Extension-based data ingestion is available under early access.
BloodHound still supports generic data ingestion. For new OpenGraph projects and updates to existing projects, use extension-based data ingestion to take advantage of enhanced platform capabilities.
Key concepts
OpenGraph extensions are defined by a schema that specifies the structure and behavior of OpenGraph data for a specific identity provider, cloud service, or other platform. Review the following key concepts to understand how extension-based data ingestion works in BloodHound:| Concept | Description |
|---|---|
| Extension schema | A schema that defines the structure and behavior of OpenGraph data, including source, custom node and edge definitions, environment identification, and findings. |
| Data payload | The extension-based or generic data generated by an OpenGraph collector that you upload to BloodHound. |
| Extension-based data | Data payloads that conform to an extension schema, enabling enhanced features and support in BloodHound. |
| Generic data | Data payloads that conform to basic OpenGraph node, edge, and metadata schemas only. |
| Collector | A tool that authenticates to a third-party platform and generates a data payload that BloodHound can ingest. |
Enhanced features
The extension schema enables enhanced features for OpenGraph data in BloodHound that are not available for generic data. The following table summarizes the key features enabled by extension-based data ingestion and their availability in Community and Enterprise editions of BloodHound:| Feature |  |  |
|---|---|---|
| Pathfinding | ||
| Environment filtering | ||
| Custom node icons and colors | (API-only) | (schema-defined) |
| Findings and remediation |
Workflow
The general workflow for extension-based data ingestion involves three main stages that include different steps. Not all steps are required (for example, uploading Cypher queries and creating Privilege Zone rules are optional), and the workflow is not strictly linear. However, the following diagram provides a high-level overview of the recommended workflow for extension-based data ingestion in BloodHound:Before you begin
Complete the following steps before registering an extension or uploading extension-based data:Get extension artifacts
How you obtain extensions and collectors depends on your edition of BloodHound:
- BloodHound Community users can download and use Community extensions and collectors from public GitHub repositories
- BloodHound Enterprise customers can use both Community and Enterprise extensions and collectors; contact your Technical Account Manager to obtain Enterprise versions
Review prerequisites
After you obtain an extension and collector, review the prerequisites in the extension-specific setup documentation.For example, review collector permissions and required platform configurations, such as API service application registration.
Confirm role access
Confirm that your role includes extension management permissions.