The SharpHound Enterprise service is a critical element in your deployment that collects and uploads data about your environment to your BloodHound Enterprise instance for processing and analysis.
SharpHound Enterprise is deployed as a signed Windows service, runs under the context of a domain account, and collects from one or more domains utilizing the configured service account.
|Processor Cores||2 physical cores||4 physical cores|
|Memory||4GB RAM||16GB RAM|
|Hard disk space||1GB for logging||5GB for logging|
- Windows Server 2012+
- .NET 4.5.2+
- TLS on 443/TCP to your tenant URL (provided by your account team)
- LDAP on 389/TCP to at least one domain controller in each domain requiring collection
- Note: SharpHound uses signed LDAP queries and does not support LDAPS
- [OPTIONAL - see Why perform privileged collection in SharpHound] SMB/RPC on 445/TCP to all domain-joined computers
Service Account Requirements
The SharpHound Enterprise service will run as a domain-joined account and will utilize the permissions of that account for enumeration purposes.
- Authenticated User within any domains requiring collection
- Local Administrator on the SharpHound Enterprise server
- Read privileges to the Deleted Objects container (if tombstoning is enabled - instructions here)
- [OPTIONAL - see Why perform privileged collection in SharpHound] Local Administrator on all domain-joined systems
See SharpHound Data Collection and Permissions for full permission information and explanation of requirements.