Tag
high
advisory
BloodHound Data Collection Activity
2 rules 6 TTPsAdversaries may use the SharpHound tool to collect Active Directory data, saving it into default JSON files for BloodHound analysis, potentially leading to privilege escalation or lateral movement.
Active Directory
bloodhound
active-directory
reconnaissance
privilege-escalation
2r
6t
medium
advisory
BloodHound Suite User-Agent Detected in Entra ID Sign-ins
3 rules 6 TTPsDetection of BloodHound tools like AzureHound and SharpHound being used to enumerate Microsoft Entra ID and Microsoft 365 environments, potentially indicating reconnaissance activity by red teams or malicious actors.
Microsoft Azure +2
azuread
bloodhound
enumeration
discovery
3r
6t