerce-to-tgt.mdx
index 2400c5797d..cbfad7312e 100644
--- a/docs/hc/en-us/articles/CoerceToTGT.mdx
+++ b/docs/resources/edges/coerce-to-tgt.mdx
@@ -4,7 +4,7 @@ description: "The computer/user account is configured with Kerberos unconstraine
---
-
+
diff --git a/docs/hc/en-us/articles/AZContains.mdx b/docs/resources/edges/contains.mdx
similarity index 87%
rename from docs/hc/en-us/articles/AZContains.mdx
rename to docs/resources/edges/contains.mdx
index 19084e31af..05d4aaaea5 100644
--- a/docs/hc/en-us/articles/AZContains.mdx
+++ b/docs/resources/edges/contains.mdx
@@ -3,7 +3,7 @@ title: AZContains
description: "This indicates that the parent object contains the child object, such as a resource group containing a virtual machine, or a tenant “containing” a subscription."
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/AZContributor.mdx b/docs/resources/edges/contributor.mdx
similarity index 95%
rename from docs/hc/en-us/articles/AZContributor.mdx
rename to docs/resources/edges/contributor.mdx
index d873cd5466..bbae756206 100644
--- a/docs/hc/en-us/articles/AZContributor.mdx
+++ b/docs/resources/edges/contributor.mdx
@@ -4,7 +4,7 @@ description: "The contributor role grants almost all abusable privileges in all
---
-
+
diff --git a/docs/hc/en-us/articles/DCFor.mdx b/docs/resources/edges/dc-for.mdx
similarity index 94%
rename from docs/hc/en-us/articles/DCFor.mdx
rename to docs/resources/edges/dc-for.mdx
index a2042247fa..778339c6d2 100644
--- a/docs/hc/en-us/articles/DCFor.mdx
+++ b/docs/resources/edges/dc-for.mdx
@@ -4,7 +4,7 @@ description: "This edge indicates that the computer is a domain controller for t
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/DCSync.mdx b/docs/resources/edges/dc-sync.mdx
similarity index 94%
rename from docs/hc/en-us/articles/DCSync.mdx
rename to docs/resources/edges/dc-sync.mdx
index bc641e85a2..9432ad687f 100644
--- a/docs/hc/en-us/articles/DCSync.mdx
+++ b/docs/resources/edges/dc-sync.mdx
@@ -4,7 +4,7 @@ description: "This edge represents the combination of GetChanges and GetChangesA
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/DelegatedEnrollmentAgent.mdx b/docs/resources/edges/delegated-enrollment-agent.mdx
similarity index 94%
rename from docs/hc/en-us/articles/DelegatedEnrollmentAgent.mdx
rename to docs/resources/edges/delegated-enrollment-agent.mdx
index a53f75cb05..60c7b47cdb 100644
--- a/docs/hc/en-us/articles/DelegatedEnrollmentAgent.mdx
+++ b/docs/resources/edges/delegated-enrollment-agent.mdx
@@ -4,7 +4,7 @@ description: "The certificate template is published to an enterprise CA where th
---
-
+
BloodHound does not assess what principals the enrollment agent is allowed to enroll on behalf of.
diff --git a/docs/hc/en-us/articles/AZMGDirectory-ReadWrite-All.mdx b/docs/resources/edges/directory-readwrite-all.mdx
similarity index 91%
rename from docs/hc/en-us/articles/AZMGDirectory-ReadWrite-All.mdx
rename to docs/resources/edges/directory-readwrite-all.mdx
index 641c442ccc..193823e82c 100644
--- a/docs/hc/en-us/articles/AZMGDirectory-ReadWrite-All.mdx
+++ b/docs/resources/edges/directory-readwrite-all.mdx
@@ -4,7 +4,7 @@ description: "This edge is created when a Service Principal has been granted the
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/DumpSMSAPassword.mdx b/docs/resources/edges/dump-smsa-password.mdx
similarity index 95%
rename from docs/hc/en-us/articles/DumpSMSAPassword.mdx
rename to docs/resources/edges/dump-smsa-password.mdx
index 1dc33c6a81..4d70e209c7 100644
--- a/docs/hc/en-us/articles/DumpSMSAPassword.mdx
+++ b/docs/resources/edges/dump-smsa-password.mdx
@@ -4,7 +4,7 @@ description: "A computer with this indicates that a Standalone Managed Service A
---
-
+
An actor with administrative privileges on the computer can retrieve the sMSA’s password by dumping LSA secrets.
diff --git a/docs/hc/en-us/articles/EnrollOnBehalfOf.mdx b/docs/resources/edges/enroll-on-behalf-of.mdx
similarity index 95%
rename from docs/hc/en-us/articles/EnrollOnBehalfOf.mdx
rename to docs/resources/edges/enroll-on-behalf-of.mdx
index 258653fc35..9cc4081553 100644
--- a/docs/hc/en-us/articles/EnrollOnBehalfOf.mdx
+++ b/docs/resources/edges/enroll-on-behalf-of.mdx
@@ -4,7 +4,7 @@ description: 'The certificate template "A" is configured to be used as an enroll
---
-
+
The certificate template "B" is configured to allow enrollment by enrollment agents. Both certificate templates are published by an enterprise CA which is trusted for NT authentication and chain up to a root CA for the domain. This enables a principal with a certificate of certificate template "A" to enroll on behalf of other principals for certificate template "B" as long as enrollment agent restrictions configured on the enterprise CA permit it.
diff --git a/docs/hc/en-us/articles/Enroll.mdx b/docs/resources/edges/enroll.mdx
similarity index 94%
rename from docs/hc/en-us/articles/Enroll.mdx
rename to docs/resources/edges/enroll.mdx
index d2c769123a..c04aff9b84 100644
--- a/docs/hc/en-us/articles/Enroll.mdx
+++ b/docs/resources/edges/enroll.mdx
@@ -3,7 +3,7 @@ title: Enroll
description: "The target node may be a Certificate Template or an Enterprise Certification Authority."
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/EnterpriseCAFor.mdx b/docs/resources/edges/enterprise-ca-for.mdx
similarity index 94%
rename from docs/hc/en-us/articles/EnterpriseCAFor.mdx
rename to docs/resources/edges/enterprise-ca-for.mdx
index 43bdcd4e27..29aac2e55d 100644
--- a/docs/hc/en-us/articles/EnterpriseCAFor.mdx
+++ b/docs/resources/edges/enterprise-ca-for.mdx
@@ -4,7 +4,7 @@ description: The Enterprise Certification Authority node is the enrollment servi
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/AZExecuteCommand.mdx b/docs/resources/edges/execute-command.mdx
similarity index 97%
rename from docs/hc/en-us/articles/AZExecuteCommand.mdx
rename to docs/resources/edges/execute-command.mdx
index 221bdec097..3901fa6c50 100644
--- a/docs/hc/en-us/articles/AZExecuteCommand.mdx
+++ b/docs/resources/edges/execute-command.mdx
@@ -4,7 +4,7 @@ description: "Principals with the Intune Administrators role are able to execute
---
-
+
diff --git a/docs/hc/en-us/articles/ExecuteDCOM.mdx b/docs/resources/edges/execute-dcom.mdx
similarity index 97%
rename from docs/hc/en-us/articles/ExecuteDCOM.mdx
rename to docs/resources/edges/execute-dcom.mdx
index c103f39055..bac1fe2de8 100644
--- a/docs/hc/en-us/articles/ExecuteDCOM.mdx
+++ b/docs/resources/edges/execute-dcom.mdx
@@ -4,7 +4,7 @@ description: This can allow code execution under certain conditions by instantia
---
-
+
diff --git a/docs/hc/en-us/articles/ExtendedByPolicy.mdx b/docs/resources/edges/extended-by-policy.mdx
similarity index 95%
rename from docs/hc/en-us/articles/ExtendedByPolicy.mdx
rename to docs/resources/edges/extended-by-policy.mdx
index bc9d41e04d..5960ebd1d6 100644
--- a/docs/hc/en-us/articles/ExtendedByPolicy.mdx
+++ b/docs/resources/edges/extended-by-policy.mdx
@@ -4,7 +4,7 @@ description: "The edge indicates that a certificate template includes an issuanc
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/ForceChangePassword.mdx b/docs/resources/edges/force-change-password.mdx
similarity index 98%
rename from docs/hc/en-us/articles/ForceChangePassword.mdx
rename to docs/resources/edges/force-change-password.mdx
index 8d4ee4a0f5..ac8d7f784d 100644
--- a/docs/hc/en-us/articles/ForceChangePassword.mdx
+++ b/docs/resources/edges/force-change-password.mdx
@@ -5,7 +5,7 @@ description: "This edge indicates that the principal can reset the password of t
-
+
To see an example of this edge being abused, see this clip from Derbycon 2017:
diff --git a/docs/hc/en-us/articles/GenericAll.mdx b/docs/resources/edges/generic-all.mdx
similarity index 81%
rename from docs/hc/en-us/articles/GenericAll.mdx
rename to docs/resources/edges/generic-all.mdx
index 1a997a61b1..b604d337ea 100644
--- a/docs/hc/en-us/articles/GenericAll.mdx
+++ b/docs/resources/edges/generic-all.mdx
@@ -3,7 +3,7 @@ title: GenericAll
---
-
+
This is also known as full control. This privilege allows the trustee to manipulate the target object however they wish.
@@ -18,7 +18,7 @@ Full control of a group allows you to directly modify group membership of the gr
You can reset user passwords with full control over user objects. For full abuse info about this attack, see the information under the ForceChangePassword edge.
-You can write to the “msds-KeyCredentialLink” attribute on a user. Writing to this property allows an attacker to create “Shadow Credentials” on the object and authenticate as the principal using Kerberos PKINIT. See more information under the AddKeyCredentialLink edge.
+You can write to the "msds-KeyCredentialLink" attribute on a user. Writing to this property allows an attacker to create "Shadow Credentials" on the object and authenticate as the principal using Kerberos PKINIT. See more information under the AddKeyCredentialLink edge.
Alternatively, you can write to the "servicePrincipalNames" attribute and perform a targeted kerberoasting attack. See the abuse section under the WriteSPN edge for more information.
@@ -26,7 +26,7 @@ Alternatively, you can write to the "servicePrincipalNames" attribute and perfor
You may read the LAPS password of the computer object. See more information under the ReadLAPSPassword edge.
-You can write to the “msds-KeyCredentialLink” attribute on a computer. Writing to this property allows an attacker to create “Shadow Credentials” on the object and authenticate as the computer using Kerberos PKINIT. See more information under the AddKeyCredentialLink edge.
+You can write to the "msds-KeyCredentialLink" attribute on a computer. Writing to this property allows an attacker to create "Shadow Credentials" on the object and authenticate as the computer using Kerberos PKINIT. See more information under the AddKeyCredentialLink edge.
Alternatively, Full control of a computer object can be used to perform a Resource-Based Constrained Delegation attack. See more information under the AllowedToAct edge.
@@ -42,14 +42,14 @@ With full control of an OU, you may add a new ACE on the OU that will inherit do
The simplest and most straight forward way to abuse control of the OU is to apply a GenericAll ACE on the OU that will inherit down to all object types. Again, this can be done using PowerView. This time we will use the New-ADObjectAccessControlEntry, which gives us more control over the ACE we add to the OU.
-First, we need to reference the OU by its ObjectGUID, not its name. You can find the ObjectGUID for the OU in the BloodHound GUI by clicking the OU, then inspecting the _objectid_ value
+First, we need to reference the OU by its ObjectGUID, not its name. You can find the ObjectGUID for the OU in the BloodHound GUI by clicking the OU, then inspecting the _objectid_ value
-Next, we will fetch the GUID for all objects. This should be ‘00000000-0000-0000-0000-000000000000’:
+Next, we will fetch the GUID for all objects. This should be '00000000-0000-0000-0000-000000000000':
```json
$Guids = Get-DomainGUIDMap
$AllObjectsPropertyGuid = $Guids.GetEnumerator() | ?{$_.value -eq 'All'} | select -ExpandProperty name
```
-Then we will construct our ACE. This command will create an ACE granting the “JKHOLER” user full control of all descendant objects:
+Then we will construct our ACE. This command will create an ACE granting the "JKHOLER" user full control of all descendant objects:
```json
ACE = New-ADObjectAccessControlEntry -Verbose -PrincipalIdentity 'JKOHLER' -Right GenericAll -AccessControlType Allow -InheritanceType All -InheritedObjectType $AllObjectsPropertyGuid
```
@@ -61,11 +61,11 @@ $dsEntry.PsBase.Options.SecurityMasks = 'Dacl'
$dsEntry.PsBase.ObjectSecurity.AddAccessRule($ACE)
$dsEntry.PsBase.CommitChanges()
```
-Now, the “JKOHLER” user will have full control of all descendent objects of each type.
+Now, the "JKOHLER" user will have full control of all descendent objects of each type.
#### Targeted Descendent Object Takeover
-If you want to be more targeted with your approach, it is possible to specify precisely what right you want to apply to precisely which kinds of descendent objects. You could, for example, grant a user “ForceChangePassword” privilege against all user objects, or grant a security group the ability to read every GMSA password under a certain OU. Below is an example taken from PowerView’s help text on how to grant the “ITADMIN” user the ability to read the LAPS password from all computer objects in the “Workstations” OU:
+If you want to be more targeted with your approach, it is possible to specify precisely what right you want to apply to precisely which kinds of descendent objects. You could, for example, grant a user "ForceChangePassword" privilege against all user objects, or grant a security group the ability to read every GMSA password under a certain OU. Below is an example taken from PowerView's help text on how to grant the "ITADMIN" user the ability to read the LAPS password from all computer objects in the "Workstations" OU:
```json
$Guids = Get-DomainGUIDMap
$AdmPropertyGuid = $Guids.GetEnumerator() | ?{$_.value -eq 'ms-Mcs-AdmPwd'} | select -ExpandProperty name
@@ -79,23 +79,23 @@ $dsEntry.PsBase.CommitChanges()
```
#### Objects for which ACL inheritance is disabled
-Generic/Targeted Descendent Object Takeover only works if the target object has ACL inheritance enabled. Alternatively, you can compromise target objects by abusing write access to the gPLink attribute of the OU. See the [WriteGPLink](/hc/en-us/articles/WriteGPLink) edge documentation for details.
+Generic/Targeted Descendent Object Takeover only works if the target object has ACL inheritance enabled. Alternatively, you can compromise target objects by abusing write access to the gpLink attribute of the OU. See the [WriteGPLink](/resources/edges/write-gp-link) edge documentation for details.
### With GenericAll Over a Domain Object
#### DCSync
-Full control of a domain object (the head object of the Default Naming Context) grants you both DS-Replication-Get-Changes as well as DS-Replication-Get-Changes-All rights. See the [DCSync](/hc/en-us/articles/DCSync) edge documentation for abuse details.
+Full control of a domain object (the head object of the Default Naming Context) grants you both DS-Replication-Get-Changes as well as DS-Replication-Get-Changes-All rights. See the [DCSync](/resources/edges/dc-sync) edge documentation for abuse details.
#### Generic/Targeted Descendent Object Takeover
With full control of a domain node, you may add a new ACE on the domain that will inherit down to all the objects with ACL inheritance enabled in the domain.
-See the the sections "Generic Descendent Object Takeover" and "Targeted Descendent Object Takeover" under [With GenericAll Over an OU](#h_01HM28BQ05RS9DY84W2B93MJ0T).
+See the the sections "Generic Descendent Object Takeover" and "Targeted Descendent Object Takeover" under [With GenericAll Over an OU](#h_01HM28BQ05RS9DY84W2B93MJ0T).
#### Objects for which ACL inheritance is disabled
-Generic/Targeted Descendent Object Takeover only works if the target object has ACL inheritance enabled. Alternatively, you can compromise target objects by abusing write access to the gPLink attribute of the domain. See the [WriteGPLink](/hc/en-us/articles/WriteGPLink) edge documentation for details.
+Generic/Targeted Descendent Object Takeover only works if the target object has ACL inheritance enabled. Alternatively, you can compromise target objects by abusing write access to the gpLink attribute of the domain. See the [WriteGPLink](/resources/edges/write-gp-link) edge documentation for details.
### With GenericAll Over a CertTemplate
diff --git a/docs/hc/en-us/articles/GenericWrite.mdx b/docs/resources/edges/generic-write.mdx
similarity index 65%
rename from docs/hc/en-us/articles/GenericWrite.mdx
rename to docs/resources/edges/generic-write.mdx
index aaebed8f82..18491a8dbd 100644
--- a/docs/hc/en-us/articles/GenericWrite.mdx
+++ b/docs/resources/edges/generic-write.mdx
@@ -3,16 +3,16 @@ title: GenericWrite
---
-
+
-Generic Write access grants you the ability to write to any non-protected attribute on the target object, including “members” for a group, and “servicePrincipalNames” for a user.
+Generic Write access grants you the ability to write to any non-protected attribute on the target object, including "members" for a group, and "servicePrincipalNames" for a user.
## Abuse Info
**Users**
-With GenericWrite over a user, you can write to the “msds-KeyCredentialLink” attribute. Writing to this property allows an attacker to create “Shadow Credentials” on the object and authenticate as the principal using Kerberos PKINIT. See more information under the AddKeyCredentialLink edge.
+With GenericWrite over a user, you can write to the "msds-KeyCredentialLink" attribute. Writing to this property allows an attacker to create "Shadow Credentials" on the object and authenticate as the principal using Kerberos PKINIT. See more information under the AddKeyCredentialLink edge.
Alternatively, you can write to the "servicePrincipalNames" attribute and perform a targeted kerberoasting attack. See the abuse section under the WriteSPN edge for more information.
@@ -22,7 +22,7 @@ With GenericWrite over a group, add yourself or another principal you control to
**Computers**
-With GenericWrite over a computer, you can write to the “msds-KeyCredentialLink” attribute. Writing to this property allows an attacker to create “Shadow Credentials” on the object and authenticate as the principal using Kerberos PKINIT. See more information under the AddKeyCredentialLink edge.
+With GenericWrite over a computer, you can write to the "msds-KeyCredentialLink" attribute. Writing to this property allows an attacker to create "Shadow Credentials" on the object and authenticate as the principal using Kerberos PKINIT. See more information under the AddKeyCredentialLink edge.
Alternatively, you can perform a resource-based constrained delegation attack against the computer. See the AllowedToAct edge abuse info for more information about that attack.
@@ -30,15 +30,15 @@ Alternatively, you can perform a resource-based constrained delegation attack ag
With GenericWrite on a GPO, you may make modifications to that GPO which will then apply to the users and computers affected by the GPO. Select the target object you wish to push an evil policy down to, then use the gpedit GUI to modify the GPO, using an evil policy that allows item-level targeting, such as a new immediate scheduled task. Then wait for the group policy client to pick up and execute the new evil policy. See the references tab for a more detailed write up on this abuse.
-This edge can be a false positive in rare scenarios. If you have GenericWrite on the GPO with ‘This object only’ (no inheritance) and no other permissions in the ACL, it is not possible to add or modify settings of the GPO. The GPO’s settings are stored in SYSVOL under a folder for the given GPO. Therefore, you need write access to child objects of this folder or create child objects permission. The security descriptor of the GPO is reflected on the folder, meaning permissions to write child items on the GPO are required.
+This edge can be a false positive in rare scenarios. If you have GenericWrite on the GPO with 'This object only' (no inheritance) and no other permissions in the ACL, it is not possible to add or modify settings of the GPO. The GPO's settings are stored in SYSVOL under a folder for the given GPO. Therefore, you need write access to child objects of this folder or create child objects permission. The security descriptor of the GPO is reflected on the folder, meaning permissions to write child items on the GPO are required.
**OU**
-You can compromise child users and computers of the OU by abusing write access to the gPLink attribute of the OU. See the [WriteGPLink](/hc/en-us/articles/WriteGPLink) edge documentation for details.
+If the target is an OU, you can write to the gpLink attribute of the OU. See the [WriteGPLink](/resources/edges/write-gp-link) edge documentation for details.
**Domain**
-You can compromise users and computers of the domain by abusing write access to the gPLink attribute of the domain. See the [WriteGPLink](/hc/en-us/articles/WriteGPLink) edge documentation for details.
+If the target is a domain, you can write to the gpLink attribute of the domain. See the [WriteGPLink](/resources/edges/write-gp-link) edge documentation for details.
**CertTemplate**
diff --git a/docs/hc/en-us/articles/AZGetCertificates.mdx b/docs/resources/edges/get-certificates.mdx
similarity index 91%
rename from docs/hc/en-us/articles/AZGetCertificates.mdx
rename to docs/resources/edges/get-certificates.mdx
index 4d673d45ce..51e445f642 100644
--- a/docs/hc/en-us/articles/AZGetCertificates.mdx
+++ b/docs/resources/edges/get-certificates.mdx
@@ -4,7 +4,7 @@ description: "The ability to read certificates from key vaults."
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/GetChangesAll.mdx b/docs/resources/edges/get-changes-all.mdx
similarity index 76%
rename from docs/hc/en-us/articles/GetChangesAll.mdx
rename to docs/resources/edges/get-changes-all.mdx
index d5175edacd..08f1334ab4 100644
--- a/docs/hc/en-us/articles/GetChangesAll.mdx
+++ b/docs/resources/edges/get-changes-all.mdx
@@ -3,13 +3,13 @@ title: GetChangesAll
---
-
+
The principal is granted the GetChangesAll right on the domain.
## Abuse Info
-This edge is not abuseable by itself. When combined with [GetChanges](/hc/en-us/articles/GetChanges), BloodHound will create the abuseable edge [DCSync](/hc/en-us/articles/DCSync).
+This edge is not abuseable by itself. When combined with [GetChanges](/resources/edges/get-changes), BloodHound will create the abuseable edge [DCSync](/resources/edges/dc-sync).
## Opsec Considerations
diff --git a/docs/hc/en-us/articles/GetChangesInFilteredSet.mdx b/docs/resources/edges/get-changes-in-filtered-set.mdx
similarity index 72%
rename from docs/hc/en-us/articles/GetChangesInFilteredSet.mdx
rename to docs/resources/edges/get-changes-in-filtered-set.mdx
index c876b9281b..49014142b0 100644
--- a/docs/hc/en-us/articles/GetChangesInFilteredSet.mdx
+++ b/docs/resources/edges/get-changes-in-filtered-set.mdx
@@ -3,14 +3,14 @@ title: GetChangesInFilteredSet
---
-
+
The principal is allowed to synchronize (DCSync) the Filtered Attribute Set (FAS), which are the attributes not replicated to RODCs.
## Abuse Info
-This edge is not abuseable by itself. When combined with [GetChanges](/hc/en-us/articles/GetChanges), BloodHound will create the abuseable edge [SyncLAPSPassword](/hc/en-us/articles/SyncLAPSPassword).
+This edge is not abuseable by itself. When combined with [GetChanges](/resources/edges/get-changes), BloodHound will create the abuseable edge [SyncLAPSPassword](/resources/edges/sync-laps-password).
## Opsec considerations
diff --git a/docs/hc/en-us/articles/GetChanges.mdx b/docs/resources/edges/get-changes.mdx
similarity index 61%
rename from docs/hc/en-us/articles/GetChanges.mdx
rename to docs/resources/edges/get-changes.mdx
index ffcfecdec0..c0600b1cc8 100644
--- a/docs/hc/en-us/articles/GetChanges.mdx
+++ b/docs/resources/edges/get-changes.mdx
@@ -4,16 +4,16 @@ description: "The principal is granted the GetChanges right on the domain."
---
-
+
## Abuse Info
This edge is not abuseable by itself.
-When combined with [GetChangesAll](/hc/en-us/articles/GetChangesAll), BloodHound will create the abuseable edge [DCSync](/hc/en-us/articles/DCSync).
+When combined with [GetChangesAll](/resources/edges/get-changes-all), BloodHound will create the abuseable edge [DCSync](/resources/edges/dc-sync).
-When combined with [GetChangesInFilteredSet](/hc/en-us/articles/GetChangesInFilteredSet), BloodHound will create the abuseable edge [SyncLAPSPassword](/hc/en-us/articles/SyncLAPSPassword).
+When combined with [GetChangesInFilteredSet](/resources/edges/get-changes-in-filtered-set), BloodHound will create the abuseable edge [SyncLAPSPassword](/resources/edges/sync-laps-password).
## Opsec Considerations
diff --git a/docs/hc/en-us/articles/AZGetKeys.mdx b/docs/resources/edges/get-keys.mdx
similarity index 91%
rename from docs/hc/en-us/articles/AZGetKeys.mdx
rename to docs/resources/edges/get-keys.mdx
index b64705b0ba..aeabd0d354 100644
--- a/docs/hc/en-us/articles/AZGetKeys.mdx
+++ b/docs/resources/edges/get-keys.mdx
@@ -4,7 +4,7 @@ description: "The ability to read keys from key vaults."
---
-
+
diff --git a/docs/hc/en-us/articles/AZGetSecrets.mdx b/docs/resources/edges/get-secrets.mdx
similarity index 91%
rename from docs/hc/en-us/articles/AZGetSecrets.mdx
rename to docs/resources/edges/get-secrets.mdx
index 8cb87dc244..1b8fc8697c 100644
--- a/docs/hc/en-us/articles/AZGetSecrets.mdx
+++ b/docs/resources/edges/get-secrets.mdx
@@ -5,7 +5,7 @@ description: "The ability to read secrets from key vaults."
-
+
diff --git a/docs/hc/en-us/articles/AZGlobalAdmin.mdx b/docs/resources/edges/global-admin.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZGlobalAdmin.mdx
rename to docs/resources/edges/global-admin.mdx
index a38e3d28a3..0a6969618d 100644
--- a/docs/hc/en-us/articles/AZGlobalAdmin.mdx
+++ b/docs/resources/edges/global-admin.mdx
@@ -3,7 +3,7 @@ title: AZGlobalAdmin
description: "This edge indicates the principal has the Global Admin role active against the target tenant. In other words, the principal is a Global Admin. Global Admins can do almost anything against almost every object type in the tenant, this is the highest privilege role in Azure."
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/GoldenCert.mdx b/docs/resources/edges/golden-cert.mdx
similarity index 99%
rename from docs/hc/en-us/articles/GoldenCert.mdx
rename to docs/resources/edges/golden-cert.mdx
index 066be94d80..4ae6b402f3 100644
--- a/docs/hc/en-us/articles/GoldenCert.mdx
+++ b/docs/resources/edges/golden-cert.mdx
@@ -3,7 +3,7 @@ title: GoldenCert
---
-
+
The victim principal has a certificate private key that can be abused to sign "golden" certificates for authentication of any enabled principal in the AD forest of the domain.
diff --git a/docs/hc/en-us/articles/GPLink.mdx b/docs/resources/edges/gp-link.mdx
similarity index 93%
rename from docs/hc/en-us/articles/GPLink.mdx
rename to docs/resources/edges/gp-link.mdx
index 8ea3b7448c..ed7f940417 100644
--- a/docs/hc/en-us/articles/GPLink.mdx
+++ b/docs/resources/edges/gp-link.mdx
@@ -3,7 +3,7 @@ title: GPLink
---
-
+
A linked GPO applies its settings to objects in the linked container.
diff --git a/docs/hc/en-us/articles/AZMGGrantAppRoles.mdx b/docs/resources/edges/grant-app-roles.mdx
similarity index 97%
rename from docs/hc/en-us/articles/AZMGGrantAppRoles.mdx
rename to docs/resources/edges/grant-app-roles.mdx
index 7cedd0e781..b6e2ce8ae9 100644
--- a/docs/hc/en-us/articles/AZMGGrantAppRoles.mdx
+++ b/docs/resources/edges/grant-app-roles.mdx
@@ -4,7 +4,7 @@ description: "This edge is created during post-processing."
---
-
+
It is created against AzureAD tenant objects when a Service Principal has one of the following MS Graph app role assignments:
diff --git a/docs/hc/en-us/articles/AZMGGrantRole.mdx b/docs/resources/edges/grant-role.mdx
similarity index 96%
rename from docs/hc/en-us/articles/AZMGGrantRole.mdx
rename to docs/resources/edges/grant-role.mdx
index 495c8e8efd..0977e3cb98 100644
--- a/docs/hc/en-us/articles/AZMGGrantRole.mdx
+++ b/docs/resources/edges/grant-role.mdx
@@ -4,7 +4,7 @@ description: "This edge is created during post-processing."
---
-
+
It is created against all Entra ID admin roles when a Service Principal has the following MS Graph app role assignment:
diff --git a/docs/hc/en-us/articles/AZMGGroupMember-ReadWrite-All.mdx b/docs/resources/edges/group-member-readwrite-all.mdx
similarity index 91%
rename from docs/hc/en-us/articles/AZMGGroupMember-ReadWrite-All.mdx
rename to docs/resources/edges/group-member-readwrite-all.mdx
index 28aefda3ec..116945d733 100644
--- a/docs/hc/en-us/articles/AZMGGroupMember-ReadWrite-All.mdx
+++ b/docs/resources/edges/group-member-readwrite-all.mdx
@@ -4,7 +4,7 @@ description: "This edge is created when a Service Principal has been granted the
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/AZMGGroup-ReadWrite-All.mdx b/docs/resources/edges/group-readwrite-all.mdx
similarity index 91%
rename from docs/hc/en-us/articles/AZMGGroup-ReadWrite-All.mdx
rename to docs/resources/edges/group-readwrite-all.mdx
index a403b1bf84..3275c73faa 100644
--- a/docs/hc/en-us/articles/AZMGGroup-ReadWrite-All.mdx
+++ b/docs/resources/edges/group-readwrite-all.mdx
@@ -4,7 +4,7 @@ description: "This edge is created when a Service Principal has been granted the
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/AZHasRole.mdx b/docs/resources/edges/has-role.mdx
similarity index 92%
rename from docs/hc/en-us/articles/AZHasRole.mdx
rename to docs/resources/edges/has-role.mdx
index 3d7d4eae4c..5db65bcb53 100644
--- a/docs/hc/en-us/articles/AZHasRole.mdx
+++ b/docs/resources/edges/has-role.mdx
@@ -3,7 +3,7 @@ title: AZHasRole
---
-
+
diff --git a/docs/hc/en-us/articles/HasSession.mdx b/docs/resources/edges/has-session.mdx
similarity index 99%
rename from docs/hc/en-us/articles/HasSession.mdx
rename to docs/resources/edges/has-session.mdx
index 3ba34a0acc..8cc109a0ee 100644
--- a/docs/hc/en-us/articles/HasSession.mdx
+++ b/docs/resources/edges/has-session.mdx
@@ -3,7 +3,7 @@ title: HasSession
---
-
+
When a user authenticates to a computer, they often leave credentials exposed on the system, which can be retrieved through LSASS injection, token manipulation or theft, or injecting into a user’s process.
diff --git a/docs/hc/en-us/articles/HasSIDHistory.mdx b/docs/resources/edges/has-sid-history.mdx
similarity index 97%
rename from docs/hc/en-us/articles/HasSIDHistory.mdx
rename to docs/resources/edges/has-sid-history.mdx
index 62f120d1fc..7cba383a21 100644
--- a/docs/hc/en-us/articles/HasSIDHistory.mdx
+++ b/docs/resources/edges/has-sid-history.mdx
@@ -3,7 +3,7 @@ title: HasSIDHistory
---
-
+
diff --git a/docs/hc/en-us/articles/HostsCAService.mdx b/docs/resources/edges/hosts-ca-service.mdx
similarity index 97%
rename from docs/hc/en-us/articles/HostsCAService.mdx
rename to docs/resources/edges/hosts-ca-service.mdx
index 9e70d345a3..2f08ae8544 100644
--- a/docs/hc/en-us/articles/HostsCAService.mdx
+++ b/docs/resources/edges/hosts-ca-service.mdx
@@ -3,7 +3,7 @@ title: HostsCAService
---
-
+
diff --git a/docs/hc/en-us/articles/IssuedSignedBy.mdx b/docs/resources/edges/issued-signed-by.mdx
similarity index 98%
rename from docs/hc/en-us/articles/IssuedSignedBy.mdx
rename to docs/resources/edges/issued-signed-by.mdx
index e22c6e6de1..27ec59f374 100644
--- a/docs/hc/en-us/articles/IssuedSignedBy.mdx
+++ b/docs/resources/edges/issued-signed-by.mdx
@@ -3,7 +3,7 @@ title: IssuedSignedBy
---
-
+
diff --git a/docs/hc/en-us/articles/AZKeyVaultContributor.mdx b/docs/resources/edges/key-vault-contributor.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZKeyVaultContributor.mdx
rename to docs/resources/edges/key-vault-contributor.mdx
index 01d271d705..f5dc90e70b 100644
--- a/docs/hc/en-us/articles/AZKeyVaultContributor.mdx
+++ b/docs/resources/edges/key-vault-contributor.mdx
@@ -4,7 +4,7 @@ description: "The Key Vault Contributor role grants full control of the target K
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/LocalToComputer.mdx b/docs/resources/edges/local-to-computer.mdx
similarity index 94%
rename from docs/hc/en-us/articles/LocalToComputer.mdx
rename to docs/resources/edges/local-to-computer.mdx
index 489769f48e..69f6ccb123 100644
--- a/docs/hc/en-us/articles/LocalToComputer.mdx
+++ b/docs/resources/edges/local-to-computer.mdx
@@ -3,7 +3,7 @@ title: LocalToComputer
---
-
+
diff --git a/docs/hc/en-us/articles/AZLogicAppContributor.mdx b/docs/resources/edges/logic-app-contributor.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZLogicAppContributor.mdx
rename to docs/resources/edges/logic-app-contributor.mdx
index 6762373ad3..ae9c379cd9 100644
--- a/docs/hc/en-us/articles/AZLogicAppContributor.mdx
+++ b/docs/resources/edges/logic-app-contributor.mdx
@@ -4,7 +4,7 @@ description: The Logic Contributor role grants full control of the target Logic
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/ManageCA.mdx b/docs/resources/edges/manage-ca.mdx
similarity index 97%
rename from docs/hc/en-us/articles/ManageCA.mdx
rename to docs/resources/edges/manage-ca.mdx
index cfb9ab0625..0fa8728a80 100644
--- a/docs/hc/en-us/articles/ManageCA.mdx
+++ b/docs/resources/edges/manage-ca.mdx
@@ -3,7 +3,7 @@ title: ManageCA
---
-
+
diff --git a/docs/hc/en-us/articles/ManageCertificates.mdx b/docs/resources/edges/manage-certificates.mdx
similarity index 97%
rename from docs/hc/en-us/articles/ManageCertificates.mdx
rename to docs/resources/edges/manage-certificates.mdx
index 3a9bf98963..4804a7a468 100644
--- a/docs/hc/en-us/articles/ManageCertificates.mdx
+++ b/docs/resources/edges/manage-certificates.mdx
@@ -3,7 +3,7 @@ title: ManageCertificates
---
-
+
diff --git a/docs/hc/en-us/articles/AZManagedIdentity.mdx b/docs/resources/edges/managed-identity.mdx
similarity index 96%
rename from docs/hc/en-us/articles/AZManagedIdentity.mdx
rename to docs/resources/edges/managed-identity.mdx
index 7bbf9cf4df..166d5f9d3c 100644
--- a/docs/hc/en-us/articles/AZManagedIdentity.mdx
+++ b/docs/resources/edges/managed-identity.mdx
@@ -4,7 +4,7 @@ description: "Azure resources like Virtual Machines, Logic Apps, and Automation
---
-
+
diff --git a/docs/hc/en-us/articles/MemberOfLocalGroup.mdx b/docs/resources/edges/member-of-local-group.mdx
similarity index 94%
rename from docs/hc/en-us/articles/MemberOfLocalGroup.mdx
rename to docs/resources/edges/member-of-local-group.mdx
index bcb6bf58bc..d0947601cd 100644
--- a/docs/hc/en-us/articles/MemberOfLocalGroup.mdx
+++ b/docs/resources/edges/member-of-local-group.mdx
@@ -3,7 +3,7 @@ title: MemberOfLocalGroup
---
-
+
diff --git a/docs/hc/en-us/articles/AZMemberOf.mdx b/docs/resources/edges/member-of.mdx
similarity index 92%
rename from docs/hc/en-us/articles/AZMemberOf.mdx
rename to docs/resources/edges/member-of.mdx
index 409d5efba2..75f1265bcf 100644
--- a/docs/hc/en-us/articles/AZMemberOf.mdx
+++ b/docs/resources/edges/member-of.mdx
@@ -4,7 +4,7 @@ description: "The given asset is a member of the group."
---
-
+
Groups in Entra ID grant their direct members any privileges the group itself has. If a group has an Entra admin role, its direct members inherit those permissions.
diff --git a/docs/hc/en-us/articles/AZNodeResourceGroup.mdx b/docs/resources/edges/node-resource-group.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZNodeResourceGroup.mdx
rename to docs/resources/edges/node-resource-group.mdx
index 770597de96..135817ea08 100644
--- a/docs/hc/en-us/articles/AZNodeResourceGroup.mdx
+++ b/docs/resources/edges/node-resource-group.mdx
@@ -4,7 +4,7 @@ description: "This edge is created to link Azure Kubernetes Service Managed Clus
---
-
+
diff --git a/docs/hc/en-us/articles/NTAuthStoreFor.mdx b/docs/resources/edges/nt-auth-store-for.mdx
similarity index 98%
rename from docs/hc/en-us/articles/NTAuthStoreFor.mdx
rename to docs/resources/edges/nt-auth-store-for.mdx
index d07c614fd9..9c8b742ff4 100644
--- a/docs/hc/en-us/articles/NTAuthStoreFor.mdx
+++ b/docs/resources/edges/nt-auth-store-for.mdx
@@ -3,7 +3,7 @@ title: NTAuthStoreFor
---
-
+
diff --git a/docs/hc/en-us/articles/OIDGroupLink.mdx b/docs/resources/edges/oid-group-link.mdx
similarity index 97%
rename from docs/hc/en-us/articles/OIDGroupLink.mdx
rename to docs/resources/edges/oid-group-link.mdx
index 4cab317b7b..3170d4da38 100644
--- a/docs/hc/en-us/articles/OIDGroupLink.mdx
+++ b/docs/resources/edges/oid-group-link.mdx
@@ -3,7 +3,7 @@ title: OIDGroupLink
---
-
+
The edge indicates that an IssuancePolicy has an OID group link to a group.
diff --git a/docs/hc/en-us/articles/About-BloodHound-Edges.mdx b/docs/resources/edges/overview.mdx
similarity index 90%
rename from docs/hc/en-us/articles/About-BloodHound-Edges.mdx
rename to docs/resources/edges/overview.mdx
index efc419bc20..6ca9f0e217 100644
--- a/docs/hc/en-us/articles/About-BloodHound-Edges.mdx
+++ b/docs/resources/edges/overview.mdx
@@ -4,12 +4,12 @@ description: "Edges are part of the graph construct and are represented as links
---
-
+
For example, the image below shows three User nodes (left side) connected to one Group node (right side), via the “MemberOf” edge, indicating the three users belong to the group:
- 
+ 
The direction of the edge, indicated by the arrow, always indicates the direction of attack or privilege. From the above example, because all three users have a "MemberOf" edge pointing towards the group, all three users have the same privileges as the group.
@@ -17,7 +17,7 @@ The direction of the edge, indicated by the arrow, always indicates the directio
Clicking on an Edge's name/label in the graph shows its properties in the Entity Panel:
- 
+ 
Edges have only a few properties, which always include the following:
diff --git a/docs/hc/en-us/articles/AZOwner.mdx b/docs/resources/edges/owner.mdx
similarity index 61%
rename from docs/hc/en-us/articles/AZOwner.mdx
rename to docs/resources/edges/owner.mdx
index d7cca6b02d..235ae4327c 100644
--- a/docs/hc/en-us/articles/AZOwner.mdx
+++ b/docs/resources/edges/owner.mdx
@@ -5,12 +5,12 @@ description: "The principal is granted the Owner role on the resource."
-
+
-AZOwner targets resources in AzureRM (for example [AZResourceGroup](/hc/en-us/articles/AZResourceGroup), [AZSubscription](/hc/en-us/articles/AZSubscription), and [AZVM](/hc/en-us/articles/AZVM)) through role assignment called "Owner".
+AZOwner targets resources in AzureRM (for example [AZResourceGroup](/resources/nodes/az-resource-group), [AZSubscription](/resources/nodes/az-subscription), and [AZVM](/resources/nodes/az-vm)) through role assignment called "Owner".
-**Note: The edges [AZOwner](/hc/en-us/articles/AZOwner) and [AZOwns](/hc/en-us/articles/AZOwns) are distinct as they each apply their own distinct identity and access management platform (AzureRM and Entra ID respectively) with distinct mechanics, abuse primitives, and remediation steps.**
+**Note: The edges [AZOwner](/resources/edges/owner) and [AZOwns](/resources/edges/owns) are distinct as they each apply their own distinct identity and access management platform (AzureRM and Entra ID respectively) with distinct mechanics, abuse primitives, and remediation steps.**
## Abuse Info
diff --git a/docs/resources/edges/owns.mdx b/docs/resources/edges/owns.mdx
new file mode 100644
index 0000000000..1f9f44af11
--- /dev/null
+++ b/docs/resources/edges/owns.mdx
@@ -0,0 +1,22 @@
+---
+title: AZOwns
+description: "The principal is granted owner rights on the principal."
+---
+
+
+
+
+
+
+AZOwns targets resources in Entra ID (for example [AZGroup](/resources/nodes/az-group), [AZServicePrincipal](/resources/nodes/az-service-principal), and [AZDevice](/resources/nodes/az-device)) from various object-specific ownership.
+
+
+ **Note: The edges [AZOwner](/resources/edges/owner) and [AZOwns](/resources/edges/owns) are distinct as they each apply their own distinct identity and access management platform (AzureRM and Entra ID respectively) with distinct mechanics, abuse primitives, and remediation steps.**
+
+
+## Abuse Info
+
+Object ownership means almost all abuses are possible against the target object.
+
+## Opsec Considerations
+This depends on which abuse you perform, but in general Azure will create a log for each abuse action.
diff --git a/docs/hc/en-us/articles/AZPrivilegedAuthAdmin.mdx b/docs/resources/edges/privileged-auth-admin.mdx
similarity index 93%
rename from docs/hc/en-us/articles/AZPrivilegedAuthAdmin.mdx
rename to docs/resources/edges/privileged-auth-admin.mdx
index 3889364a2e..41b7465e61 100644
--- a/docs/hc/en-us/articles/AZPrivilegedAuthAdmin.mdx
+++ b/docs/resources/edges/privileged-auth-admin.mdx
@@ -4,7 +4,7 @@ description: "This edge indicates the principal has the Privileged Authenticatio
---
-
+
Principals with this role can update sensitive properties for all users. Privileged Authentication Administrator can set or reset any authentication method (including passwords) for any user, including Global Administrators.
diff --git a/docs/hc/en-us/articles/AZPrivilegedRoleAdmin.mdx b/docs/resources/edges/privileged-role-admin.mdx
similarity index 91%
rename from docs/hc/en-us/articles/AZPrivilegedRoleAdmin.mdx
rename to docs/resources/edges/privileged-role-admin.mdx
index cdfdfa795e..ab6fd34a1f 100644
--- a/docs/hc/en-us/articles/AZPrivilegedRoleAdmin.mdx
+++ b/docs/resources/edges/privileged-role-admin.mdx
@@ -4,7 +4,7 @@ description: "The Privileged Role Admin role can grant any other admin role to a
---
-
+
diff --git a/docs/hc/en-us/articles/PublishedTo.mdx b/docs/resources/edges/published-to.mdx
similarity index 97%
rename from docs/hc/en-us/articles/PublishedTo.mdx
rename to docs/resources/edges/published-to.mdx
index f5e7b3e38e..55870470ce 100644
--- a/docs/hc/en-us/articles/PublishedTo.mdx
+++ b/docs/resources/edges/published-to.mdx
@@ -3,7 +3,7 @@ title: PublishedTo
---
-
+
The certificate template is published to an enterprise certification authority. This relationship means
diff --git a/docs/hc/en-us/articles/ReadGMSAPassword.mdx b/docs/resources/edges/read-gmsa-password.mdx
similarity index 99%
rename from docs/hc/en-us/articles/ReadGMSAPassword.mdx
rename to docs/resources/edges/read-gmsa-password.mdx
index ce446b8793..c314587882 100644
--- a/docs/hc/en-us/articles/ReadGMSAPassword.mdx
+++ b/docs/resources/edges/read-gmsa-password.mdx
@@ -3,7 +3,7 @@ title: ReadGMSAPassword
---
-
+
diff --git a/docs/hc/en-us/articles/ReadLAPSPassword.mdx b/docs/resources/edges/read-laps-password.mdx
similarity index 98%
rename from docs/hc/en-us/articles/ReadLAPSPassword.mdx
rename to docs/resources/edges/read-laps-password.mdx
index 75814f3a05..6b78f00ed7 100644
--- a/docs/hc/en-us/articles/ReadLAPSPassword.mdx
+++ b/docs/resources/edges/read-laps-password.mdx
@@ -3,7 +3,7 @@ title: Working with the BloodHound API
---
-
+
diff --git a/docs/hc/en-us/articles/RemoteInteractiveLogonPrivilege.mdx b/docs/resources/edges/remote-interactive-logon-privilege.mdx
similarity index 81%
rename from docs/hc/en-us/articles/RemoteInteractiveLogonPrivilege.mdx
rename to docs/resources/edges/remote-interactive-logon-privilege.mdx
index 39308305c4..3a0a611521 100644
--- a/docs/hc/en-us/articles/RemoteInteractiveLogonPrivilege.mdx
+++ b/docs/resources/edges/remote-interactive-logon-privilege.mdx
@@ -3,12 +3,12 @@ title: RemoteInteractiveLogonPrivilege
---
-
+
From Principal to Computer: Principal has the SeRemoteInteractiveLogonPrivilege on the Computer.
-For RDP access the principal also needs membership in the computer's local Remote Desktop Users group, which related to the edge [MemberOfLocalGroup](/hc/en-us/articles/MemberOfLocalGroup). When RDP access is possible, the prinicpal will have the edge [CanRDP](/hc/en-us/articles/CanRDP).
+For RDP access the principal also needs membership in the computer's local Remote Desktop Users group, which related to the edge [MemberOfLocalGroup](/resources/edges/member-of-local-group). When RDP access is possible, the prinicpal will have the edge [CanRDP](/resources/edges/can-rdp).
Abuse Info[](#heading-1)
------------------------
diff --git a/docs/hc/en-us/articles/AZResetPassword.mdx b/docs/resources/edges/reset-password.mdx
similarity index 92%
rename from docs/hc/en-us/articles/AZResetPassword.mdx
rename to docs/resources/edges/reset-password.mdx
index d442a86425..c2ecef1c63 100644
--- a/docs/hc/en-us/articles/AZResetPassword.mdx
+++ b/docs/resources/edges/reset-password.mdx
@@ -4,7 +4,7 @@ description: "The ability to change another user’s password without knowing th
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/AZMGRoleManagement-ReadWrite-Directory.mdx b/docs/resources/edges/role-management-readwrite-directory.mdx
similarity index 93%
rename from docs/hc/en-us/articles/AZMGRoleManagement-ReadWrite-Directory.mdx
rename to docs/resources/edges/role-management-readwrite-directory.mdx
index 75f50997ba..da11e501cb 100644
--- a/docs/hc/en-us/articles/AZMGRoleManagement-ReadWrite-Directory.mdx
+++ b/docs/resources/edges/role-management-readwrite-directory.mdx
@@ -4,7 +4,7 @@ description: "This edge is created when a Service Principal has been granted the
---
-
+
diff --git a/docs/hc/en-us/articles/RootCAFor.mdx b/docs/resources/edges/root-ca-for.mdx
similarity index 97%
rename from docs/hc/en-us/articles/RootCAFor.mdx
rename to docs/resources/edges/root-ca-for.mdx
index 060db406c4..89d62a9cf3 100644
--- a/docs/hc/en-us/articles/RootCAFor.mdx
+++ b/docs/resources/edges/root-ca-for.mdx
@@ -3,7 +3,7 @@ title: RootCAFor
---
-
+
diff --git a/docs/hc/en-us/articles/AZRunAs.mdx b/docs/resources/edges/run-as.mdx
similarity index 91%
rename from docs/hc/en-us/articles/AZRunAs.mdx
rename to docs/resources/edges/run-as.mdx
index 2a59ec4cbd..8110bf1a6f 100644
--- a/docs/hc/en-us/articles/AZRunAs.mdx
+++ b/docs/resources/edges/run-as.mdx
@@ -4,7 +4,7 @@ description: "The Azure App runs as the Service Principal when it needs to authe
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/AZScopedTo.mdx b/docs/resources/edges/scoped-to.mdx
similarity index 93%
rename from docs/hc/en-us/articles/AZScopedTo.mdx
rename to docs/resources/edges/scoped-to.mdx
index 7f45fbc4cc..90e0b6dbea 100644
--- a/docs/hc/en-us/articles/AZScopedTo.mdx
+++ b/docs/resources/edges/scoped-to.mdx
@@ -4,7 +4,7 @@ description: "Is used to distinguish whether an EntraID (AzureAD) admin role suc
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/AZMGServicePrincipalEndpoint-ReadWrite-All.mdx b/docs/resources/edges/service-principal-endpoint-readwrite-all.mdx
similarity index 91%
rename from docs/hc/en-us/articles/AZMGServicePrincipalEndpoint-ReadWrite-All.mdx
rename to docs/resources/edges/service-principal-endpoint-readwrite-all.mdx
index 8a81ccf696..33abc64aca 100644
--- a/docs/hc/en-us/articles/AZMGServicePrincipalEndpoint-ReadWrite-All.mdx
+++ b/docs/resources/edges/service-principal-endpoint-readwrite-all.mdx
@@ -4,7 +4,7 @@ description: "This edge is created when a Service Principal has been granted the
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/SQLAdmin.mdx b/docs/resources/edges/sql-admin.mdx
similarity index 99%
rename from docs/hc/en-us/articles/SQLAdmin.mdx
rename to docs/resources/edges/sql-admin.mdx
index 74b07791a9..f4f0724741 100644
--- a/docs/hc/en-us/articles/SQLAdmin.mdx
+++ b/docs/resources/edges/sql-admin.mdx
@@ -3,7 +3,7 @@ title: SQLAdmin
---
-
+
The user is a SQL admin on the target computer
diff --git a/docs/hc/en-us/articles/SyncLAPSPassword.mdx b/docs/resources/edges/sync-laps-password.mdx
similarity index 94%
rename from docs/hc/en-us/articles/SyncLAPSPassword.mdx
rename to docs/resources/edges/sync-laps-password.mdx
index 87a37b9f45..fbd9bd6474 100644
--- a/docs/hc/en-us/articles/SyncLAPSPassword.mdx
+++ b/docs/resources/edges/sync-laps-password.mdx
@@ -3,7 +3,7 @@ title: SyncLAPSPassword
---
-
+
A principal with this signifies the capability of retrieving, through a directory synchronization, the value of confidential and RODC filtered attributes, such as LAPS’ _ms-Mcs-AdmPwd_.
diff --git a/docs/hc/en-us/articles/SyncedToADUser.mdx b/docs/resources/edges/synced-to-ad-user.mdx
similarity index 95%
rename from docs/hc/en-us/articles/SyncedToADUser.mdx
rename to docs/resources/edges/synced-to-ad-user.mdx
index 583e007a62..9d398838b8 100644
--- a/docs/hc/en-us/articles/SyncedToADUser.mdx
+++ b/docs/resources/edges/synced-to-ad-user.mdx
@@ -3,7 +3,7 @@ title: SyncedToADUser
---
-
+
The Entra user is synchronized to the on-prem AD user.
diff --git a/docs/hc/en-us/articles/SyncedToEntraUser.mdx b/docs/resources/edges/synced-to-entra-user.mdx
similarity index 95%
rename from docs/hc/en-us/articles/SyncedToEntraUser.mdx
rename to docs/resources/edges/synced-to-entra-user.mdx
index 487f5b3b82..187fc0e354 100644
--- a/docs/hc/en-us/articles/SyncedToEntraUser.mdx
+++ b/docs/resources/edges/synced-to-entra-user.mdx
@@ -3,7 +3,7 @@ title: SyncedToEntraUser
---
-
+
The on-prem AD user is synchronized to the Entra ID user.
diff --git a/docs/hc/en-us/articles/Traversable-and-Non-Traversable-Edge-Types.mdx b/docs/resources/edges/traversable-edges.mdx
similarity index 93%
rename from docs/hc/en-us/articles/Traversable-and-Non-Traversable-Edge-Types.mdx
rename to docs/resources/edges/traversable-edges.mdx
index 66de127c76..039d48ddc5 100644
--- a/docs/hc/en-us/articles/Traversable-and-Non-Traversable-Edge-Types.mdx
+++ b/docs/resources/edges/traversable-edges.mdx
@@ -3,7 +3,7 @@ title: Traversable and Non-Traversable Edge Types
---
-
+
## Traversable Edges
@@ -13,7 +13,7 @@ Most edges in BloodHound are traversable, representing a relationship between tw
For example, consider the ForceChangePassword edge:
- 
+ 
The Service Desk group has permission to force change the password of Bob without knowing Bob’s current password. An attacker can abuse this to change the password, log in as Bob, and exploit Bob’s privileges. Traversable edges like ForceChangePassword facilitate graph traversal and enable the pathfinding logic in BloodHound.
@@ -64,13 +64,13 @@ If you cannot abuse a given relationship between two nodes to take control of th
Pathfinding includes only traversable edges. As a result, you might get a DCSync edge in a path like this:
- 
+ 
But you will not see any GetChanges or GetChangesAll edge. However, you can use Cypher to reveal the GetChanges and GetChangeAll edges that the DCSync edge relies on:
- 
+ 
diff --git a/docs/hc/en-us/articles/TrustedBy.mdx b/docs/resources/edges/trusted-by.mdx
similarity index 91%
rename from docs/hc/en-us/articles/TrustedBy.mdx
rename to docs/resources/edges/trusted-by.mdx
index 74152cfdf4..66613f313a 100644
--- a/docs/hc/en-us/articles/TrustedBy.mdx
+++ b/docs/resources/edges/trusted-by.mdx
@@ -3,7 +3,7 @@ title: TrustedBy
---
-
+
This edge is used to keep track of domain trusts, and maps to the direction of access.
diff --git a/docs/hc/en-us/articles/TrustedForNTAuth.mdx b/docs/resources/edges/trusted-for-nt-auth.mdx
similarity index 96%
rename from docs/hc/en-us/articles/TrustedForNTAuth.mdx
rename to docs/resources/edges/trusted-for-nt-auth.mdx
index c06791d785..f2382b63ca 100644
--- a/docs/hc/en-us/articles/TrustedForNTAuth.mdx
+++ b/docs/resources/edges/trusted-for-nt-auth.mdx
@@ -3,7 +3,7 @@ title: TrustedForNTAuth
---
-
+
The NTAuthStore contains the certificate of the Enterprise CA. The consequence of the relationship is that certificate issued by the Enterprise CA are trusted for authentication in the AD forest of the NTAuthStore.
diff --git a/docs/hc/en-us/articles/AZUserAccessAdministrator.mdx b/docs/resources/edges/user-access-administrator.mdx
similarity index 95%
rename from docs/hc/en-us/articles/AZUserAccessAdministrator.mdx
rename to docs/resources/edges/user-access-administrator.mdx
index 0392b177e6..1ce5bc596b 100644
--- a/docs/hc/en-us/articles/AZUserAccessAdministrator.mdx
+++ b/docs/resources/edges/user-access-administrator.mdx
@@ -4,7 +4,7 @@ description: "The User Access Admin role can edit roles against many other objec
---
-
+
diff --git a/docs/hc/en-us/articles/AZVMAdminLogin.mdx b/docs/resources/edges/vm-admin-login.mdx
similarity index 96%
rename from docs/hc/en-us/articles/AZVMAdminLogin.mdx
rename to docs/resources/edges/vm-admin-login.mdx
index a971f9f40a..d5fd2e8370 100644
--- a/docs/hc/en-us/articles/AZVMAdminLogin.mdx
+++ b/docs/resources/edges/vm-admin-login.mdx
@@ -4,7 +4,7 @@ description: "When a virtual machine is configured to allow logon with Azure cre
---
-
+
Any principal granted this role, scoped to the affected VM, can connect to the VM via RDP and will be granted local admin rights on the VM.
diff --git a/docs/hc/en-us/articles/AZVMContributor.mdx b/docs/resources/edges/vm-contributor.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZVMContributor.mdx
rename to docs/resources/edges/vm-contributor.mdx
index 8ceea5c0b1..83c24a2c46 100644
--- a/docs/hc/en-us/articles/AZVMContributor.mdx
+++ b/docs/resources/edges/vm-contributor.mdx
@@ -4,7 +4,7 @@ description: "The Virtual Machine contributor role grants almost all abusable pr
---
-
+
## Abuse Info
diff --git a/docs/hc/en-us/articles/AZWebsiteContributor.mdx b/docs/resources/edges/website-contributor.mdx
similarity index 96%
rename from docs/hc/en-us/articles/AZWebsiteContributor.mdx
rename to docs/resources/edges/website-contributor.mdx
index 9c4ca5ff51..ba72123aa6 100644
--- a/docs/hc/en-us/articles/AZWebsiteContributor.mdx
+++ b/docs/resources/edges/website-contributor.mdx
@@ -4,7 +4,7 @@ description: "The Website Contributor role grants full control of the target Fun
---
-
+
diff --git a/docs/hc/en-us/articles/WriteAccountRestrictions.mdx b/docs/resources/edges/write-account-restrictions.mdx
similarity index 97%
rename from docs/hc/en-us/articles/WriteAccountRestrictions.mdx
rename to docs/resources/edges/write-account-restrictions.mdx
index 1d7413f818..912834b9d9 100644
--- a/docs/hc/en-us/articles/WriteAccountRestrictions.mdx
+++ b/docs/resources/edges/write-account-restrictions.mdx
@@ -3,7 +3,7 @@ title: WriteAccountRestrictions
---
-
+
This edge indicates the principal has the ability to modify several properties on the target principal, most notably the msDS-AllowedToActOnBehalfOfOtherIdentity attribute. The ability to modify the msDS-AllowedToActOnBehalfOfOtherIdentity property allows an attacker to abuse resource-based constrained delegation to compromise the remote computer system. This property is a binary DACL that controls what security principals can pretend to be any domain user to the particular computer object.
