diff --git a/docs/analyze-data/overview.mdx b/docs/analyze-data/overview.mdx index c2389eed..ce978e65 100644 --- a/docs/analyze-data/overview.mdx +++ b/docs/analyze-data/overview.mdx @@ -1,20 +1,20 @@ ---- -title: The BloodHound Dashboard -description: Learn how to use the BloodHound dashboard to analyze your data and identify attack paths. -mode: wide -sidebarTitle: Overview ---- - - - - - - - - - - - - - - +--- +title: The BloodHound Dashboard +description: Learn how to use the BloodHound dashboard to analyze your data and identify attack paths. +mode: wide +sidebarTitle: Overview +--- + + + + + + + + + + + + + + diff --git a/docs/analyze-data/privilege-zones/certification.mdx b/docs/analyze-data/privilege-zones/certification.mdx index 6e513a2e..79a33718 100644 --- a/docs/analyze-data/privilege-zones/certification.mdx +++ b/docs/analyze-data/privilege-zones/certification.mdx @@ -11,8 +11,7 @@ This process gives you control over zone membership and helps prevent unexpected A view of the Privilege Zones certification tab @@ -42,7 +41,7 @@ You can configure certification requirements at the zone level (to affect all ru ## Manage certifications -The **Certification** tab in the **Privilege Zones** page allows administrators and power users to review, approve, or revoke certifications for objects in zones where manual certification has been configured. +The **Certifications** tab in the **Zone Builder** page allows administrators and power users to review, approve, or revoke certifications for objects in zones where manual certification has been configured. * You can certify or revoke certification only for objects in zones where certification is enabled. @@ -52,8 +51,8 @@ The **Certification** tab in the **Privilege Zones** page allows administrators To manage certifications: - - Navigate to the **Privilege Zones** > **Certification** tab. + + Navigate to the **Privilege Zones** > **Certifications** tab. @@ -61,13 +60,13 @@ To manage certifications: - Click the status drop-down menu and choose **Pending**, **User Certified**, or **Rejected** to view relevant certifications. + Click the status drop-down menu and choose **Pending**, **User Certified**, **Automatic Certification**, or **Rejected** to view relevant certifications. Actions are only available for certifications that require manual approval. You cannot approve or revoke **Automatic Certifications**. Privilege Zones certification status drop-down menu @@ -75,8 +74,8 @@ To manage certifications: Click the environment drop-down menu and select the desired environment to view its certifications. Privilege Zones certification environment drop-down menu @@ -84,8 +83,8 @@ To manage certifications: The **Certifications** tab also provides a search box and filters to help you identify specific certifications. Privilege Zones certifications filter @@ -102,8 +101,12 @@ To manage certifications: * Click **Skip Note** to complete the certification action without a note * Click **Cancel** to exit without completing the certification action - Privilege Zones certification note dialog + A view of the certification note dialog in the Zone Builder certification tab - Notes are visible to all BloodHound users in the [History Log](/analyze-data/privilege-zones/history).Show certification note in Privilege Zones history log + Notes are visible to all BloodHound users in the [History Log](/analyze-data/privilege-zones/history).A view of a certification note in the Zone Builder history log diff --git a/docs/analyze-data/privilege-zones/history.mdx b/docs/analyze-data/privilege-zones/history.mdx index d9980d75..3e7c9251 100644 --- a/docs/analyze-data/privilege-zones/history.mdx +++ b/docs/analyze-data/privilege-zones/history.mdx @@ -11,7 +11,7 @@ The **History Log** provides a record of changes to your Zones and Labels, inclu Privilege Zones history log @@ -21,6 +21,6 @@ The **History Log** provides a search box and filters to help you identify speci Privilege Zones history log filter diff --git a/docs/analyze-data/privilege-zones/labels.mdx b/docs/analyze-data/privilege-zones/labels.mdx index 9075a38c..5c045e72 100644 --- a/docs/analyze-data/privilege-zones/labels.mdx +++ b/docs/analyze-data/privilege-zones/labels.mdx @@ -4,42 +4,56 @@ description: Learn how to use labels to categorize and manage objects within Pri --- import RuleWarning from '/snippets/privilege-zones/rule-warning.mdx'; +import ZoneLabelViews from '/snippets/privilege-zones/zone-label-views.mdx'; +import DeleteZoneLabel from '/snippets/privilege-zones/delete-zone-label.mdx'; Applies to BloodHound Enterprise and CE -Labels let you tag groups of objects for easier searching and filtering. Use labels to mark objects with common characteristics (e.g., "PCI", "Owned", "Production"). +Labels let you tag groups of objects for easier searching