Open nurfed1 opened 6 months ago
Confirmed with SharpHound v2.3.0 and BloodHound v5.3.1. The data is collected by SharpHound as expected:
"GPOChanges": {
"LocalAdmins": [
{
"ObjectIdentifier": "S-1-5-21-2697957641-2271029196-387917394-2173",
"ObjectType": "User"
}
],
"RemoteDesktopUsers": [],
"DcomUsers": [],
"PSRemoteUsers": [],
"AffectedComputers": [
{
"ObjectIdentifier": "S-1-5-21-2697957641-2271029196-387917394-2174",
"ObjectType": "Computer"
}
]
},
The above example is from the attached example which should generate an AdminTo edge from the user ALICE@DUMPSTER.FIRE
to computer ALICE-LAPTOP.DUMPSTER.FIRE
, but that doesn't happen.
20231228025130_BloodHound.zip
Description:
Sharphound GPOLocalGroup collector data is not being ingested by Bloodhound.
Component(s) Affected:
Steps to Reproduce:
Expected Behavior:
Bloodhound ingests collected GPOLocalGroup data.
Actual Behavior:
Bloodhound does not ingest collected GPOLocalGroup data.
Environment Information:
BloodHound: Latest commit
Collector: SharpHound 2.3.0 (Latest commit)
Contributor Checklist: