-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Collapse and Expand Group Members/Relationships #89
Comments
Perhaps your issue can be solved with a different query. Exactly which query are you using? |
@martinsohn -- This was indeed a simple query, it was just a complex environment. Was this tested in a very large environment? Either the exclusion of irrelevant edges (i.e., irrelevant to the simple attack path being queried) or the ability to collapse extraneous edges similar to how the old BloodHound could expand/collapse nodes would be really great. Please let me know if this makes sense. I can also provide a ton of other examples if needed. |
It would be helpful if you could isolate and share one of these scenarios of extraneous nodes and edges, also if you could share your query. I have just tested a User -> Domain Admin path in a complex environment (>160k nodes and millions of relationships), where the Attack Path went through Domain Users with CanRDP edge to 100's of systems. I cannot reproduce what I believe your issue looks like.
And this (not looking at DA):
In your scenario, were there any outgoing edges from the systems/nodes which Domain Users have CanRDP to?
Or like this (which is not a bug):
|
Feature Description:
Requesting the ability to collapse nodes that are automatically expanded in the UI. This feature was available in Ye Olde BloodHound. Without it, it makes working with large/complex AD environments very difficult in the UI.
Current Behavior:
I have a query from one node to another (not necessarily an exploitable one ;D) that shows thousands of "extra" nodes and edges. A node is a member of a large group that has relationships with other systems.
Currently, the UI expands out other similar edges that are unnecessary to the attack path being queried. For instance, in the below query, a group has
CanRDP
to hundreds/thousands of systems (it's the known "Citrix systems need CanRDP but don't actually allow RDP" issue -- used for demonstration as it's not a real issue).As seen below, the attack path is essentially unreadable and requires significant effort to make use of by zooming, rearranging, etc.
Desired Behavior:
Only the relevant nodes and edges to the attack path being queried should be shown. Ideally, there would be an option to expand or collapse groups as in Ye Olde BloodHound.
Use Case:
It will benefit users in large AD environments that have complex relationships by making the visualization readable.
The text was updated successfully, but these errors were encountered: