You will need your AzureHound Enterprise configuration file from Create an AzureHound Configuration prior to beginning this process.
Windows
Run AzureHound Enterprise on Windows
This shows how to install AzureHound Enterprise as a service. Many organizations choose to run AzureHound Enterprise alongside SharpHound Enterprise from the same system. These services can live alongside each other and will not conflict.
Organizations who wish to run multiple AzureHound Enterprise collectors on the same server, for example, because of multiple Azure tenants, must install AzureHound Enterprise as Scheduled Tasks instead of Windows Services. See Setting up multiple AzureHound collectors on the same server with scheduled tasks.
Test the AzureHound Configuration
After completing Create an AzureHound Configuration, test your new AzureHound Enterprise configuration. This is only a test; AzureHound should be run as a service, as documented in the next section below.
-
Run “azurehound.exe start” on the command line from the directory you installed AzureHound in. the command line will show "Waiting for jobs..." if no collection schedule is configured on the client.
- While the command prompt is open and the client waits for jobs, perform an On Demand Scan to test its connectivity, see Run an On Demand Scan
- Tip: In the tenant, the collector client should show Status: Ready, and Last Checkin: n seconds ago
- Tip: In the tenant, the collector client should show Status: Ready, and Last Checkin: n seconds ago
- Once an On Demand Scan is started, the command line will output data
- If successful, it will show "Collection completed successfully"
- If unsuccessful, check the AzureHound log generated next to the binary or contact the BloodHound Enterprise team for support.
Install AzureHound as a service
Next, install AzureHound as a service so that the collector process can run continuously:
- Create the directory from where the AzureHound service will run.
- Tip: We recommend creating "C:\Program Files\AzureHound Enterprise" to increase security, as the Program Files directory is write-protected from non-administrative users.
New-Item 'C:\Program Files\AzureHound Enterprise' -ItemType Directory
- Tip: We recommend creating "C:\Program Files\AzureHound Enterprise" to increase security, as the Program Files directory is write-protected from non-administrative users.
- Move "azurehound.exe" into the created directory
- Open a command line as a local administrator, navigate to the created directory, and run “azurehound.exe install”
- Hit Enter, or type 'y', to use previously tested configuration settings
- AzureHound will copy the configuration settings in your user profile to "C:\ProgramData\AzureHound\config.json", this is a hardcoded configuration file location
- AzureHound will copy the configuration settings in your user profile to "C:\ProgramData\AzureHound\config.json", this is a hardcoded configuration file location
- If using certificate authentication:
- Copy the certificate and key file created in your user profile to a more central location, for example next to the configuration settings in "C:\ProgramData\azurehound"
Move-Item "$env:USERPROFILE\.config\azurehound\*.pem" "C:\ProgramData\azurehound\"
- Update the configuration file "C:\ProgramData\AzureHound\config.json" to point to the new certificate and key file locations
- Open the Services Management interface from the Start menu, locate the "AzureHound" service, and start it.
- If configured correctly, the client will show Status: Ready, and Last Checkin: n seconds ago
- Copy the certificate and key file created in your user profile to a more central location, for example next to the configuration settings in "C:\ProgramData\azurehound"
Upgrade AzureHound Enterprise on Windows
Upgrading AzureHound Enterprise is done by replacing the previous service binary.
- Log into your BloodHound Enterprise tenant.
- Click ⚙️ → Download Collectors
- Download AzureHound Enterprise by clicking the button DOWNLOAD AZUREHOUND vX.X.X (.ZIP)
- Extract the contents of the zip archive and locate the binary suitable for your system's architecture
- Log into the server running your AzureHound service
- Click “Start” and then locate the “Services” application or run "services.msc"
- Locate the AzureHound service and open its properties
- From the service properties window, stop AzureHound by clicking Stop
- Replace the existing "azurehound.exe" binary seen in "Path to executable" with the newly downloaded one
- From the service properties window, start AzureHound by clicking Start
Docker
Run AzureHound Enterprise on Docker
- A sample docker-compose.yaml file is attached to this article here.
- Integrate the appropriate structure into your existing configuration or utilize it as a new configuration in Docker, moving the associated config.json, cert.pem, and key.pem files to the appropriate location, and updating config.json according to your assigned values.
- In your docker directory, run:
docker-compose pull && docker-compose up -d
- Review the container logs and BloodHound Enterprise user interface to verify that AzureHound has successfully connected.
Upgrade AzureHound Enterprise on Docker
- In your docker directory, run:
docker-compose pull && docker-compose up -d
- Review the container logs and BloodHound Enterprise user interface to verify that AzureHound has successfully connected.
Kubernetes
Run AzureHound Enterprise on Kubernetes
- Create TLS secret for certificate and key using
kubectl create secret tls azurehound-tls --cert=<path to cert> --key=<path to key>”
- Create a generic secret. Choose between:
- No passphrase:
kubectl create secret generic azurehound-secret --from-literal tokenId=<bloodhound enterprise token id> --from-literal token=<bloodhound enterprise token>
- Private key has passphrase:
kubectl create secret generic azurehound-secret --from-literal tokenId=<bloodhound enterprise token id> --from-literal token=<bloodhound enterprise token> --from-literal keypass=<private key passphrase>
- No passphrase:
- A sample deployment.yaml file is attached to this article here.
- Edit the provided deployment.yaml file. Read comments and replace instances of [ INSERT HERE ] with appropriate values
- Deploy AzureHound on k8s:
kubectl apply -f deployment.yaml
- Review the container logs and BloodHound Enterprise user interface to verify that AzureHound has successfully connected.
Upgrade AzureHound Enterprise on Kubernetes
- On your Kubernetes cluster, run:
kubectl rollout restart deployment/azurehound-deployment
- Review the container logs and BloodHound Enterprise user interface to verify that AzureHound has successfully connected.
- docker-compose.yaml397 Bytes
- deployment.yaml2 KB
Updated