Skip to content

Add guidance for variable analysis mode#335

Merged
jeff-matthews merged 4 commits into
release/v9.4.0from
variable-analysis-mode-clean
Jul 1, 2026
Merged

Add guidance for variable analysis mode#335
jeff-matthews merged 4 commits into
release/v9.4.0from
variable-analysis-mode-clean

Conversation

@jeff-matthews

@jeff-matthews jeff-matthews commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • Documentation
    • Added clearer guidance on analysis stages and when updates may run faster with Variable Analysis Mode.
    • Explained how Privilege Zone validation works and when results become visible after analysis completes.
    • Clarified tenant status behavior during analysis, including how scheduled analysis is handled.

Staging

https://specterops-variable-analysis-mode-clean.mintlify.site/analyze-data/findings/analysis

@jeff-matthews jeff-matthews self-assigned this Jun 30, 2026
@jeff-matthews jeff-matthews added the privilege-zones Docs related to Zone Builder and related privilege zone concepts and procedures label Jun 30, 2026
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9774cd8a-0641-4c5c-bc47-b6297df86114

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Walkthrough

This PR updates BloodHound Enterprise documentation across three MDX files to explain Variable Analysis Mode. Changes include a new "Analysis stages" section, a "Variable Analysis Mode" section, a repositioned remediation link, a Privilege Zone rule validation callout, an updated analysis-completion note, and a tenant status callout.

Changes

Variable Analysis Mode Documentation

Layer / File(s) Summary
Analysis stages and Variable Analysis Mode sections
docs/analyze-data/findings/analysis.mdx
Adds documentation of the default analysis pipeline order and a new section explaining how Variable Analysis Mode skips pre-processing for Privilege Zone updates; repositions the remediation-tracking link to the Posture page.
Privilege Zone rule validation and analysis notes
docs/analyze-data/privilege-zones/overview.mdx
Adds a callout describing the two-stage Cypher rule validation process and updates the analysis-completion note to mention Variable Analysis Mode's effect on timing.
Tenant status callout
docs/collect-data/enterprise-collection/monitor.mdx
Adds a callout clarifying that tenant status still shows "Analyzing" during variable analysis and that scheduled analysis always runs a full analysis.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Suggested labels

documentation

Poem

A rabbit hops through docs anew,
Tagging skipped, analysis flew! 🐇
Tenant status, calm and steady,
Privilege Zones updating, ready.
Three small files, one clear tale—
Variable Mode sets the trail. 🌿

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main documentation change about variable analysis mode guidance.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch variable-analysis-mode-clean

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@jeff-matthews

Copy link
Copy Markdown
Contributor Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/analyze-data/findings/analysis.mdx`:
- Around line 52-61: The Variable Analysis Mode description uses inconsistent
terminology by saying it skips the “pre-processing stages,” while the analysis
docs and stage naming in this section use “post-processing” terminology. Update
the wording in the Variable Analysis Mode paragraph to match the existing
analysis stage terms used elsewhere in analysis.mdx, keeping the rest of the
explanation intact.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b0f161c4-7883-4718-a54c-4a90150ce957

📥 Commits

Reviewing files that changed from the base of the PR and between 9cca09f and caf3f4d.

📒 Files selected for processing (3)
  • docs/analyze-data/findings/analysis.mdx
  • docs/analyze-data/privilege-zones/overview.mdx
  • docs/collect-data/enterprise-collection/monitor.mdx

Comment thread docs/analyze-data/findings/analysis.mdx

BloodHound Enterprise's analysis process includes several key steps that work together to surface findings and prioritize risk.

## Analysis stages

@jeff-matthews jeff-matthews Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This feels necessary to contextualize variable analysis mode, but I'm open to alternatives. I'm not sure if this accurately represents reality. If it's possible to separate analysis into stages like this, we'll also need a little more info about "tagging" and what differentiates it from other stages.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As long as we note to ourselves that line 22 needs to be modified once variable analysis GAs, that's fine.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noted. We're in a similar situation with OpenGraph Management at the moment.

@StephenHinck StephenHinck left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with this so long as you track ripping it all out later. I'm not sure how much depth you want to give EA flags across docs for things that will only live in EA for a short period as it could become a lot of churn and things to track.


BloodHound Enterprise's analysis process includes several key steps that work together to surface findings and prioritize risk.

## Analysis stages

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As long as we note to ourselves that line 22 needs to be modified once variable analysis GAs, that's fine.


<PostProcessedEdges />

## Variable Analysis Mode

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same thing here - this would need to be completely ripped out after GA, as it will just be "how the product works"

@jeff-matthews jeff-matthews merged commit c955435 into release/v9.4.0 Jul 1, 2026
3 checks passed
@jeff-matthews jeff-matthews deleted the variable-analysis-mode-clean branch July 1, 2026 17:06
@github-actions github-actions Bot locked and limited conversation to collaborators Jul 1, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

privilege-zones Docs related to Zone Builder and related privilege zone concepts and procedures v9.4.0

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants