Documentation Index
Fetch the complete documentation index at: https://specterops-enable-tls-feedback.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
OpenGraph extends BloodHound beyond Active Directory and Entra ID by letting you collect and ingest data from other identity providers, developer platforms, device management systems, and custom data sources.
OpenGraph is built on a flexible graph data model that supports custom nodes, edges, and properties. You can use it to model any system or environment as a graph to explore and analyze relationships and in BloodHound.
Graph structure
Graph structure affects what you can explore and analyze in BloodHound. To choose the right approach for your use case, it’s important to understand how generic and structured graphs differ and how each works with OpenGraph projects and extensions.Generic graphs
When OpenGraph was introduced in BloodHound v8.0.0, it required to conform to the basic node, edge, and metadata format only. It produced generic graphs to support basic exploration through Cypher queries (and later, node search). This enabled the BloodHound community to rapidly iterate and experiment with OpenGraph extensions to generate and ingest data payloads only. However, it also meant that OpenGraph data was not integrated with other BloodHound features and capabilities.Structured graphs
In BloodHound v9.0.0, SpecterOps expanded the capabilities of OpenGraph extensions by adding support for an . After installing an extension definition schema and uploading a data payload that conforms to it, BloodHound produces a structured graph. Structured graphs enable enhanced features and a more integrated experience in BloodHound. When an extension provides a structured graph with an extension definition schema, saved Cypher queries can run even when some expected data types are absent. For example, in an Okta environment where application credentials are stored only asClientSecrets (not JWKs), queries that reference Okta_JWK nodes would normally fail if those nodes are missing. With a structured graph, the Application Credentials saved query can reference both Okta_JWK and Okta_ClientSecret and still return expected results.
See the table below for a comparison of features available in structured and generic graphs:
| Feature | Structured | Generic |
|---|---|---|
| Node search | ||
| Cypher search | ||
| Bulk data removal | ||
| Pathfinding | ||
| Relationship-based findings1 | ||
| Remediation guidance1 | ||
| Risk metrics1 |
1 Findings, remediation guidance, and risk metrics are available in Enterprise only.
Next steps
To get started with OpenGraph, choose your next step based on your goals:Manage Extensions
Install extension definition schemas and manage OpenGraph extensions in BloodHound.
Build an Extension
Start by defining your extension’s schema, then format data payloads that conform to it.