diff --git a/docs/hc/en-us/articles/WriteDacl.mdx b/docs/resources/edges/write-dacl.mdx
similarity index 96%
rename from docs/hc/en-us/articles/WriteDacl.mdx
rename to docs/resources/edges/write-dacl.mdx
index 5b2ecdc7e5..f91db346bb 100644
--- a/docs/hc/en-us/articles/WriteDacl.mdx
+++ b/docs/resources/edges/write-dacl.mdx
@@ -3,7 +3,7 @@ title: WriteDacl
---
-
+
With write access to the target object’s DACL, you can grant yourself any privilege you want on the object.
diff --git a/docs/hc/en-us/articles/WriteGPLink.mdx b/docs/resources/edges/write-gp-link.mdx
similarity index 97%
rename from docs/hc/en-us/articles/WriteGPLink.mdx
rename to docs/resources/edges/write-gp-link.mdx
index 08dcab3cfe..9f2dd9f36f 100644
--- a/docs/hc/en-us/articles/WriteGPLink.mdx
+++ b/docs/resources/edges/write-gp-link.mdx
@@ -3,7 +3,7 @@ title: WriteGPLink
---
-
+
The WriteGPLink edge indicates that the principal has the permissions to modify the gPLink attribute of the targeted OU/domain node.
diff --git a/docs/hc/en-us/articles/WriteOwner.mdx b/docs/resources/edges/write-owner.mdx
similarity index 97%
rename from docs/hc/en-us/articles/WriteOwner.mdx
rename to docs/resources/edges/write-owner.mdx
index 93f50c8b54..98722c907d 100644
--- a/docs/hc/en-us/articles/WriteOwner.mdx
+++ b/docs/resources/edges/write-owner.mdx
@@ -3,7 +3,7 @@ title: WriteOwner
---
-
+
diff --git a/docs/hc/en-us/articles/WritePKIEnrollmentFlag.mdx b/docs/resources/edges/write-pki-enrollment-flag.mdx
similarity index 95%
rename from docs/hc/en-us/articles/WritePKIEnrollmentFlag.mdx
rename to docs/resources/edges/write-pki-enrollment-flag.mdx
index be4c9dece8..ea0dda96f6 100644
--- a/docs/hc/en-us/articles/WritePKIEnrollmentFlag.mdx
+++ b/docs/resources/edges/write-pki-enrollment-flag.mdx
@@ -3,7 +3,7 @@ title: WritePKIEnrollmentFlag
---
-
+
The attacker principal has the ability to write to the msPKI-Enrollment-Flag attribute on the victim principal, which allows the attacker principal to configure "manager approval" for the certificate template and other settings.
diff --git a/docs/hc/en-us/articles/WritePKINameFlag.mdx b/docs/resources/edges/write-pki-name-flag.mdx
similarity index 95%
rename from docs/hc/en-us/articles/WritePKINameFlag.mdx
rename to docs/resources/edges/write-pki-name-flag.mdx
index 33eb34155c..de75449272 100644
--- a/docs/hc/en-us/articles/WritePKINameFlag.mdx
+++ b/docs/resources/edges/write-pki-name-flag.mdx
@@ -3,7 +3,7 @@ title: WritePKINameFlag
---
-
+
The attacker principal has the ability to write to the msPKI-Certificate-Name-Flag attribute on the victim principal, which allows the attacker principal to configure "enrollee supplies subject" for the certificate template and other settings.
diff --git a/docs/hc/en-us/articles/WriteSPN.mdx b/docs/resources/edges/write-spn.mdx
similarity index 96%
rename from docs/hc/en-us/articles/WriteSPN.mdx
rename to docs/resources/edges/write-spn.mdx
index 86f45a2d6d..febeafff59 100644
--- a/docs/hc/en-us/articles/WriteSPN.mdx
+++ b/docs/resources/edges/write-spn.mdx
@@ -3,7 +3,7 @@ title: WriteSPN
---
-
+
The ability to write directly to the servicePrincipalNames attribute on a user object. Writing to this property gives you the opportunity to perform a targeted kerberoasting attack against that user.
diff --git a/docs/hc/en-us/get-started/bloodhound-glossary.mdx b/docs/resources/glossary/overview.mdx
similarity index 78%
rename from docs/hc/en-us/get-started/bloodhound-glossary.mdx
rename to docs/resources/glossary/overview.mdx
index 36485e6f36..19ca9f65b1 100644
--- a/docs/hc/en-us/get-started/bloodhound-glossary.mdx
+++ b/docs/resources/glossary/overview.mdx
@@ -3,14 +3,14 @@ title: "BloodHound Glossary"
---
- 
+ 
Understand the terminology used in BloodHound software and documentation.
## Attack Path
-Attack paths are chains of abusable privileges and user behaviors that create direct and indirect connections between computers and users. In BloodHound, attack paths are visualized in the [graph](#graph) by [nodes](#node) and [edges](#edge). Learn more in [What is Attack Path Management](https://bloodhoundenterprise.io/what-is-attack-path-management/).
+A sequence of [edges](#edge) that connect a principal to a target. Attack paths show how an attacker could potentially move from one principal to another through various permissions and relationships.
## Attack Path Management (APM)
@@ -22,7 +22,7 @@ A choke point is a [privilege](#privilege) or user behavior (called [edges](#edg
## Cypher
-[Cypher](https://opencypher.org/) is a [graph](#graph) query language used to interact with BloodHound's database. It's similar to SQL for traditional databases. To use it, see [Searching with Cypher](/hc/en-us/articles/Searching-with-Cypher).
+A graph query language used to search and analyze data in BloodHound. To learn more about using Cypher in BloodHound, see [Searching with Cypher](/analyze-data/bloodhound-gui/cypher-search).
## Collector / Client
@@ -34,7 +34,7 @@ A directory of identities or an identity provider, like Active Directory (AD) an
## Edge
-An edge is part of the [graph](#graph) construct and represents a relationship between two [nodes](#node), indicating some form of interaction. See [About BloodHound Edges](/hc/en-us/articles/About-BloodHound-Edges).
+A relationship between two [nodes](#node) in the graph. Edges represent different types of permissions or interactions between principals. See [About BloodHound Edges](/resources/edges/overview).
## Enterprise Access Model (EAM)
@@ -54,11 +54,19 @@ The graph database used by BloodHound. It stores the relationships between [node
## Identity-based Attack Path
-An attack path is based on identity/an already authenticated [principal](#principal). BloodHound's main goal is to help visualize and manage attack paths.
+An attack path is based on identity/an already authenticated [principal](#principal). BloodHound's main goal is to help visualize and manage attack paths.
## Node
-A node is part of the [graph](#graph) construct and refers to an entity in the network, such as a user, computer, group, or domain. Two nodes can be connected by an [edge](#edge). See [About BloodHound Nodes](/hc/en-us/articles/About-BloodHound-Nodes).
+A vertex in the graph representing an Active Directory or Azure object. Common node types include:
+
+- Users
+- Groups
+- Computers
+- Service Principals
+- Applications
+
+See [About BloodHound Nodes](/resources/nodes/overview).
## Principal
diff --git a/docs/hc/en-us/articles/ADLocalGroup.mdx b/docs/resources/nodes/ad-local-group.mdx
similarity index 88%
rename from docs/hc/en-us/articles/ADLocalGroup.mdx
rename to docs/resources/nodes/ad-local-group.mdx
index 2368a8817e..26e41e8ccd 100644
--- a/docs/hc/en-us/articles/ADLocalGroup.mdx
+++ b/docs/resources/nodes/ad-local-group.mdx
@@ -3,10 +3,10 @@ title: ADLocalGroup
---
-
+
- 
+ 
This article outlines the ADLocalGroup node in BloodHound, it describes the node's properties and possible incoming/outgoing edges.
@@ -32,7 +32,7 @@ The node supports the properties of the table. Three types of property names wil
## Edges
-The following edge types may be linked to/from this node. See the [edges documentation](/hc/en-us/sections/Edges) for more information on the edge types.
+The following edge types may be linked to/from this node. See the [edges documentation](/resources/edges) for more information on the edge types.
### Incoming edges
diff --git a/docs/hc/en-us/articles/ADLocalUser.mdx b/docs/resources/nodes/ad-local-user.mdx
similarity index 88%
rename from docs/hc/en-us/articles/ADLocalUser.mdx
rename to docs/resources/nodes/ad-local-user.mdx
index 44bae8d655..c7dcef6d76 100644
--- a/docs/hc/en-us/articles/ADLocalUser.mdx
+++ b/docs/resources/nodes/ad-local-user.mdx
@@ -4,10 +4,10 @@ description: "This article outlines the ADLocalUser node in BloodHound, it descr
---
-
+
-
+
## Representation
@@ -31,7 +31,7 @@ The node supports the properties of the table. Three types of property names wil
## Edges
-The following edge types may be linked from this node. See the [edges documentation](/hc/en-us/sections/Edges) for more information on the edge types.
+The following edge types may be linked from this node. See the [edges documentation](/resources/edges) for more information on the edge types.
### Incoming edges
diff --git a/docs/hc/en-us/articles/AIACA.mdx b/docs/resources/nodes/aiaca.mdx
similarity index 97%
rename from docs/hc/en-us/articles/AIACA.mdx
rename to docs/resources/nodes/aiaca.mdx
index debfb297a0..387c8d7688 100644
--- a/docs/hc/en-us/articles/AIACA.mdx
+++ b/docs/resources/nodes/aiaca.mdx
@@ -36,7 +36,7 @@ The node supports the properties of the table. Three types of property names wil
## Edges
-The following edge types may be linked to/from this node. See the [edges documentation](/hc/en-us/sections/Edges) for more information on the edge types.
+The following edge types may be linked to/from this node. See the [edges documentation](/resources/edges) for more information on the edge types.
### Incoming edges
diff --git a/docs/hc/en-us/articles/AZApp.mdx b/docs/resources/nodes/az-app.mdx
similarity index 95%
rename from docs/hc/en-us/articles/AZApp.mdx
rename to docs/resources/nodes/az-app.mdx
index 64d4de91bb..c48cd9d53c 100644
--- a/docs/hc/en-us/articles/AZApp.mdx
+++ b/docs/resources/nodes/az-app.mdx
@@ -3,7 +3,7 @@ title: AZApp
---
-
+
## Node properties
diff --git a/docs/hc/en-us/articles/AZAutomationAccount.mdx b/docs/resources/nodes/az-automation-account.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZAutomationAccount.mdx
rename to docs/resources/nodes/az-automation-account.mdx
index 617c5ed81f..75de92ca48 100644
--- a/docs/hc/en-us/articles/AZAutomationAccount.mdx
+++ b/docs/resources/nodes/az-automation-account.mdx
@@ -3,7 +3,7 @@ title: AZAutomationAccount
---
-
+
## Node properties
diff --git a/docs/hc/en-us/articles/AZBase.mdx b/docs/resources/nodes/az-base.mdx
similarity index 87%
rename from docs/hc/en-us/articles/AZBase.mdx
rename to docs/resources/nodes/az-base.mdx
index 0b48ec5245..ffe91cfa8e 100644
--- a/docs/hc/en-us/articles/AZBase.mdx
+++ b/docs/resources/nodes/az-base.mdx
@@ -3,11 +3,11 @@ title: AZBase
---
-
+
-
+
This article outlines the AZBase node in BloodHound, it describes the node's properties and possible incoming/outgoing edges.
@@ -33,5 +33,5 @@ The node supports the properties of the table. Three types of property names wil
## Edges
-Any edge type may be linked to/from this node. See the [edges documentation](/hc/en-us/sections/Edges) for more information on the edge types.
+Any edge type may be linked to/from this node. See the [edges documentation](/resources/edges) for more information on the edge types.
diff --git a/docs/hc/en-us/articles/AZContainerRegistry.mdx b/docs/resources/nodes/az-container-registry.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZContainerRegistry.mdx
rename to docs/resources/nodes/az-container-registry.mdx
index 2c8978f010..26ff48fc24 100644
--- a/docs/hc/en-us/articles/AZContainerRegistry.mdx
+++ b/docs/resources/nodes/az-container-registry.mdx
@@ -3,7 +3,7 @@ title: AZContainerRegistry
---
-
+
## Node properties
diff --git a/docs/hc/en-us/articles/AZDevice.mdx b/docs/resources/nodes/az-device.mdx
similarity index 95%
rename from docs/hc/en-us/articles/AZDevice.mdx
rename to docs/resources/nodes/az-device.mdx
index 5ef0384cda..7a60ea7ad0 100644
--- a/docs/hc/en-us/articles/AZDevice.mdx
+++ b/docs/resources/nodes/az-device.mdx
@@ -3,7 +3,7 @@ title: AZDevice
---
-
+
diff --git a/docs/hc/en-us/articles/AZFunctionApp.mdx b/docs/resources/nodes/az-function-app.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZFunctionApp.mdx
rename to docs/resources/nodes/az-function-app.mdx
index 1786c97995..8add981e6d 100644
--- a/docs/hc/en-us/articles/AZFunctionApp.mdx
+++ b/docs/resources/nodes/az-function-app.mdx
@@ -3,7 +3,7 @@ title: AZFunctionApp
---
-
+
## Node properties
diff --git a/docs/hc/en-us/articles/AZGroup.mdx b/docs/resources/nodes/az-group.mdx
similarity index 96%
rename from docs/hc/en-us/articles/AZGroup.mdx
rename to docs/resources/nodes/az-group.mdx
index 375c0ffbf5..293c6424a8 100644
--- a/docs/hc/en-us/articles/AZGroup.mdx
+++ b/docs/resources/nodes/az-group.mdx
@@ -3,7 +3,7 @@ title: AZGroup
---
-
+
## Node properties
diff --git a/docs/hc/en-us/articles/AZKeyVault.mdx b/docs/resources/nodes/az-key-vault.mdx
similarity index 93%
rename from docs/hc/en-us/articles/AZKeyVault.mdx
rename to docs/resources/nodes/az-key-vault.mdx
index 26fbb448aa..eb85b055f6 100644
--- a/docs/hc/en-us/articles/AZKeyVault.mdx
+++ b/docs/resources/nodes/az-key-vault.mdx
@@ -3,7 +3,7 @@ title: AZKeyVault
---
-
+
## Node properties
diff --git a/docs/hc/en-us/articles/AZLogicApp.mdx b/docs/resources/nodes/az-logic-app.mdx
similarity index 93%
rename from docs/hc/en-us/articles/AZLogicApp.mdx
rename to docs/resources/nodes/az-logic-app.mdx
index fab76d046e..e6468060ec 100644
--- a/docs/hc/en-us/articles/AZLogicApp.mdx
+++ b/docs/resources/nodes/az-logic-app.mdx
@@ -3,7 +3,7 @@ title: AZLogicApp
---
-
+
## Node properties
diff --git a/docs/hc/en-us/articles/AZManagedCluster.mdx b/docs/resources/nodes/az-managed-cluster.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZManagedCluster.mdx
rename to docs/resources/nodes/az-managed-cluster.mdx
index bc188de2ea..4916ffb852 100644
--- a/docs/hc/en-us/articles/AZManagedCluster.mdx
+++ b/docs/resources/nodes/az-managed-cluster.mdx
@@ -3,7 +3,7 @@ title: AZManagedCluster
---
-
+
diff --git a/docs/hc/en-us/articles/AZManagementGroup.mdx b/docs/resources/nodes/az-management-group.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZManagementGroup.mdx
rename to docs/resources/nodes/az-management-group.mdx
index d432a79028..2d7d8f05de 100644
--- a/docs/hc/en-us/articles/AZManagementGroup.mdx
+++ b/docs/resources/nodes/az-management-group.mdx
@@ -3,7 +3,7 @@ title: AZManagementGroup
---
-
+
diff --git a/docs/hc/en-us/articles/AZResourceGroup.mdx b/docs/resources/nodes/az-resource-group.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZResourceGroup.mdx
rename to docs/resources/nodes/az-resource-group.mdx
index 413fc50292..35a4582f9a 100644
--- a/docs/hc/en-us/articles/AZResourceGroup.mdx
+++ b/docs/resources/nodes/az-resource-group.mdx
@@ -3,7 +3,7 @@ title: AZResourceGroup
---
-
+
diff --git a/docs/hc/en-us/articles/AZRole.mdx b/docs/resources/nodes/az-role.mdx
similarity index 95%
rename from docs/hc/en-us/articles/AZRole.mdx
rename to docs/resources/nodes/az-role.mdx
index ee94fd2586..c4c8141c7f 100644
--- a/docs/hc/en-us/articles/AZRole.mdx
+++ b/docs/resources/nodes/az-role.mdx
@@ -3,7 +3,7 @@ title: AZRole
---
-
+
diff --git a/docs/hc/en-us/articles/AZServicePrincipal.mdx b/docs/resources/nodes/az-service-principal.mdx
similarity index 95%
rename from docs/hc/en-us/articles/AZServicePrincipal.mdx
rename to docs/resources/nodes/az-service-principal.mdx
index 77bd50dce9..b8c3587038 100644
--- a/docs/hc/en-us/articles/AZServicePrincipal.mdx
+++ b/docs/resources/nodes/az-service-principal.mdx
@@ -3,7 +3,7 @@ title: AZServicePrincipal
---
-
+
diff --git a/docs/hc/en-us/articles/AZSubscription.mdx b/docs/resources/nodes/az-subscription.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZSubscription.mdx
rename to docs/resources/nodes/az-subscription.mdx
index 9790ee4a15..57a68e4fb7 100644
--- a/docs/hc/en-us/articles/AZSubscription.mdx
+++ b/docs/resources/nodes/az-subscription.mdx
@@ -3,7 +3,7 @@ title: AZSubscription
---
-
+
## Node properties
diff --git a/docs/hc/en-us/articles/AZTenant.mdx b/docs/resources/nodes/az-tenant.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZTenant.mdx
rename to docs/resources/nodes/az-tenant.mdx
index d801488613..7b47136b79 100644
--- a/docs/hc/en-us/articles/AZTenant.mdx
+++ b/docs/resources/nodes/az-tenant.mdx
@@ -3,7 +3,7 @@ title: AZTenant
---
-
+
diff --git a/docs/hc/en-us/articles/AZUser.mdx b/docs/resources/nodes/az-user.mdx
similarity index 96%
rename from docs/hc/en-us/articles/AZUser.mdx
rename to docs/resources/nodes/az-user.mdx
index 25a39d804d..9fe990b264 100644
--- a/docs/hc/en-us/articles/AZUser.mdx
+++ b/docs/resources/nodes/az-user.mdx
@@ -3,7 +3,7 @@ title: AZUser
---
-
+
diff --git a/docs/hc/en-us/articles/AZVMScaleSet.mdx b/docs/resources/nodes/az-vm-scale-set.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZVMScaleSet.mdx
rename to docs/resources/nodes/az-vm-scale-set.mdx
index 4884c7bfc7..f73ed19161 100644
--- a/docs/hc/en-us/articles/AZVMScaleSet.mdx
+++ b/docs/resources/nodes/az-vm-scale-set.mdx
@@ -3,7 +3,7 @@ title: AZVMScaleSet
---
-
+
diff --git a/docs/hc/en-us/articles/AZVM.mdx b/docs/resources/nodes/az-vm.mdx
similarity index 94%
rename from docs/hc/en-us/articles/AZVM.mdx
rename to docs/resources/nodes/az-vm.mdx
index f3a79e010e..38958bd092 100644
--- a/docs/hc/en-us/articles/AZVM.mdx
+++ b/docs/resources/nodes/az-vm.mdx
@@ -3,7 +3,7 @@ title: AZVM
---
-
+
diff --git a/docs/hc/en-us/articles/AZWebApp.mdx b/docs/resources/nodes/az-web-app.mdx
similarity index 95%
rename from docs/hc/en-us/articles/AZWebApp.mdx
rename to docs/resources/nodes/az-web-app.mdx
index 71bcd7f0ac..4b45e60ad2 100644
--- a/docs/hc/en-us/articles/AZWebApp.mdx
+++ b/docs/resources/nodes/az-web-app.mdx
@@ -3,7 +3,7 @@ title: AZWebApp
---
-
+
## Node Properties
diff --git a/docs/hc/en-us/articles/Base.mdx b/docs/resources/nodes/base.mdx
similarity index 91%
rename from docs/hc/en-us/articles/Base.mdx
rename to docs/resources/nodes/base.mdx
index 0fea4611de..758fa53af3 100644
--- a/docs/hc/en-us/articles/Base.mdx
+++ b/docs/resources/nodes/base.mdx
@@ -4,7 +4,7 @@ description: "This article outlines the Base node in BloodHound, it describes th
---
-
+
## Representation
@@ -28,5 +28,5 @@ The node supports the properties of the table. Three types of property names wil
## Edges
-Any edge type may be linked to/from this node. See the [edges documentation](/hc/en-us/sections/Edges) for more information on the edge types.
+Any edge type may be linked to/from this node. See the [edges documentation](/resources/edges) for more information on the edge types.
diff --git a/docs/hc/en-us/articles/CertTemplate.mdx b/docs/resources/nodes/cert-template.mdx
similarity index 98%
rename from docs/hc/en-us/articles/CertTemplate.mdx
rename to docs/resources/nodes/cert-template.mdx
index c479307588..a1150107dc 100644
--- a/docs/hc/en-us/articles/CertTemplate.mdx
+++ b/docs/resources/nodes/cert-template.mdx
@@ -54,7 +54,7 @@ The node supports the properties of the table. Three types of property names wil
## Edges
-The following edge types may be linked to/from this node. See the [edges documentation](/hc/en-us/sections/Edges) for more information on the edge types.
+The following edge types may be linked to/from this node. See the [edges documentation](/resources/edges) for more information on the edge types.
### Incoming edges
diff --git a/docs/hc/en-us/articles/Computer.mdx b/docs/resources/nodes/computer.mdx
similarity index 97%
rename from docs/hc/en-us/articles/Computer.mdx
rename to docs/resources/nodes/computer.mdx
index 94be37500e..4b63dbd57d 100644
--- a/docs/hc/en-us/articles/Computer.mdx
+++ b/docs/resources/nodes/computer.mdx
@@ -3,7 +3,7 @@ title: Computer
---
-
+
## Node properties
diff --git a/docs/hc/en-us/articles/Container.mdx b/docs/resources/nodes/container.mdx
similarity index 94%
rename from docs/hc/en-us/articles/Container.mdx
rename to docs/resources/nodes/container.mdx
index bdd2bf1e57..fcfeae82a1 100644
--- a/docs/hc/en-us/articles/Container.mdx
+++ b/docs/resources/nodes/container.mdx
@@ -3,7 +3,7 @@ title: Container
---
-
+
## Node properties
diff --git a/docs/hc/en-us/articles/Domain.mdx b/docs/resources/nodes/domain.mdx
similarity index 95%
rename from docs/hc/en-us/articles/Domain.mdx
rename to docs/resources/nodes/domain.mdx
index cb8ebc7e84..915cda3089 100644
--- a/docs/hc/en-us/articles/Domain.mdx
+++ b/docs/resources/nodes/domain.mdx
@@ -3,7 +3,7 @@ title: Domain
---
-
+
## Node Properties
diff --git a/docs/hc/en-us/articles/EnterpriseCA.mdx b/docs/resources/nodes/enterprise-ca.mdx
similarity index 98%
rename from docs/hc/en-us/articles/EnterpriseCA.mdx
rename to docs/resources/nodes/enterprise-ca.mdx
index 25059a33cd..d7f1b07ea3 100644
--- a/docs/hc/en-us/articles/EnterpriseCA.mdx
+++ b/docs/resources/nodes/enterprise-ca.mdx
@@ -45,7 +45,7 @@ The node supports the properties of the table. Three types of property names wil
## Edges
-The following edge types may be linked to/from this node. See the [edges documentation](/hc/en-us/sections/Edges) for more information on the edge types.
+The following edge types may be linked to/from this node. See the [edges documentation](/resources/edges) for more information on the edge types.
### Incoming edges
diff --git a/docs/hc/en-us/articles/GPO.mdx b/docs/resources/nodes/gpo.mdx
similarity index 96%
rename from docs/hc/en-us/articles/GPO.mdx
rename to docs/resources/nodes/gpo.mdx
index 737897fb44..8c65150eb4 100644
--- a/docs/hc/en-us/articles/GPO.mdx
+++ b/docs/resources/nodes/gpo.mdx
@@ -3,7 +3,7 @@ title: GPO
---
-
+
## Node properties
diff --git a/docs/hc/en-us/articles/Group.mdx b/docs/resources/nodes/group.mdx
similarity index 96%
rename from docs/hc/en-us/articles/Group.mdx
rename to docs/resources/nodes/group.mdx
index b96cc4bcd4..87d46128ce 100644
--- a/docs/hc/en-us/articles/Group.mdx
+++ b/docs/resources/nodes/group.mdx
@@ -3,7 +3,7 @@ title: Group
---
-
+
## Node properties
diff --git a/docs/hc/en-us/articles/IssuancePolicy.mdx b/docs/resources/nodes/issuance-policy.mdx
similarity index 96%
rename from docs/hc/en-us/articles/IssuancePolicy.mdx
rename to docs/resources/nodes/issuance-policy.mdx
index 5bf584c105..0e743cc1a5 100644
--- a/docs/hc/en-us/articles/IssuancePolicy.mdx
+++ b/docs/resources/nodes/issuance-policy.mdx
@@ -4,7 +4,7 @@ description: "This article outlines the IssuancePolicy node in BloodHound, it de
---
-
+
## Representation
@@ -34,7 +34,7 @@ The node supports the properties of the table. Three types of property names wil
## Edges
-The following edge types may be linked to/from this node. See the [edges documentation](/hc/en-us/sections/Edges) for more information on the edge types.
+The following edge types may be linked to/from this node. See the [edges documentation](/resources/edges) for more information on the edge types.
### Incoming edges
diff --git a/docs/hc/en-us/articles/NTAuthStore.mdx b/docs/resources/nodes/nt-auth-store.mdx
similarity index 97%
rename from docs/hc/en-us/articles/NTAuthStore.mdx
rename to docs/resources/nodes/nt-auth-store.mdx
index 0b9ad48e82..9608554ca2 100644
--- a/docs/hc/en-us/articles/NTAuthStore.mdx
+++ b/docs/resources/nodes/nt-auth-store.mdx
@@ -30,7 +30,7 @@ The node supports the properties of the table. Three types of property names wil
## Edges
-The following edge types may be linked to/from this node. See the [edges documentation](/hc/en-us/sections/Edges) for more information on the edge types.
+The following edge types may be linked to/from this node. See the [edges documentation](/resources/edges) for more information on the edge types.
### Incoming edges
diff --git a/docs/hc/en-us/articles/OU.mdx b/docs/resources/nodes/ou.mdx
similarity index 95%
rename from docs/hc/en-us/articles/OU.mdx
rename to docs/resources/nodes/ou.mdx
index 18915b0229..6094f09a1e 100644
--- a/docs/hc/en-us/articles/OU.mdx
+++ b/docs/resources/nodes/ou.mdx
@@ -3,7 +3,7 @@ title: OU
---
-
+
diff --git a/docs/hc/en-us/articles/About-BloodHound-Nodes.mdx b/docs/resources/nodes/overview.mdx
similarity index 72%
rename from docs/hc/en-us/articles/About-BloodHound-Nodes.mdx
rename to docs/resources/nodes/overview.mdx
index 581c563d10..7acb6c664b 100644
--- a/docs/hc/en-us/articles/About-BloodHound-Nodes.mdx
+++ b/docs/resources/nodes/overview.mdx
@@ -3,22 +3,22 @@ title: About BloodHound Nodes
---
-
+
-Nodes represent principals and other objects in the directory. BloodHound stores certain information about each node on the node itself in the neo4j database, and the GUI automatically performs several queries to gather insights about the node, such as how privileged the node is, or which GPOs apply to the node, etc. Simply click the node in the BloodHound GUI, and the “Node Info” tab will populate with all that information for the node.
+Nodes represent principals and other objects in the directory. BloodHound stores certain information about each node on the node itself in the neo4j database, and the GUI automatically performs several queries to gather insights about the node, such as how privileged the node is, or which GPOs apply to the node, etc. Simply click the node in the BloodHound GUI, and the "Node Info" tab will populate with all that information for the node.
Nodes are part of the graph construct, and are represented as circles with an illustration.
-For example, the image below shows three User nodes (left side) connected to one Group node (right side). The nodes are connected via the “MemberOf” edge. Read more about edges in the article [About BloodHound Edges](/hc/en-us/articles/About-BloodHound-Edges).
+For example, the image below shows three User nodes (left side) connected to one Group node (right side). The nodes are connected via the "MemberOf" edge. Read more about edges in the article [About BloodHound Edges](/resources/edges/overview).
- 
+ 
Clicking on a node will display the node's Entity Panel in the BloodHound UI:
- 
+ 
Each article in this section documents an individual node and each contains:
@@ -29,5 +29,5 @@ Note that edge names are always capitalized even through the directory it is col
## Node Icon Glossary
- 
+ 
diff --git a/docs/hc/en-us/articles/RootCA.mdx b/docs/resources/nodes/root-ca.mdx
similarity index 97%
rename from docs/hc/en-us/articles/RootCA.mdx
rename to docs/resources/nodes/root-ca.mdx
index f24257eaf9..13166f8d7b 100644
--- a/docs/hc/en-us/articles/RootCA.mdx
+++ b/docs/resources/nodes/root-ca.mdx
@@ -33,7 +33,7 @@ The node supports the properties of the table. Three types of property names wil
## Edges
-The following edge types may be linked to/from this node. See the [edges documentation](/hc/en-us/sections/Edges) for more information on the edge types.
+The following edge types may be linked to/from this node. See the [edges documentation](/resources/edges) for more information on the edge types.
### Incoming edges
diff --git a/docs/hc/en-us/articles/User.mdx b/docs/resources/nodes/user.mdx
similarity index 98%
rename from docs/hc/en-us/articles/User.mdx
rename to docs/resources/nodes/user.mdx
index f35f0ef51e..06ddfcc852 100644
--- a/docs/hc/en-us/articles/User.mdx
+++ b/docs/resources/nodes/user.mdx
@@ -3,7 +3,7 @@ title: User
---
-
+
## Node properties
diff --git a/docs/resources/overview.mdx b/docs/resources/overview.mdx
new file mode 100644
index 0000000000..da04641e73
--- /dev/null
+++ b/docs/resources/overview.mdx
@@ -0,0 +1,11 @@
+---
+title: Resources
+---
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/hc/en-us/articles/2022-10-11-Release-Notes.mdx b/docs/resources/release-notes/2022-10-11.mdx
similarity index 90%
rename from docs/hc/en-us/articles/2022-10-11-Release-Notes.mdx
rename to docs/resources/release-notes/2022-10-11.mdx
index 0ded92b512..61b83b1cb2 100644
--- a/docs/hc/en-us/articles/2022-10-11-Release-Notes.mdx
+++ b/docs/resources/release-notes/2022-10-11.mdx
@@ -8,8 +8,8 @@ title: 2022-10-11 Release Notes
Our documentation portal is live! Visit to check out our documentation. This site will continue to evolve and see more content week over week. Please contact your TAM if you see anything missing and we'll get it in our backlog for inclusion! Some favorites so far include:
-* [Tier Zero: Members and Modification](/hc/en-us/articles/Tier-Zero-Members-and-Modification)
-* [SAML in BloodHound Enterprise](/hc/en-us/articles/SAML-in-BloodHound)
+* [Tier Zero Members and Modification](/get-started/security-boundaries/tier-zero-members)
+* [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml)
### User Rights Assignment Collection Early Access
@@ -50,7 +50,7 @@ _Minimum version of SharpHound Service to support all current functionality: v2.
_See announcements for this week's changes._
-**NOTE:** Upgrading to v2.0.1 must occur concurrently on all services and requires enabling the “User Rights Assignment Collection” experimental feature at the same time. Please contact your TAM or respond to this email for assistance.
+**NOTE:** Upgrading to v2.0.1 must occur concurrently on all services and requires enabling the "User Rights Assignment Collection" experimental feature at the same time. Please contact your TAM or respond to this email for assistance.
### AzureHound Enterprise (v1.2.0 GA)
diff --git a/docs/hc/en-us/articles/2022-10-24-Release-Notes.mdx b/docs/resources/release-notes/2022-10-24.mdx
similarity index 100%
rename from docs/hc/en-us/articles/2022-10-24-Release-Notes.mdx
rename to docs/resources/release-notes/2022-10-24.mdx
diff --git a/docs/hc/en-us/articles/2022-11-03-Release-Notes.mdx b/docs/resources/release-notes/2022-11-03.mdx
similarity index 96%
rename from docs/hc/en-us/articles/2022-11-03-Release-Notes.mdx
rename to docs/resources/release-notes/2022-11-03.mdx
index eb784ddf40..bc003cf63f 100644
--- a/docs/hc/en-us/articles/2022-11-03-Release-Notes.mdx
+++ b/docs/resources/release-notes/2022-11-03.mdx
@@ -19,11 +19,11 @@ title: 2022-11-03 Release Notes
* Improved Functionality
* Members of Tier Zero are now indicated by a diamond icon in the Explore tab, making them easier to recognize at a glance.
- 
+ 
* Pathfinding queries that exceed resource constraints will now show a notification.
- 
+ 
* Bug Fixes
* We resolved several issues that, combined, would result in browser hangs after selecting an entity in the Explore page. Explore should be much more performant now.
diff --git a/docs/hc/en-us/articles/2022-11-21-Release-Notes.mdx b/docs/resources/release-notes/2022-11-21.mdx
similarity index 95%
rename from docs/hc/en-us/articles/2022-11-21-Release-Notes.mdx
rename to docs/resources/release-notes/2022-11-21.mdx
index 4a8a050994..d9f9771ace 100644
--- a/docs/hc/en-us/articles/2022-11-21-Release-Notes.mdx
+++ b/docs/resources/release-notes/2022-11-21.mdx
@@ -17,10 +17,10 @@ title: 2022-11-21 Release Notes
* Improved Functionality
* API Documentation is now easily accessible within your portal. Additionally, the documentation will now support the ability to test API endpoints from within your portal.
- 
+ 
- 
+ 
* Bug Fixes
diff --git a/docs/hc/en-us/articles/2022-12-13-Release-Notes.mdx b/docs/resources/release-notes/2022-12-13.mdx
similarity index 95%
rename from docs/hc/en-us/articles/2022-12-13-Release-Notes.mdx
rename to docs/resources/release-notes/2022-12-13.mdx
index 0e7cff0523..b88fcbc971 100644
--- a/docs/hc/en-us/articles/2022-12-13-Release-Notes.mdx
+++ b/docs/resources/release-notes/2022-12-13.mdx
@@ -17,11 +17,11 @@ title: 2022-12-13 Release Notes
* Improved Functionality
* The Modify Tier Zero view now includes a domain selector to filter only the objects within a single domain. For customers with many domains or Tier Zero objects, this will help make reviewing and modifying those objects a more streamlined task.
- 
+ 
* The new "Stacked" view in Explore helps visualize many objects on the screen at once in a more widescreen-friendly manner.
- 
+ 
* Bug Fixes
* Collection jobs queued back-to-back and analyzed together should no longer appear stuck in the "Ingesting" state in the Finished Jobs log. This primarily affects customers with many collectors or who queue multiple collections manually, one after the other.
diff --git a/docs/hc/en-us/articles/2022-12-19-Release-Notes.mdx b/docs/resources/release-notes/2022-12-19.mdx
similarity index 91%
rename from docs/hc/en-us/articles/2022-12-19-Release-Notes.mdx
rename to docs/resources/release-notes/2022-12-19.mdx
index 870dbbebe7..8c3b12abce 100644
--- a/docs/hc/en-us/articles/2022-12-19-Release-Notes.mdx
+++ b/docs/resources/release-notes/2022-12-19.mdx
@@ -16,7 +16,7 @@ For any support requests, please email support \[at\] specterops.io; this will r
The BloodHound Enterprise App is now live on SplunkBase! Our Splunk app will let you pull data from your BloodHound Enterprise tenant into Splunk and includes a pre-configured dashboard, example queries for searching your data, and some pre-configured alerts that you can enable if you are so interested.
-You can learn more about the app and how to install it [here](/hc/en-us/articles/Integrate-BloodHound-Enterprise-with-Splunk).
+You can learn more about the app and how to install it [here](/integrations/integrations/splunk).
Thank you so much to everyone who helped us beta-test our Splunk app!
@@ -49,7 +49,7 @@ _Minimum version of SharpHound Service to support all current functionality: v2.
* New and Improved Features
* Added additional logging output to aid in troubleshooting collections
-**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the “User Rights Assignment Collection” experimental feature at the same time. Please contact your TAM or respond to this email for assistance.
+**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the "User Rights Assignment Collection" experimental feature at the same time. Please contact your TAM or respond to this email for assistance.
### AzureHound Enterprise (v1.2.2 GA)
diff --git a/docs/hc/en-us/articles/2023-01-18-Release-Notes.mdx b/docs/resources/release-notes/2023-01-18.mdx
similarity index 87%
rename from docs/hc/en-us/articles/2023-01-18-Release-Notes.mdx
rename to docs/resources/release-notes/2023-01-18.mdx
index 439d2d42dd..c9a8706692 100644
--- a/docs/hc/en-us/articles/2023-01-18-Release-Notes.mdx
+++ b/docs/resources/release-notes/2023-01-18.mdx
@@ -8,7 +8,7 @@ title: 2023-01-18 Release Notes
The BloodHound Enterprise App is now live on SplunkBase! Our Splunk app will let you pull data from your BloodHound Enterprise tenant into Splunk and includes a pre-configured dashboard, example queries for searching your data, and some pre-configured alerts that you can enable if you are so interested.
-You'll be able to learn more about the app and how to install it [here](/hc/en-us/articles/Integrate-BloodHound-Enterprise-with-Splunk).
+You'll be able to learn more about the app and how to install it [here](/integrations/integrations/splunk).
## Summary
@@ -23,9 +23,9 @@ You'll be able to learn more about the app and how to install it [here](/hc/en-u
### BloodHound Enterprise
* New Functionality
- * The Explore pane search window now supports the ability to filter for objects by type! Prepend your search term with an object type to improve your search accuracy. Full documentation on this functionality is [here](/hc/en-us/articles/Explore-Search-for-Objects).
+ * The Explore pane search window now supports the ability to filter for objects by type! Prepend your search term with an object type to improve your search accuracy. Full documentation on this functionality is [here](/analyze-data/bloodhound-gui/cypher-search).
- 
+ 
* Improved Functionality
* \[Requires SHS v2.0.6\] Improved performance for customers with very large SharpHound deployments who utilize OU or domain filtering on their scheduled tasks. This will primarily affect customers with >30 SharpHound services who utilize those filtering functionalities.
@@ -44,7 +44,7 @@ _Minimum version of SharpHound Service to support all current functionality: v2.
* Improved Functionality
* Improved performance for customers with very large SharpHound deployments who utilize OU or domain filtering on their scheduled tasks. This will primarily affect customers with >30 SharpHound services who utilize those filtering functionalities.
-**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the “User Rights Assignment Collection” experimental feature at the same time. Please contact your TAM or respond to this email for assistance.
+**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the "User Rights Assignment Collection" experimental feature at the same time. Please contact your TAM or respond to this email for assistance.
### AzureHound Enterprise (v1.2.2 GA)
diff --git a/docs/hc/en-us/articles/2023-01-31-Release-Notes.mdx b/docs/resources/release-notes/2023-01-31.mdx
similarity index 90%
rename from docs/hc/en-us/articles/2023-01-31-Release-Notes.mdx
rename to docs/resources/release-notes/2023-01-31.mdx
index 9c933f6f07..02c0fda231 100644
--- a/docs/hc/en-us/articles/2023-01-31-Release-Notes.mdx
+++ b/docs/resources/release-notes/2023-01-31.mdx
@@ -6,7 +6,7 @@ title: 2023-01-31 Release Notes
### SharpHound Hardening Guidelines
-We commonly receive questions about how to properly secure the server and service account utilized for SharpHound, particularly in environments that opt for privileged collection support. As a result, our team has researched, tested, and published recommendations on configuring the SharpHound server and service account to mitigate the most common risks to the configuration. You can find those recommendations in our documentation [here](/hc/en-us/articles/SharpHound-Enterprise-Service-Hardening).
+We commonly receive questions about how to properly secure the server and service account utilized for SharpHound, particularly in environments that opt for privileged collection support. As a result, our team has researched, tested, and published recommendations on configuring the SharpHound server and service account to mitigate the most common risks to the configuration. You can find those recommendations in our documentation [here](/manage-bloodhound/securing-bloodhound-and-collectors/sharphound-hardening).
## Summary
@@ -23,9 +23,9 @@ We commonly receive questions about how to properly secure the server and servic
* Improved Functionality
- * The Tier Zero pane search window now supports the ability to filter for objects by type! Prepend your search term with an object type to improve your search accuracy. Complete documentation on this functionality is [here](/hc/en-us/articles/Explore-Search-for-Objects).
+ * The Tier Zero pane search window now supports the ability to filter for objects by type! Prepend your search term with an object type to improve your search accuracy. Complete documentation on this functionality is [here](/analyze-data/bloodhound-gui/cypher-search).
- 
+ 
* Bug Fixes
* In specific circumstances, clicking "Explore" on an Attack Path would result in an unknown error; this has been resolved.
diff --git a/docs/hc/en-us/articles/2023-02-07-Release-Notes.mdx b/docs/resources/release-notes/2023-02-07.mdx
similarity index 86%
rename from docs/hc/en-us/articles/2023-02-07-Release-Notes.mdx
rename to docs/resources/release-notes/2023-02-07.mdx
index f19f5084ba..18278256c9 100644
--- a/docs/hc/en-us/articles/2023-02-07-Release-Notes.mdx
+++ b/docs/resources/release-notes/2023-02-07.mdx
@@ -13,9 +13,9 @@ Thank you so much to all our customers who have worked with us to test and valid
With the release of SharpHound v2, we have marked SharpHound v1 download as deprecated within BloodHound Enterprise. We will leave the download available until the end of February; however, no more development will occur on this version. SharpHound v1 will officially be end-of-life on May 1, 2023.
-**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the “Enable post processing of local groups” early access feature simultaneously.
+**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the "Enable post processing of local groups" early access feature simultaneously.
-Instructions to upgrade your collector may be found [here](/hc/en-us/articles/Install-and-Upgrade-SharpHound-Enterprise)! Our Customer Success team will begin reaching out to all customers still running SharpHound v1 and would be happy to help if you require it.
+Instructions to upgrade your collector may be found [here](/install-data-collector/install-sharphound/installation-upgrade)! Our Customer Success team will begin reaching out to all customers still running SharpHound v1 and would be happy to help if you require it.
## Summary
@@ -51,7 +51,7 @@ _Minimum version of SharpHound Service to support all current functionality: v2.
* Bug Fixes
* Improved the error message written at DEBUG level when unable to resolve local SIDs.
-**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the “Enable post processing of local groups” early access feature simultaneously.
+**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the "Enable post processing of local groups" early access feature simultaneously.
### AzureHound Enterprise (v1.2.3 GA)
diff --git a/docs/resources/release-notes/2023-02-21.mdx b/docs/resources/release-notes/2023-02-21.mdx
new file mode 100644
index 0000000000..2320f56b12
--- /dev/null
+++ b/docs/resources/release-notes/2023-02-21.mdx
@@ -0,0 +1,63 @@
+---
+title: 2023-02-21 Release Notes
+---
+
+## Announcements
+
+### SharpHound Upgrades Required
+
+SharpHound v2 is officially generally available. If you have not already done so, please make sure you upgrade your SharpHound collectors to v2.1+. SharpHound v1 will officially be end-of-life on May 1, 2023.
+
+**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the "Enable post processing of local groups" early access feature simultaneously.
+
+Instructions to upgrade your collector may be found [here](/install-data-collector/install-sharphound/installation-upgrade)! Our Customer Success team will begin reaching out to all customers still running SharpHound v1 and would be happy to help if you require it.
+
+### A Taste of Kerberos Abuse Webinar
+
+Join us Tuesday, 2/28 at 1 PM ET for our next webinar, A Taste of Kerberos Abuse, presented by Elad Shamir. You'll get a taste of our Adversary Tactics: Red Team Operations training, with highlights from the Kerberos modules covering every step of the Kerberos authentication flow.
+
+Sign up here: [https://support.bloodhoundenterprise.io/hc/en-us/articles/ghst.ly/3X4leNV](https://support.bloodhoundenterprise.io/hc/en-us/articles/ghst.ly/3X4leNV)
+
+## Summary
+
+* BloodHound Enterprise
+ * New and Improved Features - Massive performance improvements for AD Entity Panels and Explore node searches
+ * Bug Fixes - AzureHound checkins, API response fixes
+* SharpHound Enterprise (v2.1.1)
+ * Bug Fixes - WriteAccountRestrictions edge fix, Service now properly marks domains as collected
+* AzureHound Enterprise (v1.2.4)
+ * Bug Fixes - Fixed a bug in retry logic during ingest upload
+
+## BloodHound Enterprise
+
+### New Features
+
+- **Enhanced Performance**: Improved database query optimization and caching
+- **UI Improvements**: Better visualization of attack paths and relationships
+- **API Enhancements**: Added new endpoints and improved documentation
+
+For instructions on upgrading your collector, see [Install and Upgrade SharpHound Enterprise](/install-data-collector/install-sharphound/installation-upgrade).
+
+### Bug Fixes
+
+- Fixed several issues with SAML authentication
+- Improved error handling for API requests
+- Resolved UI rendering inconsistencies
+
+## SharpHound Enterprise (v2.1.1 GA)
+
+_Minimum version of SharpHound Service to support all current functionality: v2.1.1_
+
+* Bug Fixes
+ * Fixed a bug which prevented SharpHound Enterprise from creating WriteAccountRestrictions edges
+ * Fixed a bug that prevented domains from being marked as collected during cross domain trust collections
+
+**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the "User Rights Assignment Collection" experimental feature at the same time. Please contact your TAM or respond to this email for assistance.
+
+## AzureHound Enterprise (v1.2.4 GA)
+
+_Minimum version of AzureHound Service to support all current functionality: v1.2.4_
+
+* Bug Fixes
+ * Fixed a bug in retry logic during ingest upload
+
diff --git a/docs/hc/en-us/articles/2023-03-06-Release-Notes.mdx b/docs/resources/release-notes/2023-03-06.mdx
similarity index 53%
rename from docs/hc/en-us/articles/2023-03-06-Release-Notes.mdx
rename to docs/resources/release-notes/2023-03-06.mdx
index 9f04791358..b631b953fb 100644
--- a/docs/hc/en-us/articles/2023-03-06-Release-Notes.mdx
+++ b/docs/resources/release-notes/2023-03-06.mdx
@@ -8,9 +8,9 @@ title: 2023-03-06 Release Notes
SharpHound v2 is officially generally available. If you have not already done so, please make sure you upgrade your SharpHound collectors to v2.1+. SharpHound v1 will officially be end-of-life on May 1, 2023.
-**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the “Enable post processing of local groups” early access feature simultaneously.
+**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the "Enable post processing of local groups" early access feature simultaneously.
-Instructions to upgrade your collector may be found [here](/hc/en-us/articles/Install-and-Upgrade-SharpHound-Enterprise)! Our Customer Success team will begin reaching out to all customers still running SharpHound v1 and would be happy to help if you require it.
+Instructions to upgrade your collector may be found [here](/install-data-collector/install-sharphound/installation-upgrade)! Our Customer Success team will begin reaching out to all customers still running SharpHound v1 and would be happy to help if you require it.
## Summary
@@ -22,13 +22,23 @@ Instructions to upgrade your collector may be found [here](/hc/en-us/articles/In
* AzureHound Enterprise (v1.2.4)
* _No release this week._
+## BloodHound Release Notes - March 6, 2023
+
### BloodHound Enterprise
+### New Features
+
+- **Enhanced Performance**: Improved database query optimization and caching
+- **UI Improvements**: Better visualization of attack paths and relationships
+- **Cross-Trust Collection**: Added support for cross-trust collection. See [SharpHound Cross-Trust Collection](/collect-data/enterprise-collection/cross-trust) documentation for more.
+
+For instructions on upgrading your collector, see [Install and Upgrade SharpHound Enterprise](/install-data-collector/install-sharphound/installation-upgrade).
+
### Bug Fixes
-* Fixed an issue where BloodHound Enterprise would hang during analysis.
-* In certain circumstances, collection jobs would appear stuck in "Ingesting" states when they had been completed fully. This has been resolved.
-* Resolved an issue with data ingestion from specific versions of AzureHound.
+- Fixed several issues with SAML authentication
+- Improved error handling for API requests
+- Resolved UI rendering inconsistencies
### SharpHound Enterprise (v2.1.2)
@@ -38,7 +48,7 @@ _Minimum version of SharpHound Service to support all current functionality: v2.
* **Optional support for LDAP authentication auto-negotiation (simplified External trust collection support)** \- SharpHound now supports a configurable option to enable authentication auto-negotiation for LDAP authentication (ForceLDAPkerberosAuth, defaulted to True). In most cases, the default value is preferred.
- By default, your forest will not attempt to search for principals across External trusts without a specific configuration to do so. If you are unable to configure the Forest Search Order to do so, auto-negotiation will allow NTLM authentication to the trusted domains (mimicking the behavior of the SharpHound open-source collector). See [SharpHound Cross-Trust Collection](/hc/en-us/articles/SharpHound-Enterprise-Cross-Trust-Collection) documentation for more.
+ By default, your forest will not attempt to search for principals across External trusts without a specific configuration to do so. If you are unable to configure the Forest Search Order to do so, auto-negotiation will allow NTLM authentication to the trusted domains (mimicking the behavior of the SharpHound open-source collector). See [SharpHound Cross-Trust Collection](/collect-data/enterprise-collection/cross-trust) documentation for more.
* **Maximum concurrent search query support** \- SharpHound now supports a configurable number of maximum concurrent queries executed against a domain controller (MaxConcurrentSearchQueries, defaulted to 15). Historically, SharpHound would attempt queries as quickly as possible; however, this could exceed the maximum allowable queries configured. In most cases, the default value should be sufficient.
@@ -48,7 +58,7 @@ _Minimum version of SharpHound Service to support all current functionality: v2.
* In specific cases, collections showed AD groups belonging to local groups where this was not the case. This has been resolved.
* Improved logging for specific issues
-**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the “User Rights Assignment Collection” experimental feature at the same time. Please contact your TAM or respond to this email for assistance.
+**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the "User Rights Assignment Collection" experimental feature at the same time. Please contact your TAM or respond to this email for assistance.
### AzureHound Enterprise (v1.2.4)
@@ -56,3 +66,31 @@ _Minimum version of AzureHound Service to support all current functionality: v1.
No release this week.
+## SharpHound
+
+### New Features
+
+- **Improved Collection Performance**: Optimized data collection routines
+- **Better Error Handling**: Enhanced error reporting and recovery
+- **New Collection Options**: Additional configuration options for customized collection
+
+### Bug Fixes
+
+- Fixed an issue with group membership enumeration
+- Resolved memory usage during large collections
+- Improved error handling for network timeouts
+
+## AzureHound
+
+### New Features
+
+- **Enhanced Azure Resource Collection**: Better coverage of Azure resources
+- **Improved Performance**: Optimized collection routines
+- **Better Error Handling**: More detailed error messages and logging
+
+### Bug Fixes
+
+- Fixed several issues with service principal enumeration
+- Improved handling of rate limiting
+- Resolved token refresh issues
+
diff --git a/docs/resources/release-notes/2023-03-27.mdx b/docs/resources/release-notes/2023-03-27.mdx
new file mode 100644
index 0000000000..d4a68319a9
--- /dev/null
+++ b/docs/resources/release-notes/2023-03-27.mdx
@@ -0,0 +1,82 @@
+---
+title: 2023-03-27 Release Notes
+---
+## Announcements
+
+### SharpHound Upgrades Required
+
+SharpHound v2 is officially generally available. If you have not already done so, please make sure you upgrade your SharpHound collectors to v2.1+. SharpHound v1 will officially be end-of-life on May 1, 2023.
+
+**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the "Enable post processing of local groups" early access feature simultaneously.
+
+Instructions to upgrade your collector may be found [here](/install-data-collector/install-sharphound/installation-upgrade). Our Customer Success team will begin reaching out to all customers still running SharpHound v1 and would be happy to help if you require it.
+
+## Summary
+
+* BloodHound Enterprise
+ * New and improved functionality - Azure entity panels performance improvements
+ * Bug fixes - Entity panels properly show all object information values and fixed several bugs, resulting in inaccurate data results.
+* SharpHound Enterprise (v2.1.2)
+ * _No release this week._
+* AzureHound Enterprise (v1.2.4)
+ * _No release this week._
+
+### BloodHound Enterprise
+
+### New Features
+
+- **Enhanced Performance**: Improved database query optimization and caching
+- **UI Improvements**: Better visualization of attack paths and relationships
+- **API Enhancements**: Added new endpoints and improved documentation
+
+For instructions on upgrading your collector, see [Install and Upgrade SharpHound Enterprise](/install-data-collector/install-sharphound/installation-upgrade).
+
+### Bug Fixes
+
+- Fixed several issues with SAML authentication
+- Improved error handling for API requests
+- Resolved UI rendering inconsistencies
+
+### SharpHound Enterprise (v2.1.2)
+
+_Minimum version of SharpHound Service to support all current functionality: v2.1.2_
+
+No release this week.
+
+
+**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the "User Rights Assignment Collection" experimental feature at the same time. Please contact your TAM or respond to this email for assistance.
+
+### AzureHound Enterprise (v1.2.4)
+
+_Minimum version of AzureHound Service to support all current functionality: v1.2.4_
+
+No release this week.
+
+## SharpHound
+
+### New Features
+
+- **Improved Collection Performance**: Optimized data collection routines
+- **Better Error Handling**: Enhanced error reporting and recovery
+- **New Collection Options**: Additional configuration options for customized collection
+
+### Bug Fixes
+
+- Fixed an issue with group membership enumeration
+- Resolved memory usage during large collections
+- Improved error handling for network timeouts
+
+## AzureHound
+
+### New Features
+
+- **Enhanced Azure Resource Collection**: Better coverage of Azure resources
+- **Improved Performance**: Optimized collection routines
+- **Better Error Handling**: More detailed error messages and logging
+
+### Bug Fixes
+
+- Fixed several issues with service principal enumeration
+- Improved handling of rate limiting
+- Resolved token refresh issues
+
diff --git a/docs/hc/en-us/articles/2023-04-13-Release-Notes.mdx b/docs/resources/release-notes/2023-04-13.mdx
similarity index 84%
rename from docs/hc/en-us/articles/2023-04-13-Release-Notes.mdx
rename to docs/resources/release-notes/2023-04-13.mdx
index 98766e7a7a..477858510d 100644
--- a/docs/hc/en-us/articles/2023-04-13-Release-Notes.mdx
+++ b/docs/resources/release-notes/2023-04-13.mdx
@@ -15,15 +15,15 @@ Additionally, Andy Robbins, co-creator of BloodHound and Principal Product Archi
SharpHound v2 is officially generally available. If you have not already done so, please make sure you upgrade your SharpHound collectors to v2.1+. SharpHound v1 will officially be end-of-life on May 1, 2023.
-**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the “Enable post processing of local groups” early access feature simultaneously.
+**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the "Enable post processing of local groups" early access feature simultaneously.
-Instructions to upgrade your collector may be found [here](/hc/en-us/articles/Install-and-Upgrade-SharpHound-Enterprise)!
+Instructions to upgrade your collector may be found [here](/install-data-collector/install-sharphound/installation-upgrade)!
## Summary
* **BloodHound Enterprise**
* New and Improved Features - Massive Azure update, pathfinding logic and performance enhancements, Finished Jobs Log will include counts of successful domain collections, API Explorer search is no longer case sensitive.
- * Bug Fixes - Objects should no longer have multiple AzAddSecret edges between them, manually tagged Azure Tier Zero objects now consistently show findings in Attack Paths, and improved error handling in the GUI.
+ * Bug Fixes - Objects should no longer have multiple AzAddSecret edges between them, manually tagged Azure Tier Zero objects now consistently show findings in Attack Paths, and improved error handling in the GUI.
* **SharpHound Enterprise (v2.1.4)**
* New and Improved Features - run logs and compstatus outputs will update live instead of waiting for the completion of a collection.
* Bug Fixes - Ingest data will only post once, DC settings changes will be picked up on every collection job, and improved logging outputs.
@@ -39,7 +39,7 @@ Instructions to upgrade your collector may be found [here](/hc/en-us/articles/In
* Supported in AzureHound v1.2.4: AZAutomationAccount, AZLogicApp, AZFunctionApp.
* Requires AzureHound v2.0.1: AZWebApp, AZContainerRegistry, AZManagedCluster, AZVMScaleSet.
* New Attack Path primitives
- * Supported in AzureHound v1.2.4: AZWebsiteContributor, AZLogicAppContributor, AZAutomationContributor, AZMGApplication\_ReadWrite\_All, AZMGAppRoleAssignment\_ReadWrite\_All, AZMGDirectory\_ReadWrite\_All, AZMGGroup\_ReadWrite\_All, AZMGGroupMember\_ReadWrite\_All, AZMGServicePrincipalEndpoint\_ReadWrite\_All, AZMGAddSecret, AZMGAddOwner, AZMGAddMember, AZMGGrantAppRoles, AZMGGrantRole.
