Skip to content

BloodHound CSV Format

Jump to bottom Edit New page
Andy Robbins edited this page Aug 6, 2016 · 3 revisions

If the results from Get-BloodHoundData are exported to CSV files with Export-BloodHoundCSV, the custom PSObjects returned are correlated and four separate CSV file types/formats are written to disk.

user_sessions.csv

This file preserves the information needed to specify which users are logged on where. It is fed by Get-NetSession/Get-NetLoggedOn/Invoke-UserHunter results. The weight attribute indicates the confidence in the relationship.

UserName,ComputerName,Weight
"john@domain.local","computer2.domain.local",1

group_memberships.csv

This file preserves the information needed to specify which groups/users are a member of which groups in a domain. It is fed by Get-NetGroupMember.

AccountName,AccountType,GroupName
"john@domain.local","user","GROUP1"
"computer3.testlab.local","computer","GROUP1"

local_admins.csv

This file preserves the information needed to specify which users/groups have local administrator rights on which systems in the domain. It is fed by Get-NetLocalGroup.

AccountName,AccountType,ComputerName
"john@domain.local","user","computer2.domain.local"

trusts.csv

This file preserves the information needed to specify the domain trusts that are reachable.

SourceDomain,TargetDomain,TrustDirection,TrustType,Transitive
"domain.local","dev.domain.local","Bidirectional","ParentChild","True"
Add a custom footer

Overview

  1. Home
  2. Getting started
  3. Building BloodHound from source
  4. Running BloodHound dev server

Data Collection

  1. Intro
  2. PowerShell ingestor
  3. CSV ingestion
  4. Ingestion through C2

Using the Interface

  1. Intro
  2. Users
  3. Computers
  4. Groups
  5. Pathfinding

Advanced

  1. Cypher query language
  2. BloodHound graph design
  3. neo4j REST API
  4. BloodHound CSV format
Clone this wiki locally