The SharpHound Enterprise service is a critical element in your deployment that collects and uploads data about your environment to your BloodHound Enterprise instance for processing and analysis.
SharpHound Enterprise is deployed as a signed Windows service, runs under the context of a domain account, and collects from one or more domains utilizing the configured service account.
Server Requirements
Hardware
| Minimum | Recommended | |
| Processor Cores | 2 physical cores | 4 physical cores |
| Memory | 4GB RAM | 16GB RAM |
| Hard disk space | 1GB for logging | 5GB for logging |
Software
- Windows Server 2012+
- .NET 4.5.2+
Network
- TLS on 443/TCP to your tenant URL (provided by your account team)
- LDAP on 389/TCP to at least one domain controller in each domain requiring collection
- Note: SharpHound uses signed LDAP queries and does not support LDAPS
- [OPTIONAL - see Why perform privileged collection in SharpHound] SMB/RPC on 445/TCP to all domain-joined computers
Service Account Requirements
The SharpHound Enterprise service will run as a domain-joined account and will utilize the permissions of that account for enumeration purposes.
- Authenticated User within any domains requiring collection
- Local Administrator on the SharpHound Enterprise server
- Read privileges to the Deleted Objects container (if tombstoning is enabled - instructions here)
- [OPTIONAL - see Why perform privileged collection in SharpHound] Local Administrator on all domain-joined systems
See SharpHound Data Collection and Permissions for full permission information and explanation of requirements.