Enrichment failed

[JonasBK]

Issue created on the legacy repo by @janiskleinbergs
BloodHoundAD/BloodHound#689

Hello,
I managed to collect the data using azurehound windows binary from my Azure AD, but upon .json file ingest through Bloodhound CE gui I get a status - failed - Enrichment failed.
Did I missed that I have to configure anything additionally?

web gui console says:
Object { stack: "Ge@http://localhost:8080/ui/assets/index-b920366e.js:1277:85893\nwRe@http://localhost:8080/ui/assets/index-b920366e.js:1279:954\nf@http://localhost:8080/ui/assets/index-b920366e.js:1279:4111\n", message: "Request failed with status code 401", name: "AxiosError", code: "ERR_BAD_REQUEST", config: {…}, request: XMLHttpRequest, response: {…} }
​code: "ERR_BAD_REQUEST"
​config: Object { timeout: 0, xsrfCookieName: "XSRF-TOKEN", xsrfHeaderName: "X-XSRF-TOKEN", … }
​message: "Request failed with status code 401"
​name: "AxiosError"
​request: XMLHttpRequest { readyState: 4, timeout: 0, withCredentials: false, … }
​response: Object { data: {…}, status: 401, statusText: "Unauthorized", … }
​stack: "Ge@http://localhost:8080/ui/assets/index-b920366e.js:1277:85893\nwRe@http://localhost:8080/ui/assets/index-b920366e.js:1279:954\nf@http://localhost:8080/ui/assets/index-b920366e.js:1279:4111\n"
​: Object { constructor: Ge(e, t, n, r, i), toJSON: toJSON(), stack: "", … }
index-b920366e.js:269:24951
onError http://localhost:8080/ui/assets/index-b920366e.js:269
u http://localhost:8080/ui/assets/index-b920366e.js:269
d http://localhost:8080/ui/assets/index-b920366e.js:269

also Docker details panel upon ingest shows:
system32-bloodhound-1 | {"level":"error","time":"2023-08-14T08:22:05.139669565Z","message":"Analysis failed: Collected errors:\n\tError 0: error during azure post: property tenantid: property not found\n"}

[zinic]

@janiskleinbergs

If a tenantid property can not be found on a node then it may be possible that the ingest did not complete or was missing parts. Were there any other errors in the Docker log?

[janiskleinbergs]

@zinic
Ok, I checked ingest files, they definitely have Tenant ID specified (replaced original upon submitting)
"meta": {
"count": 1,
"type": "groups",
"version": 4
},
"data": [
{
"DisplayName": "Name",
"OnPremisesSecurityIdentifier": null,
"ObjectID": "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx",
"TenantID": "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx"

Seems there are no other errors, during ingestion I also get:
{"level":"error","time":"date_time","message":"Node 2 is missing property tenantid"}

Not sure what it means and how to work around it?
If it helps - Azure cloud AD is accessed remotely by azurehound data collector, seemingly everything was fine, no errors there...

If I understand correctly then Bloodhound CE itself doesn't need to be authenticated against AD? I mean it just represents the data which is collected by azurehound, which in turn is authenticated against AD upon data collection?

[StephenHinck]

This issue will appear when the Azure tenant object is missing the tenantid field specifically. Validate that is present on the output from AzureHound and potentially re-import. We have released several versions of AzureHound since with collection improvements. Please feel free to re-open if this issue persists with any applicable logs from AzureHound.