and filtering. For example, you can label compromised assets with the default **Owned** label to quickly identify attack paths from non-compromised to compromised assets in your environment. -You can filter views and queries based on labels. For example, label PCI-scoped systems to quickly identify attack paths from non-PCI to PCI environments. +The **Owned** label represents objects that have been compromised in your environment. You can tag objects with the **Owned** label using rules or manually in the graph. Unlike zones, BloodHound does not use labels in risk analysis—they're designed to help you organize and query your data. -The **Labels** tab offers two views: + - The **Summary View** shows label names, rule counts, and member count. + The **Summary View** shows label names, rule counts, and object counts. Privilege Zones summary view - - The **Detail View** lists every rule and member that each rule pulls into the associated label. + + The **Details View** displays all rules configured for the selected label and the objects that they pull into the label (organized by node type). Use the drop-down menus to filter the view by specific labels and domains in your environment. + + Select a rule or object to display more details in the right panel, including: + + - Rule definition and Cypher query + - Object properties and relationships + + BloodHound displays objects for enabled rules only. To view objects related to a disabled rule, you must re-enable it. + Privilege Zones detail view ### Create a label +Enterprise Edition + +You can create custom labels to categorize objects based on any criteria relevant to your environment, such as business function, sensitivity level, or compliance requirements. + +For example, you might create a label for PCI-scoped systems to quickly identify attack paths from non-PCI to PCI environments. + Creating a label involves configuring the label details and defining a rule. - + In the left menu, click **Privilege Zones** > **Labels** > **Create Label**. @@ -53,7 +67,7 @@ Creating a label involves configuring the label details and defining a rule. Configure a new privilege zone label @@ -74,7 +88,7 @@ Creating a label involves configuring the label details and defining a rule. Define a rule for the privilege zone label @@ -83,41 +97,72 @@ Creating a label involves configuring the label details and defining a rule. -### Edit or delete a label +### Edit a label -To edit or delete an existing label, follow these steps: +To edit a label, follow these steps: - Navigate to the **Labels** tab, select the label you want to edit or delete, and click **Edit Label**. + 1. In the left menu, click **Privilege Zones**. + + 1. Click the **Labels** tab + + 1. By default, the **Owned** label is pre-selected. To edit a different label, select the label you want to edit. + + If you're using BloodHound Enterprise, you can select a label from the **Summary View**. + + A view of the Zone Builder edit label page in BloodHound Enterprise with the Summary View + + Alternatively, BloodHound Enterprise and BloodHound Community Edition users can select a label using the dropdown menu on the **Details View**. + + A view of the Zone Builder edit label page in BloodHound with the Detail View + + 1. Click **Edit Label**. + + + + To edit the label: + + 1. Modify the label's name or description. + 1. Click **Save Edits** to apply your changes. + + To manage how objects are included in the label, see [Rules](/analyze-data/privilege-zones/rules). + + +### Delete a label + +Enterprise Edition - - Choose one of the following actions: +You cannot delete the default **Owned** label, but you can edit its description and rules. - - - To edit the label: + - 1. Modify the label's name and description. +To delete an existing label, follow these steps: - 1. Click **Save Edits** to apply your changes. - + + + Navigate to the **Labels** tab, select the label you want to delete, and click **Edit Label**. + - - To delete the label: + + To delete the label: - 1. Click **Delete Label** at the bottom of the page + 1. Click **Delete Label** at the top of the page. 1. Confirm your action in the dialog. Confirm deletion of a custom privilege zone 1. Click **Confirm** to delete the label. - - diff --git a/docs/analyze-data/privilege-zones/overview.mdx b/docs/analyze-data/privilege-zones/overview.mdx index daa0ff46..aa6fed13 100644 --- a/docs/analyze-data/privilege-zones/overview.mdx +++ b/docs/analyze-data/privilege-zones/overview.mdx @@ -3,6 +3,8 @@ title: Overview description: Discover how Privilege Zones help you organize and segment your environment based on sensitivity and access level. --- +import ContactSales from '/snippets/privilege-zones/contact-sales.mdx'; + Applies to BloodHound Enterprise and CE Privilege Zones help you organize objects in your environment into logical groups based on their privilege and risk levels. Using Privilege Zones, you can monitor and maintain the security posture of tiered isolation models. @@ -16,18 +18,16 @@ Review these key concepts before exploring Privilege Zones. You can find detaile | Concept | Description | Used in Risk Analysis | | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | :-------------------: | | **Zone** | A group of objects representing the hierarchy of control across all domains in an environment (based on access level) | | -| **Label** | A flexible way to categorize objects within a zone (or across zones) for easier searching and filtering | | -| **Rule** | A set of instructions that associates objects with zones and labels, based on object types, relationships (expansion), or Cypher queries | | -| **Tagging** | The process of associating objects with zones and labels using rules | | -| **Certification** | _[BHE only]_ An optional process to interrupt automatic inclusion of additional objects in a zone by requiring manual certification of the additional objects | | +| **Label** | A flexible way to categorize objects for easier searching and filtering | | +| **Certification** | Enterprise Edition An optional process to interrupt automatic inclusion of additional objects in a zone by requiring manual certification of the additional objects | | Zones organize objects into a strict hierarchy. BloodHound analyzes how object privileges are assigned and where they can be escalated across your environment. By default, BloodHound includes a **Tier Zero** zone that represents a set of objects with full control over an environment *and* any objects with control over those objects. See [Tier Zero: Members and Modification](/get-started/security-boundaries/tier-zero-members) to learn more. -By default, you can [create up to two additional zones](/analyze-data/privilege-zones/zones) to match your organization's security model. If you need to create more zones, contact your account manager. + -If BloodHound detects an object in a lower-privileged zone controlling an object in a higher-privileged zone, it identifies it as a finding in the **Attack Paths** and **[Posture](/analyze-data/posture-page)** pages. For example, if a Tier One user can control a Tier Zero server, BloodHound flags it as a violation of the privilege model. +If BloodHound Enterprise detects an object in a lower-privileged zone controlling an object in a higher-privileged zone, it identifies it as a finding in the **Attack Paths** and **[Posture](/analyze-data/posture-page)** pages. For example, if a Tier One user can control a Tier Zero server, BloodHound flags it as a violation of the privilege model. This analysis helps you identify and remediate privilege escalation paths and misconfigurations that violate your security model. @@ -35,11 +35,15 @@ This analysis helps you identify and remediate privilege escalation paths and mi ## Features -The **Privilege Zones** page provides the following tabs: +The **Zone Builder** page provides tools for configuring and managing your privilege zones. + +Once configured, BloodHound Enterprise analyzes your zones and displays findings in the **Attack Paths** and **Posture** pages. + +The **Zone Builder** page provides the following tabs: * **Zones**: A group of objects that represent the hierarchy of control across all domains in an environment based on access level * **Labels**: A flexible way to categorize a group of objects in a single zone (or across multiple zones) for easier searching and filtering -* **Certification** _[BHE only]_: An optional process to interrupt automatic inclusion of additional objects in a zone by requiring manual certification of the additional objects +* **Certifications** Enterprise Edition: An optional process to interrupt automatic inclusion of additional objects in a zone by requiring manual certification of the additional objects * **History**: An audit log of changes made to your zones and labels over time These tools enable further risk mitigation in your environments by highlighting the violations and misconfigurations in your tiered network model. diff --git a/docs/analyze-data/privilege-zones/rules.mdx b/docs/analyze-data/privilege-zones/rules.mdx index b18831bc..2cb323ea 100644 --- a/docs/analyze-data/privilege-zones/rules.mdx +++ b/docs/analyze-data/privilege-zones/rules.mdx @@ -58,17 +58,17 @@ If any OUs or Containers are tagged in the last step of the tagging process only ## Define a rule -The process and screens for creating and editing rules is nearly the same for zones and labels. The primary difference is that [certification](/analyze-data/privilege-zones/certification) is a BHE feature available for zones only. +The process and screens for creating and editing rules is nearly the same for zones and labels. The primary difference is that [certification](/analyze-data/privilege-zones/certification) is a BloodHound Enterprise feature available for zones only. -Unless you're defining a rule as part of the zone or label creation process, be sure to specify a specific zone or label first. +Unless you're defining a rule as part of the zone or label creation process, be sure to select a specific zone or label on the **Zone Builder** page first. - + If you're defining a rule as part of the [zone or label](/analyze-data/privilege-zones/zones) creation process, skip to **Configure rule details** below. 1. In the left menu, click **Privilege Zones**. - 2. Click the **Zones** or **Labels** tab and select a specific zone or label. + 1. Click the **Zones** or **Labels** tab and select a specific zone or label. If you don't select a zone or label first, the new rule will be associated with the default zone or label selection when you open the page (top position in the **Zones** or **Labels** summary and detail view). @@ -76,7 +76,7 @@ Unless you're defining a rule as part of the zone or label creation process, be 1. Click **Create Rule**. - 2. Enter all relevant information for the rule: + 1. Enter all relevant information for the rule: Review [rule expansion](/analyze-data/privilege-zones/rules#rule-expansion) for more information about rule behavior. @@ -85,14 +85,14 @@ Unless you're defining a rule as part of the zone or label creation process, be | Name | Yes | A unique name for the rule (e.g., PCI Assets) | | Description | No | A brief description of the rule's purpose and scope (e.g., PCI assets) | | Rule Type | Yes | The type of rule to use (e.g., Object ID or Cypher) | - | Automatic Certification | No | ***\[BHE Only]*** An option to choose how BloodHound [certifies](#certification) new objects (available for zones only) | + | Automatic Certification | No | Enterprise Edition An option to choose how BloodHound [certifies](/analyze-data/privilege-zones/certification) new objects (available for zones only) | **Automatic Certification options** See [Certification](/analyze-data/privilege-zones/certification) to learn more. - * **Initial members**: Only objects directly matched by the rule are certified automatically (excludes objects added through [expansion](#rule-expansion), such as OUs and GPOs) - * **All members**: Every object is certified automatically, including those added through expansion + * **Direct Objects**: Only the objects directly matched by the rule are certified automatically (excludes objects added through [expansion](#rule-expansion), such as OUs and GPOs). These objects are shown separately in the **Sample Results** panel. + * **All Objects**: Every object (including those tied to direct objects through expansion) is certified automatically * **Off**: All certification is manual Define a rule @@ -103,25 +103,33 @@ Unless you're defining a rule as part of the zone or label creation process, be 1. In the **Object Rule** panel, type to search for an object by name or ID. - 2. Click the object to add it to the list of targeted objects. + 1. Click the object to add it to the list of targeted objects. - Object ID rule configuration + A view of the Zone Builder Object ID rule configuration - The **Sample Results** panel displays up to 200 sample results based on the selected object and [expansion](#rule-expansion) rules. + The **Sample Results** panel displays up to 200 sample results, separating directly selected objects from objects selected through [expansion](#rule-expansion). This helps you understand why your results may include more objects than initially expected. 1. Enter a Cypher query into the **Cypher Search** box. - 2. *(Optional)* To see sample results, click **Update Sample Results** above the Cypher query box. The first 200 results display in the **Sample Results** panel. + 1. Click **Update Sample Results** above the Cypher query box. The first 200 results display in the **Sample Results** panel, with directly selected objects separated from objects added through [expansion](#rule-expansion). - 3. *(Optional)* Click **View in Explore** to pivot to the **Explore** page and see results in the graph view. + 1. *(Optional)* Click **View in Explore** to pivot to the **Explore** page and see results in the graph view. - Cypher rule configuration + A view of the Zone Builder Cypher rule configuration - Adding the following object types will automatically include (→) more objects according to the definition below + Adding the following object types automatically includes more objects according to the definition below. The **Sample Results** panel displays these expanded objects separately from the directly selected objects. * `OU/Container` → All objects contained in the OU/container * `Group` → All objects