BloodHound Enterprise for Splunk SOAR

BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to identify quickly, and defenders can use BloodHound to identify and eliminate those same attack paths. The SOAR integration with BloodHound Enterprise (powered by SpecterOps) lets defenders see all Attack Path findings from BloodHound as Splunk SOAR events. This enables rapid remediation of these risks within your environment. All actions support all BloodHound products unless otherwise noted. Supported Actions [BHE Only] Pull Attack Path finding details: Queries the BloodHound Enterprise API to collect new and updated findings for your environment. Test Connectivity: Validate connectivity to the BloodHound environment specified by the supplied configuration. Fetch asset information: Pull information related to an asset from the BloodHound API. Does path exist: Determines whether a valid Attack Path exists between two objects within BloodHound. Get object ID: Fetch an object's ID from its name.

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• on poll: Pull Attack Path Finding Details
• fetch asset information: Pull information related to an asset from the API (works in Enterprise or CE)
• does path exist: Pull a path between two objects (works in Enterprise or CE)
• get object id: Fetch object id from asset's name