SharpHound Enterprise System Requirements

  • Updated

This article applies to BHE

The SharpHound Enterprise service is a critical element in your deployment that collects and uploads data about your environment to your BloodHound Enterprise instance for processing and analysis.

SharpHound Enterprise is deployed as a signed Windows service, runs under the context of a domain account, and collects from one or more domains utilizing the configured service account.

Server Requirements


  Minimum Recommended
Processor Cores 2 physical cores 4 physical cores
Memory 4GB RAM 16GB RAM
Hard disk space 1GB for logging 5GB for logging



  • Windows Server 2012+
  • .NET 4.5.2+


  • TLS on 443/TCP to your tenant URL (provided by your account team)
  • LDAP on 389/TCP to at least one domain controller in each domain requiring collection
    • Note: SharpHound uses signed LDAP queries and does not support LDAPS
  • [OPTIONAL - see Why perform privileged collection in SharpHound] SMB/RPC on 445/TCP to all domain-joined computers

Service Account Requirements

The SharpHound Enterprise service will run as a domain-joined account and will utilize the permissions of that account for enumeration purposes.

  • Authenticated User within any domains requiring collection
  • Local Administrator on the SharpHound Enterprise server
  • Read privileges to the Deleted Objects container (if tombstoning is enabled - instructions here)
  • [OPTIONAL - see Why perform privileged collection in SharpHound] Local Administrator on all domain-joined systems

See SharpHound Data Collection and Permissions for full permission information and explanation of requirements.