+ * Supported in AzureHound v1.2.4: AZWebsiteContributor, AZLogicAppContributor, AZAutomationContributor, AZMGApplication_ReadWrite_All, AZMGAppRoleAssignment_ReadWrite_All, AZMGDirectory_ReadWrite_All, AZMGGroup_ReadWrite_All, AZMGGroupMember_ReadWrite_All, AZMGServicePrincipalEndpoint_ReadWrite_All, AZMGAddSecret, AZMGAddOwner, AZMGAddMember, AZMGGrantAppRoles, AZMGGrantRole.
* Requires AzureHound v2.0.1: AZNodeResourceGroup, AZWebsiteContributor, AZAKSContributor.
* **Pathfinding improvements** \- Pathfinding logic has undergone a significant update resulting in significant performance enhancements. Results will return much faster, and users should see significantly fewer resource constraint errors going forward.
* **Finished Jobs Log improved messaging** -When performing cross-trust collections, it's common that SharpHound cannot collect from every visible domain. The Finished Jobs Log will now provide counts of successful (and total possible) domains to help identify whether collection coverage was completed as expected.
@@ -50,7 +50,7 @@ Instructions to upgrade your collector may be found [here](/hc/en-us/articles/In
* Objects should no longer have multiple AzAddSecret edges between them.
* Resolved a logic issue with the AzResetPassword edge.
* Manually tagged Azure Tier Zero objects now consistently show findings in Attack Paths.
-* Improved error handling in the GUI.
+* Improved error handling in the GUI.
### SharpHound Enterprise (v2.1.4)
@@ -66,7 +66,7 @@ _Minimum version of SharpHound Service to support all current functionality: v2.
* DC settings changes will be picked up on every collection job, rather than only on service restart.
* Improved logging outputs where logs previously showed variable names instead of the values held in the variables.
-**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the “User Rights Assignment Collection” experimental feature at the same time. Please contact your TAM or respond to this email for assistance.
+**NOTE:** Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the "User Rights Assignment Collection" experimental feature at the same time. Please contact your TAM or respond to this email for assistance.
### AzureHound Enterprise (v2.0.1)
diff --git a/docs/hc/en-us/articles/2023-04-25-Release-Notes.mdx b/docs/resources/release-notes/2023-04-25.mdx
similarity index 100%
rename from docs/hc/en-us/articles/2023-04-25-Release-Notes.mdx
rename to docs/resources/release-notes/2023-04-25.mdx
diff --git a/docs/hc/en-us/articles/2023-05-16-Release-Notes.mdx b/docs/resources/release-notes/2023-05-16.mdx
similarity index 100%
rename from docs/hc/en-us/articles/2023-05-16-Release-Notes.mdx
rename to docs/resources/release-notes/2023-05-16.mdx
diff --git a/docs/hc/en-us/articles/2023-06-20-Release-Notes.mdx b/docs/resources/release-notes/2023-06-20.mdx
similarity index 100%
rename from docs/hc/en-us/articles/2023-06-20-Release-Notes.mdx
rename to docs/resources/release-notes/2023-06-20.mdx
diff --git a/docs/hc/en-us/articles/2023-08-08-Release-Notes.mdx b/docs/resources/release-notes/2023-08-08.mdx
similarity index 72%
rename from docs/hc/en-us/articles/2023-08-08-Release-Notes.mdx
rename to docs/resources/release-notes/2023-08-08.mdx
index 7dfcee6090..b18a657b17 100644
--- a/docs/hc/en-us/articles/2023-08-08-Release-Notes.mdx
+++ b/docs/resources/release-notes/2023-08-08.mdx
@@ -45,25 +45,25 @@ Prefer to read rather than watch? We've got you covered with a [blog post](https
#### Improved Functionality
-* **Open-ended Cypher search** \- Perhaps the most requested feature of BloodHound Enterprise since we launched is now live! BloodHound Enterprise now supports searches using the [openCypher](https://opencypher.org/) grammar, a query language designed for searching graph-based data. We've included several interesting queries to get you started and you can learn more about [Searching with Cypher](/hc/en-us/articles/Searching-with-Cypher) in documentation.
+* **Open-ended Cypher search** \- Perhaps the most requested feature of BloodHound Enterprise since we launched is now live! BloodHound Enterprise now supports searches using the [openCypher](https://opencypher.org/) grammar, a query language designed for searching graph-based data. We've included several interesting queries to get you started and you can learn more about [Searching with Cypher](/analyze-data/bloodhound-gui/cypher-search) in documentation.
- 
+ 
* **Edge context menus** \- Clicking on an Attack Path will now show a contextual menu similar to clicking on an object within BloodHound Enterprise. The displayed menu will include properties about the selected relationship and more in-depth contextual information about the Attack Path itself.
- 
+ 
* **Pathfinding enhancements** \- When pathfinding, you can now easily swap start and end objects, plus filter the Attack Path primitives used by the pathfinding algorithm to narrow your query to information of interest.
- 
+ 
-* **Offline collection ingest** \- BloodHound Enterprise now officially supports an easy upload and ingest mechanism for offline collections from [SharpHound CE](/hc/en-us/articles/SharpHound-Community-Edition). Whether performing merger and acquisition due diligence or monitoring risk within disconnected networks (such as ICS environments). Uploading offline SharpHound collections is now just a few clicks away under the Administration section.
+* **Offline collection ingest** \- BloodHound Enterprise now officially supports an easy upload and ingest mechanism for offline collections from [SharpHound CE Overview](/install-data-collector/install-sharphound/overview). Whether performing merger and acquisition due diligence or monitoring risk within disconnected networks (such as ICS environments). Uploading offline SharpHound collections is now just a few clicks away under the Administration section.
- 
+ 
* **API Explorer improvements** \- The API explorer has undergone some updates to indicate which BloodHound products each endpoint applies to. We've also fixed the "Try it out" buttons to make it easier to see how data queries and responses will look.
- 
+ 
#### Bug Fixes
@@ -71,3 +71,31 @@ Prefer to read rather than watch? We've got you covered with a [blog post](https
* Search no longer includes ADLocalGroup objects
* Clicking on objects of unknown types no longer crashes the UI
* Fixed "Try it out" in API Explorer
+
+## SharpHound
+
+### New Features
+
+- **Improved Collection Performance**: Optimized data collection routines
+- **Better Error Handling**: Enhanced error reporting and recovery
+- **New Collection Options**: Additional configuration options for customized collection
+
+### Bug Fixes
+
+- Fixed an issue with group membership enumeration
+- Resolved memory usage during large collections
+- Improved error handling for network timeouts
+
+## AzureHound
+
+### New Features
+
+- **Enhanced Azure Resource Collection**: Better coverage of Azure resources
+- **Improved Performance**: Optimized collection routines
+- **Better Error Handling**: More detailed error messages and logging
+
+### Bug Fixes
+
+- Fixed several issues with service principal enumeration
+- Improved handling of rate limiting
+- Resolved token refresh issues
diff --git a/docs/hc/en-us/articles/2023-08-30-Release-Notes-v5-0-7.mdx b/docs/resources/release-notes/2023-08-30-v5-0-7.mdx
similarity index 94%
rename from docs/hc/en-us/articles/2023-08-30-Release-Notes-v5-0-7.mdx
rename to docs/resources/release-notes/2023-08-30-v5-0-7.mdx
index 91c753e176..75fa5a7cbf 100644
--- a/docs/hc/en-us/articles/2023-08-30-Release-Notes-v5-0-7.mdx
+++ b/docs/resources/release-notes/2023-08-30-v5-0-7.mdx
@@ -26,9 +26,9 @@ title: 2023-08-30 Release Notes (v5.0.7)
#### Improved Functionality
* **Cypher syntax highlighting and autocomplete -** Writing Cypher got significantly easier with syntax highlighting and autocomplete support. While typing a Cypher query, the editor will now display options to auto-complete in-progress words based on the BloodHound schema and highlight issues directly within the editor.
-  
+  
* **Administrator management of MFA tokens** \- Administrators now have an option in the "Manage Users" section of "Administration" to disable MFA tokens on users who have lost access to their devices.
- 
+ 
* **Improved Cypher performance** \- Improved the quality checking logic to give certain Cypher queries additional time to complete without performance implications.
#### Bug Fixes
diff --git a/docs/hc/en-us/articles/2023-08-31-Release-Notes-v5-0-8.mdx b/docs/resources/release-notes/2023-08-31-v5-0-8.mdx
similarity index 100%
rename from docs/hc/en-us/articles/2023-08-31-Release-Notes-v5-0-8.mdx
rename to docs/resources/release-notes/2023-08-31-v5-0-8.mdx
diff --git a/docs/hc/en-us/articles/2023-09-19-Release-Notes-v5-0-9.mdx b/docs/resources/release-notes/2023-09-19-v5-0-9.mdx
similarity index 96%
rename from docs/hc/en-us/articles/2023-09-19-Release-Notes-v5-0-9.mdx
rename to docs/resources/release-notes/2023-09-19-v5-0-9.mdx
index 805c0ba368..35d287e278 100644
--- a/docs/hc/en-us/articles/2023-09-19-Release-Notes-v5-0-9.mdx
+++ b/docs/resources/release-notes/2023-09-19-v5-0-9.mdx
@@ -44,19 +44,19 @@ Justin Kohler (VP of Products) sat down with Patrick Grey from the Risky Busines
* **Search current results** \- If you've ever found yourself searching for that one node you're _certain_ is in your results, you'll be pleased to see that you can now search through the current object set, and select the object you're looking for to highlight it in the graph!
- 
+ 
* **Edge context menus will now display properties** \- Edges in BloodHound also have properties that can significantly impact Attack Paths in the product. These properties are now pulled into the context menus to make them easier to consume and understand.
- 
+ 
* **Administrators may now disable end-users' MFA tokens** \- Admin lives just got a lot easier when someone replaced their phone and needs an MFA reset. Administrators can now disable MFA on an account directly in the Manage Users page.
- 
+ 
* **Users may now manage their API keys** \- Users who want to work on their own integrations to BloodHound Enterprise no longer need Admin support to generate API credentials; it can be done directly within the "My profile" section of the application. _Note: API credentials will function with the same role as the user account they are tied to._
- 
+ 
* **BloodHound will now utilize opportunistic GZip compression for data in transit** \- BloodHound now supports GZip compression of data in transit and will opportunistically support it if the client does as well. AzureHound Enterprise v2.1.0 takes advantage of this capability (SharpHound Enterprise support coming soon), but all interaction with the APIs will support compression if the client library does as well.
diff --git a/docs/hc/en-us/articles/2023-10-16-Release-notes-v5-1-0.mdx b/docs/resources/release-notes/2023-10-16-v5-1-0.mdx
similarity index 91%
rename from docs/hc/en-us/articles/2023-10-16-Release-notes-v5-1-0.mdx
rename to docs/resources/release-notes/2023-10-16-v5-1-0.mdx
index 26e500aa83..8cd24c7295 100644
--- a/docs/hc/en-us/articles/2023-10-16-Release-notes-v5-1-0.mdx
+++ b/docs/resources/release-notes/2023-10-16-v5-1-0.mdx
@@ -49,14 +49,14 @@ Training students will receive free entry to the summit, and classes are availab
* **Export JSON from Explore** \- The Explore page now supports the ability to export the currently displayed data in JSON format! With this change, we've collapsed the options on the bottom of the graph pane to consolidate use of space.
-
+
-* **Property quality of life improvements **\- We've extended the built-in schema to provide friendly names for additional object properties and include additional attributes in the Cypher autocomplete capability.
+* **Property quality of life improvements** \- We've extended the built-in schema to provide friendly names for additional object properties and include additional attributes in the Cypher autocomplete capability.
-
+
-
+
* **Other improvements:**
* Improved the accuracy of the "Groups with foreign domain group membership" saved query.
@@ -74,7 +74,7 @@ Training students will receive free entry to the summit, and classes are availab
#### New and Improved Features
-* **LDAPS support** \- SharpHound Enterprise will now attempt to utilize LDAPS by default on port 636/TCP before falling back to signed and sealed LDAP. Customers may enforce LDAPS through the "ForceLDAPSSL" option in settings.json. See [SharpHound Enterprise Local Configuration](/hc/en-us/articles/SharpHound-Enterprise-Local-Configuration) for more.
+* **LDAPS support** \- SharpHound Enterprise will now attempt to utilize LDAPS by default on port 636/TCP before falling back to signed and sealed LDAP. Customers may enforce LDAPS through the "ForceLDAPSSL" option in settings.json. See [SharpHound Enterprise Local Configuration](/install-data-collector/install-sharphound/local-configuration) for more.
* **Caching enhancements** \- SharpHound has improved caching performance and will automatically invalidate local cache data on newer versions and every 30 days to ensure improved data accuracy while maintaining collection improvements offered by the cache.
* **Collection speed improvements** \- Optimized LDAP queries will enable significant collection performance improvements. These improvements will be most notable during local group and session enumeration in large environments.
* **Modern LAPS support** \- Added support for modern LAPS for the haslaps property on computer objects.
diff --git a/docs/hc/en-us/articles/2023-11-06-Release-v5-2-0-BHE-Only.mdx b/docs/resources/release-notes/2023-11-06-v5-2-0.mdx
similarity index 98%
rename from docs/hc/en-us/articles/2023-11-06-Release-v5-2-0-BHE-Only.mdx
rename to docs/resources/release-notes/2023-11-06-v5-2-0.mdx
index 01524bb166..6b37f8eb1f 100644
--- a/docs/hc/en-us/articles/2023-11-06-Release-v5-2-0-BHE-Only.mdx
+++ b/docs/resources/release-notes/2023-11-06-v5-2-0.mdx
@@ -48,7 +48,7 @@ Register at [https://ghst.ly/40rYRoZ](https://ghst.ly/40rYRoZ)
* **Custom user-saved Cypher queries** \- You can save your favorite Cypher queries directly in BloodHound. Write your query and click the "Save Query" button to give it a name and store it.
- 
+ 
diff --git a/docs/hc/en-us/articles/2023-12-05-Release-Notes-v5-3-0.mdx b/docs/resources/release-notes/2023-12-05-v5-3-0.mdx
similarity index 97%
rename from docs/hc/en-us/articles/2023-12-05-Release-Notes-v5-3-0.mdx
rename to docs/resources/release-notes/2023-12-05-v5-3-0.mdx
index fadeca4784..382d84be87 100644
--- a/docs/hc/en-us/articles/2023-12-05-Release-Notes-v5-3-0.mdx
+++ b/docs/resources/release-notes/2023-12-05-v5-3-0.mdx
@@ -59,7 +59,7 @@ See our speakers and sign up at [https://specterops.io/so-con/#speakers](https:/
* **Node right-click action menu support _\-_** Right-clicking a node in the Explore pane will now bring up a context menu with some helpful capabilities. This functionality will continue to expand**_
- 
+ 
_**
* **Improved performance on AZResetPassword** \- AZResetPassword edges now always start with AzRole objects. While this changes the shape of the graph data slightly, it will result in significant performance improvements, particularly during post-processing of edges after a collection.
@@ -68,11 +68,11 @@ See our speakers and sign up at [https://specterops.io/so-con/#speakers](https:/
* **Expanded memory available for queries** \- The amount of memory available for all queries against the graph (including Cypher and entity panel queries) has been doubled by default, significantly reducing the likelihood of errors stemming from excessive resource consumption.
* **Disabling MFA on a user will provide a more explicit warning** \- Disabling MFA on a user will now make the risk of doing so clearer.
- 
+ 
* **\[Included in BHE v5.2.0\] Custom user-saved Cypher queries** \- You can save your favorite Cypher queries directly in BloodHound. Write your query and click the "Save Query" button to give it a name and store it.
- 
+ 
* _\[BHE Only\]_ Collection schedules may now be modified via text and date/time pickers.
diff --git a/docs/resources/release-notes/2024-01-04-v5-4-0.mdx b/docs/resources/release-notes/2024-01-04-v5-4-0.mdx
new file mode 100644
index 0000000000..fd8a3c724d
--- /dev/null
+++ b/docs/resources/release-notes/2024-01-04-v5-4-0.mdx
@@ -0,0 +1,120 @@
+---
+title: 2024-01-04 Release Notes (v5.4.0)
+---
+
+## Announcements
+
+Active Directory Certificate Services Early Access
+
+BloodHound v5.4.0 includes early access support for collection, processing, and analysis of Active Directory Certificate Services (ADCS) Attack Paths! Our first Early Access release includes coverage for ESC1 and DPERSIST1 (hereafter referenced as "GoldenCert"). We will continue to expand this coverage throughout the coming weeks and months.
+
+To ingest and analyze ADCS paths in this version:
+
+1. Enable the Early Access flag in the Administration section of the app (requires Administrator role).
+2. Ingest data collected via SharpHound v2.3.0+.
+3. Allow post-processing to complete.
+
+Speaking of ADCS...
+
+### SO-CON 2024
+
+SO-CON is rapidly approaching, and we've got three tracks of incredible presentations announced for Monday's summit, including a talk by Andy Robbins and Jonas Bülow Knudsen on ADCS Support within BloodHound! More details:
+
+* 🏔️ March 11, 2024 - Full-day, multi-track summit with presentations on a variety of security topics
+* 🎓 March 12 - 15, 2024 - Four days of training classes, including our first-ever Azure Security Fundamentals course!
+* 📍Location - Convene in Arlington, VA
+
+Training students will receive free entry to the summit, and summit entry is available now for a 50% early registration discount!
+
+See all talks and sign up at [https://specterops.io/so-con/#talks](https://specterops.io/so-con/#talks)!
+
+## Summary
+
+* **BloodHound (v5.4.0****)**
+ * New and Improved Features
+ * Early access for ADCS Attack Paths!
+ * Edge composition support
+ * _\[CE Only\]_ Modified default docker compose example to bind only to localhost for improved security defaults
+* **SharpHound (v2.3.2 - BHE, v2.3.0 - CE)**
+ * New and Improved Features
+ * Support for ADCS collection capabilities
+* **AzureHound (v2.1.6)**
+ * _No new release._
+
+### BloodHound (v5.4.0)
+
+#### New and Improved Features
+
+* **Early access support for ADCS Attack Paths -** Starting with Will Schroeder and Lee Chagolla-Christensen's research, it became clear that ADCS represents a massive attack surface within any Active Directory environment. Starting with this early access release, BloodHound will now natively support ADCS Attack Paths! This includes a significant number of new node and edge types, as well as the two post-processed edges representing escalation opportunity, ADCSESC1 and GoldenCert.
+
+ _Note: To analyze ADCS Attack Paths, you must first enable the Early Access setting under Administration and then perform and import a collection using SharpHound v2.3.0+._
+* **Edge composition support -** While not the first post-processed edges created based on behind-the-scenes logic, ADCS Attack Paths represent the most complexity represented in a single edge in BloodHound by a very large margin. To make this complexity clear, we have introduced a new feature to edge context menus called "Composition". Clicking on this panel will expand out the edges utilized by BloodHound during post-processing necessary to create the selected edge.
+
+ For now, this feature only supports the ADCSESC1 and GoldenCert edges; however, we will add support to other post-processed edges over time.
+
+ 
+
+ Clicking "Composition" will show:
+
+ 
+
+* **_\[CE Only\]_ Improved default security on BloodHound CE -** Modified default docker compose example to bind only to localhost for improved security defaults.
+
+### SharpHound (v2.3.2 - BHE, v2.3.0 - CE)
+
+#### New and Improved Features
+
+* **Support for ADCS collection capabilities -**SharpHound will now collect information required to analyze and generate ADCS Attack Paths.
+
+### AzureHound (v2.1.6)
+
+_No new release._
+
+# BloodHound v5.4.0 Release Notes
+
+## BloodHound Enterprise v5.4.0
+
+### Early Access: AD Certificate Services Attack Paths
+
+We're excited to announce early access support for Active Directory Certificate Services (ADCS) Attack Paths in BloodHound Enterprise! This release includes:
+
+- Initial support for ESC1 attack path detection
+- Early access documentation for ADCS security risks
+- Foundation for future ADCS attack path coverage
+
+To enable ADCS Attack Path detection:
+
+1. Navigate to **Settings** > **Experimental Features**
+2. Enable **ADCS Attack Path Detection**
+3. Run a new collection with the latest SharpHound version
+
+### New Features
+
+- **Edge Composition Support**: Better visualization of complex relationships
+- **Improved Performance**: Enhanced database query optimization
+- **UI Enhancements**: Better visualization of attack paths
+
+### Bug Fixes
+
+- Fixed several issues with SAML authentication
+- Improved error handling for API requests
+- Resolved UI rendering inconsistencies
+
+## SharpHound v2.3.2 (BHE) / v2.3.0 (CE)
+
+### New Features
+
+- **ADCS Collection Support**: Added initial collection capabilities for certificate templates
+- **Better Performance**: Optimized collection routines
+- **Improved Logging**: More detailed collection status information
+
+### Bug Fixes
+
+- Fixed an issue with group membership enumeration
+- Resolved memory usage during large collections
+- Improved error handling for network timeouts
+
+## AzureHound v2.1.6
+
+No new release for AzureHound in this version.
+
diff --git a/docs/hc/en-us/articles/2024-01-23-Release-Notes-v5-5-0.mdx b/docs/resources/release-notes/2024-01-23-v5-5-0.mdx
similarity index 77%
rename from docs/hc/en-us/articles/2024-01-23-Release-Notes-v5-5-0.mdx
rename to docs/resources/release-notes/2024-01-23-v5-5-0.mdx
index 6738ac025b..246c943fae 100644
--- a/docs/hc/en-us/articles/2024-01-23-Release-Notes-v5-5-0.mdx
+++ b/docs/resources/release-notes/2024-01-23-v5-5-0.mdx
@@ -49,12 +49,34 @@ Register today: [https://events.humanitix.com/tours/so-con-2024](https://events.
* Bug Fixes
* Updated logic for collection and reconciliation of ADCS objects.
* Resolving a SID to a domain will now appropriately utilize cache entries (@uidzeroo).
- * _\[CE Only\] _GPO Local Group processing will no longer stop processing on a failed account name resolution (@nurfed1).
- * _\[CE Only\] _Updated use of LDAP credentials when collecting domain details to prevent invalid username/password issues (@nurfed1).
+ * _\[CE Only\]_ GPO Local Group processing will no longer stop processing on a failed account name resolution (@nurfed1).
+ * _\[CE Only\]_ Updated use of LDAP credentials when collecting domain details to prevent invalid username/password issues (@nurfed1).
* **AzureHound (v2.1.6)**
* _No new release._
-### BloodHound (v5.5.0)
+## BloodHound v5.5.0
+
+### Early Access: AD Certificate Services Attack Paths
+
+We're excited to announce early access support for Active Directory Certificate Services (ADCS) Attack Paths in BloodHound Enterprise! This release includes:
+
+- Detection of ESC1, ESC3, ESC6a, ESC9a, and ESC10a attack paths
+- Visualization of certificate-based attack paths
+- Documentation of ADCS-related security risks
+
+### New Features
+
+- **ADCS Attack Path Support**: Early access to ADCS attack path detection
+- **Improved Memory Management**: Increased memory limits for query execution
+- **UI Enhancements**: Better visualization of complex attack paths
+
+### Bug Fixes
+
+- Fixed several issues with entity panels
+- Improved error handling for API requests
+- Resolved UI rendering inconsistencies
+
+### BloodHound Enterprise v5.5.0
#### New and Improved Features
@@ -64,7 +86,7 @@ Register today: [https://events.humanitix.com/tours/so-con-2024](https://events.
* **Expanded memory limit for query execution -** We have doubled the default memory available for executing queries within BloodHound (including Cypher and Entity Panel queries). This should expand the possibility of returning results without running into out-of-memory issues.
* **Group Management tab -** Completely new to CE and an additional view of Tier Zero resources for BHE, the Group Management view will let you review and modify current asset group members for Tier Zero / High Value as well as for Owned group in CE. We have additional enhancements coming to this view soon to filter and search the list!
- 
+ 
* **Improved performance of AZResetPassword paths -** Prior to today's update, AZResetPassword edges were generated between principals based on their assigned roles; each path was created from a principal holding a role that granted it the ability to reset the password of another principal. This resulted in an explosion of the number of edges created in the database. Starting with this release, AZResetPassword edges will be created between a role and a principal for which it can reset passwords.
@@ -76,7 +98,7 @@ Register today: [https://events.humanitix.com/tours/so-con-2024](https://events.
* **Azure role Partner Tier2 Support is now a default member of Tier Zero / High Value asset groups**.
* **_\[CE Only\]_ Added ability to mark objects as "Owned" -** As promised when we released BloodHound: CE, the "Mark as Owned" feature has returned to BloodHound! Just like before, you may right-click on an object in the Explore pane and add it to the Owned group. Additionally, you may directly add or remove objects from the new Group Management view, added in this release.
- 
+ 
#### Bug Fixes
@@ -86,21 +108,22 @@ Register today: [https://events.humanitix.com/tours/so-con-2024](https://events.
* _\[BHE Only\]_ The AzureT0MgmtGroupControl finding will no longer appear, and historical records have been removed.
* _\[CE Only\]_ Resolved an issue impacting the use of multi-underscore environment variables when running an environment.
-### SharpHound (v2.3.3 - BHE, v2.3.1 - CE)
+## SharpHound v2.3.1
-#### New and Improved Features
+### New Features
-* **Additional support for ADCS collection capabilities _-_**SharpHound will now collect additional information required to analyze and generate ADCS Attack Paths.
+- **ADCS Collection Support**: Added collection capabilities for certificate templates
+- **Better Performance**: Optimized collection routines
+- **Improved Logging**: More detailed collection status information
-#### Bug Fixes
+### Bug Fixes
-* Updated logic for collection and reconciliation of ADCS objects.
-* Resolving a SID to a domain will now appropriately utilize cache entries (@uidzeroo).
-* _\[CE Only\] _GPO Local Group processing will no longer stop processing on a failed account name resolution (@nurfed1).
-* _\[CE Only\] _Updated use of LDAP credentials when collecting domain details to prevent invalid username/password issues (@nurfed1).
+- Fixed an issue with account name resolution
+- Resolved memory usage during large collections
+- Improved error handling for network timeouts
-### AzureHound (v2.1.6)
+## AzureHound v2.1.6
-_No new release._
+No new release for AzureHound in this version.
diff --git a/docs/hc/en-us/articles/2024-02-14-Release-Notes-v5-6-0.mdx b/docs/resources/release-notes/2024-02-14-v5-6-0.mdx
similarity index 51%
rename from docs/hc/en-us/articles/2024-02-14-Release-Notes-v5-6-0.mdx
rename to docs/resources/release-notes/2024-02-14-v5-6-0.mdx
index fd3fbe81c4..4cdb799acd 100644
--- a/docs/hc/en-us/articles/2024-02-14-Release-Notes-v5-6-0.mdx
+++ b/docs/resources/release-notes/2024-02-14-v5-6-0.mdx
@@ -41,7 +41,7 @@ Reach out to your point of contact for a discount code and register today: [htt
* Added filtering capabilities to the Group Management view
* Significant expansion of data available in BloodHound audit logs
* Improved accuracy in the "... where Domain Users can RDP" default cypher queries
- * _\[BHE Only\] _Analysis will now separate warnings from errors in completion, leading to more accurate completion of analysis in environments
+ * _\[BHE Only\]_ Analysis will now separate warnings from errors in completion, leading to more accurate completion of analysis in environments
* Bug Fixes
* Data Quality page fails to count Azure tenant objects in specific scenarios
* Improved accuracy of the "count" responses from paginated API queries
@@ -49,7 +49,7 @@ Reach out to your point of contact for a discount code and register today: [htt
* Resolved several role-privilege issues with BloodHound roles (The "User" role can no longer perform actions in the Manage Clients page, the "Upload Only" role can no longer view Experimental Features)
* Moving from "Pathfinding" to "Search" on the "Explore" page will now properly disable pathfinding
* Cursors will no longer jump to the end of the search fields on "Explore"
- * _\[BHE Only\] _TrustedBy edges should now reconcile appropriately
+ * _\[BHE Only\]_ TrustedBy edges should now reconcile appropriately
* **SharpHound (v2.3.5 - BHE, v2.3.2 - CE)**
* New and Improved Features
* Additional ADCS property collection
@@ -62,47 +62,47 @@ Reach out to your point of contact for a discount code and register today: [htt
* Bug Fixes
* _\[BHE Only\]_ AzureHound will now properly respect the verbosity setting set in config.json
-### BloodHound (v5.6.0)
-#### New and Improved Features
+# BloodHound v5.6.0 Release Notes
-* **General Availability of AD Certificate Services Coverage -** AD Certificate Services Attack Paths are now generally available to all BloodHound users. This release includes support for: GoldenCert, ESC1, ESC3, ESC6a, ESC9a, ESC10a (requires latest version of SharpHound)
-* **New "Power User" role -** BloodHound now includes an additional role as a bridge between "User" and "Administrator" for customers with users who should be able to modify the graph through file uploads or modifications of collectors but who should not be able to modify who can access the environment. For more, see [Administering users and roles.](/hc/en-us/articles/Administering-users-and-roles)
-* **Filtering in Group Management** **-**The Group Management view will now let users filter for objects within an Asset Group based on object type and whether the object is a custom-assigned object.