with membership in the Group @@ -145,11 +153,30 @@ To edit or delete a rule, follow these steps: 1. In the left menu, click **Privilege Zones**. - 2. Click the **Zones** or **Labels** tab and open the **Detail View**. + 1. Click the **Zones** or **Labels** tab and open the **Detail View**. - 3. Select the zone or label that contains the rule that you want to edit or delete and select it. + 1. Select the zone or label that contains the rule that you want to edit or delete and select it. - Alternatively, you can use the search bar to quickly find rule if you know the name. + 1. Use one of the following methods to locate the rule you want to edit or delete: + + + + 1. Enter the name of the rule in the search bar. + + 1. Select the rule from the search results. + + 1. Click **Edit Rule** to open the rule details. + + + 1. Enter the object name or ID. + + 1. Select the object. + + 1. In the right panel, click the **Object** tab and expand the **Rule** accordion. + + 1. Click the ellipsis () beside the relevant rule and select **Edit**. + + @@ -161,29 +188,31 @@ To edit or delete a rule, follow these steps: Only users with the appropriate [permissions](/manage-bloodhound/auth/users-and-roles) can make changes. You cannot disable some [default rules](/analyze-data/privilege-zones/default-rules). - 1. Click **Edit** to open the rule details. - - 2. Make any necessary changes to the rule configuration. + 1. Make any necessary changes to the rule configuration. For example, you can modify the rule's name, description, rule type, and certification settings (available for zones only). - You can also disable or enable a rule by toggling the **Enabled** switch under the **Rule Status** section. + You can also disable or enable a rule by toggling the **Enabled** switch. - Edit a rule + A view of the Zone Builder edit rule page - 3. Click **Save Edits** to apply your changes. + 1. Click **Save Edits** to apply your changes. To delete a rule: - 1. Click **Delete Rule** at the bottom of the page + 1. Click **Delete Rule** at the top of the page. - 2. Confirm your action in the dialog. + 1. Confirm your action in the dialog. Confirm deletion of a custom rule - 3. Click **Confirm** to delete the rule. + 1. Click **Confirm** to delete the rule. @@ -209,6 +238,8 @@ For example, if an object is tagged by both a Tier Zero rule and a Tier One rule ### Object deleted from graph +Enterprise Edition + Objects are automatically deleted from the graph if they haven't been observed within the configured retention period. BloodHound stores a timestamp on every object that updates whenever a collection includes that object or references to it. This ensures your data remains fresh and accurate over time. By default, objects are retained for 7 days after they were last seen. For Active Directory environments with the AD recycle bin enabled, objects are retained in BloodHound until they've been permanently deleted from AD (after the tombstone lifetime, which defaults to 180 days) plus the configured retention period. diff --git a/docs/analyze-data/privilege-zones/zones.mdx b/docs/analyze-data/privilege-zones/zones.mdx index 2d8f26a1..ebb8824c 100644 --- a/docs/analyze-data/privilege-zones/zones.mdx +++ b/docs/analyze-data/privilege-zones/zones.mdx @@ -4,61 +4,74 @@ description: Organize and categorize objects in your environment using Privilege --- import RuleWarning from '/snippets/privilege-zones/rule-warning.mdx'; +import ContactSales from '/snippets/privilege-zones/contact-sales.mdx'; +import ZoneLabelViews from '/snippets/privilege-zones/zone-label-views.mdx'; +import DeleteZoneLabel from '/snippets/privilege-zones/delete-zone-label.mdx'; Applies to BloodHound Enterprise and CE Zones define hierarchical privilege levels in your environment based on a tiered administration model. The most common tiering model is [Microsoft's Enterprise Access Model](https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-access-model). -BloodHound uses zones to measure risk and detect violations. Each zone has a specific tier level (**Tier Zero** is the default and highest). You can create multiple zones (e.g., Tier One, Tier Two) to match your security model. +BloodHound uses zones to measure risk and detect violations. Each zone has a specific tier level (**Tier Zero** is the default and highest). -The **Zones** tab offers two views: + + + - The **Summary View** shows zone names, rule counts, member count, and their hierarchy relative to other zones (the top zone is most critical). + The **Summary View** shows zone names and their hierarchy relative to other zones (the top zone is most critical), rule counts, and object counts. Privilege Zones summary view - - The **Detail View** lists every rule and member that each rule pulls into the associated zone. + + The **Details View** displays