You will need your Tenant ID and Application ID from completing AzureHound Enterprise Azure Configuration prior to beginning this process.
- Log into your BloodHound Enterprise tenant.
- In the top right, click settings ⚙️ → Download Collectors
- Download AzureHound Enterprise by clicking the button DOWNLOAD AZUREHOUND vX.X.X (.ZIP)
- Extract the contents of the zip archive and locate the binary suitable for your system's architecture.
- NB: As an example, this guide will use the Windows 64-bit binary: "azurehound-windows-amd64"
- NB: As an example, this guide will use the Windows 64-bit binary: "azurehound-windows-amd64"
- Run "azurehound.exe -h" to see all available options
- Run “azurehound.exe configure” and select the Azure region your organization's tenant is hosted in
- NB: Most organizations are using the "cloud" region
- NB: Most organizations are using the "cloud" region
- Type in your Azure tenant ID
- Type in the application ID you saved when creating the AzureHound application
- Choose your desired authentication mechanism
- NB: We highly recommend certificate-based authentication.
- NB: We highly recommend certificate-based authentication.
- If using Certificate authentication: hit Enter, or type ‘y’, to create a new certificate and key
- Note: The certificate generated by AzureHound expires after one year.
- Note: If using a certificate issued by another authority, AzureHound supports certificates with the following:
- PEM encoded
- RSA 256
- PKCS#8 or PKCS#5
- If using Certificate authentication: if desired, provide a password for the secret key
- Hit Enter, or type 'y', to set up a connection to BloodHound Enterprise
- Type in the full URL of your BloodHound Enterprise tenant
- Create an AzureHound collector client by following Create a BloodHound Enterprise collector client. Continue to the next step when you have the Token ID and Token.
- Type in the client collector's Token ID from the previous step
- Type in the client collector's Token key from the collector client
- Decide if you want to use a proxy URL. Most organizations will not use this feature
- Hit Enter, or type ‘y’, to set up local logging
- Select the logging verbosity, as a start we recommend Default
- Type a log file name
- You can also enter file name as a full path. If not specifying a path; AzureHound will output logs to the specified file name within the same directory as the AzureHound binary
- You can also enter file name as a full path. If not specifying a path; AzureHound will output logs to the specified file name within the same directory as the AzureHound binary
- Decide if AzureHound should generate JSON-structured logs
- When completed, a settings summary is shown
- If using Certificate authentication; the summary also includes the location of the certificate to complete the configuration within Azure
- Continue to Run and Upgrade AzureHound (Windows, Docker, or Kubernetes)