Get Started
Auth
- POSTLogin to BloodHound
- POSTLogout of BloodHound
- GETGet self
- GETList SAML Providers
- GETGet all SAML sign on endpoints
- POSTCreate a New SAML Provider from Metadata
- GETGet SAML Provider
- DELDelete a SAML Provider
- GETList SSO Providers
- POSTCreate OIDC Provider
- POSTCreate a New SAML Provider from Metadata
- DELDelete SSO Provider
- PATCHUpdate SSO Provider
- GETGet SAML Provider Signing Certificate
Permissions
BloodHound Users
- GETList Users
- GETList Users Minimal
- POSTCreate a New User
- GETGet a user
- DELDelete a User
- PATCHUpdate a User
- PUTCreate or Set User Secret
- DELExpire User Secret
- POSTEnrolls user in multi-factor authentication
- DELUnenroll user from multi-factor authentication
- GETReturns MFA activation status for a user
- POSTActivates MFA for an enrolled user
Collectors
Collection Uploads
Audit
Config
Asset Isolation
- GETList all asset isolation groups
- POSTCreate an asset group
- POSTCreate Asset Group Tag Selector
- GETGet Asset Group Tag
- GETGet Asset Group Tags
- GETGet asset group by ID
- GETList asset group tag members by ID
- GETGet Asset Group Tag Selector
- GETGet Asset Group Tag selectors
- GETGet asset group tag selectors of a specific object by member id
- GETList asset group tag member count by kind
- GETList asset group tag members by selector
- GETList asset group tag selector member count by kind
- GETList asset group collections
- POSTPreview Selectors
- PUTUpdate an asset group
- PUTUpdate asset group selectors
- POSTUpdate asset group selectors
- PATCHUpdate Asset Group Tag Selector
- DELDelete an asset group
- DELDelete an asset group selector
- DELDelete Asset Group Tag Selector
- GETGet asset group custom member count
- GETList all asset isolation group members
- POSTCreate Asset Group Tag
- DELDelete an Asset Group Tag
- GETGet history records
- POSTSearch history records
- GETList asset group member count by kind
- POSTSearch Asset Group Tags
- PATCHUpdate Asset Group Tag
- GETGet certifications for privilege zones
- POSTCertify or Revoke Certification of Objects
Graph
Cypher
- GETList saved queries
- GETExport a saved query
- GETExport one or more saved queries
- POSTImport one or more cypher queries.
- POSTCreate a saved query
- PUTUpdate a saved query
- DELDelete a saved query
- PUTShare a saved query or set it to public
- DELRevokes permission of a saved query from users
- POSTRun a cypher query
Azure Entities
Computers
- GETGet computer entity info
- GETGet computer entity admin rights
- GETGet computer entity admins
- GETGet computer entity constrained delegation rights
- GETGet computer entity constrained users
- GETGet computer entity controllables
- GETGet computer entity controllers
- GETGet computer entity DCOM rights
- GETGet computer entity DCOM users
- GETGet computer entity group membership
- GETGet computer entity remote PowerShell rights
- GETGet computer entity remote PowerShell users
- GETGet computer entity RDP rights
- GETGet computer entity RDP users
- GETGet computer entity sessions
- GETGet computer entity SQL admins
Domains
- GETGet domain entity info
- PATCHUpdate the Domain entity
- GETGet domain entity computers
- GETGet domain entity controllers
- GETGet domain entity DC Syncers
- GETGet domain entity foreign admins
- GETGet domain entity foreign GPO controllers
- GETGet domain entity foregin groups
- GETGet domain entity foreign users
- GETGet domain entity GPOs
- GETGet domain entity groups
- GETGet domain entity inbound trusts
- GETGet domain entity linked GPOs
- GETGet domain entity OUs
- GETGet domain entity outbound trusts
- GETGet domain entity users
- GETGet ADCS escalations of Domain entity
GPOs
AIA CAs
Root CAs
Enterprise CAs
NT Auth Stores
Cert Templates
OUs
AD Users
- GETGet User entity info
- GETGet User entity admin rights
- GETGet User entity constrained delegation rights
- GETGet User entity controllables
- GETGet User entity controllers
- GETGet User entity DCOM rights
- GETGet User entity membership
- GETGet User entity PowerShell remote rights
- GETGet User entity RDP rights
- GETGet User entity sessions
- GETGet User entity SQL admin rights
Groups
- GETGet Group entity info
- GETGet Group entity admin rights
- GETGet Group entity controllables
- GETGet Group entity controllers
- GETGet Group entity DCOMRights
- GETGet Group entity members
- GETGet Group entity memberships
- GETGet Group entity PowerShell remote rights
- GETGet Group entity RDP rights
- GETGet Group entity sessions
Data Quality
Database
EULA
Analysis
Client Ingest
Clients
- GETList Clients
- POSTCreate Client
- POSTClient Error
- PUTUpdate Client Values
- GETGet Client
- PUTUpdate Client
- DELDelete Client
- PUTRegenerate the authentication token for a client
- GETList all completed tasks for a client
- GETList all completed jobs for a client
- POSTCreates a scheduled task
- POSTCreates a scheduled job
Jobs
Tasks
- GETList available client tasksdeprecated
- GETList finished tasksdeprecated
- GETGet tasksdeprecated
- GETGet client current taskdeprecated
- POSTNotifies the API of a task startdeprecated
- POSTNotifies the API of a task endingdeprecated
- GETGet client taskdeprecated
- PUTCancels a scheduled taskdeprecated
- GETGet Task Log Filedeprecated
Events (Schedules)
Attack Paths
Risk Posture
Meta Entities
Create a New User
Copy
Ask AI
curl --request POST \
--url https://bloodhound.specterops.io/openapi.json/api/v2/bloodhound-users \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"first_name": "<string>",
"last_name": "<string>",
"email_address": "jsmith@example.com",
"principal": "<string>",
"roles": [
123
],
"saml_provider_id": "<string>",
"sso_provider_id": {
"int32": 123,
"valid": true
},
"is_disabled": true,
"secret": "<string>",
"needs_password_reset": true
}
'Copy
Ask AI
{
"data": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"created_at": "2023-11-07T05:31:56Z",
"updated_at": "2023-11-07T05:31:56Z",
"deleted_at": {
"time": "2023-11-07T05:31:56Z",
"valid": true
},
"saml_provider_id": {
"int32": 123,
"valid": true
},
"sso_provider_id": {
"int32": 123,
"valid": true
},
"AuthSecret": {
"id": 123,
"created_at": "2023-11-07T05:31:56Z",
"updated_at": "2023-11-07T05:31:56Z",
"deleted_at": {
"time": "2023-11-07T05:31:56Z",
"valid": true
},
"digest_method": "<string>",
"expires_at": "2023-11-07T05:31:56Z",
"totp_activated": true
},
"roles": [
{
"id": 123,
"created_at": "2023-11-07T05:31:56Z",
"updated_at": "2023-11-07T05:31:56Z",
"deleted_at": {
"time": "2023-11-07T05:31:56Z",
"valid": true
},
"name": "<string>",
"description": "<string>",
"permissions": [
{
"id": 123,
"created_at": "2023-11-07T05:31:56Z",
"updated_at": "2023-11-07T05:31:56Z",
"deleted_at": {
"time": "2023-11-07T05:31:56Z",
"valid": true
},
"authority": "<string>",
"name": "<string>"
}
]
}
],
"first_name": {
"string": "<string>",
"valid": true
},
"last_name": {
"string": "<string>",
"valid": true
},
"email_address": {
"string": "<string>",
"valid": true
},
"principal_name": "<string>",
"last_login": "2023-11-07T05:31:56Z",
"is_disabled": true,
"eula_accepted": true
}
}BloodHound Users
Create a New User
Create a new BloodHound user.
POST
/
api
/
v2
/
bloodhound-users
Create a New User
Copy
Ask AI
curl --request POST \
--url https://bloodhound.specterops.io/openapi.json/api/v2/bloodhound-users \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"first_name": "<string>",
"last_name": "<string>",
"email_address": "jsmith@example.com",
"principal": "<string>",
"roles": [
123
],
"saml_provider_id": "<string>",
"sso_provider_id": {
"int32": 123,
"valid": true
},
"is_disabled": true,
"secret": "<string>",
"needs_password_reset": true
}
'Copy
Ask AI
{
"data": {
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"created_at": "2023-11-07T05:31:56Z",
"updated_at": "2023-11-07T05:31:56Z",
"deleted_at": {
"time": "2023-11-07T05:31:56Z",
"valid": true
},
"saml_provider_id": {
"int32": 123,
"valid": true
},
"sso_provider_id": {
"int32": 123,
"valid": true
},
"AuthSecret": {
"id": 123,
"created_at": "2023-11-07T05:31:56Z",
"updated_at": "2023-11-07T05:31:56Z",
"deleted_at": {
"time": "2023-11-07T05:31:56Z",
"valid": true
},
"digest_method": "<string>",
"expires_at": "2023-11-07T05:31:56Z",
"totp_activated": true
},
"roles": [
{
"id": 123,
"created_at": "2023-11-07T05:31:56Z",
"updated_at": "2023-11-07T05:31:56Z",
"deleted_at": {
"time": "2023-11-07T05:31:56Z",
"valid": true
},
"name": "<string>",
"description": "<string>",
"permissions": [
{
"id": 123,
"created_at": "2023-11-07T05:31:56Z",
"updated_at": "2023-11-07T05:31:56Z",
"deleted_at": {
"time": "2023-11-07T05:31:56Z",
"valid": true
},
"authority": "<string>",
"name": "<string>"
}
]
}
],
"first_name": {
"string": "<string>",
"valid": true
},
"last_name": {
"string": "<string>",
"valid": true
},
"email_address": {
"string": "<string>",
"valid": true
},
"principal_name": "<string>",
"last_login": "2023-11-07T05:31:56Z",
"is_disabled": true,
"eula_accepted": true
}
}
Authorizations
JWTBearerTokenSignedRequest & RequestDate & HMACSignature
Authorization: Bearer $JWT_TOKEN
Headers
Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240.
Body
application/json
The request body for creating a user
Deprecated. Use sso_provider_id instead.
ID of the SSO provider for this user
Show child attributes
Show child attributes
Response
OK
Show child attributes
Show child attributes
⌘I