all rules configured for the selected zone and the objects that they pull into the zone (organized by node type). Use the drop-down menus to filter the view by specific zones and domains in your environment. + + Select a rule or object to display more details in the right panel, including: + + - Rule definition and Cypher query + - Object properties and relationships + + BloodHound displays objects for enabled rules only. To view objects related to a disabled rule, you must re-enable it. - Use the **Domain Selector** beside the **Detail View** to filter the view by specific domains in your environment. Privilege Zones detail view + + Use the drop-down menus to filter the view by specific domains and zones in your environment. ### Create a zone +Enterprise Edition + Creating a zone involves configuring the zone details and defining a rule. - + In the left menu, click **Privilege Zones** > **Zones** > **Create Zone**. Enter all relevant information about the zone: - | Field | Required? | Description | - |-----------------------|:------------:|-------------------------------------------------------------------------------------------------------------------------| - | Name | Yes | A unique name for the zone (e.g., Server Tier) | - | Description | No | A brief description of the zone's purpose and scope (e.g., PCI assets) | - | Require Certification | No | **_[BHE Only]_** An option to mandate [certification](#certification) for all members within this zone | - | Enable Analysis | No | **_[BHE Only]_** An option to include this zone in risk analysis and Attack Path Findings | - | Apply Custom Glyph | No | **_[BHE Only]_** An option to apply a custom glyph to visually distinguish members of this zone in the **Explore** page | + | Field | Required? | Description | + |-----------------------|:------------:|-----------------------------------------------------------------------------------------------------------------------------| + | Name | Yes | A unique name for the zone (e.g., Server Tier) | + | Description | No | A brief description of the zone's purpose and scope (e.g., PCI assets) | + | Enable Certification | No | An option to mandate [certification](/analyze-data/privilege-zones/certification) for all objects within this zone | + | Enable Analysis | No | An option to include this zone in risk analysis and Attack Path Findings | + | Apply Custom Glyph | No | An option to apply a custom glyph to visually distinguish objects within this zone on the **Explore** page | Configure a new privilege zone @@ -75,12 +88,12 @@ Creating a zone involves configuring the zone details and defining a rule. |------------------------|:------------------:|-----------------------------------------------------------------------------------------------| | Name | Yes | A unique name for the rule (e.g., PCI Assets) | | Description | No | A brief description of the rule's purpose and scope (e.g., PCI assets) | - | Rule Type | Yes | The type of rule to use (e.g., Object ID or Cypher) | - | Automatic Certification| No | **_[BHE Only]_** An option to choose how BloodHound [certifies](#certification) new objects | + | Rule Type | Yes | The type of rule to use (e.g., Object ID or Cypher) | + | Automatic Certification| No | An option to choose how BloodHound Enterprise [certifies](/analyze-data/privilege-zones/certification) new objects | Define a rule for the privilege zone @@ -89,53 +102,81 @@ Creating a zone involves configuring the zone details and defining a rule. -### Edit or delete a zone +### Edit a zone -To edit or delete an existing zone, follow these steps: +Editing options depend on which edition of BloodHound you're using. In BloodHound Enterprise, you can edit all zone properties. In BloodHound Community Edition, you can edit the default **Tier Zero** zone description. -You cannot delete the default **Tier Zero** zone, but you can modify its properties. See [Modify Tier Zero](/get-started/security-boundaries/modifying-tier-zero) for more information. +To edit a zone, follow these steps: - Navigate to the **Zones** tab, select the zone you want to edit or delete, and click **Edit Zone**. + 1. In the left menu, click **Privilege Zones**. + + 1. By default, the **Tier Zero** zone is pre-selected. To edit a different zone in BloodHound Enterprise, select the zone you want to edit. + + **Tier Zero** is the only available zone for BloodHound Community Edition. + + A view of the Zone Builder edit zone page in BloodHound Community Edition + + 1. Click **Edit Zone**. - - Choose one of the following actions: + - - - To edit the zone: + Modify one of the available fields. - 1. Modify one of the available fields. + For example, you can modify the zone's name, description, [certification](/analyze-data/privilege-zones/certification) and analysis settings, and custom