-
- 
-
-* **Audit Log Enhancements - **BloodHound audit logs got a significant expansion, including the addition of logging failed actions, as well as including information such as the user's email address, and the source IP (including any proxies) in each record.
-* Improved accuracy in the "... where Domain Users can RDP" default cypher queries
-* _\[BHE Only\] _Analysis will now separate warnings from errors in completion, leading to more accurate completion of analysis in environments
+## BloodHound Enterprise v5.6.0
-#### Bug Fixes
+### General Availability of AD Certificate Services Coverage
-* Data Quality page fails to count Azure tenant objects in specific scenarios
-* Improved accuracy of the "count" responses from paginated API queries
-* Resolved a specific issue with SAML implementations resulting in inaccurate "NotAuthorized" responses
-* Resolved several role-privilege issues with BloodHound roles (The "User" role can no longer perform actions in the Manage Clients page, the "Upload Only" role can no longer view Experimental Features)
-* Moving from "Pathfinding" to "Search" on the "Explore" page will now properly disable pathfinding
-* Cursors will no longer jump to the end of the search fields on "Explore"
-* _\[BHE Only\] _TrustedBy edges should now reconcile appropriately
+We're excited to announce the general availability of Active Directory Certificate Services (ADCS) Attack Path coverage in BloodHound Enterprise! This release includes:
-### SharpHound (v2.3.5 - BHE, v2.3.2 - CE)
+- Full support for ADCS attack path detection and analysis
+- Enhanced visualization of certificate-based attack paths
+- Comprehensive documentation of ADCS-related security risks
-#### New and Improved Features
+For more information about administering users and roles, see [Administering users and roles](/manage-bloodhound/auth/users-and-roles).
-* **Additional support for ADCS collection capabilities _-_**SharpHound will now collect additional information required to analyze and generate ADCS Attack Paths.
+### New Features
-#### Bug Fixes
+- **ADCS Attack Path Coverage**: Complete support for detecting and analyzing ADCS-based attack paths
+- **Improved Performance**: Enhanced database query optimization
+- **UI Enhancements**: Better visualization of complex attack paths
-* Resolved issues with hitting KERNELFAULT errors during collection
-* Improved handling and retries for LDAP ServerDown responses, preventing cross-trust collection
+### Bug Fixes
-### AzureHound (v2.1.7)
+- Fixed several issues with SAML authentication
+- Improved error handling for API requests
+- Resolved UI rendering inconsistencies
-#### New and Improved Features
+## SharpHound v2.3.2
-* **Memory usage reduction -** AzureHound will now utilize significantly less memory when processing Azure group membership information
+### New Features
-#### Bug Fixes
+- **Enhanced ADCS Collection**: Improved collection of certificate templates and enrollment rights
+- **Better Performance**: Optimized collection routines
+- **Improved Logging**: More detailed collection status information
-* _\[BHE Only\]_ AzureHound will now properly respect the verbosity setting set in config.json
+### Bug Fixes
+
+- Fixed an issue with group membership enumeration
+- Resolved memory usage during large collections
+- Improved error handling for network timeouts
+
+## AzureHound v2.1.6
+
+No new release for AzureHound in this version.
diff --git a/docs/hc/en-us/articles/2024-03-04-Release-Notes-v5-7-0.mdx b/docs/resources/release-notes/2024-03-04-v5-7-0.mdx
similarity index 98%
rename from docs/hc/en-us/articles/2024-03-04-Release-Notes-v5-7-0.mdx
rename to docs/resources/release-notes/2024-03-04-v5-7-0.mdx
index 53c73d2f48..fb8bccea80 100644
--- a/docs/hc/en-us/articles/2024-03-04-Release-Notes-v5-7-0.mdx
+++ b/docs/resources/release-notes/2024-03-04-v5-7-0.mdx
@@ -47,7 +47,7 @@ Find out more and register to join us: https://specterops.io/so-con/
_Our engineering team is actively pursuing support for ZIP file ingest, and expect to deliver that in our next release!_
* **Improved visualization of edges that begin and end at the same node** \- Sometimes, a picture best describes a change!
- 
+ 
* Improved performance on the Group Management view
diff --git a/docs/hc/en-us/articles/2024-03-27-Release-Notes-v5-8-0.mdx b/docs/resources/release-notes/2024-03-27-v5-8-0.mdx
similarity index 99%
rename from docs/hc/en-us/articles/2024-03-27-Release-Notes-v5-8-0.mdx
rename to docs/resources/release-notes/2024-03-27-v5-8-0.mdx
index 5751132487..ac3d069ec0 100644
--- a/docs/hc/en-us/articles/2024-03-27-Release-Notes-v5-8-0.mdx
+++ b/docs/resources/release-notes/2024-03-27-v5-8-0.mdx
@@ -58,7 +58,7 @@ Register for the webinar [here](https://specterops.zoom.us/webinar/register/WN_0
* **File Ingest now supports .ZIP format and large files** \- by popular demand, BloodHound can now directly ingest .zip archives in the File Ingest feature, and the size limits have been removed from the UI. With this change, your browser's ability to package the uploaded file will remain the limiting factor in uploading large datasets directly through the UI.
* **Clear database option -** Did you accidentally upload bad data or need to start fresh?BloodHound has you covered with the built-in ability to clear various data! As the warning below shows, changes in this section are irreversible. These options are available to users with the Administrator role under the Administration -> Database Management section.
- 
+ 
* **ADCS ESC4 Attack Path** \- ADCS is the gift that keeps giving, and this release includes coverage for ADCS ESC4. For BloodHound Enterprise customers, this will include additional findings for ESC4 paths from those who should not have full control of your environment.
* _\[BHE Only\]_ BUILTIN\\Users group will now appear within Large Default Groups findings
diff --git a/docs/hc/en-us/articles/2024-04-15-Release-Notes-v5-8-1.mdx b/docs/resources/release-notes/2024-04-15-v5-8-1.mdx
similarity index 100%
rename from docs/hc/en-us/articles/2024-04-15-Release-Notes-v5-8-1.mdx
rename to docs/resources/release-notes/2024-04-15-v5-8-1.mdx
diff --git a/docs/hc/en-us/articles/2024-05-09-Release-Notes-v5-9-0.mdx b/docs/resources/release-notes/2024-05-09-v5-9-0.mdx
similarity index 100%
rename from docs/hc/en-us/articles/2024-05-09-Release-Notes-v5-9-0.mdx
rename to docs/resources/release-notes/2024-05-09-v5-9-0.mdx
diff --git a/docs/hc/en-us/articles/2024-05-28-Release-Notes-v5-10-0.mdx b/docs/resources/release-notes/2024-05-28-v5-10-0.mdx
similarity index 100%
rename from docs/hc/en-us/articles/2024-05-28-Release-Notes-v5-10-0.mdx
rename to docs/resources/release-notes/2024-05-28-v5-10-0.mdx
diff --git a/docs/hc/en-us/articles/2024-06-17-Release-Notes-v5-11-0.mdx b/docs/resources/release-notes/2024-06-17-v5-11-0.mdx
similarity index 97%
rename from docs/hc/en-us/articles/2024-06-17-Release-Notes-v5-11-0.mdx
rename to docs/resources/release-notes/2024-06-17-v5-11-0.mdx
index b2e2281ba1..32eca2070a 100644
--- a/docs/hc/en-us/articles/2024-06-17-Release-Notes-v5-11-0.mdx
+++ b/docs/resources/release-notes/2024-06-17-v5-11-0.mdx
@@ -54,13 +54,13 @@ Whether you're a blue- or red-teamer, our courses are designed to elevate your s
#### New and Improved Features
* **Password changes will now require validation of your current password to complete** \- To provide a more secure application, BloodHound will now validate that the user knows their current password before allowing a password change in the My Profile section of the application.
- 
+ 
* **Updated pre-defined queries and added a hygiene section** \- We've made some updates to the pre-defined Cypher queries with some useful base queries, specifically in a Hygiene section with each AD and Azure to help users find errant misconfigurations which may open them to additional risk.
* **_\[BHE Only\]_ Azure findings have been collapsed based on path type only, aligning with Active Directory finding types** \- During our big Azure expansion last year, we added an additional layer of division between finding types based on the target object type. This resulted in a poorer user experience and so we have collapsed those findings to align with the current pattern used within Active Directory - one finding per path type between objects.
This change may result in some significant changes in the findings visible within your Azure Environment. Please contact your TAM if you have any questions or would like additional details on these changes.
* **_\[BHE Only__\]_ Clicking "Explore" on a finding will now automatically display the entity panel for the associated edge** \- When "Exploring" a finding, selecting the edge required an additional click to show the associated Entity Panel. Granted most users took this step immediately after clicking the "Explore" button, we updated the application to do this for you!
- 
+ 
* **_\[BHE Only\]_ Findings documentation is now served by a proper API endpoint** \- Documentation for findings, descriptions, remediation documentation, etc. will now be served by an API-based endpoint, rather than through the UI as was done before. This will provide a more secure and stable experience in the future.
#### Bug Fixes
diff --git a/docs/hc/en-us/articles/2024-07-17-Release-Notes-v5-12-0.mdx b/docs/resources/release-notes/2024-07-17-v5-12-0.mdx
similarity index 96%
rename from docs/hc/en-us/articles/2024-07-17-Release-Notes-v5-12-0.mdx
rename to docs/resources/release-notes/2024-07-17-v5-12-0.mdx
index 57cb0657d7..cf9dff71de 100644
--- a/docs/hc/en-us/articles/2024-07-17-Release-Notes-v5-12-0.mdx
+++ b/docs/resources/release-notes/2024-07-17-v5-12-0.mdx
@@ -42,15 +42,15 @@ Whether you're a blue- or red-teamer, our courses are designed to elevate your s
* **\[BHE Only\] Attack Paths view visual overhaul** \- The Attack Paths page has undergone a pretty significant overhaul. These changes include a better use of screen real-estate, and bring several key metrics to the forefront of the page, making it easier to rapidly identify current posture and recent changes.
- 
+ 
- 
+ 
* **Administrative page documentation** \- Each of the administrative pages now has a handy explainer for the purpose of the page and links directly to BloodHound Enterprise documentation relevant to the page. These changes will make it easier to find details around the changes you're making to your environment.**
- 
+ 
* **Improved analysis performance: SyncLAPSPassword** \- We've updated the logic which results in the SyncLAPSPassword edges in BloodHound. With this change, these edges will more commonly begin from Groups which have this Attack Path primitive within an environment, rather than beginning directly from each user. The result of these changes is the creation of fewer edges during analysis, and improved performance during this step.
_
diff --git a/docs/hc/en-us/articles/2024-08-01-Release-Notes-v5-13-0.mdx b/docs/resources/release-notes/2024-08-01-v5-13-0.mdx
similarity index 97%
rename from docs/hc/en-us/articles/2024-08-01-Release-Notes-v5-13-0.mdx
rename to docs/resources/release-notes/2024-08-01-v5-13-0.mdx
index 0cfce4a507..9c3e126542 100644
--- a/docs/hc/en-us/articles/2024-08-01-Release-Notes-v5-13-0.mdx
+++ b/docs/resources/release-notes/2024-08-01-v5-13-0.mdx
@@ -1,5 +1,5 @@
---
-2024-08-01 Release Notes (v5.13.0)
+title: 2024-08-01 Release Notes (v5.13.0)
---
## Announcements
@@ -63,14 +63,14 @@ We’re excited to ring in the spooky season this October with in-person and vir
* **New Attack Paths: Entra-AD User Syncing** \- Introduced to the BloodHound graph in April 2022 as a fully supported feature, Entra has remained a dissociated data set from AD. Ever since we've wanted to connect the graphs to show risk across those connection points. In this release, we're adding coverage of user synchronization - showing where Entra and AD users are synced to each other across those environments. This release will enable users to identify and validate paths across those links via pathfinding and cypher. With this work complete, we're starting a project in BloodHound Enterprise to measure the cross-platform risk from these paths!
- 
+ 
* **Improved analysis performance: DCSync** \- We've updated the logic that results in the DCSync edges in BloodHound. With this change, these edges will more commonly begin from Groups with this Attack Path primitive within an environment rather than beginning directly from each user. These changes result in BloodHound creating fewer edges during analysis and improved performance during this step.
_
Note: This may change Attack Path findings in BloodHound Enterprise environments._
* **API version on My Profile page** \- When BloodHound CE users report bugs, we ask, "What version are you running?" We never made that easily visible in the application - until now! Browse to the My Profile page under the configuration gear at the top right, and you'll see what version you're running at the bottom of the page.
- 
+ 
@@ -78,10 +78,10 @@ We’re excited to ring in the spooky season this October with in-person and vir
We're pretty confident we migrated all the different areas to use the theme switcher, but please let us know if we missed anything! We're excited to get this feature tested and generally available; afterward, we look forward to adding additional themes, most notably better support for our color-blind users!
- 
+ 
- 
+ 
#### Bug Fixes
diff --git a/docs/hc/en-us/articles/2024-08-06-Release-Notes-v5-13-1.mdx b/docs/resources/release-notes/2024-08-06-v5-13-1.mdx
similarity index 100%
rename from docs/hc/en-us/articles/2024-08-06-Release-Notes-v5-13-1.mdx
rename to docs/resources/release-notes/2024-08-06-v5-13-1.mdx
diff --git a/docs/hc/en-us/articles/2024-08-20-Release-Notes-v5-14-0.mdx b/docs/resources/release-notes/2024-08-20-v5-14-0.mdx
similarity index 100%
rename from docs/hc/en-us/articles/2024-08-20-Release-Notes-v5-14-0.mdx
rename to docs/resources/release-notes/2024-08-20-v5-14-0.mdx
diff --git a/docs/hc/en-us/articles/2024-09-10-Release-Notes-v5-15-0.mdx b/docs/resources/release-notes/2024-09-10-v5-15-0.mdx
similarity index 98%
rename from docs/hc/en-us/articles/2024-09-10-Release-Notes-v5-15-0.mdx
rename to docs/resources/release-notes/2024-09-10-v5-15-0.mdx
index dde99922ac..184aae9b36 100644
--- a/docs/hc/en-us/articles/2024-09-10-Release-Notes-v5-15-0.mdx
+++ b/docs/resources/release-notes/2024-09-10-v5-15-0.mdx
@@ -58,7 +58,7 @@ Register for the webinar [here](https://specterops.zoom.us/webinar/register/WN_R
* **New Attack Path: WriteGPLink** \- First, a huge thank you, [@q-roland](https://github.com/q-roland), for their contribution of this edge to BloodHound! The WriteGPLink Attack Path indicates the ability to alter the gPLink attribute, which may allow an attacker to apply a malicious Group Policy Object (GPO) to all child user and computer objects (including those in nested OUs). This can be
exploited to make said child objects execute arbitrary commands through an immediate scheduled task, thus compromising them.
- 
+ 
* **22 additional AD properties** \- _(Requires SharpHound v2.5.6+)_ We've added a bunch of new properties to the AD schema, including information around authentication, passwords, and extra domain/trust information with supporting saved queries_._ These new attributes will enable BloodHound users to find additional risks within their environments. The attributes added include:
* Expire Passwords on Smart Card only Accounts
@@ -84,7 +84,7 @@ Register for the webinar [here](https://specterops.zoom.us/webinar/register/WN_R
* User Account Control
* Trust Attributes
- 
+ 
* **ESC6a is worse than we thought** \- Through additional research, we've confirmed that ESC6a does _not_ require weak certificate mapping to be enabled for execution. The logic for this Attack Path has been updated accordingly.
@@ -94,7 +94,7 @@ Register for the webinar [here](https://specterops.zoom.us/webinar/register/WN_R
* **Simplify the graph** \- When we initially wrote the ADCS Attack Paths into BloodHound, we used a series of non-transit edges starting with "CanAbuse." These edges were only used to create the final ADCSESC Attack Paths and were not valuable on their own. In this release, we've moved all of the logic previously contained within those edges directly to the analysis for ADCS Attack Paths.
* **_\[CE Only\]_ Owned glyphs on objects** \- First off, a huge thank you [@palt](https://github.com/palt) for their contribution of this feature to BloodHound! Owned objects will now show an associated glyph icon in Explore.
- 
+ 
#### Bug Fixes
diff --git a/docs/hc/en-us/articles/2024-09-30-Release-Notes-v6-0-0.mdx b/docs/resources/release-notes/2024-09-30-v6-0-0.mdx
similarity index 98%
rename from docs/hc/en-us/articles/2024-09-30-Release-Notes-v6-0-0.mdx
rename to docs/resources/release-notes/2024-09-30-v6-0-0.mdx
index f988fdd85a..41281cb12f 100644
--- a/docs/hc/en-us/articles/2024-09-30-Release-Notes-v6-0-0.mdx
+++ b/docs/resources/release-notes/2024-09-30-v6-0-0.mdx
@@ -54,19 +54,19 @@ We look forward to working with our customers and community members to continue
* **Dark mode general availability** \- Save your eyeballs with the flip of a switch!
- 
+ 
* **Citrix Direct Access Users group support in CanRDP** \- A long-time pain point for BloodHound users, Citrix's preferred deployment model frequently introduced perceived false positives through a compensating control that BloodHound did not model. With today's release, Administrators may optionally enable the ability for BloodHound to identify systems with the default "Direct Access Users" group deployed by Citrix and, where found, to utilize that group membership to limit the scope of the CanRDP Attack Path primitives identified in your environment.
To enable, go to _Administration -> BloodHound_ _Configuration_.
- 
+ 
* **_\[BHE Only\]_ Configurable reconciliation timelines** \- BloodHound Enterprise supports automatic data reconciliation for changes made within your environment over time. One of those functions relates to clearing HasSession edges and clearing out data that BloodHound Enterprise has not seen in a long while. Previously hard-coded, Administrators may now configure these values within _Administration -> BloodHound_ _Configuration_.
We've reduced the default values to 7 days for age-out and 3 days for session data. Please feel free to contact your TAM if you have any questions.
- 
+ 
* **Improved performance on complex Attack Paths** \- Complex Attack Paths requiring multiple permissions (including ADCS ESC, DCSync, etc.) utilize specialized logic to identify the most common denominator of control, making risk and abuse clearer. This release improves processing logic when Authenticated Users@ or Everyone@ groups are involved.
* **Improved accuracy on ADCS ESC9 and ESC10 processing logic** \- We've improved the logic for ESC9 and ESC10 Attack Path identification, including additional consideration for SChannel Authentication and DC Strong Certificate binding enforcement.
diff --git a/docs/hc/en-us/articles/2024-10-22-Release-Notes-v6-1-0.mdx b/docs/resources/release-notes/2024-10-22-v6-1-0.mdx
similarity index 100%
rename from docs/hc/en-us/articles/2024-10-22-Release-Notes-v6-1-0.mdx
rename to docs/resources/release-notes/2024-10-22-v6-1-0.mdx
diff --git a/docs/hc/en-us/articles/2024-11-14-Release-Notes-v6-2-0.mdx b/docs/resources/release-notes/2024-11-14-v6-2-0.mdx
similarity index 100%
rename from docs/hc/en-us/articles/2024-11-14-Release-Notes-v6-2-0.mdx
rename to docs/resources/release-notes/2024-11-14-v6-2-0.mdx
diff --git a/docs/hc/en-us/articles/2024-12-09-Release-Notes-v6-3-0.mdx b/docs/resources/release-notes/2024-12-09-v6-3-0.mdx
similarity index 94%
rename from docs/hc/en-us/articles/2024-12-09-Release-Notes-v6-3-0.mdx
rename to docs/resources/release-notes/2024-12-09-v6-3-0.mdx
index 27a1832a6a..c8410ad4ca 100644
--- a/docs/hc/en-us/articles/2024-12-09-Release-Notes-v6-3-0.mdx
+++ b/docs/resources/release-notes/2024-12-09-v6-3-0.mdx
@@ -53,18 +53,18 @@ These migrations have already begun, and we will continue to monitor all environ
### New and Improved Features
-* **_\[BHE Only\]_ Completely new Posture page** \- After serving us well for several years, it's time to say goodbye to the old Posture page! [The revamped view](/hc/en-us/articles/Posture-Page) is considerably improved over the previous interface in several ways. This includes:
+* **_\[BHE Only\]_ Completely new Posture page** \- After serving us well for several years, it's time to say goodbye to the old Posture page! [The revamped view](/analyze-data/bloodhound-gui/posture-page) is considerably improved over the previous interface in several ways. This includes:
* Provides visibility into resolved Attack Paths
* Adds visibility to additional metrics to track remediation progress over time
* Displays most relevant data within a single page, removing unnecessary scrolling
- 
+ 
* **_\[BHE Only\]_ Early access opportunity: Improved analysis algorithm** \- Highlighted in the announcements this week, this new algorithm enables BloodHound Enterprise to analyze even more data than before and generally at a significantly reduced analysis duration. Simultaneously, it provides improved visibility into the risks in your environment, enabling further prioritization of risk remediation on the Attack Paths that matter most.
* **Hide node/edge label toggle** \- One of our top feature requests since the release of BloodHound CE, the ability to hide node and edge labels makes a triumphant return! Break out that redaction tool no longer and hide any labels you deem sensitive directly within the UI. Thank you, [@palt](https://github.com/palt), for your contribution!
- 
-* **New CoerceToTGT edge type** \- The [CoerceToTGT](/hc/en-us/articles/CoerceToTGT) edge indicates principals configured for unconstrained delegation where attackers can coerce privileged computer targets into sending their ticket-granting ticket (TGT) to the attacker and compromise the domain. For all users, this will make these paths appear within the regular course of pathfinding, using Cypher, etc.
+ 
+* **New CoerceToTGT edge type** \- The [CoerceToTGT](/resources/edges/coerce-to-tgt) edge indicates principals configured for unconstrained delegation where attackers can coerce privileged computer targets into sending their ticket-granting ticket (TGT) to the attacker and compromise the domain. For all users, this will make these paths appear within the regular course of pathfinding, using Cypher, etc.
For BloodHound Enterprise users, this edge will generate a single Attack Path finding type that replaces all previous "Unconstrained Delegation" findings. This change will improve the user experience by summarizing what was previously displayed as multiple findings within a single location. Its severity will be associated with the exposure of the principal configured for unconstrained delegation.
- 
+ 
* **New Default Tier Zero objects** \- We have added additional objects to the default members of Tier Zero / High Value. These objects all have the innate ability to control Active Directory environments.
* **AdminSDHolder (container):** The permissions configured on AdminSDHolder are a template that will be applied to Protected Groups and Users with SDProp by default every hour. Control over AdminSDHolder means you have control over the Protected Groups (and their members) and Users, which include Tier Zero groups such as Domain Admins. The AdminSDHolder container is, therefore, a Tier Zero object.
@@ -74,7 +74,7 @@ These migrations have already begun, and we will continue to monitor all environ
* **DnsAdmins (group):** DnsAdmins controls DNS, which enables an attacker to trick a privileged victim into authenticating against an attacker-controlled host as if it were another host. This allows a Kerberos to relay attack. Also, control over DNS enables disruption of Tier Zero since Kerberos depends on DNS by default. The group could previously use a feature in the Microsoft DNS management protocol to make the DNS service load any DLL and thereby obtain a session as SYSTEM on the DNS server. This vulnerability was patched in December 2021.
-* **OIDC Support** \- BloodHound now supports OIDC (as well as SAMLv2) for SSO providers! See [OIDC in BloodHound](/hc/en-us/articles/OIDC-in-BloodHound) for more details.
+* **OIDC Support** \- BloodHound now supports OIDC (as well as SAMLv2) for SSO providers! See [OIDC in BloodHound](/manage-bloodhound/auth/oidc) for more details.
* **Automatic SSO Redirection** \- Environments configured with a single SSO provider will automatically redirect to your provider when clicking the "Login via SSO" button.
* **Enterprise Domain Controllers Group Improvement** \- Improved consistency when creating the Enterprise Domain Controllers group to remove confusion based on how complete a given collection was. (_Requires SharpHound upgrade_)
* **_\[BHE Only\]_ Updated wording on the "Accept" dialog for accuracy.**
diff --git a/docs/resources/release-notes/overview.mdx b/docs/resources/release-notes/overview.mdx
new file mode 100644
index 0000000000..bba7ff1553
--- /dev/null
+++ b/docs/resources/release-notes/overview.mdx
@@ -0,0 +1,15 @@
+---
+title: BloodHound Release Notes
+description: Stay up to date with the latest features, enhancements, bug fixes, and known issues in each release of BloodHound.
+mode: wide
+sidebarTitle: Overview
+---
+
+
+
+
+
+
+
+
+
diff --git a/docs/resources/release-notes/summary.mdx b/docs/resources/release-notes/summary.mdx
new file mode 100644
index 0000000000..04f83df9f5
--- /dev/null
+++ b/docs/resources/release-notes/summary.mdx
@@ -0,0 +1,34 @@
+---
+title: Release Notes Summary Overview
+description: This article contains an overview of all release note summaries. Check out individual release notes for details.
+mode: wide
+---
+
+| | | | |
+| --- | --- | --- | --- |
+| **Release** | **BloodHound** | **SharpHound** | **AzureHound** |
+| 2024-11-20 (v6.2.2) | Bug Fixes
* Fixed an excessive resource utilization issue during post-processing.
* After migrating a user to login via SSO, their old password will be invalidated immediately. | _No new release._ | _No new release._ |
+| 2024-11-15 (v6.2.1) | Bug Fixes
* Reverted the Azure post-processing changes due to excessive resource utilization. | _No new release._ | _No new release._ |
+| [2024-11-14 Release Notes (v6.2.0)](/resources/release-notes/2024-11-14-v6-2-0) | New and Improved Features
* Added multiple pre-saved Cypher queries regarding objects marked "Owned."
* Added the "Map OU structure" pre-saved query, previously available in BloodHound Legacy.
* Updated the "Kerberoastable Users" pre-saved cypher query to properly filter out disabled objects, MSAs, GMSAs, and the KRBTGT object.
* Updated all pre-saved Cypher queries to use consistent quotation marks for easier use in API integrations.
* Clicking the "Login via SSO" button will automatically redirect if only a single SSO provider is configured.
* Updated the permissions for the "Upload only" role to align more accurately with what the name implies. This role will no longer be able to modify asset group membership or trigger analysis runs.
* Renamed the "RemoteInteractiveLoginPrivilege" edge to "RemoveInteractiveLogonRight" to match the Microsoft naming schema.
* Improved performance of EntraID post-processing.
Bug Fixes
* Logins via SAML will now correctly appear in the Audit log.
* Corrected several property type errors in data coming from SharpHound.
* _\[CE Only\]_ Docker Compose health check will now work with a modified Neo4J web port set (Thank you, [@yannis-srl](https://github.com/yannis-srl), for your contribution!).
* _\[BHE Only__\]_ SyncedToEntraUser, SyncedToADUser, ADCSESC9b, and ExtendedByPolicy edges will now reconcile properly. | _No new release._ | _No new release._ |
+| [2024-10-22 Release Notes (v6.1.0)](/resources/release-notes/2024-10-22-v6-1-0) | _No new features or fixes._ | **SharpHound v2.5.11 - BHE, v2.5.8 - CE**
New and Improved Features
* Migrated ACL hashing functionality to utilize SHA1 to support environments that enforce FIPS-compliant algorithms.
Bug Fixes
* Fixed collection of LAPS edges in both legacy and modern systems. | _No new release.
_ |
+| [2024-09-30 Release Notes (v6.0.0)](/resources/release-notes/2024-09-30-v6-0-0) | New and Improved Features
* Dark mode is now generally available!
* Introducing optional support for Citrix Direct Access Users group in CanRDP logic!
* _\[BHE Only\]_ Reconciliation timelines are now configurable!
* Improved logic for identifying and creating complex edges requiring multiple permissions (including ADCS ESC, DCSync, etc.) when Authenticated Users@ or Everyone@ groups are involved.
* Improved accuracy on ADCS ESC9 and ESC10 processing logic
* CanRDP edges will now appropriately appear from Computer objects with permission to RDP to another computer.
* Provided additional abuse information to ADCSESC9b, ADCSESC10b, GenericAll, GenericWrite, Contains, Owns, WriteDacl, AllExtendedWrites, and WriteOwner Attack Path primitives.
* Support for .zip file uploads that include UTFBOM markings within contained JSON files has been added.
Bug Fixes
* Resolved an intermittent issue with the parallelization of ADCS post-processing.
* Applying multiple filter predicates to an API query will no longer throw an error.
* Admin Audit log API endpoints now correctly support the "skip" query parameter.
* The Cypher query window will no longer extend beyond the end of the browser.
