Integrating with BloodHound for Reporting

Pass BloodHound data to Ghostwriter for inclusion in your reports

BloodHound Community Edition (BHCE) is a part of many assessments, but using the data in reports can be difficult. The BHCE data is readily available as JSON, but the JSON files are typically large for most Active Directory (AD) environments outside of a lab environment. Also, the data’s full value comes from your analysis, so feeding the raw JSON to Ghostwriter isn’t the way to go. No one wants to copy and paste the contents of a dozen JSON files into fields anyway.

We can leverage BHCE and Ghostwriter’s robust APIs to perform analysis, automatically pass the JSON to Ghostwriter, and store it in a JSON field. This example is covered more in-depth in this article:

Ghostwriter v4.3: SSO, JSON Fields, and Reporting with BloodHoundPosts By SpecterOps Team Members

A proof-of-concept script is available here:

GitHub - GhostManager/bloodhound-integration-poc: A proof-of-concept script for automating the extraction of data from a BloodHound Community Edition server and sending it to Ghostwriter for use in reportsGitHub

PreviousRecording Cloud Server Deployments NextHealth Monitoring

Last updated 18 days ago