glyph. - For example, you can modify the zone's name, description, [certification](#certification) and analysis settings, and custom glyph. + In BloodHound Community Edition, you can edit the default **Tier Zero** zone description only. - 1. With the exception of the default **Tier Zero** zone, you can also change the zone's hierarchical position by using the vertical grip control () in the **Zone Order** panel to reorder it. + You can also change the zone's hierarchical position by using the (vertical grip control) in the **Zone Order** panel to reorder it. - Reorder privilege zones + Zone order is defined by privilege level, with the highest-privileged zone at the top. - 1. Click **Save Edits** to apply your changes. - + A view of the Zone Builder zone reorder control + + + Click **Save Edits** to apply your changes. + + + +### Delete a zone + +Enterprise Edition + +You cannot delete the default **Tier Zero** zone, but you can edit its properties. See [Modify Tier Zero](/get-started/security-boundaries/modifying-tier-zero) for more information. + + + +To delete an existing zone, follow these steps: + + + + Navigate to the **Zones** tab, select the zone you want to delete, and click **Edit Zone**. + + + - To delete the zone: - 1. Click **Delete Zone** at the bottom of the page. + 1. Click **Delete Zone** at the top of the page. 1. Confirm your action in the dialog. Confirm deletion of a custom privilege zone 1. Click **Confirm** to delete the zone. - - + + Zone deletion is not available in BloodHound Community Edition. diff --git a/docs/images/privzones/certification-environment.gif b/docs/images/privzones/certification-environment.gif new file mode 100644 index 00000000..9bcad296 Binary files /dev/null and b/docs/images/privzones/certification-environment.gif differ diff --git a/docs/images/privzones/certification-note-history.png b/docs/images/privzones/certification-note-history.png index 3adc030a..c17a0283 100644 Binary files a/docs/images/privzones/certification-note-history.png and b/docs/images/privzones/certification-note-history.png differ diff --git a/docs/images/privzones/certification-note.png b/docs/images/privzones/certification-note.png index b4851f8c..675ecb5a 100644 Binary files a/docs/images/privzones/certification-note.png and b/docs/images/privzones/certification-note.png differ diff --git a/docs/images/privzones/certification-status.gif b/docs/images/privzones/certification-status.gif index 8d90aa01..0ec31dfd 100644 Binary files a/docs/images/privzones/certification-status.gif and b/docs/images/privzones/certification-status.gif differ diff --git a/docs/images/privzones/certification.png b/docs/images/privzones/certification.png index c61d5472..63bc2c8f 100644 Binary files a/docs/images/privzones/certification.png and b/docs/images/privzones/certification.png differ diff --git a/docs/images/privzones/certifications-filter.png b/docs/images/privzones/certifications-filter.png deleted file mode 100644 index d1f454ec..00000000 Binary files a/docs/images/privzones/certifications-filter.png and /dev/null differ diff --git a/docs/images/privzones/certifications-search-filter.png b/docs/images/privzones/certifications-search-filter.png new file mode 100644 index 00000000..ea66d882 Binary files /dev/null and b/docs/images/privzones/certifications-search-filter.png differ diff --git a/docs/images/privzones/confirm-label-delete.png b/docs/images/privzones/confirm-label-delete.png index 7724bf2f..015d2152 100644 Binary files a/docs/images/privzones/confirm-label-delete.png and b/docs/images/privzones/confirm-label-delete.png differ diff --git a/docs/images/privzones/confirm-zone-delete.png b/docs/images/privzones/confirm-zone-delete.png index ee614e34..21345a00 100644 Binary files a/docs/images/privzones/confirm-zone-delete.png and b/docs/images/privzones/confirm-zone-delete.png differ diff --git a/docs/images/privzones/create-label.png b/docs/images/privzones/create-label.png index 613b3395..0eff7e02 100644 Binary files a/docs/images/privzones/create-label.png and b/docs/images/privzones/create-label.png differ diff --git a/docs/images/privzones/create-zone.png b/docs/images/privzones/create-zone.png index 328be57e..0161c18e 100644 Binary files a/docs/images/privzones/create-zone.png and b/docs/images/privzones/create-zone.png differ diff --git a/docs/images/privzones/cypher-rule-config.png b/docs/images/privzones/cypher-rule-config.png index d1df3710..cd7f8a37 100644 Binary files a/docs/images/privzones/cypher-rule-config.png and b/docs/images/privzones/cypher-rule-config.png differ diff --git a/docs/images/privzones/define-label-rule.png b/docs/images/privzones/define-label-rule.png index f959a218..4fb7fa97 100644 Binary files a/docs/images/privzones/define-label-rule.png and b/docs/images/privzones/define-label-rule.png