Create an AzureHound Configuration

  • Updated

This article applies to BHE

You will need your Tenant ID and Application ID from completing AzureHound Enterprise Azure Configuration prior to beginning this process.

  1. Log into your BloodHound Enterprise tenant.
  2. In the top right, click settings ⚙️ → Download Collectors
  3. Download AzureHound Enterprise by clicking the button DOWNLOAD AZUREHOUND vX.X.X (.ZIP)
  4. Extract the contents of the zip archive and locate the binary suitable for your system's architecture.
    • NB: As an example, this guide will use the Windows 64-bit binary: "azurehound-windows-amd64"
  5. Run "azurehound.exe -h" to see all available options
  6. Run “azurehound.exe configure” and select the Azure region your organization's tenant is hosted in
    • NB: Most organizations are using the "cloud" region
  7. Type in your Azure tenant ID
  8. Type in the application ID you saved when creating the AzureHound application
  9. Choose your desired authentication mechanism
    • NB: We highly recommend certificate-based authentication.
  10. If using Certificate authentication: hit Enter, or type ‘y’, to create a new certificate and key

    • Note: The certificate generated by AzureHound expires after one year.
    • Note: If using a certificate issued by another authority, AzureHound supports certificates with the following:
      • PEM encoded
      • RSA 256
      • PKCS#8 or PKCS#5
  11. If using Certificate authentication: if desired, provide a password for the secret key
  12. Hit Enter, or type 'y', to set up a connection to BloodHound Enterprise
  13. Type in the full URL of your BloodHound Enterprise tenant
  14. Create an AzureHound collector client by following Create a BloodHound Enterprise collector client. Continue to the next step when you have the Token ID and Token.
  15. Type in the client collector's Token ID from the previous step
  16. Type in the client collector's Token key from the collector client
  17. Decide if you want to use a proxy URL. Most organizations will not use this feature
  18. Hit Enter, or type ‘y’, to set up local logging
  19. Select the logging verbosity, as a start we recommend Default
  20. Type a log file name
    • You can also enter file name as a full path. If not specifying a path; AzureHound will output logs to the specified file name within the same directory as the AzureHound binary
  21. Decide if AzureHound should generate JSON-structured logs
  22. When completed, a settings summary is shown
  23. If using Certificate authentication; the summary also includes the location of the certificate to complete the configuration within Azure
  24. Continue to Run and Upgrade AzureHound (Windows, Docker, or Kubernetes)