2023-01-18 Release Notes

Announcements

Reminder: BloodHound Enterprise App on SplunkBase

The BloodHound Enterprise App is now live on SplunkBase! Our Splunk app will let you pull data from your BloodHound Enterprise tenant into Splunk and includes a pre-configured dashboard, example queries for searching your data, and some pre-configured alerts that you can enable if you are so interested.

You'll be able to learn more about the app and how to install it here.

Summary

  • BloodHound Enterprise
    • New and Improved Features - Search for objects by type and performance improvements for very large SharpHound deployments.
    • Bug Fixes - search not finding existing objects, improvements in analysis time for customers with many group objects, and Tier Zero principals outside the group view.
  • SharpHound Enterprise (v1.0.25 GA, v2.0.6 Early Access)
    • New and Improved Features - SharpHound 2.0.6 is required to support performance improvements for large deployments.
  • AzureHound Enterprise (v1.2.2)
    • No release this week.

BloodHound Enterprise

  • New Functionality
    • The Explore pane search window now supports the ability to filter for objects by type! Prepend your search term with an object type to improve your search accuracy. Full documentation on this functionality is here.
      mceclip0.png
  • Improved Functionality
    • [Requires SHS v2.0.6] Improved performance for customers with very large SharpHound deployments who utilize OU or domain filtering on their scheduled tasks. This will primarily affect customers with >30 SharpHound services who utilize those filtering functionalities.
  • Bug Fixes
    • Resolved an issue where search would not find objects known to exist in an environment.
    • For specific customer deployments, the complexity of group membership resulted in long analysis times; this performance has been improved.
    • Fixed an issue that resulted in Tier Zero principals appearing outside the group view as "Unknown".
    • APIv2 endpoints will no longer respond with skip and limit blocks for non-paginated endpoints.

SharpHound Enterprise (v1.0.25 GA, v2.0.6 Early Access)

Minimum version of SharpHound Service to support all current functionality: v2.0.6

SharpHound v2.0.6

  • Improved Functionality
    • Improved performance for customers with very large SharpHound deployments who utilize OU or domain filtering on their scheduled tasks. This will primarily affect customers with >30 SharpHound services who utilize those filtering functionalities.

NOTE: Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the “User Rights Assignment Collection” experimental feature at the same time. Please contact your TAM or respond to this email for assistance.

AzureHound Enterprise (v1.2.2 GA)

Minimum version of AzureHound Service to support all current functionality: v1.2.2

No release this week.

Updated