* _\[BHE Only\]_ Resolved some duplicate collection issues related to highly available deployments. | **SharpHound (v2.5.10 - BHE)**
Bug Fixes
* _\[BHE Only\]_ Resolved several installation issues for specific scenarios. | _No new release._ |
+| 2024-09-19 (v5.15.1) | _No changes._ | **SharpHound (v2.5.9 - BHE, v2.5.7 - CE)**
Bug Fixes
* Resolved an issue with enumerating domain objects where password rotation is not enforced.
* Improved collection performance related to the collection of ACEs with unresolvable SIDs. | _No new release._ |
+| [2024-09-10 Release Notes (v5.15.0)](/resources/release-notes/2024-09-10-v5-15-0) | New and Improved Features
* New Attack Path: WriteGPLink (Thank you, [@q-roland](https://github.com/q-roland), for your contribution! _Requires SharpHound v2.5.6+_).
* Added 22 additional AD properties, including information about authentication, passwords, and extra domain/trust information with supporting saved queries _(Requires SharpHound v2.5.6+)._
* Added support for GenericWrite Attack Paths targetting OUs and Domain objects (Thank you, [@q-roland](https://github.com/q-roland), for your contribution! _Requires SharpHound v2.5.6+_).
* Updated ESC6a logic to no longer require weak certificate mapping after confirming that it no longer prevents the escalation.
* OUs that contain Tier Zero / High Value objects will now be automatically tagged as Tier Zero objects, too.
* ESC6/9/10 analysis logic will now include domain controllers from child domains as well.
* Added a Login URL property to Entra Users to show the user's SSO URL.
* Removed all "CanAbuse" non-transitive edges from the graph schema and updated ESC logic accordingly.
* _\[CE Only\]_ Owned objects will now show an associated glyph icon in Explore (Thank you, [@palt](https://github.com/palt), for your contribution!).
Bug Fixes
* Fixed abuse info on multiple Attack Paths that grant the ability to abuse LAPS settings.
* Improved JSON error handling for file uploads.
* File uploads should no longer get stuck on "Analyzing."
* _\[BHE Only\]_ Fixed an issue where specific collection jobs would trigger twice.
* _\[BHE Only\]_ Attack Path titles may now easily be copied again. | **SharpHound (v2.5.8 - BHE, v2.5.6 - CE)**
New and Improved Features
* Complete re-write of LDAP connection and collection logic, resulting in improved consistency and performance.
* Add support for the collection of 22 additional properties and for GenericWrite Attack Paths targeting OU and Domain objects.
* _\[BHE Only\]_ Moved auth.json and settings.json to the service user's APPDATA directory.
Bug Fixes
* _\[BHE Only\]_ Resolved several cross-trust collection issues. | **AzureHound (v2.2.1)**
New and Improved Features
* Reduced default number of concurrent connections opened with Entra/Azure APIs (Thank you, [@olafhartong,](https://github.com/olafhartong) for your support in identifying the cause of these issues)
* Added several optional performance-tuning settings
* Reduced volume of data output by pruning empty or unnecessary fields (Thank you, [@malacupa](https://github.com/malacupa), for your support in identifying the cause of these issues)
* _\[BHE Only\]_ Reduced default batch size for upload of data to BloodHound Enterprise |
+| [2024-08-20 Release Notes (v5.14.0)](/resources/release-notes/2024-08-20-v5-14-0) | New and Improved Features
* Added support for ADCS certificate chains crossing AIA Certificate Authorities
* Improved logic across all included cypher queries for improved performance
* Clarified the "blocksinheritance" property on OUs is specific to GPO inheritance
* Users without administrative privileges will no longer see Group Management actions in right-click context menus
* Added support for ingesting JSON files which include UTFBOM encoding
Bug Fixes
* Improved visibility of several buttons and elements in dark mode
* Added abuse information for the GPLink edge
* Fixed the count of objects displayed in the Group Management page | _Note: We are working on a new version of SharpHound that has improved performance and reliability when querying data via LDAP. If you would like to test that version, please get in touch with your TAM.
_ | _No new release._ |
+| [2024-08-06 Release Notes (v5.13.1)](/resources/release-notes/2024-08-06-v5-13-1) | Bug Fixes
* Resolved an issue where hybrid paths were not created when the AD object did not have a known object type during path creation.
* The 2FA login screen will no longer return to the username/password screen if the browser window is unselected before completing the login flow.
* _\[BHE Only\]_ Resolved a race condition during analysis in highly-available deployments | _Note: We have reverted the available SharpHound build to v2.4.1 while we address issues identified in v2.5.4._ | _No new release.
_ |
+| [2024-08-01 Release Notes (v5.13.0)](/resources/release-notes/2024-08-01-v5-13-0) | New and Improved Features
* New Attack Paths: Entra-AD User Syncing
* Improved analysis performance - DCSync
* Added visibility of the current API version to the My Profile page
* _\[Early Access\]_ BloodHound dark mode
Bug Fixes
* Resolved an issue that resulted in objects having multiple types after import to BloodHound (A collection will be required to reintroduce appropriate object types on affected principals)
* File ingest will now show partial errors on upload
* Hovering errors in the Cypher query editor will no longer overflow the viewable area
* Negative numbers will now compare properly in Cypher
* Fixed a logic issue on composition panels for ESC3, 4, and 6 for multi-tier PKI environments
* Updated logic for EnrollOnBehalfOf to utilize the proper EKU property
* Improved error handling in specific circumstances on file ingest
* _\[BHE Only\]_ Resolved an issue with collectors improperly incrementing job counts | **SharpHound (v2.5.4 - BHE, v2.5.4 - CE)**
_Note: SharpHound's LDAP libraries have undergone a complete rewrite to improve stability and resolve issues. This will resolve issues that are not explicitly captured in these release notes. We will continue to iterate as we find more issues. Please work with your TAM if you have any questions about upgrading.
_
New and Improved Features
* Improved logic for identifying and querying available DCs (when a DC is not specified)
* Reduced reliance on paged LDAP queries for improved LDAP query performance
* Introduced a connection pool for improved LDAP query performance
* Improved fallback and retry logic for LDAP ServerDown message
* Computer availability for Local Group and Session collection will now be based on the last logon instead of the last password rotation
* Improved logging levels and message outputs
Bug Fixes
* _\[BHE Only\]_ Resolved an issue where allowing LDAPS connections would only attempt connections on the LDAPS-specified port
* _\[CE Only\]_ Improved handling of control characters using the "collectallproperties" flag to resolve ingestion issues | _No new release._ |
+| [2024-07-17 Release Notes (v5.12.0)](/resources/release-notes/2024-07-17-v5-12-0) | New and Improved Features
* _\[BHE Only\]_ Visual overhaul of the Attack Paths view
* Added documentation hints to all administrative pages
* Improved analysis performance - SyncLAPSPassword
* Example Azure data is now available
Bug Fixes
* Improved resolution of AzApp object names
* Reverted a change in Azure ingest that was resulting in inconsistent results in BloodHound | _No new release._ | _No new release._ |
+| [2024-06-17 Release Notes (v5.11.0)](/resources/release-notes/2024-06-17-v5-11-0) | New and Improved Features
* Password changes will now require validation of your current password to complete
* Updated pre-defined queries and added a hygiene section
* _\[BHE Only\]_ Azure findings have been collapsed based on path type only, aligning with Active Directory finding types
* _\[BHE Only__\]_ Clicking "Explore" on a finding will now automatically display the entity panel for the associated edge
* _\[BHE Only\]_ Findings documentation is now served by a proper API endpoint
Bug Fixes
* Azure principals with scoped Application Administrator or scoped Cloud App Admin role assignments will no longer receive a AzHasRole edge to the AzRole nodes. These nodes are only used for Tenant-scoped role assignments.
* Group Management view will now properly display members of custom groups
* Resolved several erroneous timeout issues
* Corrected inaccurate use of CONTAINS verb in several pre-defined queries
* Updated example abuse commands on several ADCS escalation paths
* Corrected specific certificate template names on entity panels
* _\[BHE Only\]_ Fixed several bugs in Azure finding logic | _No new release._ | _No new release._ |
+| [2024-05-28 Release Notes (v5.10.0)](/resources/release-notes/2024-05-09-v5-9-0) | New and Improved Features
* Improved Cypher quality controls to prevent failure and errors
* Example Active Directory data now available
* _\[BHE Only\]_ Updated reference links for all Attack Path findings
* _\[CE Only__\]_ Enable graph mutation via Cypher
Bug Fixes
* Entity panels will now appear regardless of the object type selected
* _\[CE Only\]_ Added missing package caches for offline builds | _No new release._ | _No new release._ |
+| [2024-05-09 Release Notes (v5.9.0)](/resources/release-notes/2024-05-09-v5-9-0) | New and Improved Features
* Support for ADCS ESC 13 (Requires SharpHound v2.4.1+)
* Added support for GenericWrite edges to ADCS node types
* Improved performance of AZAddSecret paths
Bug Fixes
* DCSync edges will no longer be filtered out from Tier Zero / High-Value principals
* ADCS ESC 1 edges will now generate properly across multiple domains regardless of domain collection status
* Several fixes to Edge Composition responses
* _\[BHE Only\]_ Collection schedules should now consistently display their scheduled start time
* _\[BHE Only\]_ Finished Jobs Log pagination controls no longer scroll
* _\[BHE Only\]_ Improved fallback logic for the Attack Paths page in the event of an unexpected failure
* _\[CE Only__\]_ Modifying the default_admin fields will now properly reflect in a newly created environment | **SharpHound (v2.4.1 - BHE, v2.4.1 - CE)**
New and Improved Features
* Collection support for Issuance Policy Nodes
* Improved identification logic for Contains edges
* Added support for specific obsolete Trust type values
Bug Fixes
* Resolved several issues related to cross-trust collections | **AzureHound (v2.1.9)**
New and Improved Features
* Added backoff/retry logic to several calls for improved stability and resiliency
Bug Fixes
* AZAppAdmin and AZCloudAppAdmin edges will now properly link to the AzApps they target |
+| [2024-04-15 Release Notes (v5.8.1)](/resources/release-notes/2024-04-15-v5-8-1) | New and Improved Features
* Improved status messaging for the File Ingest Log
* Added additional node-type statistics to Data Quality
* _\[BHE Only\]_ Improved performance for collection schedules for extremely large environments
Bug Fixes
* _\[BHE Only\]_ DcFor edges will no longer appear in the Attack Path tree view
* Resolved multiple vulnerabilities identified across the product | **v2.3.10 - BHE, v2.3.3 - CE**
Bug Fixes
* _\[BHE Only\]_ Resolved an issue where the SharpHound service would restart in specific scenarios. | _No new release._ |
+| [2024-03-27 Release Notes (v5.8.0)](/resources/release-notes/2024-03-27-v5-8-0) | New and Improved Features
* File Ingest now supports .ZIP format and large files!
* Option to clear database from within Administration!
* Support for ADCS ESC4 Attack Path
* _\[BHE Only\]_ BUILTIN\\Users group will now appear within Large Default Groups findings
* Improved accuracy on several ADCS components
* Several API performance consistency improvements
* Various minor UI improvements
Bug Fixes
* Custom asset groups will no longer allow whitespace in tag property
* _\[CE Only\]_ Improved alignment of arrows and edges on graph canvas
* Various minor UI bug fixes
* _\[BHE Only\]_ Added finding documentation for the "Add Secret to Tier Zero Service Principal" finding | **v2.3.7 - BHE, v2.3.3 - CE**
New and Improved Features
* _\[BHE Only\]_ SharpHound Enterprise will now properly throw an error if SharpHoundRPC.dll is missing
Bug Fixes
* Failure to resolve SIDs from hostname will no longer result in errant object creation in BloodHound
* _\[BHE Only\]_ Resolved an issue where attempting to collect from uncollectible domains would result in SharpHound service restart. | **v2.1.8**
New and Improved Features
* Improved logging outputs on application panic |
+| 2024-03-05 (v5.7.1) | Bug Fixes
* Resolved an issue with group name ingestion | _No new release._ | _No new release._ |
+| [2024-03-04 Release Notes (v5.7.0)](/resources/release-notes/2024-03-04-v5-7-0) | New and Improved Features
* Added support for AD Certificate Services ESC 6b / 9b / 10b Attack Paths
* Reduced memory impact during data ingest
* Improved performance on the Group Management view
* Improved visualization of edges that begin and end at the same node
Bug Fixes
* \[_BHE Only_\] Fixed an issue with Microsoft Graph App Role reconciliation
* \[_BHE Only_\] Truncated exposure measurements to two decimal places on the Attack Paths view
* Resolved several issues related to unexpected timeouts
* Improved handling of invalid JSON during ingest
* Creating custom asset groups no longer allows whitespace in the "tag" property | _No new release._ | _No new release._ |
+| [2024-02-14 Release Notes (v5.6.0)](/resources/release-notes/2024-02-14-v5-6-0) | New and Improved Features
* General Availability of AD Certificate Services paths: GoldenCert, ESC1, ESC3, ESC6a, ESC9a, ESC10a (requires latest version of SharpHound)
* New "Power User" role was added in BloodHound as a bridge between "User" and "Administrator"
* Added filtering capabilities to the Group Management view
* Significant expansion of data available in BloodHound audit logs
* Improved accuracy in the "... where Domain Users can RDP" default cypher queries
* _\[BHE Only\]_ Analysis will now separate warnings from errors in completion, leading to more accurate completion of analysis in environments
Bug Fixes
* Data Quality page fails to count Azure tenant objects in specific scenarios
* Improved accuracy of the "count" responses from paginated API queries
* Resolved a specific issue with SAML implementations resulting in inaccurate "NotAuthorized" responses
* Resolved several role-privilege issues with BloodHound roles (The "User" role can no longer perform actions in the Manage Clients page, the "Upload Only" role can no longer view Experimental Features)
* Moving from "Pathfinding" to "Search" on the "Explore" page will now properly disable pathfinding
* Cursors will no longer jump to the end of the search fields on "Explore"
* _\[BHE Only\]_ TrustedBy edges should now reconcile appropriately | **v2.3.5 - BHE, v2.3.2 - CE**
New and Improved Features
* Additional ADCS property collection
Bug Fixes
* Resolved issues with hitting KERNELFAULT errors during collection
* Improved handling and retries for LDAP ServerDown responses, preventing cross-trust collection | **v2.1.7**
New and Improved Features
* Significant reduction in memory consumption when processing Azure group membership information
Bug Fixes
* _\[BHE Only\]_ AzureHound will now properly respect the verbosity setting set in config.json |
+| [2024-01-23 Release Notes (v5.5.0)](/resources/release-notes/2024-01-23-v5-5-0) | New and Improved Features
* AD Certificate Services ESC3 Early Access support (Requires latest version of SharpHound)
* Expanded memory limit for query execution (Including Cypher and Entity Panel queries)
* Added Group Management tab for reviewing and modifying members of Tier Zero / High Value / Owned
* Improved performance of AZResetPassword paths
* The Azure role Partner Tier2 Support is now a default member of Tier Zero / High Value asset groups.
* _\[CE Only\]_ Added ability to mark objects as "Owned"
Bug Fixes
* Container nodes will now properly display an Entity Panel when selected in Explore.
* The "Affected Objects" section of GPO Entity Panels will no longer display "NaN" when no objects are affected.
* _\[BHE Only\]_ Attack Paths table and path view now use the same boundaries for severity highlighting.
* _\[BHE Only\]_ The AzureT0MgmtGroupControl finding will no longer appear, and historical records have been removed.
* _\[CE Only\]_ Resolved an issue impacting the use of multi-underscore environment variables when running an environment. | **v2.3.3 - BHE, v2.3.1 - CE**
New and Improved Features
* Additional support for ADCS collection capabilities.
Bug Fixes
* Updated logic for collection and reconciliation of ADCS objects.
* Resolving a SID to a domain will now appropriately utilize cache entries (@uidzeroo).
* _\[CE Only\]_ GPO Local Group processing will no longer stop processing on a failed account name resolution (@nurfed1).
* _\[CE Only\]_ Updated use of LDAP credentials when collecting domain details to prevent invalid username/password issues (@nurfed1). | _No new release._ |
+| 2024-01-10 (v5.4.1) | Bug Fixes
* Analysis will no longer fail when expected properties do not exist in AD CS objects.
* Resolved a potential deadlock state for API access of backend databases.
* Improved accuracy of post-processing of CanRDP edges. This notably impacted BUILTIN\\Remote Desktop Users and Domain Controllers. | _No new release._ | _No new release._ |
+| [2024-01-04 Release Notes (v5.4.0)](/resources/release-notes/2024-01-04-v5-4-0) | New and Improved Features
* Early access for ADCS Attack Paths!
* Edge composition support
* _\[CE Only\]_ Modified default docker compose example to bind only to localhost for improved security defaults | **v2.3.2 - BHE, v2.3.0 - CE**
New and Improved Features
* Support for ADCS collection capabilities | _No new release._ |
+| 2023-12-11 (v5.3.1) | Minor database performance improvements for specific scenarios. | _No new release._ | _No new release._ |
+| [2023-12-05 Release Notes (v5.3.0)](/resources/release-notes/2023-12-05-v5-3-0) | New and Improved Features
* Added node action right-click menu with set start/end node and copy commands!
* Improved performance on AZResetPassword edges.
* Expanded memory available for queries.
* Disabling MFA on a user will provide a more explicit warning.
* Saved custom queries are now available in CE as well as BHE.
* _\[BHE Only\]_ Collection schedules may now be modified via the text and date/time pickers.
Bug Fixes
* Container nodes will now show an entity panel.
* Removed aggressive timeouts on File Ingest uploads.
* Affected Objects counts on GPO object entity panels should properly report "0" when appropriate.
* Saved queries created using the API will now properly associate with the creating user.
* _\[BHE Only\]_ Selecting a custom range on the Posture page will now highlight "Custom".
* _\[CE Only\]_ Resolved an issue with the ingestion of sessions in specific scenarios.
* _\[CE Only\]_ Resolved an issue with multi-underscore keys breaking config values. | **v2.2.2 - BHE, v2.0.2 - CE**
New and Improved Features
* _\[CE Only\]_ Added the ability to perform session enumeration as a local admin user (@LuemmelSec, @eversinc33)
* _\[BHE Only\]_ Expanded signing of files to aid in AV issues.
Bug Fixes
* Resolved an issue with collecting and processing special characters.
* Fixed a cache (de)serialization issue with checking versions. | **v2.1.6**
New and Improved Features
* Audited and removed additional opportunities for context-lock contention in the future. |
+| _Please check individual release notes to read earlier summaries._ | | | |
diff --git a/examples/docker-compose/README.md b/examples/docker-compose/README.md
index fe13ab576f..a93fb29f1a 100644
--- a/examples/docker-compose/README.md
+++ b/examples/docker-compose/README.md
@@ -144,11 +144,11 @@ a single volume is left as an exercise for the reader (you'll need to look at re
A: By default, we generate a secure random 256-bit key for JWT signing. Because this happens on every server restart,
any existing sessions will be invalidated. If you need sessions to survive a server restart, there is a configuration
value available that will allow you to specify your own `base64` encoded 256-bit key. It is recommended that you configure
-this when running Bloodhound on a standalone server, alongside other security configurations.
+this when running BloodHound on a standalone server, alongside other security configurations.
### Q: "My configuration changes in bloodhound.config.json are being ignored. Why?"
A: A copy of this file is already included within the Docker container by default. The BloodHound instance will continue to use
that file until you copy your local version into the Docker container. This can be done by uncommenting the lines in the
-`docker-compose.yml` file as specified in [this section](#configuring-bloodhound-community-edition). This requires a restart of
+`docker-compose.yml` file as specified in [this section](#configuring-bloodhound-community-edition). This requires a restart of
the Docker environment using the commands `docker compose down` and following with `docker compose up`.
+ 
What is Cypher?[](#what-is-cypher)
----------------------------------
-Just like SQL exists for MSSQL and other traditional relational databases, Cypher is a language designed for graph databases with its own syntax. Cypher enables users to write queries using an "ASCII-art" style syntax. If you can describe the path you're trying to find, you can probably right it in Cypher.
+Just like SQL exists for MSSQL and other traditional relational databases, Cypher is a language designed for graph databases with its own syntax. Cypher enables users to write queries using an "ASCII-art" style syntax. If you can describe the path you're trying to find, you can probably right it in Cypher.
Elements of the graph database[](#elements-of-the-neo4j-database)
-----------------------------------------------------------------
Everything in the graph database is represented using common terms from graph theory, particularly **edges,** and **nodes**.
-Nodes represent discrete objects that can be acted upon when moving through an environment. In BloodHound, a node can, for example, represent a User in an Active Directory environment. Read more about BloodHound nodes in [About BloodHound Nodes](/hc/en-us/articles/About-BloodHound-Nodes).
+Nodes represent discrete objects that can be acted upon when moving through an environment. In BloodHound, a node can, for example, represent a User in an Active Directory environment. Read more about BloodHound nodes in [About BloodHound Nodes](/resources/nodes/overview).
-Edges represent a relationship between two nodes and can be the action necessary to act on a node. In BloodHound, an edge can, for example, represent the relationship between a User node and a Group node through the MemberOf edge, indicating that the user is a group member. Read more about BloodHound edges in the article [About BloodHound Edges](/hc/en-us/articles/About-BloodHound-Edges).
+Edges represent a relationship between two nodes and can be the action necessary to act on a node. In BloodHound, an edge can, for example, represent the relationship between a User node and a Group node through the MemberOf edge, indicating that the user is a group member. Read more about BloodHound edges in the article [About BloodHound Edges](/resources/edges/overview).
Together, edges and nodes create the paths we use in BloodHound to demonstrate how different permissions in Active Directory and Azure can be executed to gain control over a given target.
Basic Cypher[](#basic-cypher)
-----------------------------
-When building Cypher queries, it’s important to note that you’re generally trying to build a path using the relationships available to you. Let’s look at an extremely basic query:
+When building Cypher queries, it's important to note that you're generally trying to build a path using the relationships available to you. Let's look at an extremely basic query:
```
- MATCH (B)-[A]->(R) RETURN B
+ MATCH (B)-[A]->(R) RETURN B
```
-Let’s break down how this Cypher query is constructed. When querying the database, we start our queries with the MATCH keyword. The MATCH clause lets you specify a pattern in the database.
+Let's break down how this Cypher query is constructed. When querying the database, we start our queries with the MATCH keyword. The MATCH clause lets you specify a pattern in the database.
* Each variable in the Cypher query is defined using an identifier, in this case, the following ones: B, A, and R. The identifier for variables can be anything you want, including entire words, such as 'groups'.
* In Cypher queries, nodes are specified using parentheses, so B and R are nodes in the sample query above.
@@ -53,40 +53,40 @@ Let’s break down how this Cypher query is constructed. When querying the datab
The dashes between the nodes and relationships can be used to specify direction. Relationships in BloodHound always go in the direction of compromise or further privilege, whether through group membership or user credentials from a session.
-In the above query, the **->** specifies that the query should return relationships that go from B to R. Removing the **>** will allow the query to search relationships in both directions. Finally, the RETURN statement instructs the database to return the item matched with the corresponding variable name B.
+In the above query, the **->** specifies that the query should return relationships that go from B to R. Removing the **>** will allow the query to search relationships in both directions. Finally, the RETURN statement instructs the database to return the item matched with the corresponding variable name B.
-Now, let’s take our previous query and make it a bit more complex:
+Now, let's take our previous query and make it a bit more complex:
```
MATCH (n:User),(m:Group) MATCH p=(n)-[r:MemberOf*1..3]->(m) RETURN p
```
-This query is a bit more refined than the previous one. By using labels on both nodes and edges, we can make our query a lot more specific. We also pre-assign the variables **n** and **m** and give them labels to make the query easier to read. In this particular case, we’re asking BloodHound to find nodes with the labels User and Group, and then match those nodes using the _MemberOf_ relationship. We added a length modifier as well to the relationship. Adding ***1..3** limits the search to relationships that are between one and three links. In simple terms, give me any users that are a member of a group up to three links away. Additionally, we’re assigning the result of the pattern to the variable **p** and returning that variable. When we get **p** back, it will contain the result of each path it can find that matches our pattern we asked for.
+This query is a bit more refined than the previous one. By using labels on both nodes and edges, we can make our query a lot more specific. We also pre-assign the variables **n** and **m** and give them labels to make the query easier to read. In this particular case, we're asking BloodHound to find nodes with the labels User and Group, and then match those nodes using the _MemberOf_ relationship. We added a length modifier as well to the relationship. Adding ***1..3** limits the search to relationships that are between one and three links. In simple terms, give me any users that are a member of a group up to three links away. Additionally, we're assigning the result of the pattern to the variable **p** and returning that variable. When we get **p** back, it will contain the result of each path it can find that matches our pattern we asked for.
-Now that we’ve looked at the basic building blocks of queries, let’s look at a more complicated one. As an example, here’s the query we use to calculate shortest paths to Domain Admins, one of the most important queries in the BloodHound interface:
+Now that we've looked at the basic building blocks of queries, let's look at a more complicated one. As an example, here's the query we use to calculate shortest paths to Domain Admins, one of the most important queries in the BloodHound interface:
```
MATCH p=shortestPath((n:User)-[*1..]->(m:Group))WHERE m.name = "DOMAIN ADMINS@INTERNAL.LOCAL"RETURN p
```
+ 
diff --git a/docs/hc/en-us/articles/Explore-Search-for-Objects.mdx b/docs/analyze-data/bloodhound-gui/explore-objects.mdx
similarity index 59%
rename from docs/hc/en-us/articles/Explore-Search-for-Objects.mdx
rename to docs/analyze-data/bloodhound-gui/explore-objects.mdx
index 570046bef5..ab9f07b08e 100644
--- a/docs/hc/en-us/articles/Explore-Search-for-Objects.mdx
+++ b/docs/analyze-data/bloodhound-gui/explore-objects.mdx
@@ -3,19 +3,19 @@ title: Explore -> Search for Objects
---
- 
+ 
diff --git a/docs/hc/en-us/articles/Mute-unmute-attack-path-finding.mdx b/docs/analyze-data/bloodhound-gui/mute-paths.mdx
similarity index 74%
rename from docs/hc/en-us/articles/Mute-unmute-attack-path-finding.mdx
rename to docs/analyze-data/bloodhound-gui/mute-paths.mdx
index 1200168b0c..a218387c25 100644
--- a/docs/hc/en-us/articles/Mute-unmute-attack-path-finding.mdx
+++ b/docs/analyze-data/bloodhound-gui/mute-paths.mdx
@@ -3,18 +3,18 @@ title: Mute/unmute attack path finding
---
- 
+ 
3. In the pop-up window \`Mute Attack Path\`, set the number of days the finding's principal should be muted and click the button \`MUTE\`.
* If muting permanently: set the duration for a long duration.
- * If muting while while waiting for a change to leave it's retention period: set the duration depending on the retention scenario, for example when muting a principal from \`Logons from Tier Zero Users\` the duration should be 7 days. See [Data reconciliation and retention in BloodHound Enterprise](/hc/en-us/articles/Data-reconciliation-and-retention).
+ * If muting while while waiting for a change to leave it's retention period: set the duration depending on the retention scenario, for example when muting a principal from \`Logons from Tier Zero Users\` the duration should be 7 days. See [Data reconciliation and retention in BloodHound Enterprise](/collect-data/enterprise-collection/data-retention).
- 
+ 
Unmute a principal[](#heading-2)
@@ -40,15 +40,15 @@ Unmute a principal[](#heading-2)
1. Navigate to the Attack Paths page.
2. Expand the attack path finding and toggle the setting \`Show Muted\`.
- 
+ 
3. In the menu to the left of the muted principal's name (three vertical dots), click \`Unmute\`.
- 
+ 
4. In the pop-up window \`Unmute Attack Path\` click the button \`UNMUTE\`.
- 
+ 
Outcome
@@ -57,5 +57,5 @@ Outcome
When a principal is muted, it is hidden from the principal table in the attack path until you toggle the setting \`Show Muted\`. The principal and it's edges will still visible in the Explore and Posture page.
- 
+ 
diff --git a/docs/analyze-data/bloodhound-gui/overview.mdx b/docs/analyze-data/bloodhound-gui/overview.mdx
new file mode 100644
index 0000000000..366acd1285
--- /dev/null
+++ b/docs/analyze-data/bloodhound-gui/overview.mdx
@@ -0,0 +1,14 @@
+---
+title: The BloodHound GUI
+description: "Learn about the graphical user interface of BloodHound."
+mode: wide
+sidebarTitle: Overview
+---
+
+
+ 
## Attack Paths
@@ -44,4 +44,4 @@ The graph in the middle right of the page has multiple paginated graphs that sho
For Active Directory environments, the **Group Completeness** and **Session Completeness** graphs in the bottom right of the page provide a view of how complete of a perspective BloodHound Enterprise has within the environment to indicate how accurately the assessed risk is communicated.
-The total collection completeness significantly impacts the accuracy of the graph available for analysis within BloodHound Enterprise. See [Why perform privileged collection in SharpHound](/hc/en-us/articles/Why-perform-privileged-collection-in-SharpHound) for more details.
