-
BloodHound Enterprise is the identity attack path management solution that helps enterprises proactively secure their networks by identifying and mitigating attack paths within their Active Directory (AD) and Azure environments. It maps out potential vulnerabilities in an organization's identity and access control infrastructure, clearly showing how attackers could exploit weaknesses to escalate privileges and gain unauthorized access. By continuously assessing the AD environment, BloodHound Enterprise enables security teams to detect and fix attack paths before they can be exploited, reducing the risk of data breaches and improving overall cybersecurity resilience.
-
No other solution is maps and allows security and identity teams to manage attack paths in a way that is highly scalable for large enterprises. Unlike other tools that only provide snapshots of vulnerabilities, BloodHound Enterprise delivers targeted, actionable insights into identity risks. The solution offers automated risk assessments, highlighting specific attack paths, user permissions, and potential lateral movement opportunities, allowing teams to prioritize remediation based on real-world threat scenarios. Additionally, BloodHound Enterprise tracks the exposure and impact of attack paths in a way that allows security teams to continuously monitor and track changes to the AD environment, providing a dynamic view of evolving risks.
- Guided Setup – A step-by-step guided setup for seamless configuration, covering connection setup, import scheduling, and filter configuration.
- Automated Attack Path Ingestion – Fetches attack path findings from SpecterOps BloodHound and stores them as Security Incidents in ServiceNow.
- Scheduled Imports – Configurable import schedules to periodically fetch attack path data without creating duplicate incidents.
- Data Transformation & Mapping – Transforms SpecterOps attack path data and maps key fields to ServiceNow SIR fields for streamlined incident management.
- Threat Intelligence Integration – Links attack path findings to security incidents, helping defenders identify and eliminate potential threats.
- ServiceNow Store Availability – Available on the ServiceNow Store for easy installation and deployment.
- Customizable Filtering – Allows users to configure filters to refine attack path data based on specific security needs.
Initial Release
To ensure smooth installation and operation of the SpecterOps BloodHound Integration with ServiceNow SIR, the following system requirements must be met:
1. ServiceNow Instance
- ServiceNow Xanadu or later
- Security Incident Response (SIR) Module must be enabled
- ServiceNow Store Access to install the app
2. SpecterOps BloodHound
- Access to SpecterOps BloodHound Enterprise
- API credentials (Base URL, Token Key, Token ID) for authentication
3. Mid Server (Optional, but Recommended)
- Required if ServiceNow instance is behind a firewall and needs secure communication with BloodHound API
4. Network & Security Requirements
- Internet Access to connect with SpecterOps BloodHound API
- Allowlisted API Endpoints for SpecterOps BloodHound