differ diff --git a/docs/images/privzones/define-zone-rule.png b/docs/images/privzones/define-zone-rule.png index c39a06b8..3c98611e 100644 Binary files a/docs/images/privzones/define-zone-rule.png and b/docs/images/privzones/define-zone-rule.png differ diff --git a/docs/images/privzones/delete-rule-confirm.png b/docs/images/privzones/delete-rule-confirm.png index 1ae7336b..592e6af0 100644 Binary files a/docs/images/privzones/delete-rule-confirm.png and b/docs/images/privzones/delete-rule-confirm.png differ diff --git a/docs/images/privzones/edit-label-details-view.png b/docs/images/privzones/edit-label-details-view.png new file mode 100644 index 00000000..11163481 Binary files /dev/null and b/docs/images/privzones/edit-label-details-view.png differ diff --git a/docs/images/privzones/edit-label-summary-view.png b/docs/images/privzones/edit-label-summary-view.png new file mode 100644 index 00000000..1b2f67aa Binary files /dev/null and b/docs/images/privzones/edit-label-summary-view.png differ diff --git a/docs/images/privzones/edit-rule.png b/docs/images/privzones/edit-rule.png index 1493963d..9618b33b 100644 Binary files a/docs/images/privzones/edit-rule.png and b/docs/images/privzones/edit-rule.png differ diff --git a/docs/images/privzones/edit-zone.png b/docs/images/privzones/edit-zone.png new file mode 100644 index 00000000..e42ea6cf Binary files /dev/null and b/docs/images/privzones/edit-zone.png differ diff --git a/docs/images/privzones/history-log-filter.png b/docs/images/privzones/history-log-filter.png index 1d317f84..b88d95d0 100644 Binary files a/docs/images/privzones/history-log-filter.png and b/docs/images/privzones/history-log-filter.png differ diff --git a/docs/images/privzones/history-log.png b/docs/images/privzones/history-log.png index 894ddc36..4d27ec8a 100644 Binary files a/docs/images/privzones/history-log.png and b/docs/images/privzones/history-log.png differ diff --git a/docs/images/privzones/labels-detail-view.png b/docs/images/privzones/labels-detail-view.png index 591750f1..7c0dad76 100644 Binary files a/docs/images/privzones/labels-detail-view.png and b/docs/images/privzones/labels-detail-view.png differ diff --git a/docs/images/privzones/labels-summary-view.png b/docs/images/privzones/labels-summary-view.png index 520edd7e..d901e922 100644 Binary files a/docs/images/privzones/labels-summary-view.png and b/docs/images/privzones/labels-summary-view.png differ diff --git a/docs/images/privzones/objectid-rule-config.png b/docs/images/privzones/objectid-rule-config.png index 6826eed6..615d6d91 100644 Binary files a/docs/images/privzones/objectid-rule-config.png and b/docs/images/privzones/objectid-rule-config.png differ diff --git a/docs/images/privzones/reorder-zone.png b/docs/images/privzones/reorder-zone.png index 5d7068a6..d94ba9e1 100644 Binary files a/docs/images/privzones/reorder-zone.png and b/docs/images/privzones/reorder-zone.png differ diff --git a/docs/images/privzones/zones-detail-view.png b/docs/images/privzones/zones-detail-view.png index ee445493..70dfcd61 100644 Binary files a/docs/images/privzones/zones-detail-view.png and b/docs/images/privzones/zones-detail-view.png differ diff --git a/docs/images/privzones/zones-summary-view.png b/docs/images/privzones/zones-summary-view.png index 8bec3bd1..4ddfc838 100644 Binary files a/docs/images/privzones/zones-summary-view.png and b/docs/images/privzones/zones-summary-view.png differ diff --git a/docs/snippets/privilege-zones/contact-sales.mdx b/docs/snippets/privilege-zones/contact-sales.mdx new file mode 100644 index 00000000..18b6378f --- /dev/null +++ b/docs/snippets/privilege-zones/contact-sales.mdx @@ -0,0 +1,2 @@ +BloodHound Enterprise customers can [create](/analyze-data/privilege-zones/zones) additional zones to match their organization's security model. However, analyzing them requires the **Privilege Zone Analysis** feature (available for purchase). For more information, contact your sales representative. + diff --git a/docs/snippets/privilege-zones/delete-zone-label.mdx b/docs/snippets/privilege-zones/delete-zone-label.mdx new file mode 100644 index 00000000..6e19726e --- /dev/null +++ b/docs/snippets/privilege-zones/delete-zone-label.mdx @@ -0,0 +1 @@ +Deleting a {tab} is irreversible. \ No newline at end of file diff --git a/docs/snippets/privilege-zones/zone-label-views.mdx b/docs/snippets/privilege-zones/zone-label-views.mdx new file mode 100644 index 00000000..eb8ec9d7 --- /dev/null +++ b/docs/snippets/privilege-zones/zone-label-views.mdx @@ -0,0 +1 @@ +The **{tab}** tab provides different views depending on which edition of BloodHound you're using. The **Summary View** is available in BloodHound Enterprise only, while the **Details View** is available in both BloodHound Enterprise and BloodHound Community Edition. \ No newline at end of file