What Changed
Major version upgrade of BloodHound Enterprise solution introducing:
- 105 new analytic rules for Active Directory attack path detection
- New workbooks for visualization and analysis
- Updated data connector with Azure Function v2 for new BloodHound Enterprise APIs
- Simplified Function App ARM template with streamlined parameter set
- New documentation for local development and deployment
Detection Logic
KQL logic unavailable — YAML not included in diff context.
Security Impact (Visibility & Fidelity)
This represents a significant expansion of Active Directory attack surface monitoring capabilities. BloodHound Enterprise specializes in identifying attack paths through Active Directory environments — 105 new detection rules dramatically expand coverage of privilege escalation, lateral movement, and domain persistence techniques.
The updated data connector ensures compatibility with new BloodHound Enterprise APIs, maintaining continuous visibility into AD security posture and potential attack vectors that traditional tools miss.
Affected Files
Data connector updated: BloodHound Enterprise connector with new Azure Function v2
ARM template simplified: azuredeploy_BloodHoundEnterprise_FunctionApp.json
Documentation added: README.md for connector setup
Analytic rules (105 files) and workbooks not visible in diff context
(packaging artefacts updated: solution metadata, ARM templates)