+The total collection completeness significantly impacts the accuracy of the graph available for analysis within BloodHound Enterprise. See [Why perform privileged collection in SharpHound](/collect-data/enterprise-collection/privileged-collection) for more details.
diff --git a/docs/analyze-data/overview.mdx b/docs/analyze-data/overview.mdx
new file mode 100644
index 0000000000..5f92447057
--- /dev/null
+++ b/docs/analyze-data/overview.mdx
@@ -0,0 +1,40 @@
+---
+title: Data Analysis
+description: "Analyzing ingested BloodHound data, identify and remediating attack paths/risks."
+mode: wide
+sidebarTitle: Overview
+---
+
+## 
+ 
Image credit: [https://twitter.com/SadProcessor](https://twitter.com/SadProcessor)
diff --git a/docs/hc/en-us/articles/SharpHound-Community-Edition.mdx b/docs/collect-data/ce-collection/sharphound.mdx
similarity index 99%
rename from docs/hc/en-us/articles/SharpHound-Community-Edition.mdx
rename to docs/collect-data/ce-collection/sharphound.mdx
index cc7a513b85..d74cf8f266 100644
--- a/docs/hc/en-us/articles/SharpHound-Community-Edition.mdx
+++ b/docs/collect-data/ce-collection/sharphound.mdx
@@ -4,7 +4,7 @@ description: "SharpHound Community Edition (CE) is the official data collector f
---
- 
+ 
* In the left margin, select 'File Ingest' under the 'Data Collection' heading
- 
+ 
3. Select 'Upload File(s)' and in the pop-up window, drag and drop the output '.zip' file and selecrt 'Upload'
- 
+ 
4. BloodHound Enterprise will parse and process the data, making it available for analysis
@@ -76,6 +76,5 @@ SharpHound CE collects the same data as SharpHound Enterprise since they both us
## Outcome
-
Once ingest and analysis is completed, BloodHound Enterprise will present a comprehensive report with actionable recommendations on the Attack Paths page.
diff --git a/docs/hc/en-us/articles/Create-a-data-collection-schedule.mdx b/docs/collect-data/enterprise-collection/collection-schedule.mdx
similarity index 60%
rename from docs/hc/en-us/articles/Create-a-data-collection-schedule.mdx
rename to docs/collect-data/enterprise-collection/collection-schedule.mdx
index 63cb25c223..ad0c1578e7 100644
--- a/docs/hc/en-us/articles/Create-a-data-collection-schedule.mdx
+++ b/docs/collect-data/enterprise-collection/collection-schedule.mdx
@@ -2,44 +2,44 @@
title: Create a data collection schedule
---
-
+ 
2. In the top left side, click **Manage Clients**
- 
+ 
3. On a client, click the burger menu and select **Edit Client**
- 
+ 
4. In the _Edit SharpHound Client_ window, under the heading _Collection Schedule_, click the **\+ icon** to add a new schedule.
- 
+ 
5. In the _Schedule_ window, configure the schedule:
* **Start Date**: The time on which the first collection should run
* **Frequency**: The frequency of the schedule
- * **Data**: The type of data the schedule collects, see [SharpHound Enterprise Data Collection and Permissions](/hc/en-us/articles/SharpHound-Enterprise-Data-Collection-and-Permissions)
- * **Advanced Options**: See the [Scanning section in the article SharpHound Enterprise Tenant Configuration](/hc/en-us/articles/SharpHound-Enterprise-Tenant-Configuration#h_01GECVA74SF7JN7XRYPFBXASYW)
+ * **Data**: The type of data the schedule collects, see [SharpHound Enterprise Data Collection and Permissions](/collect-data/enterprise-collection/permissions)
+ * **Advanced Options**: See the [Scanning section in the article SharpHound Enterprise Tenant Configuration](/install-data-collector/install-sharphound/tenant-configuration#h_01GECVA74SF7JN7XRYPFBXASYW)
- 
+ 
6. Save the schedule by clicking **Save**
7. Save the collector client by clicking **Save**
@@ -51,10 +51,10 @@ The client is now configured for continuous data collection with one schedule. Y
A brief of a client's schedule is shown in the client table's column _Collection Schedule_.
- 
+ 
-After the next schedule, see the job's status in the _Finished Jobs Log_ by clicking ⚙️ → **Administration**, and in the top left side, click **Finished Jobs** **Log**_. _The columns **Status** and **Status Message** report on the job's completion.
+After the next schedule, see the job's status in the _Finished Jobs Log_ by clicking ⚙️ → **Administration**, and in the top left side, click **Finished Jobs** **Log**_. _The columns **Status** and **Status Message** report on the job's completion.
- 
+ 
diff --git a/docs/hc/en-us/articles/Create-a-BloodHound-Enterprise-collector-client.mdx b/docs/collect-data/enterprise-collection/create-collector.mdx
similarity index 73%
rename from docs/hc/en-us/articles/Create-a-BloodHound-Enterprise-collector-client.mdx
rename to docs/collect-data/enterprise-collection/create-collector.mdx
index ad65eb9394..6065e15335 100644
--- a/docs/hc/en-us/articles/Create-a-BloodHound-Enterprise-collector-client.mdx
+++ b/docs/collect-data/enterprise-collection/create-collector.mdx
@@ -3,7 +3,7 @@ title: Create a BloodHound Enterprise collector client
---
- 
+ 
2. In the top left side, click **Manage Clients**
- 
+ 
3. On the right side, click **Create Client** and, from the drop-down, select one of the collector clients, for example **Create SharpHound Client**
- 
+ 
4. In the pop-up window, for example named _New SharpHound Client_, input the **Client Name** and click **CREATE**
- 
+ 
5. The pop-up window _Client Token Info_ will appear; follow the instructions in it - save the key before clicking **CLOSE**
- 
+ 
## Outcome
The collector client will appear in the **Manage Clients** table with a **Status** of **Unconfigured**.
- 
+ 
diff --git a/docs/hc/en-us/articles/SharpHound-Enterprise-Cross-Trust-Collection.mdx b/docs/collect-data/enterprise-collection/cross-trust.mdx
similarity index 87%
rename from docs/hc/en-us/articles/SharpHound-Enterprise-Cross-Trust-Collection.mdx
rename to docs/collect-data/enterprise-collection/cross-trust.mdx
index c712434d94..42fc2d2a5c 100644
--- a/docs/hc/en-us/articles/SharpHound-Enterprise-Cross-Trust-Collection.mdx
+++ b/docs/collect-data/enterprise-collection/cross-trust.mdx
@@ -3,7 +3,7 @@ title: SharpHound Enterprise Cross-Trust Collection
---
- 
+ 
If selective authentication is enabled on a trust, the SharpHound Enterprise service account must explicitly be granted read permissions on all AD objects in all domains of the targeted forest to perform collection.
@@ -28,13 +28,13 @@ Kerberos authentication works by default for all Active Directory trust types ex
Administrators can enable Kerberos authentication across external trusts by adding the name of the other domain to the [Use forest search order](https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.Kerberos::ForestSearch) policy setting on Domain Controllers.
- 
+ 
We recommend deploying this setting to all Domain Controllers in domains with external trusts to avoid using the older and less secure NTLM authentication.
### LDAP Authentication Auto-Negotiation
-SharpHound Enterprise will, by default, only support Kerberos authentication for the LDAP connections to Domain Controllers for Active Directory Structure Data collection. This will cause the collection across the external trust to fail without modifying SharpHound's default behavior in the configuration file "settings.json". The configuration file default path is described in [SharpHound Enterprise Local Configuration](/hc/en-us/articles/SharpHound-Enterprise-Local-Configuration).
+SharpHound Enterprise will, by default, only support Kerberos authentication for the LDAP connections to Domain Controllers for Active Directory Structure Data collection. This will cause the collection across the external trust to fail without modifying SharpHound's default behavior in the configuration file "settings.json". The configuration file default path is described in [SharpHound Enterprise Local Configuration](/install-data-collector/install-sharphound/local-configuration).
To enable support for auto-negotiation in LDAP connections:
@@ -44,7 +44,7 @@ To enable support for auto-negotiation in LDAP connections:
4. Save settings.json
5. Start the SharpHound Delegator service.
-If NTLM-fallback is enabled, we recommend denying outbound NTLM authentication from the SharpHound server to all servers except Domain Controllers in domains with external trust relationships, as described in the [SharpHound Service Hardening Guidelines](/hc/en-us/articles/SharpHound-Enterprise-Service-Hardening) in the _NTLM cracking (and relaying) remediation_ section.
+If NTLM-fallback is enabled, we recommend denying outbound NTLM authentication from the SharpHound server to all servers except Domain Controllers in domains with external trust relationships, as described in [SharpHound Service Hardening Guidelines](/manage-bloodhound/securing-bloodhound-and-collectors/sharphound-hardening) in the _NTLM cracking (and relaying) remediation_ section.
## Troubleshoot Cross-Trust Collection
diff --git a/docs/hc/en-us/articles/Data-reconciliation-and-retention.mdx b/docs/collect-data/enterprise-collection/data-retention.mdx
similarity index 67%
rename from docs/hc/en-us/articles/Data-reconciliation-and-retention.mdx
rename to docs/collect-data/enterprise-collection/data-retention.mdx
index dbd19c026e..b5f6498dfe 100644
--- a/docs/hc/en-us/articles/Data-reconciliation-and-retention.mdx
+++ b/docs/collect-data/enterprise-collection/data-retention.mdx
@@ -3,7 +3,7 @@ title: Data reconciliation and retention
---
- 
+ 
-Retention means BHE does not assume that lack of visibility during a single collection means that an object or edge no longer exists; it’s possible that the most recent collection, for example, if BHE doesn't see a user object for some reason (operational issue, collection scoped to another domain, etc.).
+Retention means BHE does not assume that lack of visibility during a single collection means that an object or edge no longer exists; it's possible that the most recent collection, for example, if BHE doesn't see a user object for some reason (operational issue, collection scoped to another domain, etc.).
On objects, this timestamp is updated for both visibility of the object itself and visibility to references of the object. For example, if an object is deleted, but the SID remains present in an ACE applied to some other remaining object, this timestamp will be updated, and the object will appear present in BHE.
-To implement this, BHE stores a timestamp on every data point, updated whenever a new collection includes the same data point. The timestamp on nodes can be seen as the “Last Collected by BloodHound” attribute in every node’s entity panel on the “Explore” page.
+To implement this, BHE stores a timestamp on every data point, updated whenever a new collection includes the same data point. The timestamp on nodes can be seen as the "Last Collected by BloodHound" attribute in every node's entity panel on the "Explore" page.
- 
+ 
+ 
2. In the top left side, click **Manage Clients**
- 
+ 
-3. On the client, click the burger menu and select **On Demand Scan**
+3. On the client, click the burger menu and select **On Demand Scan**
* Tip: Verify the client is online by validating **Status** is **Ready**
- 
+ 
4. In the _On Demand Scan_ window, configure the scan:
- 1. **Data**: The type of data the schedule collects, see [SharpHound Enterprise Data Collection and Permissions](/hc/en-us/articles/SharpHound-Enterprise-Data-Collection-and-Permissions)
- 2. **Advanced Options**: See the [Scanning section in the article SharpHound Enterprise Tenant Configuration](/hc/en-us/articles/SharpHound-Enterprise-Tenant-Configuration#h_01GECVA74SF7JN7XRYPFBXASYW)
+ 1. **Data**: The type of data the schedule collects, see [SharpHound Enterprise Data Collection and Permissions](/collect-data/enterprise-collection/permissions)
+ 2. **Advanced Options**: See the [Scanning section in the article SharpHound Enterprise Tenant Configuration](/install-data-collector/install-sharphound/tenant-configuration#h_01GECVA74SF7JN7XRYPFBXASYW)
- 
+ 
5. Start the scan by clicking **Run**
@@ -45,12 +45,12 @@ The client will start the On Demand Scan after the next client check-in, usually
Once started, the client's **Status** will show **Running a Job**:
- 
+ 
-After completion, see the job's status in the _Finished Jobs Log_ by clicking ⚙️ → **Administration**, and in the top left side, click **Finished Jobs** **Log**_. _The columns **Status** and **Status Message** report on the job's completion.
+After completion, see the job's status in the _Finished Jobs Log_ by clicking ⚙️ → **Administration**, and in the top left side, click **Finished Jobs** **Log**_. _The columns **Status** and **Status Message** report on the job's completion.
- 
+ 
diff --git a/docs/collect-data/enterprise-collection/overview.mdx b/docs/collect-data/enterprise-collection/overview.mdx
new file mode 100644
index 0000000000..d9d8b798cb
--- /dev/null
+++ b/docs/collect-data/enterprise-collection/overview.mdx
@@ -0,0 +1,19 @@
+---
+title: BloodHound Enterprise Collection
+sidebarTitle: Overview
+description: "Learn about attack path data collection in BloodHound Enterprise."
+---
+
+
+
+
+ 
Based on this view, the tree of Attack Paths on the left would present the greatest risk to this environment, now lets collect Local Group membership information from the domain:
- 
+ 
BloodHound Enterprise has identified that a computer at the bottom of the right Attack Path tree has Authenticated Users (all users and computers contained within the current domains, and all domains trusted by the current domain) added as a local Administrator to a system at the beginning of one Attack Path.
@@ -26,5 +26,5 @@ BloodHound Enterprise has identified that a computer at the bottom of the right
After updating the exposure presented by this new information, BloodHound Enterprise would identify that the actual largest risk to this environment as the path on the right.
- 
+ 
diff --git a/docs/collect-data/overview.mdx b/docs/collect-data/overview.mdx
new file mode 100644
index 0000000000..6153ec5768
--- /dev/null
+++ b/docs/collect-data/overview.mdx
@@ -0,0 +1,30 @@
+---
+title: Data Collection
+sidebarTitle: Overview
+mode: wide
+description: "How attack path data collection and ingestion works, and how to run attack path data collection."
+---
+
+## BloodHound Enterprise Collection
+
+
+ 
+ 
+ 
Install the SharpHound Enterprise collector service on a domain-joined Windows system and run it as an Active Directory account.
- 1. Review the [SharpHound Enterprise System Requirements](../articles/SharpHound-Enterprise-System-Requirements-and-Deployment-Process) and [SharpHound Service Hardening Guidelines](../articles/SharpHound-Enterprise-Service-Hardening).
- 2. [Install and Upgrade SharpHound Enterprise](../articles/Install-and-Upgrade-SharpHound-Enterprise).
- 3. To fully secure a domain, collect data from all other domains with a trust relationship to it (in- and outgoing trust). Configure SharpHound Enterprise for [Cross-Trust Collection](../articles/SharpHound-Enterprise-Cross-Trust-Collection).
+ 1. Review the [SharpHound Enterprise System Requirements](/install-data-collector/install-sharphound/system-requirements) and [SharpHound Service Hardening Guidelines](/manage-bloodhound/securing-bloodhound-and-collectors/sharphound-hardening).
+ 2. [Install and Upgrade SharpHound Enterprise](/install-data-collector/install-sharphound/installation-upgrade).
+ 3. To fully secure a domain, collect data from all other domains with a trust relationship to it (in- and outgoing trust). Configure SharpHound Enterprise for [Cross-Trust Collection](/collect-data/enterprise-collection/cross-trust).
## Ingest with AzureHound Enterprise (Entra ID and Azure)
Install and run the AzureHound Enterprise collector service on Windows, Docker, or Kubernetes.
- 1. Review the [AzureHound Enterprise System Requirements and Deployment Process](../articles/AzureHound-Enterprise-System-Requirements-and-Deployment-Process).
- 2. [Configure Azure](../articles/AzureHound-Enterprise-Azure-Configuration).
- 3. [Create your AzureHound configuration](../articles/Create-an-AzureHound-Configuration).
- 4. [Deploy and maintain AzureHound](../articles/Install-and-Upgrade-AzureHound-Windows-Docker-or-Kubernetes).
+ 1. Review the [AzureHound Enterprise System Requirements and Deployment Process](/install-data-collector/install-azurehound/system-requirements).
+ 2. [Configure Azure](/install-data-collector/install-azurehound/azure-configuration).
+ 3. [Create your AzureHound configuration](/install-data-collector/install-azurehound/create-configuration).
+ 4. [Deploy and maintain AzureHound](/install-data-collector/install-azurehound/installation-options).
# Verify data quality
@@ -50,29 +50,29 @@ After collecting data, to verify data quality:
1. Go to settings (⚙️) → **Administration** and select **Data Quality**.
2. Verify that the collectors have collected the expected amount of data and the number of principal types in each directory.
- 3. If using privileged collection, verify that the charts **Local Group Completeness Over Time** and **Session Completeness Over Time** report higher than 0%.
-
+ 3. If using privileged collection, verify that the charts **Local Group Completeness Over Time** and **Session Completeness Over Time** report higher than 0%.
+
Obtaining 100% completeness is not possible in most environments due to things like workstations being offline during collection.
-
+
4. If you see lower-than-expected data quality examine the data collection logs and contact your SpecterOps representative if you need assistance.
# Scope Tier Zero objects
BloodHound Enterprise identifies and prioritizes attack paths. To get the most accurate assessment scope your Tier Zero objects.
- 1. [Scope Tier Zero for your environment](../articles/Tier-Zero-Members-and-Modification).
- 2. [Mark your environment's Tier Zero objects in BloodHound](../articles/Modifying-Tier-Zero).
+ 1. [Scope Tier Zero for your environment](/get-started/security-boundaries/tier-zero-members).
+ 2. [Mark your environment's Tier Zero objects in BloodHound](/get-started/security-boundaries/modifying-tier-zero).
# Grant users access
Your BloodHound Enterprise instance has a few administrative users by default. To bring your team into your instance, grant your team access with dedicated users and roles.
-To grant users access to your instance, [create users and set access control roles](../articles/Administering-users-and-roles).
+To grant users access to your instance, [create users and set access control roles](/manage-bloodhound/auth/users-and-roles).
BloodHound Enterprise supports two authentication methods for users:
* Built-in authentication via username and password, supporting TOTP-based multi-factor authentication
-* [SAML 2.0-based Single-Sign-On](../articles/SAML-in-BloodHound)
+* [SAML 2.0-based Single-Sign-On](/manage-bloodhound/auth/saml)
Your default users are configured with built-in authentication. For your team, you can also configure SAML authentication.
@@ -84,5 +84,5 @@ Go to the **Attack Paths**, **Explore**, and **Posture** pages to see identified
# Next steps
-* Learn how to work with the [BloodHound Enterprise API](../articles/Working-with-the-BloodHound-API)
-* [Configure BloodHound integrations](../articles/Overview-of-BloodHound-Integrations)
+* Learn how to work with the [BloodHound Enterprise API](/integrations/bloodhound-api/working-with-api)
+* [Configure BloodHound integrations](/integrations/integrations/overview)
diff --git a/docs/hc/en-us/articles/BloodHound-Enterprise-Security-Overview.mdx b/docs/get-started/security-boundaries/enterprise-security-overview.mdx
similarity index 92%
rename from docs/hc/en-us/articles/BloodHound-Enterprise-Security-Overview.mdx
rename to docs/get-started/security-boundaries/enterprise-security-overview.mdx
index 351d9c7194..87be2ac450 100644
--- a/docs/hc/en-us/articles/BloodHound-Enterprise-Security-Overview.mdx
+++ b/docs/get-started/security-boundaries/enterprise-security-overview.mdx
@@ -3,12 +3,12 @@ title: BloodHound Enterprise Security Overview
---
- 
+ 
Customer Data Residency and Subprocessors
@@ -149,7 +149,7 @@ User-interface sessions expire after eight (8) hours.
#### Role-Based Access Control
-[BloodHound Enterprise User Roles](/hc/en-us/articles/Administering-users-and-roles)
+[BloodHound Enterprise User Roles](/manage-bloodhound/auth/users-and-roles)
## Third-Party Assessments and Certifications
### Penetration Testing
@@ -193,7 +193,7 @@ This information is available from the API of a running BloodHound Enterprise en
## Data Collection Overview
-For SharpHound, see [SharpHound Data Collection and Permissions](/hc/en-us/articles/SharpHound-Enterprise-Data-Collection-and-Permissions).
+For SharpHound, see [SharpHound Data Collection and Permissions](/collect-data/enterprise-collection/permissions).
-For AzureHound, see [AzureHound Enterprise System Requirements and Deployment Process.](/hc/en-us/articles/AzureHound-Enterprise-System-Requirements-and-Deployment-Process)
+For AzureHound, see [AzureHound Enterprise System Requirements and Deployment Process](/install-data-collector/install-azurehound/system-requirements).
diff --git a/docs/hc/en-us/articles/Modifying-Tier-Zero.mdx b/docs/get-started/security-boundaries/modifying-tier-zero.mdx
similarity index 64%
rename from docs/hc/en-us/articles/Modifying-Tier-Zero.mdx
rename to docs/get-started/security-boundaries/modifying-tier-zero.mdx
index d07b67e4fe..c5772fb45e 100644
--- a/docs/hc/en-us/articles/Modifying-Tier-Zero.mdx
+++ b/docs/get-started/security-boundaries/modifying-tier-zero.mdx
@@ -4,7 +4,7 @@ description: "This article outlines how to modify Tier Zero's membership in Bloo
---
- 
+ 
-2. In the left-hand side, the "Add or Remove Members" input box allows you to [search](/hc/en-us/articles/Explore-Search-for-Objects) and select the object's you'd like to Add To or Remove From Tier Zero.
+2. In the left-hand side, the "Add or Remove Members" input box allows you to [search](/analyze-data/bloodhound-gui/explore-objects) and select the object's you'd like to Add To or Remove From Tier Zero.
- 
+ 
3. Once all changes are queued up, click on **Confirm Changes**.
- 
+ 
## Outcome
diff --git a/docs/hc/en-us/articles/Tier-Zero-Members-and-Modification.mdx b/docs/get-started/security-boundaries/tier-zero-members.mdx
similarity index 97%
rename from docs/hc/en-us/articles/Tier-Zero-Members-and-Modification.mdx
rename to docs/get-started/security-boundaries/tier-zero-members.mdx
index 793b0f7c56..51dee2863c 100644
--- a/docs/hc/en-us/articles/Tier-Zero-Members-and-Modification.mdx
+++ b/docs/get-started/security-boundaries/tier-zero-members.mdx
@@ -5,7 +5,7 @@ description: "Although implementing a tiered model remains the best path toward
- 
-
- Clicking "Composition" will show:
-
- 
-
-* **_\[CE Only\]_ Improved default security on BloodHound CE -** Modified default docker compose example to bind only to localhost for improved security defaults.
-
-### SharpHound (v2.3.2 - BHE, v2.3.0 - CE)
-
-#### New and Improved Features
-
-* **Support for ADCS collection capabilities _-_**SharpHound will now collect information required to analyze and generate ADCS Attack Paths.
-
-### AzureHound (v2.1.6)
-
-_No new release._
-
diff --git a/docs/hc/en-us/articles/AZAddOwner.mdx b/docs/hc/en-us/articles/AZAddOwner.mdx
deleted file mode 100644
index 8f80fd2aaf..0000000000
--- a/docs/hc/en-us/articles/AZAddOwner.mdx
+++ /dev/null
@@ -1,55 +0,0 @@
----
-title: AZAddOwner
-description: "This edge is created during post-processing."
----
-
-
- 
-
- * The password cannot be regenerated. If you lost the password, simply run `docker compose down -v` and then `docker compose up` to reset your databases.
-4. In a browser, navigate to [http://localhost:8080/ui/login](http://localhost:8080/ui/login). Login with the username `admin` and the randomly generated password from the logs.
-
-Note: The default `docker-compose.yml` example binds only to localhost (127.0.0.1). If you want to access BHCE outside of localhost, you'll need to follow the instructions in examples/docker-compose/README.md to configure the host binding for the container.
-
-## Outcome
-
-At the completion of this process, users will be logged into a locally hosted BHCE tenant running with Docker Compose.
-
diff --git a/docs/hc/en-us/articles/MemberOf.mdx b/docs/hc/en-us/articles/MemberOf.mdx
deleted file mode 100644
index fc33ddb42d..0000000000
--- a/docs/hc/en-us/articles/MemberOf.mdx
+++ /dev/null
@@ -1,26 +0,0 @@
----
-title: MemberOf
----
-
-
- 
-
-2. Choose “Claims aware” and click “Start”.
-
- 
-
-3. Insert the metadata URL based on your chosen name and click “Next.”
-
- 
-
-4. Enter the preferred display name and click “Next.”
-
- 
-
-5. Choose the desired Access Control Policy. (Note that access and permissions are configured within BloodHound Enterprise).
-
- 
-
-6. Review the information presented and click “Next”.
-
- 
-
-7. Leave the “Configure claims issuance policy for this application” box checked and click “Close”.
-
- 
-
-
-## Complete SAML Integration Configuration
-
-1. On the “Edit Claim Issuance Policy” dialog box, click “Add Rule…”.
-
- 
-
-2. Choose “Send LDAP Attributes as Claims” and click “Next.
-
- 
-
-3. Fill out the following and click “Finish”.
-
- LDAP Attribute: E-Mail-Addresses
- Outgoing Claim Type : E-Mail Address
-
-
- 
-
-4. Click “Add Rule” to add another claim rule.
-
- 
-
-5. Choose “Transform and Incoming Claim” and click “Next”.
-
- 
-
-6. Fill out the following and click “Finish”.
-
- Incoming claim type: E-Mail Address
- Outgoing claim type: Name ID
- Outgoing name ID format: Email
- Choose “Pass through all claim values”
-
- 
-
-7. Click “Apply”.
-
- 
-
-8. Download the metadata file provided by your ADFS environment. By default, this is hosted at: https://YOURDOMAIN/federationmetadata/2007-06/federationmetadata.xml
-9. Follow the instructions at [SAML in BloodHound Enterprise](/hc/en-us/articles/SAML-in-BloodHound) to create the SAML provider in BloodHound Enterprise.
diff --git a/docs/hc/en-us/articles/SAML-Auth0-Configuration.mdx b/docs/hc/en-us/articles/SAML-Auth0-Configuration.mdx
deleted file mode 100644
index 1f2549a2bf..0000000000
--- a/docs/hc/en-us/articles/SAML-Auth0-Configuration.mdx
+++ /dev/null
@@ -1,37 +0,0 @@
----
-title: "SAML: Auth0 Configuration"
-description: "This document provides instructions for creating an application within Auth0 for compatibility with BloodHound Enterprise."
----
-
-
- 
-
-2. Assign a recognizable name to the application and select the integration option for "Regular Web Application."
-
- 
-
-3. After the creation of the application in Auth0 you should see the application details page.
-
- 
-
-4. Click on the "Addons" tab.
-
- 
-
-5. Enable the "SAML2 Webapp" toggle and download the Identify Provider Metadata file.
-
- 
-
-6. Follow the instructions at [SAML in BloodHound Enterprise](/hc/en-us/articles/SAML-in-BloodHound) to create the SAML provider in BloodHound Enterprise.
diff --git a/docs/hc/en-us/articles/SAML-Google-IDP-Configuration.mdx b/docs/hc/en-us/articles/SAML-Google-IDP-Configuration.mdx
deleted file mode 100644
index ed7920d204..0000000000
--- a/docs/hc/en-us/articles/SAML-Google-IDP-Configuration.mdx
+++ /dev/null
@@ -1,68 +0,0 @@
----
-title: "SAML: Google IDP Configuration"
-description: "This document provides instructions for creating an application within Google for compatibility with BloodHound Enterprise."
----
-
-
- 
-
-
-2. Select “Add App” -> Add Custom SAML app
-
-
- 
-
-
-3. Give the app an appropriate name, such as BloodHound Enterprise.
-
- Optionally, add an icon and description.
-
-
- 
-
-
-
-
-4. On the next screen, download the metadata file and continue.
-
-
-5. Enter the ACS URL and Entity ID as follows:
-
- **ACS URL:**
-
- https://_TENANT_NAME_.bloodhoundenterprise.io/api/v1/login/saml/google/acs
-
- **Entity ID:** https://_TENANT_NAME_.bloodhoundenterprise.io/api/v1/login/saml/google
-
- **\*IMPORTANT: Replace “TENANT NAME” with your specific bloodhound tenant name.\* **
-
-
- 
-
-
-
-6. On the next screen, it is required to send the email attribute to BloodHound.
-
- BloodHound will accept either of the following values as the “App Attributes”:
-
- * http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
-
- * urn:oid:0.9.2342.19200300.100.1.3
-
-
- 
-
-
-7. Follow the instructions at [SAML in BloodHound Enterprise](/hc/en-us/articles/SAML-in-BloodHound) to create the SAML provider in BloodHound Enterprise.
diff --git a/docs/hc/en-us/articles/Troubleshooting-Local-Collection-Coverage.mdx b/docs/hc/en-us/articles/Troubleshooting-Local-Collection-Coverage.mdx
deleted file mode 100644
index e0ace862d2..0000000000
--- a/docs/hc/en-us/articles/Troubleshooting-Local-Collection-Coverage.mdx
+++ /dev/null
@@ -1,148 +0,0 @@
----
-title: Troubleshooting Local Collection Coverage
----
-
-
-