Prerequisites
Before you begin, ensure that the following prerequisites are met:
| Prerequisite | Description |
|---|
| Ensure graph database is PostgreSQL | For best performance, BloodHound requires PostgreSQL as the graph database rather than Neo4j |
| Configure and run the collector | Collects data from your GitHub organization and generates JSON files for upload to BloodHound. GitHound supports collection via Personal Access Token or GitHub App Installation. |
Register the Extension (BloodHound Enterprise Only)
The BloodHound extension feature is currently available in preview exclusively for BloodHound Enterprise customers. To get started, contact your account team.
The GitHound extension includes a schema that tells BloodHound how to model and analyze data from your GitHub organization. You must register the extension before you upload data generated by the GitHound collector.
Choose the registration approach that best fits your environment:
- Simple (recommended): Upload all required and optional schemas up front.
- Specific: Upload the required schemas first, then upload only the optional supporting schemas for the collectors you actively use.
Required Schemas
The GitHound extension bundle includes the required GitHound schema as well as a required SCIM schema.
Always upload the bh-scim-extension.json schema. It provides a shared model for provisioned users and groups across cloud identity providers and applications, which avoids creating integration-specific edges for each provider and app combination.
Optional Schemas
GitHound also includes optional supporting schemas for related data sources. These schemas enable additional node and edge types in BloodHound that are relevant to GitHub environments.
If you use GitHub with any of the supported data sources in your environment, upload the corresponding schema to ensure that the data is properly modeled in BloodHound.
| Data source | Optional schema file |
|---|
| Okta | bhe-okta-extension.json |
Upload Data to BloodHound
After you complete the prerequisites and register the extension or node icons, upload the data collected by GitHound to BloodHound.
Upload the generated githound_<orgId>.json file from the output directory to BloodHound.
If you do not have a GitHub Enterprise environment or want to test GitHound before collecting from your own environment, sample data sets are included in the ./samples/ directory of the GitHound repository.
Import Cypher Queries
GitHound provides custom Cypher queries to help you identify attack paths and misconfigurations in your GitHub organization. These queries are included in the saved-queries directory of the GitHound extension.
To use these queries, you must first import the saved-queries/*.json files into BloodHound. You can then run the queries on the Explore page.
Cypher queries that reference node or edge kinds not present in the database will fail without the extension schema (for example: failed to translate kinds: unable to map kinds: Okta_ApiServiceIntegration). Community Edition users can work around this by removing the unrecognized node and edge kinds from the queries until the extension schema becomes available for BloodHound Community Edition.
Next Steps
