/* Style for the product comparison table in /get-started/introduction-to-bloodhound.mdx */

.comparison-table {
    width: 100%;
    border-collapse: collapse;
    margin: 20px 0;
}

.comparison-table td {
    width: 50%;
    padding: 15px;
    text-align: left;
    border: none;
    border-bottom: 1px solid rgba(229, 231, 235, 0.3);
}

.comparison-table img {
    max-width: 200px;
    height: auto;
    display: block;
    margin: 0 auto;
}

.comparison-table strong {
    color: #FFFFFF;
    display: inline;
}

.comparison-table td strong {
    display: inline;
}
 
.comparison-table a {
    display: inline-block;
    margin-top: 15px;
    color: #0066cc;
    text-decoration: none;
}

.comparison-table td:first-child {
    padding-right: 30px; /* Space on the right of the first column */
}

.comparison-table td:last-child {
    padding-left: 30px; /* Space on the left of the second column */
}

Node properties

AZGroup

SpecterOps

Introduction to BloodHound

Overview

Deployment

How attack path data collection and ingestion works, and how to run attack path data collection.

Data Collection

Analyzing ingested BloodHound data, identify and remediating attack paths/risks.

Data Analysis

Administering a BloodHound instance and its related components; users, roles, authentication, collector status, and general security.

Administration

Interacting with BloodHound through it’s REST API and integrations which uses the API.

API and Integrations

Resources

Login to BloodHound with user credentials or a one time password.

Login to BloodHound

Logout of BloodHound and delete the user session JWT.

Logout of BloodHound

Get the currently authenticated requester details. For Community, this will only ever be valid for users. In Enterprise, this could be either a BloodHound user or a client (collector).


Get self

**Deprecated**: This endpoint will no longer be supported in a future release. Please use `GET /api/v2/sso-providers` instead.


List SAML Providers

**Deprecated**: This endpoint will no longer be supported in a future release. Please use `GET /api/v2/sso-providers` instead to list available SSO endpoints.


Get all SAML sign on endpoints

**Deprecated**: This endpoint will no longer be supported in a future release. Please use `POST /api/v2/sso-providers/saml` instead.


Create a New SAML Provider from Metadata

**Deprecated**: This endpoint will no longer be supported in a future release. Please use `GET /api/v2/sso-providers` to list all SAML providers instead.


Get SAML Provider

**Deprecated**: This endpoint will no longer be supported in a future release. Please use `DELETE /api/v2/sso-providers/{sso_provider_id}` instead.


Delete a SAML Provider

Lists all available SSO providers (SAML and OIDC)

List SSO Providers

Creates a new OIDC provider for SSO authentication

Create OIDC Provider

Creates a new SAML provider with the given name and metadata XML.

Delete SSO Provider

Updates an existing SSO provider. Updating saml provider requires a "multipart/form-data" body. Updating oidc provider requires "application/json" body. Response is respective provider

Update SSO Provider

Download the SAML Provider Signing Certificate. Only applies to SAML providers.

Get SAML Provider Signing Certificate

List Permissions

Gets an authorization permission's details.

Get Permission

List Roles

Get Role

List Auth Tokens

Create a new token to use with request signing based authentication for a given user.

Create Token for User

Delete a request signing token for a given user.

Delete a User Token

List Users

Create a New User

Get a user

Delete a User

Update a User

Create or set a user's secret to use as a login password.

Create or Set User Secret

Expire a user's secret to use as a login password.

Expire User Secret

Enrolls user in multi-factor authentication

Unenrolls user from multi-factor authentication

Unenroll user from multi-factor authentication

Returns multi-factor authentication status for a user

Returns MFA activation status for a user

Activates multi-factor authentication for an enrolled user

Activates MFA for an enrolled user

Retrieves the version manifest for a given collector

Get collector manifest

Retrieves the download for a given collector with given version

Get collector download by version

Retrieves the checksum file for a given collector with given version

Get collector checksum by version

List File Upload Jobs

Creates a file upload job for sending collection files

Create File Upload Job

Saves a collection file to a file upload job

Upload File To Job

End File Upload Job

List accepted file types for collection file uploads

List accepted file upload types

Get API version

Returns an Open API 3.0 compatible BloodHound API spec

Get API Spec

Search for graph objects by name or object ID, filtered by type.

Search for objects

Gets available domains along with their collection status

Get available domains

List audit logs

Lists application configuration parameters for this instance

List application config parameters

Writes application configuration parameters for this instance

Write application configuration parameters

Lists all feature flags for this instance

List feature flags

Toggle a feature flag's enabled status to either enable or disable it.

List all asset isolation groups

Create an asset group

Get asset group by ID

Update an asset group

Delete an asset group

Returns all historical memberships if no URL params are specified.

List asset group collections

Update asset group selectors

DEPRECATED use PUT instead. Updates asset group selectors.

Delete an asset group selector

Get asset group custom member count

List all members of an asset isolation group.

List all asset isolation group members

List counts of members of an asset isolation group by primary kind.

List asset group member count by kind

DEPRECATED use GetShortestPath instead. Get the result of pathfinding between two nodes in graph format.

Get pathfinding result

Get the result of searching a graph for a node by name

Get search result

A graph of the shortest path from `start_node` to `end_node`.

Get the shortest path graph

Returns a graph representing the various nodes and edges that make up the complex post-processed edge.

Get path composition

Get all saved queries for the current user

List saved queries

Create a saved query

Update a saved query

Delete a saved query

Shares an existing saved query or makes it public

Share a saved query or set it to public

Revokes permission of a saved query from a given set of users

Revokes permission of a saved query from users

Runs a manual cypher query directly against the database

Run a cypher query

Retrieves entity information for the given Azure object ID.
If `related_entity_type` parameter is not set, this endpoint will return information
about a single entity. Using the `counts` boolean parameter will further modify the response.
If `related_entity_type` parameter is set, this endpoint will return information about entities
related to a single entity. The `type` parameter will morph the response data structure. The `list`
value for the `type` parameter also accepts `skip` and `limit` parameters.


Get Azure entity

Get entity info

Get a list, graph, or count of the principals this node can control.

Get entity controllables

Get a list, graph, or count of the principals that can control this node.

Get entity controllers

Get info and counts for this computer node.

Get computer entity info

Get a list, graph, or count of the systems this computer has admin rights to.

Get computer entity admin rights

Get a list, graph, or count of the principals that have admin rights on this computer.

Get computer entity admins

Get a list, graph, or count of the principals that this computer has constrained delegations rights to.

Get computer entity constrained delegation rights

Get a list, graph, or count of the principals that have constrained delegation rights to this computer.

Get computer entity constrained users

Get a list, graph, or count of the principals this computer can control.

Get computer entity controllables

Get a list, graph, or count of the principals that can control this computer.

Get computer entity controllers

Get a list, graph, or count of the systems this computer can execute DCOM on.

Get computer entity DCOM rights

Get a list, graph, or count of the principals that can execute DCOM on this computer.

Get computer entity DCOM users

Get a list, graph, or count of the groups this computer is a member of.

Get computer entity group membership

Get a list, graph, or count of the systems this computer has remote PowerShell rights on.

Get computer entity remote PowerShell rights

Get a list, graph, or count of the principals that have remote PowerShell rights on this computer.

Get computer entity remote PowerShell users

Get a list, graph, or count of the systems this computer can RDP to.

Get computer entity RDP rights

Get a list, graph, or count of the principals that have RDP rights on this computer.

Get computer entity RDP users

Get a list, graph, or count of the principals with active sessions on this computer.

Get computer entity sessions

Get a list, graph, or count of the principals that have SQL admin rights on this computer.

Get computer entity SQL admins

Get basic info and counts for this container node.

Get container entity info

Get a list, graph, or count of the principals that can control this container.

Get container entity controllers

Get basic info and counts for this domain node.

Get domain entity info

Updates the supported properties on the Domain entity.

Update the Domain entity

Get a list or count of the computers that belong to this domain.

Get domain entity computers

Get a list, graph, or count of the principals that can control this domain.

Get domain entity controllers

Get a list, graph, or count of the principals that can DC sync this domain.

Get domain entity DC Syncers

Get a list, graph, or count of the principals outside of this domain that have admin
rights on principals in this domain.


Get domain entity foreign admins

Get a list, graph, or count of the principals outside of this domain that can control
GPOs inside this domain.


Get domain entity foreign GPO controllers

Get a list, graph, or count of the groups outside of this domain that are members
of groups inside this domain.


Get domain entity foregin groups

Get a list, graph, or count of the users outside of this domain that are members
of groups inside this domain.


Get domain entity foreign users

Get a list or count of the GPOs in this domain.

Get domain entity GPOs

Get a list or count of the groups in this domain.

Get domain entity groups

Get a list, graph, or count of the inbound trusts for this domain.

Get domain entity inbound trusts

Get a list, graph, or count of the GPOs linked to this domain.

Get domain entity linked GPOs

Get a list or count of the OUs in this domain.


Entity Panel name	Description
Tier Zero / High Value	BloodHound Enterprise: Whether the object is part of Tier Zero of the Microsoft’s Active Directory Tier Model, or the Control Plane of Microsoft’s Enterprise Access Model. BloodHound CE: Whether the object is currently marked as High Value. By default any object that belongs to Tier Zero is marked as High Value.
Display Name	The display name for the object.
Object ID	The object’s security identifier (SID), a unique identifier in the directory.
Admin Count	Whether the object currently, or possibly ever has belonged to a certain set of highly privileged groups. For Active Directory nodes this is related to the AdminSDHolder object and the SDProp process, read about that here.
Created	The time when the object was created in the directory.
Description	The contents of the description field for the object.
Is Role Assignable	Whether the group can be assigned to Azure roles. When set to “True,” group members inherit role-based permissions. When set to “False,” role assignments are not allowed for the group.
On-Prem Sync Enabled	Whether the object is synchronized to on-premises Active Directory.
Security Enabled	Whether the group is a Security Principal, meaning it can be used to secure objects in Entra ID.
Security Identifier	-
Tenant ID	Unique identifier for the Azure tenant.

Get Started with BloodHound

Install a Data Collector

Collect Data

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

AZGroup

Node properties

Get Started with BloodHound

Install a Data Collector

Collect Data

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

​Node properties

Node properties