To pair SpecterOps BloodHound Enterprise with On Demand Audit to help provide a comprehensive risk assessment and threat monitoring solution, you need to add a SpecterOps BloodHound configuration.
|
NOTE:
|
To add a configuration:
- From the Configuration tab, select Add BloodHound Enterprise or click the + icon.
-
Enter the SpecterOps BloodHound URL, the Permanent Authorization Token (PAT) Token ID, and Key pair.
-
Click Validate to validate the URL format (https://yourdomain.bloodhoundenterprise.io.), the Permanent Authorization Token (PAT) Token ID, and the Key pair.
-
Click Save.
Once the configuration has been added, you can select to edit the Tier Zero notification template to configure who will be notified when an alert is triggered.
To edit a configuration:
- From the Configuration tab, select the BloodHound Enterprise card, and choose Edit Configuration.
-
Edit the SpecterOps BloodHound URL, Permanent Authorization Token (PAT) Token ID, and Key pair as required.
-
Click Validate to validate the URL format (https://yourdomain.bloodhoundenterprise.io.), the Permanent Authorization Token (PAT) Token ID, and the Key pair.
-
Click Save.
To remove a configuration:
|
IMPORTANT: When you remove a configuration, SpecterOps BloodHound Enterprise information will no longer be added to events in On Demand Audit. |
-
From the Configuration tab, select the BloodHound Enterprise card, and choose REMOVE.
-
Click YES to remove the configuration.