SpecterOps BloodHound

BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to identify quickly. Defenders can use BloodHound to identify and eliminate those same attack paths. The SOAR integration with SpecterOps BloodHound enables the defenders to see all the attack path findings from BloodHound as Splunk SOAR events. The actions provided with the app can be used to remediate and remove the attack paths

Built by SOAR Community

Latest Version 1.0.1

February 27, 2025

Release notes

Compatibility

Not Available

Platform Version: 6.4, 6.3

Rating

0

(0)

Log in to rate this app

Support

Not Supported

Learn more

BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to identify quickly. Defenders can use BloodHound to identify and eliminate those same attack paths. The SOAR integration with SpecterOps BloodHound enables the defenders to see all the attack path findings from BloodHound as Splunk SOAR events. The actions provided with the app can be used to remediate and remove the attack paths

Supported Actions

test connectivity: Validate the asset configuration for connectivity using supplied configuration
on poll: Pull Attack Path Finding Details
fetch asset information: Pull information related to an asset from the API (works in Enterprise or CE)
does path exist: Pull a path between two objects (works in Enterprise or CE)
get object id: Fetch object id from asset's name