SharpHound Enterprise Tenant Configuration

  • Updated

This article applies to BHE

Configuration location

  1. Tenant configuration of SharpHound Enterprise occurs within the Config -> Administration -> Manage clients view.
    mceclip0.png
  2. Click on the hamburger menu on the right-hand side of any Sharphound collector to see the options available.
    mceclip1.png

Configure Options

On Demand Scan

Kick a collection off immediately. For more information about available options, see Scanning.

Edit Client

Opens the client modification dialog, providing multiple options:
mceclip2.png

Option Description
Client Name An identifiable name for the collector. Many customers utilize the name of the domain it collects from or the system it runs on.
Collection Schedule Click the + sign to add a new schedule or the - sign to delete a schedule. See Collection Scheduling for more.
Advanced Options -> Domain Controller By default, SharpHound utilizes the PdcRoleOwner property to identify and utilize the Primary Domain Controller for LDAP queries. Specifying a Domain Controller hostname or FQDN here will define the default value utilized on all scheduled collections. On-demand scans are unaffected by this setting and will always use the Primary Domain Controller.

Collection Scheduling

Collectors support multiple schedules, however, can only run a single job at any time.

Scanning

Both the "On Demand Scan" option and the schedule window provide the same options for scanning.

Option Description

Data (Required)

Multi-select option for the different types of collection available. See SharpHound Data Collection and Permissions for details on the data collected and permissions necessary for each.

Domain controller Specify the domain controller the scan should utilize for LDAP queries; otherwise, SharpHound will utilize the value set in the collector configuration.
Target Local Group and/or User Session Collection by Organizational Unit

Define one or more OUs within a domain to only collect Local Group and Session data from computers contained within the specified OUs and their descendants.

If left empty, SharpHound will collect from all OUs.

If defined, the schedule or on-demand scan will not collect AD structure data. A dedicated schedule or on-demand scan must therefore be created for AD structure collection.

Note: Not supported with multi-domain collections.

Scope Collection to Multiple Domains

Utilize trust relationships in your environment to collect data from multiple domains.

If left empty, SharpHound will collect from the domain to which the Service Account belongs.

SharpHound supports two options:

  • Define a specific list of domains from which to collect data.
  • Collect data from all domains within the forest that the SharpHound service account belongs.

Note: Multi-domain collections cannot be scoped by OU.