From 9c74485ac435725a51c7db6034bb4c55f0e51ced Mon Sep 17 00:00:00 2001 From: Katie Strader Date: Wed, 15 Apr 2026 13:02:18 -0700 Subject: [PATCH 1/9] wip: creating latest-enterprise image tag, separate docker-compse.yml and set up example .dlt config folders --- .github/workflows/build-and-sign-container.yml | 4 ++-- .../docker-compose.yml | 0 .../docker-compose.yml | 16 ++++++---------- deployments/helm/openhound/README.md | 2 +- deployments/helm/values.example.yaml | 2 +- 5 files changed, 10 insertions(+), 14 deletions(-) rename docker-compose.yml => bloodhound-community/docker-compose.yml (100%) rename docker-compose.bhe.yml => bloodhound-enterprise/docker-compose.yml (78%) diff --git a/.github/workflows/build-and-sign-container.yml b/.github/workflows/build-and-sign-container.yml index ad15173..0f52c13 100644 --- a/.github/workflows/build-and-sign-container.yml +++ b/.github/workflows/build-and-sign-container.yml @@ -22,7 +22,7 @@ jobs: publish_latest: true - target: enterprise suffix: "-enterprise" - publish_latest: false + publish_latest: true env: DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY }} DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY }} @@ -58,7 +58,7 @@ jobs: TAGS="${{ steps.image-ref.outputs.version_tag }}" if [ "${{ matrix.publish_latest }}" = "true" ]; then - TAGS="${TAGS}"$'\n'"${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}:latest" + TAGS="${TAGS}"$'\n'"${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}:latest${{ matrix.suffix }}" fi { diff --git a/docker-compose.yml b/bloodhound-community/docker-compose.yml similarity index 100% rename from docker-compose.yml rename to bloodhound-community/docker-compose.yml diff --git a/docker-compose.bhe.yml b/bloodhound-enterprise/docker-compose.yml similarity index 78% rename from docker-compose.bhe.yml rename to bloodhound-enterprise/docker-compose.yml index ee3ad2d..59c757c 100644 --- a/docker-compose.bhe.yml +++ b/bloodhound-enterprise/docker-compose.yml @@ -1,5 +1,5 @@ x-scheduler: &scheduler - image: specterops/openhound:${IMAGE_VERSION:-0.1.0-enterprise} + image: specterops/openhound:latest-enterprise restart: unless-stopped init: true volumes: @@ -20,7 +20,7 @@ services: <<: *env DESTINATION__BLOODHOUNDENTERPRISE__COLLECTOR_NAME: jamf secrets: - - source: secrets_jamf + - source: secrets target: /app/.dlt/secrets.toml scheduler-github: @@ -29,7 +29,7 @@ services: <<: *env DESTINATION__BLOODHOUNDENTERPRISE__COLLECTOR_NAME: github secrets: - - source: secrets_github + - source: secrets target: /app/.dlt/secrets.toml - source: key_github target: /app/.dlt/github.pem @@ -40,19 +40,15 @@ services: <<: *env DESTINATION__BLOODHOUNDENTERPRISE__COLLECTOR_NAME: okta secrets: - - source: secrets_okta + - source: secrets target: /app/.dlt/secrets.toml - source: key_okta target: /app/.dlt/okta.json secrets: - secrets_jamf: - file: ${HOME}/.dlt/secrets_jamf.toml - secrets_github: - file: ${HOME}/.dlt/secrets_github.toml + secrets: + file: ${HOME}/.dlt/secrets.toml key_github: file: ${HOME}/.dlt/github.pem - secrets_okta: - file: ${HOME}/.dlt/secrets_okta.toml key_okta: file: ${HOME}/.dlt/okta.json diff --git a/deployments/helm/openhound/README.md b/deployments/helm/openhound/README.md index 15df3a8..a62a8d4 100644 --- a/deployments/helm/openhound/README.md +++ b/deployments/helm/openhound/README.md @@ -26,7 +26,7 @@ helm install -f values.yml openhound- ./deployments/helm/openhound # Example values for the JAMF collector image: repository: docker.io/specterops/openhound - tag: "0.1.0-enterprise" + tag: "latest-enterprise" # Optional environment variables. env: diff --git a/deployments/helm/values.example.yaml b/deployments/helm/values.example.yaml index 5a0bdc9..c24097b 100644 --- a/deployments/helm/values.example.yaml +++ b/deployments/helm/values.example.yaml @@ -1,7 +1,7 @@ # Example values for the JAMF collector image: repository: docker.io/specterops/openhound - tag: "0.1.0-enterprise" + tag: "latest-enterprise" # Optional environment variables. env: From 52630f2be936be7b64dfdddcfa783e9cef19cb93 Mon Sep 17 00:00:00 2001 From: Katie Strader Date: Wed, 15 Apr 2026 13:58:59 -0700 Subject: [PATCH 2/9] wip: reverting latest-enterprise --- .github/workflows/build-and-sign-container.yml | 4 ++-- bloodhound-enterprise/docker-compose.yml | 2 +- deployments/helm/openhound/README.md | 2 +- deployments/helm/values.example.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-and-sign-container.yml b/.github/workflows/build-and-sign-container.yml index 0f52c13..ad15173 100644 --- a/.github/workflows/build-and-sign-container.yml +++ b/.github/workflows/build-and-sign-container.yml @@ -22,7 +22,7 @@ jobs: publish_latest: true - target: enterprise suffix: "-enterprise" - publish_latest: true + publish_latest: false env: DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY }} DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY }} @@ -58,7 +58,7 @@ jobs: TAGS="${{ steps.image-ref.outputs.version_tag }}" if [ "${{ matrix.publish_latest }}" = "true" ]; then - TAGS="${TAGS}"$'\n'"${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}:latest${{ matrix.suffix }}" + TAGS="${TAGS}"$'\n'"${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}:latest" fi { diff --git a/bloodhound-enterprise/docker-compose.yml b/bloodhound-enterprise/docker-compose.yml index 59c757c..3c668d2 100644 --- a/bloodhound-enterprise/docker-compose.yml +++ b/bloodhound-enterprise/docker-compose.yml @@ -1,5 +1,5 @@ x-scheduler: &scheduler - image: specterops/openhound:latest-enterprise + image: specterops/openhound:0.1.1-enterprise restart: unless-stopped init: true volumes: diff --git a/deployments/helm/openhound/README.md b/deployments/helm/openhound/README.md index a62a8d4..cda77dc 100644 --- a/deployments/helm/openhound/README.md +++ b/deployments/helm/openhound/README.md @@ -26,7 +26,7 @@ helm install -f values.yml openhound- ./deployments/helm/openhound # Example values for the JAMF collector image: repository: docker.io/specterops/openhound - tag: "latest-enterprise" + tag: "0.1.1-enterprise" # Optional environment variables. env: diff --git a/deployments/helm/values.example.yaml b/deployments/helm/values.example.yaml index c24097b..2966be0 100644 --- a/deployments/helm/values.example.yaml +++ b/deployments/helm/values.example.yaml @@ -1,7 +1,7 @@ # Example values for the JAMF collector image: repository: docker.io/specterops/openhound - tag: "latest-enterprise" + tag: "0.1.1-enterprise" # Optional environment variables. env: From d28969c225e727846085fd835ac51fde6b8515cb Mon Sep 17 00:00:00 2001 From: Katie Strader Date: Wed, 15 Apr 2026 14:31:29 -0700 Subject: [PATCH 3/9] wip: revert image version --- bloodhound-enterprise/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bloodhound-enterprise/docker-compose.yml b/bloodhound-enterprise/docker-compose.yml index 3c668d2..70e6b96 100644 --- a/bloodhound-enterprise/docker-compose.yml +++ b/bloodhound-enterprise/docker-compose.yml @@ -1,5 +1,5 @@ x-scheduler: &scheduler - image: specterops/openhound:0.1.1-enterprise + image: specterops/openhound:${IMAGE_VERSION:-0.1.1-enterprise} restart: unless-stopped init: true volumes: From 490ad59cbb38f762354ff923997bb37237ef14d1 Mon Sep 17 00:00:00 2001 From: Katie Strader Date: Wed, 15 Apr 2026 14:55:36 -0700 Subject: [PATCH 4/9] wip: added .dlt examples for bhce and bhe --- bloodhound-community/.dlt-example/config.toml | 15 +++++++++++++ .../.dlt-example/secrets_jamf.toml | 4 ++++ .../.dlt-example/config.toml | 15 +++++++++++++ .../.dlt-example/secrets.toml | 22 +++++++++++++++++++ 4 files changed, 56 insertions(+) create mode 100644 bloodhound-community/.dlt-example/config.toml create mode 100644 bloodhound-community/.dlt-example/secrets_jamf.toml create mode 100644 bloodhound-enterprise/.dlt-example/config.toml create mode 100644 bloodhound-enterprise/.dlt-example/secrets.toml diff --git a/bloodhound-community/.dlt-example/config.toml b/bloodhound-community/.dlt-example/config.toml new file mode 100644 index 0000000..20fa117 --- /dev/null +++ b/bloodhound-community/.dlt-example/config.toml @@ -0,0 +1,15 @@ +[runtime] +http_show_error_body = true +log_cli_level = "WARNING" +log_format = "JSON" +log_rotate_when = "midnight" + +[extract] +workers = 8 + +[normalize] +workers = 3 + +[load] +delete_completed_jobs = true +truncate_staging_dataset = true diff --git a/bloodhound-community/.dlt-example/secrets_jamf.toml b/bloodhound-community/.dlt-example/secrets_jamf.toml new file mode 100644 index 0000000..15f88d1 --- /dev/null +++ b/bloodhound-community/.dlt-example/secrets_jamf.toml @@ -0,0 +1,4 @@ +[sources.source.jamf] +username = "myusername" +host = "https://tenant.jamfcloud.com" +password = "mypassword" \ No newline at end of file diff --git a/bloodhound-enterprise/.dlt-example/config.toml b/bloodhound-enterprise/.dlt-example/config.toml new file mode 100644 index 0000000..2319068 --- /dev/null +++ b/bloodhound-enterprise/.dlt-example/config.toml @@ -0,0 +1,15 @@ +[runtime] +http_show_error_body = true +log_cli_level = "WARNING" +log_format = "JSON" +log_rotate_when = "midnight" + +[extract] +workers = 8 + +[normalize] +workers = 3 + +[load] +delete_completed_jobs = true +truncate_staging_dataset = true \ No newline at end of file diff --git a/bloodhound-enterprise/.dlt-example/secrets.toml b/bloodhound-enterprise/.dlt-example/secrets.toml new file mode 100644 index 0000000..999f82c --- /dev/null +++ b/bloodhound-enterprise/.dlt-example/secrets.toml @@ -0,0 +1,22 @@ +[destination.bloodhoundenterprise] +interval = "300" +token_key = "client_token_key" +token_id = "client_token_id" +url = "bhe_url" + +[sources.source.github] +app_id = "myappid" +client_id = "myclientid" +key_path = "/app/.dlt/github.pem" +org_name = "myorgname" + +[sources.source.okta.credentials] +base_url = "https://mytenant.oktapreview.com" +client_id = "myclientid" +private_key_path = "/app/.dlt/okta.json" + +[sources.source.github] +app_id = "myappid" +client_id = "myclientid" +key_path = "/app/.dlt/github.pem" +org_name = "myorgname" \ No newline at end of file From 6b4d6848584e697bb3ca22e95445b73d55a5b460 Mon Sep 17 00:00:00 2001 From: Katie Strader Date: Wed, 22 Apr 2026 14:31:00 -0700 Subject: [PATCH 5/9] chore: separating out the collector extension secrets --- .../.dlt-example/secrets.toml | 22 ------------------- .../.dlt-example/secrets_github.toml | 11 ++++++++++ .../.dlt-example/secrets_jamf.toml | 10 +++++++++ .../.dlt-example/secrets_okta.toml | 10 +++++++++ bloodhound-enterprise/docker-compose.yml | 14 +++++++----- 5 files changed, 40 insertions(+), 27 deletions(-) delete mode 100644 bloodhound-enterprise/.dlt-example/secrets.toml create mode 100644 bloodhound-enterprise/.dlt-example/secrets_github.toml create mode 100644 bloodhound-enterprise/.dlt-example/secrets_jamf.toml create mode 100644 bloodhound-enterprise/.dlt-example/secrets_okta.toml diff --git a/bloodhound-enterprise/.dlt-example/secrets.toml b/bloodhound-enterprise/.dlt-example/secrets.toml deleted file mode 100644 index 999f82c..0000000 --- a/bloodhound-enterprise/.dlt-example/secrets.toml +++ /dev/null @@ -1,22 +0,0 @@ -[destination.bloodhoundenterprise] -interval = "300" -token_key = "client_token_key" -token_id = "client_token_id" -url = "bhe_url" - -[sources.source.github] -app_id = "myappid" -client_id = "myclientid" -key_path = "/app/.dlt/github.pem" -org_name = "myorgname" - -[sources.source.okta.credentials] -base_url = "https://mytenant.oktapreview.com" -client_id = "myclientid" -private_key_path = "/app/.dlt/okta.json" - -[sources.source.github] -app_id = "myappid" -client_id = "myclientid" -key_path = "/app/.dlt/github.pem" -org_name = "myorgname" \ No newline at end of file diff --git a/bloodhound-enterprise/.dlt-example/secrets_github.toml b/bloodhound-enterprise/.dlt-example/secrets_github.toml new file mode 100644 index 0000000..2dd2109 --- /dev/null +++ b/bloodhound-enterprise/.dlt-example/secrets_github.toml @@ -0,0 +1,11 @@ +[destination.bloodhoundenterprise] +interval = "300" +token_key = "client_token_key" +token_id = "client_token_id" +url = "bhe_url" + +[sources.source.github.credentials] +app_id = "myappid" +client_id = "myclientid" +key_path = "/app/.dlt/github.pem" +org_name = "myorgname" \ No newline at end of file diff --git a/bloodhound-enterprise/.dlt-example/secrets_jamf.toml b/bloodhound-enterprise/.dlt-example/secrets_jamf.toml new file mode 100644 index 0000000..af367b4 --- /dev/null +++ b/bloodhound-enterprise/.dlt-example/secrets_jamf.toml @@ -0,0 +1,10 @@ +[destination.bloodhoundenterprise] +interval = "300" +token_key = "client_token_key" +token_id = "client_token_id" +url = "bhe_url" + +[sources.source.jamf] +username = "myusername" +host = "https://mytenant.jamfcloud.com" +password = "mypassword" \ No newline at end of file diff --git a/bloodhound-enterprise/.dlt-example/secrets_okta.toml b/bloodhound-enterprise/.dlt-example/secrets_okta.toml new file mode 100644 index 0000000..a64c85c --- /dev/null +++ b/bloodhound-enterprise/.dlt-example/secrets_okta.toml @@ -0,0 +1,10 @@ +[destination.bloodhoundenterprise] +interval = "300" +token_key = "client_token_key" +token_id = "client_token_id" +url = "bhe_url" + +[sources.source.okta.credentials] +base_url = "https://mytenant.oktapreview.com" +client_id = "myclientid" +private_key_path = "/app/.dlt/okta.json" \ No newline at end of file diff --git a/bloodhound-enterprise/docker-compose.yml b/bloodhound-enterprise/docker-compose.yml index 70e6b96..739cf3c 100644 --- a/bloodhound-enterprise/docker-compose.yml +++ b/bloodhound-enterprise/docker-compose.yml @@ -20,7 +20,7 @@ services: <<: *env DESTINATION__BLOODHOUNDENTERPRISE__COLLECTOR_NAME: jamf secrets: - - source: secrets + - source: secrets_jamf target: /app/.dlt/secrets.toml scheduler-github: @@ -29,7 +29,7 @@ services: <<: *env DESTINATION__BLOODHOUNDENTERPRISE__COLLECTOR_NAME: github secrets: - - source: secrets + - source: secrets_github target: /app/.dlt/secrets.toml - source: key_github target: /app/.dlt/github.pem @@ -40,15 +40,19 @@ services: <<: *env DESTINATION__BLOODHOUNDENTERPRISE__COLLECTOR_NAME: okta secrets: - - source: secrets + - source: secrets_okta target: /app/.dlt/secrets.toml - source: key_okta target: /app/.dlt/okta.json secrets: - secrets: - file: ${HOME}/.dlt/secrets.toml + secrets_github: + file: ${HOME}/.dlt/secrets_github.toml key_github: file: ${HOME}/.dlt/github.pem + secrets_jamf: + file: ${HOME}/.dlt/secrets_jamf.toml + secrets_okta: + file: ${HOME}/.dlt/secrets_okta.toml key_okta: file: ${HOME}/.dlt/okta.json From ef8b3ccf6b629386a657c98f37e457d1ca23434b Mon Sep 17 00:00:00 2001 From: Katie Strader Date: Thu, 23 Apr 2026 09:57:20 -0700 Subject: [PATCH 6/9] chore: added some notes for quickstart and to point to configurations in the documentations --- bloodhound-community/.dlt-example/config.toml | 1 + .../.dlt-example/secrets_github.toml | 6 + .../.dlt-example/secrets_jamf.toml | 1 + .../.dlt-example/secrets_okta.toml | 5 + bloodhound-community/docker-compose.yml | 171 +++++++++++++++++- .../.dlt-example/config.toml | 1 + .../.dlt-example/secrets_github.toml | 2 + .../.dlt-example/secrets_jamf.toml | 2 + .../.dlt-example/secrets_okta.toml | 2 + bloodhound-enterprise/docker-compose.yml | 25 ++- 10 files changed, 204 insertions(+), 12 deletions(-) create mode 100644 bloodhound-community/.dlt-example/secrets_github.toml create mode 100644 bloodhound-community/.dlt-example/secrets_okta.toml diff --git a/bloodhound-community/.dlt-example/config.toml b/bloodhound-community/.dlt-example/config.toml index 20fa117..8122887 100644 --- a/bloodhound-community/.dlt-example/config.toml +++ b/bloodhound-community/.dlt-example/config.toml @@ -1,3 +1,4 @@ +# Example configuration: https://bloodhound.specterops.io/openhound/configuration [runtime] http_show_error_body = true log_cli_level = "WARNING" diff --git a/bloodhound-community/.dlt-example/secrets_github.toml b/bloodhound-community/.dlt-example/secrets_github.toml new file mode 100644 index 0000000..75946fb --- /dev/null +++ b/bloodhound-community/.dlt-example/secrets_github.toml @@ -0,0 +1,6 @@ +# Example configuration for github secrets: https://bloodhound.specterops.io/openhound/collectors/github/collect-data#example-configuration +[sources.source.github.credentials] +app_id = "myappid" +client_id = "myclientid" +key_path = "/app/.dlt/github.pem" +org_name = "myorgname" \ No newline at end of file diff --git a/bloodhound-community/.dlt-example/secrets_jamf.toml b/bloodhound-community/.dlt-example/secrets_jamf.toml index 15f88d1..392ae69 100644 --- a/bloodhound-community/.dlt-example/secrets_jamf.toml +++ b/bloodhound-community/.dlt-example/secrets_jamf.toml @@ -1,3 +1,4 @@ +# Example configuration for jamf secrets: https://bloodhound.specterops.io/openhound/collectors/jamf/collect-data#example-configuration [sources.source.jamf] username = "myusername" host = "https://tenant.jamfcloud.com" diff --git a/bloodhound-community/.dlt-example/secrets_okta.toml b/bloodhound-community/.dlt-example/secrets_okta.toml new file mode 100644 index 0000000..6769af8 --- /dev/null +++ b/bloodhound-community/.dlt-example/secrets_okta.toml @@ -0,0 +1,5 @@ +# Example configuration for okta secrets: https://bloodhound.specterops.io/openhound/collectors/okta/collect-data#example-configuration +[sources.source.okta.credentials] +base_url = "https://mytenant.oktapreview.com" +client_id = "myclientid" +private_key_path = "/app/.dlt/okta.json" \ No newline at end of file diff --git a/bloodhound-community/docker-compose.yml b/bloodhound-community/docker-compose.yml index c9d5a1c..58599e4 100644 --- a/bloodhound-community/docker-compose.yml +++ b/bloodhound-community/docker-compose.yml @@ -1,13 +1,18 @@ -# This is an example docker-compose file for running OpenHound with the JAMF collector. -# the output graph will be stored inside a named volume. You can copy the OpenGraph contents using the -# following command: ` cp :/tmp/output/graph ` +# Example docker-compose file for running OpenHound with Jamf, GitHub, and Okta collectors. +# The output graph is stored inside a named volume per collector. Copy the OpenGraph contents using: +# ` cp :/tmp/output/graph ` +# +# Quick-start: +# 1. Copy the .dlt-example folder to ${HOME}/.dlt and fill in your credentials. +# 2. Place any required key files (github.pem, okta.json) in ${HOME}/.dlt. +# 3. Pull image from SpecterOps Docker Hub: docker pull specterops/openhound:latest +# Or run to pull from docker-compose.yml: docker compose pull +# 4. Run all collectors: docker compose up -d +# Or run a single one: docker compose up -d scheduler-jamf x-cli: &cli image: specterops/openhound:latest restart: no - volumes: - - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro - - jamf-output:/tmp/output # These environment variables can also be set inside the ~/.dlt/config.toml file # and act as an example. Configuring openhound can be done using environment variables, @@ -17,13 +22,16 @@ x-cli: &cli EXTRACT__WORKERS: 8 LOG_CONTAINER: true - secrets: - - source: secrets_jamf - target: /app/.dlt/secrets.toml - services: + # --- Jamf --- collect-jamf: <<: *cli + volumes: + - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro + - jamf-output:/tmp/output + secrets: + - source: secrets_jamf + target: /app/.dlt/secrets.toml command: - collect - jamf @@ -32,6 +40,12 @@ services: preprocess-jamf: <<: *cli + volumes: + - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro + - jamf-output:/tmp/output + secrets: + - source: secrets_jamf + target: /app/.dlt/secrets.toml command: - preprocess - jamf @@ -44,6 +58,12 @@ services: convert-jamf: <<: *cli + volumes: + - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro + - jamf-output:/tmp/output + secrets: + - source: secrets_jamf + target: /app/.dlt/secrets.toml command: - convert - jamf @@ -55,9 +75,140 @@ services: preprocess-jamf: condition: service_completed_successfully + # --- GitHub --- + collect-github: + <<: *cli + volumes: + - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro + - github-output:/tmp/output + secrets: + - source: secrets_github + target: /app/.dlt/secrets.toml + - source: key_github + target: /app/.dlt/github.pem + command: + - collect + - github + - /tmp/output/raw + - --progress=log + + preprocess-github: + <<: *cli + volumes: + - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro + - github-output:/tmp/output + secrets: + - source: secrets_github + target: /app/.dlt/secrets.toml + - source: key_github + target: /app/.dlt/github.pem + command: + - preprocess + - github + - /tmp/output/raw/github + - /tmp/output/lookup.duckdb + - --progress=log + depends_on: + collect-github: + condition: service_completed_successfully + + convert-github: + <<: *cli + volumes: + - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro + - github-output:/tmp/output + secrets: + - source: secrets_github + target: /app/.dlt/secrets.toml + - source: key_github + target: /app/.dlt/github.pem + command: + - convert + - github + - /tmp/output/raw/github + - /tmp/output/graph + - --lookup-file=/tmp/output/lookup.duckdb + - --progress=log + depends_on: + preprocess-github: + condition: service_completed_successfully + + # --- Okta --- + collect-okta: + <<: *cli + volumes: + - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro + - okta-output:/tmp/output + secrets: + - source: secrets_okta + target: /app/.dlt/secrets.toml + - source: key_okta + target: /app/.dlt/okta.json + command: + - collect + - okta + - /tmp/output/raw + - --progress=log + + preprocess-okta: + <<: *cli + volumes: + - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro + - okta-output:/tmp/output + secrets: + - source: secrets_okta + target: /app/.dlt/secrets.toml + - source: key_okta + target: /app/.dlt/okta.json + command: + - preprocess + - okta + - /tmp/output/raw/okta + - /tmp/output/lookup.duckdb + - --progress=log + depends_on: + collect-okta: + condition: service_completed_successfully + + convert-okta: + <<: *cli + volumes: + - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro + - okta-output:/tmp/output + secrets: + - source: secrets_okta + target: /app/.dlt/secrets.toml + - source: key_okta + target: /app/.dlt/okta.json + command: + - convert + - okta + - /tmp/output/raw/okta + - /tmp/output/graph + - --lookup-file=/tmp/output/lookup.duckdb + - --progress=log + depends_on: + preprocess-okta: + condition: service_completed_successfully + volumes: jamf-output: + github-output: + okta-output: secrets: + # Jamf: username + password auth secrets_jamf: file: ${HOME}/.dlt/secrets_jamf.toml + + # GitHub: GitHub App auth (app_id, client_id, org_name) + private key PEM (github.pem) + secrets_github: + file: ${HOME}/.dlt/secrets_github.toml + key_github: + file: ${HOME}/.dlt/github.pem + + # Okta: OAuth client credentials (base_url, client_id) + private key JSON (okta.json) + secrets_okta: + file: ${HOME}/.dlt/secrets_okta.toml + key_okta: + file: ${HOME}/.dlt/okta.json diff --git a/bloodhound-enterprise/.dlt-example/config.toml b/bloodhound-enterprise/.dlt-example/config.toml index 2319068..ad8c353 100644 --- a/bloodhound-enterprise/.dlt-example/config.toml +++ b/bloodhound-enterprise/.dlt-example/config.toml @@ -1,3 +1,4 @@ +# Example configuration: https://bloodhound.specterops.io/openhound/enterprise#full-configuration-example [runtime] http_show_error_body = true log_cli_level = "WARNING" diff --git a/bloodhound-enterprise/.dlt-example/secrets_github.toml b/bloodhound-enterprise/.dlt-example/secrets_github.toml index 2dd2109..77e3d27 100644 --- a/bloodhound-enterprise/.dlt-example/secrets_github.toml +++ b/bloodhound-enterprise/.dlt-example/secrets_github.toml @@ -1,9 +1,11 @@ +# Example configuration for bhe secrets: https://bloodhound.specterops.io/openhound/enterprise#full-configuration-example [destination.bloodhoundenterprise] interval = "300" token_key = "client_token_key" token_id = "client_token_id" url = "bhe_url" +# Example configuration for github secrets: https://bloodhound.specterops.io/openhound/collectors/github/collect-data#example-configuration [sources.source.github.credentials] app_id = "myappid" client_id = "myclientid" diff --git a/bloodhound-enterprise/.dlt-example/secrets_jamf.toml b/bloodhound-enterprise/.dlt-example/secrets_jamf.toml index af367b4..5c7fc07 100644 --- a/bloodhound-enterprise/.dlt-example/secrets_jamf.toml +++ b/bloodhound-enterprise/.dlt-example/secrets_jamf.toml @@ -1,9 +1,11 @@ +# Example configuration for bhe secrets: https://bloodhound.specterops.io/openhound/enterprise#full-configuration-example [destination.bloodhoundenterprise] interval = "300" token_key = "client_token_key" token_id = "client_token_id" url = "bhe_url" +# Example configuration for jamf secrets: https://bloodhound.specterops.io/openhound/collectors/jamf/collect-data#example-configuration [sources.source.jamf] username = "myusername" host = "https://mytenant.jamfcloud.com" diff --git a/bloodhound-enterprise/.dlt-example/secrets_okta.toml b/bloodhound-enterprise/.dlt-example/secrets_okta.toml index a64c85c..31be493 100644 --- a/bloodhound-enterprise/.dlt-example/secrets_okta.toml +++ b/bloodhound-enterprise/.dlt-example/secrets_okta.toml @@ -1,9 +1,11 @@ +# Example configuration for bhe secrets: https://bloodhound.specterops.io/openhound/enterprise#full-configuration-example [destination.bloodhoundenterprise] interval = "300" token_key = "client_token_key" token_id = "client_token_id" url = "bhe_url" +# Example configuration for okta secrets: https://bloodhound.specterops.io/openhound/collectors/okta/collect-data#example-configuration [sources.source.okta.credentials] base_url = "https://mytenant.oktapreview.com" client_id = "myclientid" diff --git a/bloodhound-enterprise/docker-compose.yml b/bloodhound-enterprise/docker-compose.yml index 739cf3c..f49664e 100644 --- a/bloodhound-enterprise/docker-compose.yml +++ b/bloodhound-enterprise/docker-compose.yml @@ -1,3 +1,13 @@ +# Quick-start: +# 1. Copy the .dlt-example folder to ${HOME}/.dlt and fill in your credentials. +# 2. Place any required key files (github.pem, okta.json) in ${HOME}/.dlt. +# 3. Pull image from SpecterOps Docker Hub: docker pull specterops/openhound:0.1.1-enterprise +# Or run to pull from docker-compose.yml: docker compose pull +# 4. Run all collectors: docker compose up -d +# Or run a single one: docker compose up -d scheduler-jamf +# +# Full configuration reference: https://bloodhound.specterops.io/openhound/enterprise + x-scheduler: &scheduler image: specterops/openhound:${IMAGE_VERSION:-0.1.1-enterprise} restart: unless-stopped @@ -14,6 +24,7 @@ x-scheduler: &scheduler LOG_CONTAINER: true services: + # --- Jamf --- scheduler-jamf: <<: *scheduler environment: @@ -23,6 +34,7 @@ services: - source: secrets_jamf target: /app/.dlt/secrets.toml + # --- GitHub --- scheduler-github: <<: *scheduler environment: @@ -34,6 +46,7 @@ services: - source: key_github target: /app/.dlt/github.pem + # --- Okta --- scheduler-okta: <<: *scheduler environment: @@ -46,12 +59,20 @@ services: target: /app/.dlt/okta.json secrets: + # Copy the .dlt-example folder to ${HOME}/.dlt as a starting point for each secrets file. + # Each secrets file must also contain [destination.bloodhoundenterprise] with url, token_id, and token_key. + + # Jamf: username + password auth + secrets_jamf: + file: ${HOME}/.dlt/secrets_jamf.toml + + # GitHub: GitHub App auth (app_id, client_id, org_name) + private key PEM (github.pem) secrets_github: file: ${HOME}/.dlt/secrets_github.toml key_github: file: ${HOME}/.dlt/github.pem - secrets_jamf: - file: ${HOME}/.dlt/secrets_jamf.toml + + # Okta: OAuth client credentials (base_url, client_id) + private key JSON (okta.json) secrets_okta: file: ${HOME}/.dlt/secrets_okta.toml key_okta: From b428fca149c49f2374375c99d6361652ed8f5159 Mon Sep 17 00:00:00 2001 From: Katie Strader Date: Thu, 23 Apr 2026 12:02:22 -0700 Subject: [PATCH 7/9] chore: added new line at the end of toml files, added warning to make sure .dlt exists, updated docker-compose.yml to include github and okta along with jamf, redeuced volume and secrets by adding per-collector YAML anchors, similar to how the x-cli anchor works --- .../.dlt-example/secrets_github.toml | 2 +- .../.dlt-example/secrets_jamf.toml | 2 +- .../.dlt-example/secrets_okta.toml | 2 +- bloodhound-community/docker-compose.yml | 127 +++++++----------- .../.dlt-example/config.toml | 2 +- .../.dlt-example/secrets_github.toml | 2 +- .../.dlt-example/secrets_jamf.toml | 2 +- .../.dlt-example/secrets_okta.toml | 2 +- bloodhound-enterprise/docker-compose.yml | 4 + 9 files changed, 56 insertions(+), 89 deletions(-) diff --git a/bloodhound-community/.dlt-example/secrets_github.toml b/bloodhound-community/.dlt-example/secrets_github.toml index 75946fb..5d34e7d 100644 --- a/bloodhound-community/.dlt-example/secrets_github.toml +++ b/bloodhound-community/.dlt-example/secrets_github.toml @@ -3,4 +3,4 @@ app_id = "myappid" client_id = "myclientid" key_path = "/app/.dlt/github.pem" -org_name = "myorgname" \ No newline at end of file +org_name = "myorgname" diff --git a/bloodhound-community/.dlt-example/secrets_jamf.toml b/bloodhound-community/.dlt-example/secrets_jamf.toml index 392ae69..8908dbf 100644 --- a/bloodhound-community/.dlt-example/secrets_jamf.toml +++ b/bloodhound-community/.dlt-example/secrets_jamf.toml @@ -2,4 +2,4 @@ [sources.source.jamf] username = "myusername" host = "https://tenant.jamfcloud.com" -password = "mypassword" \ No newline at end of file +password = "mypassword" diff --git a/bloodhound-community/.dlt-example/secrets_okta.toml b/bloodhound-community/.dlt-example/secrets_okta.toml index 6769af8..1dede40 100644 --- a/bloodhound-community/.dlt-example/secrets_okta.toml +++ b/bloodhound-community/.dlt-example/secrets_okta.toml @@ -2,4 +2,4 @@ [sources.source.okta.credentials] base_url = "https://mytenant.oktapreview.com" client_id = "myclientid" -private_key_path = "/app/.dlt/okta.json" \ No newline at end of file +private_key_path = "/app/.dlt/okta.json" diff --git a/bloodhound-community/docker-compose.yml b/bloodhound-community/docker-compose.yml index 58599e4..fdcaa8d 100644 --- a/bloodhound-community/docker-compose.yml +++ b/bloodhound-community/docker-compose.yml @@ -1,6 +1,5 @@ # Example docker-compose file for running OpenHound with Jamf, GitHub, and Okta collectors. -# The output graph is stored inside a named volume per collector. Copy the OpenGraph contents using: -# ` cp :/tmp/output/graph ` +# Collector output is written to local bind-mount directories under ./output//. # # Quick-start: # 1. Copy the .dlt-example folder to ${HOME}/.dlt and fill in your credentials. @@ -9,6 +8,10 @@ # Or run to pull from docker-compose.yml: docker compose pull # 4. Run all collectors: docker compose up -d # Or run a single one: docker compose up -d scheduler-jamf +# +# WARNING: All config and secret files referenced below MUST exist before running +# `docker compose up`. If they are missing, Docker will create them as directories, +# which will cause the collector to fail. Follow the Quick-start steps above first. x-cli: &cli image: specterops/openhound:latest @@ -22,16 +25,41 @@ x-cli: &cli EXTRACT__WORKERS: 8 LOG_CONTAINER: true +x-jamf: &jamf + <<: *cli + volumes: + - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro + - ./output/jamf:/tmp/output + secrets: + - source: secrets_jamf + target: /app/.dlt/secrets.toml + +x-github: &github + <<: *cli + volumes: + - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro + - ./output/github:/tmp/output + secrets: + - source: secrets_github + target: /app/.dlt/secrets.toml + - source: key_github + target: /app/.dlt/github.pem + +x-okta: &okta + <<: *cli + volumes: + - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro + - ./output/okta:/tmp/output + secrets: + - source: secrets_okta + target: /app/.dlt/secrets.toml + - source: key_okta + target: /app/.dlt/okta.json + services: # --- Jamf --- collect-jamf: - <<: *cli - volumes: - - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro - - jamf-output:/tmp/output - secrets: - - source: secrets_jamf - target: /app/.dlt/secrets.toml + <<: *jamf command: - collect - jamf @@ -39,13 +67,7 @@ services: - --progress=log preprocess-jamf: - <<: *cli - volumes: - - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro - - jamf-output:/tmp/output - secrets: - - source: secrets_jamf - target: /app/.dlt/secrets.toml + <<: *jamf command: - preprocess - jamf @@ -57,13 +79,7 @@ services: condition: service_completed_successfully convert-jamf: - <<: *cli - volumes: - - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro - - jamf-output:/tmp/output - secrets: - - source: secrets_jamf - target: /app/.dlt/secrets.toml + <<: *jamf command: - convert - jamf @@ -77,15 +93,7 @@ services: # --- GitHub --- collect-github: - <<: *cli - volumes: - - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro - - github-output:/tmp/output - secrets: - - source: secrets_github - target: /app/.dlt/secrets.toml - - source: key_github - target: /app/.dlt/github.pem + <<: *github command: - collect - github @@ -93,15 +101,7 @@ services: - --progress=log preprocess-github: - <<: *cli - volumes: - - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro - - github-output:/tmp/output - secrets: - - source: secrets_github - target: /app/.dlt/secrets.toml - - source: key_github - target: /app/.dlt/github.pem + <<: *github command: - preprocess - github @@ -113,15 +113,7 @@ services: condition: service_completed_successfully convert-github: - <<: *cli - volumes: - - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro - - github-output:/tmp/output - secrets: - - source: secrets_github - target: /app/.dlt/secrets.toml - - source: key_github - target: /app/.dlt/github.pem + <<: *github command: - convert - github @@ -135,15 +127,7 @@ services: # --- Okta --- collect-okta: - <<: *cli - volumes: - - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro - - okta-output:/tmp/output - secrets: - - source: secrets_okta - target: /app/.dlt/secrets.toml - - source: key_okta - target: /app/.dlt/okta.json + <<: *okta command: - collect - okta @@ -151,15 +135,7 @@ services: - --progress=log preprocess-okta: - <<: *cli - volumes: - - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro - - okta-output:/tmp/output - secrets: - - source: secrets_okta - target: /app/.dlt/secrets.toml - - source: key_okta - target: /app/.dlt/okta.json + <<: *okta command: - preprocess - okta @@ -171,15 +147,7 @@ services: condition: service_completed_successfully convert-okta: - <<: *cli - volumes: - - ${HOME}/.dlt/config.toml:/app/.dlt/config.toml:ro - - okta-output:/tmp/output - secrets: - - source: secrets_okta - target: /app/.dlt/secrets.toml - - source: key_okta - target: /app/.dlt/okta.json + <<: *okta command: - convert - okta @@ -191,11 +159,6 @@ services: preprocess-okta: condition: service_completed_successfully -volumes: - jamf-output: - github-output: - okta-output: - secrets: # Jamf: username + password auth secrets_jamf: diff --git a/bloodhound-enterprise/.dlt-example/config.toml b/bloodhound-enterprise/.dlt-example/config.toml index ad8c353..119f7f9 100644 --- a/bloodhound-enterprise/.dlt-example/config.toml +++ b/bloodhound-enterprise/.dlt-example/config.toml @@ -13,4 +13,4 @@ workers = 3 [load] delete_completed_jobs = true -truncate_staging_dataset = true \ No newline at end of file +truncate_staging_dataset = true diff --git a/bloodhound-enterprise/.dlt-example/secrets_github.toml b/bloodhound-enterprise/.dlt-example/secrets_github.toml index 77e3d27..45d062b 100644 --- a/bloodhound-enterprise/.dlt-example/secrets_github.toml +++ b/bloodhound-enterprise/.dlt-example/secrets_github.toml @@ -10,4 +10,4 @@ url = "bhe_url" app_id = "myappid" client_id = "myclientid" key_path = "/app/.dlt/github.pem" -org_name = "myorgname" \ No newline at end of file +org_name = "myorgname" diff --git a/bloodhound-enterprise/.dlt-example/secrets_jamf.toml b/bloodhound-enterprise/.dlt-example/secrets_jamf.toml index 5c7fc07..c4aef0d 100644 --- a/bloodhound-enterprise/.dlt-example/secrets_jamf.toml +++ b/bloodhound-enterprise/.dlt-example/secrets_jamf.toml @@ -9,4 +9,4 @@ url = "bhe_url" [sources.source.jamf] username = "myusername" host = "https://mytenant.jamfcloud.com" -password = "mypassword" \ No newline at end of file +password = "mypassword" diff --git a/bloodhound-enterprise/.dlt-example/secrets_okta.toml b/bloodhound-enterprise/.dlt-example/secrets_okta.toml index 31be493..cc667ea 100644 --- a/bloodhound-enterprise/.dlt-example/secrets_okta.toml +++ b/bloodhound-enterprise/.dlt-example/secrets_okta.toml @@ -9,4 +9,4 @@ url = "bhe_url" [sources.source.okta.credentials] base_url = "https://mytenant.oktapreview.com" client_id = "myclientid" -private_key_path = "/app/.dlt/okta.json" \ No newline at end of file +private_key_path = "/app/.dlt/okta.json" diff --git a/bloodhound-enterprise/docker-compose.yml b/bloodhound-enterprise/docker-compose.yml index f49664e..dd0e62e 100644 --- a/bloodhound-enterprise/docker-compose.yml +++ b/bloodhound-enterprise/docker-compose.yml @@ -6,6 +6,10 @@ # 4. Run all collectors: docker compose up -d # Or run a single one: docker compose up -d scheduler-jamf # +# WARNING: All config and secret files referenced below MUST exist before running +# `docker compose up`. If they are missing, Docker will create them as directories, +# which will cause the collector to fail. Follow the Quick-start steps above first. +# # Full configuration reference: https://bloodhound.specterops.io/openhound/enterprise x-scheduler: &scheduler From 851b6ae71b6b09752416666600920ef72325f0f0 Mon Sep 17 00:00:00 2001 From: Katie Strader Date: Thu, 23 Apr 2026 13:12:59 -0700 Subject: [PATCH 8/9] chore: moved bloodhound-community and bloodhound-enterprise to folder example-configurations, added READMEs to both folders for quick start --- .../.dlt-example/config.toml | 0 .../.dlt-example/secrets_github.toml | 0 .../.dlt-example/secrets_jamf.toml | 0 .../.dlt-example/secrets_okta.toml | 0 .../bloodhound-community/README.md | 16 ++++++++++++++++ .../bloodhound-community}/docker-compose.yml | 15 --------------- .../.dlt-example/config.toml | 0 .../.dlt-example/secrets_github.toml | 0 .../.dlt-example/secrets_jamf.toml | 0 .../.dlt-example/secrets_okta.toml | 0 .../bloodhound-enterprise/README.md | 15 +++++++++++++++ .../bloodhound-enterprise}/docker-compose.yml | 14 -------------- 12 files changed, 31 insertions(+), 29 deletions(-) rename {bloodhound-community => example-configurations/bloodhound-community}/.dlt-example/config.toml (100%) rename {bloodhound-community => example-configurations/bloodhound-community}/.dlt-example/secrets_github.toml (100%) rename {bloodhound-community => example-configurations/bloodhound-community}/.dlt-example/secrets_jamf.toml (100%) rename {bloodhound-community => example-configurations/bloodhound-community}/.dlt-example/secrets_okta.toml (100%) create mode 100644 example-configurations/bloodhound-community/README.md rename {bloodhound-community => example-configurations/bloodhound-community}/docker-compose.yml (80%) rename {bloodhound-enterprise => example-configurations/bloodhound-enterprise}/.dlt-example/config.toml (100%) rename {bloodhound-enterprise => example-configurations/bloodhound-enterprise}/.dlt-example/secrets_github.toml (100%) rename {bloodhound-enterprise => example-configurations/bloodhound-enterprise}/.dlt-example/secrets_jamf.toml (100%) rename {bloodhound-enterprise => example-configurations/bloodhound-enterprise}/.dlt-example/secrets_okta.toml (100%) create mode 100644 example-configurations/bloodhound-enterprise/README.md rename {bloodhound-enterprise => example-configurations/bloodhound-enterprise}/docker-compose.yml (71%) diff --git a/bloodhound-community/.dlt-example/config.toml b/example-configurations/bloodhound-community/.dlt-example/config.toml similarity index 100% rename from bloodhound-community/.dlt-example/config.toml rename to example-configurations/bloodhound-community/.dlt-example/config.toml diff --git a/bloodhound-community/.dlt-example/secrets_github.toml b/example-configurations/bloodhound-community/.dlt-example/secrets_github.toml similarity index 100% rename from bloodhound-community/.dlt-example/secrets_github.toml rename to example-configurations/bloodhound-community/.dlt-example/secrets_github.toml diff --git a/bloodhound-community/.dlt-example/secrets_jamf.toml b/example-configurations/bloodhound-community/.dlt-example/secrets_jamf.toml similarity index 100% rename from bloodhound-community/.dlt-example/secrets_jamf.toml rename to example-configurations/bloodhound-community/.dlt-example/secrets_jamf.toml diff --git a/bloodhound-community/.dlt-example/secrets_okta.toml b/example-configurations/bloodhound-community/.dlt-example/secrets_okta.toml similarity index 100% rename from bloodhound-community/.dlt-example/secrets_okta.toml rename to example-configurations/bloodhound-community/.dlt-example/secrets_okta.toml diff --git a/example-configurations/bloodhound-community/README.md b/example-configurations/bloodhound-community/README.md new file mode 100644 index 0000000..9e09224 --- /dev/null +++ b/example-configurations/bloodhound-community/README.md @@ -0,0 +1,16 @@ +## Quick-start + + 1. Copy the contents from `bloodhound-community` folder to `${HOME}` and fill in your credentials in `.dlt`. + 2. Place any required key files (github.pem, okta.json) in `${HOME}/.dlt`. + 3. Pull image from SpecterOps Docker Hub: `docker pull specterops/openhound:latest` + or run to pull from docker-compose.yml: `docker compose pull` + 4. Run all collectors: `docker compose up -d` + or run a single one: `docker compose up -d collect-jamf preprocess-jamf convert-jamf` + + Example docker-compose file for running OpenHound with Jamf, GitHub, and Okta collectors. + Collector output is written to local bind-mount directories under `./output//`. + +## WARNING: + All config and secret files referenced below MUST exist before running + `docker compose up`. If they are missing, Docker will create them as directories, + which will cause the collector to fail. \ No newline at end of file diff --git a/bloodhound-community/docker-compose.yml b/example-configurations/bloodhound-community/docker-compose.yml similarity index 80% rename from bloodhound-community/docker-compose.yml rename to example-configurations/bloodhound-community/docker-compose.yml index fdcaa8d..2bc6e7e 100644 --- a/bloodhound-community/docker-compose.yml +++ b/example-configurations/bloodhound-community/docker-compose.yml @@ -1,18 +1,3 @@ -# Example docker-compose file for running OpenHound with Jamf, GitHub, and Okta collectors. -# Collector output is written to local bind-mount directories under ./output//. -# -# Quick-start: -# 1. Copy the .dlt-example folder to ${HOME}/.dlt and fill in your credentials. -# 2. Place any required key files (github.pem, okta.json) in ${HOME}/.dlt. -# 3. Pull image from SpecterOps Docker Hub: docker pull specterops/openhound:latest -# Or run to pull from docker-compose.yml: docker compose pull -# 4. Run all collectors: docker compose up -d -# Or run a single one: docker compose up -d scheduler-jamf -# -# WARNING: All config and secret files referenced below MUST exist before running -# `docker compose up`. If they are missing, Docker will create them as directories, -# which will cause the collector to fail. Follow the Quick-start steps above first. - x-cli: &cli image: specterops/openhound:latest restart: no diff --git a/bloodhound-enterprise/.dlt-example/config.toml b/example-configurations/bloodhound-enterprise/.dlt-example/config.toml similarity index 100% rename from bloodhound-enterprise/.dlt-example/config.toml rename to example-configurations/bloodhound-enterprise/.dlt-example/config.toml diff --git a/bloodhound-enterprise/.dlt-example/secrets_github.toml b/example-configurations/bloodhound-enterprise/.dlt-example/secrets_github.toml similarity index 100% rename from bloodhound-enterprise/.dlt-example/secrets_github.toml rename to example-configurations/bloodhound-enterprise/.dlt-example/secrets_github.toml diff --git a/bloodhound-enterprise/.dlt-example/secrets_jamf.toml b/example-configurations/bloodhound-enterprise/.dlt-example/secrets_jamf.toml similarity index 100% rename from bloodhound-enterprise/.dlt-example/secrets_jamf.toml rename to example-configurations/bloodhound-enterprise/.dlt-example/secrets_jamf.toml diff --git a/bloodhound-enterprise/.dlt-example/secrets_okta.toml b/example-configurations/bloodhound-enterprise/.dlt-example/secrets_okta.toml similarity index 100% rename from bloodhound-enterprise/.dlt-example/secrets_okta.toml rename to example-configurations/bloodhound-enterprise/.dlt-example/secrets_okta.toml diff --git a/example-configurations/bloodhound-enterprise/README.md b/example-configurations/bloodhound-enterprise/README.md new file mode 100644 index 0000000..5d82a6d --- /dev/null +++ b/example-configurations/bloodhound-enterprise/README.md @@ -0,0 +1,15 @@ +## Quick-start + + 1. Copy the contents from `bloodhound-enterprise` folder to `${HOME}` and fill in your credentials in `.dlt`. + 2. Place any required key files (github.pem, okta.json) in `${HOME}/.dlt`. + 3. Pull image from SpecterOps Docker Hub: `docker pull specterops/openhound:0.1.1-enterprise` + or run to pull from docker-compose.yml: `docker compose pull` + 4. Run all collectors: `docker compose up -d` + or run a single one: `docker compose up -d scheduler-jamf` + +Full configuration reference: https://bloodhound.specterops.io/openhound/enterprise + +## WARNING: + All config and secret files referenced below MUST exist before running + `docker compose up`. If they are missing, Docker will create them as directories, + which will cause the collector to fail. \ No newline at end of file diff --git a/bloodhound-enterprise/docker-compose.yml b/example-configurations/bloodhound-enterprise/docker-compose.yml similarity index 71% rename from bloodhound-enterprise/docker-compose.yml rename to example-configurations/bloodhound-enterprise/docker-compose.yml index dd0e62e..b20b9cc 100644 --- a/bloodhound-enterprise/docker-compose.yml +++ b/example-configurations/bloodhound-enterprise/docker-compose.yml @@ -1,17 +1,3 @@ -# Quick-start: -# 1. Copy the .dlt-example folder to ${HOME}/.dlt and fill in your credentials. -# 2. Place any required key files (github.pem, okta.json) in ${HOME}/.dlt. -# 3. Pull image from SpecterOps Docker Hub: docker pull specterops/openhound:0.1.1-enterprise -# Or run to pull from docker-compose.yml: docker compose pull -# 4. Run all collectors: docker compose up -d -# Or run a single one: docker compose up -d scheduler-jamf -# -# WARNING: All config and secret files referenced below MUST exist before running -# `docker compose up`. If they are missing, Docker will create them as directories, -# which will cause the collector to fail. Follow the Quick-start steps above first. -# -# Full configuration reference: https://bloodhound.specterops.io/openhound/enterprise - x-scheduler: &scheduler image: specterops/openhound:${IMAGE_VERSION:-0.1.1-enterprise} restart: unless-stopped From b415c0e11248f31e4daac9064e4a66908f5c1205 Mon Sep 17 00:00:00 2001 From: Katie Strader Date: Thu, 23 Apr 2026 13:17:32 -0700 Subject: [PATCH 9/9] chrore: small addition to READMEs --- example-configurations/bloodhound-community/README.md | 9 +++++---- example-configurations/bloodhound-enterprise/README.md | 9 +++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/example-configurations/bloodhound-community/README.md b/example-configurations/bloodhound-community/README.md index 9e09224..30edfef 100644 --- a/example-configurations/bloodhound-community/README.md +++ b/example-configurations/bloodhound-community/README.md @@ -1,10 +1,11 @@ ## Quick-start - 1. Copy the contents from `bloodhound-community` folder to `${HOME}` and fill in your credentials in `.dlt`. - 2. Place any required key files (github.pem, okta.json) in `${HOME}/.dlt`. - 3. Pull image from SpecterOps Docker Hub: `docker pull specterops/openhound:latest` + 1. Copy the contents from `bloodhound-community` folder to `${HOME}`. + 2. Rename `.dlt-example` to `.dlt` and fill in your credentials in the toml files. + 3. Place any required key files (github.pem, okta.json) in `${HOME}/.dlt`. + 4. Pull image from SpecterOps Docker Hub: `docker pull specterops/openhound:latest` or run to pull from docker-compose.yml: `docker compose pull` - 4. Run all collectors: `docker compose up -d` + 5. Run all collectors: `docker compose up -d` or run a single one: `docker compose up -d collect-jamf preprocess-jamf convert-jamf` Example docker-compose file for running OpenHound with Jamf, GitHub, and Okta collectors. diff --git a/example-configurations/bloodhound-enterprise/README.md b/example-configurations/bloodhound-enterprise/README.md index 5d82a6d..368f9a4 100644 --- a/example-configurations/bloodhound-enterprise/README.md +++ b/example-configurations/bloodhound-enterprise/README.md @@ -1,10 +1,11 @@ ## Quick-start - 1. Copy the contents from `bloodhound-enterprise` folder to `${HOME}` and fill in your credentials in `.dlt`. - 2. Place any required key files (github.pem, okta.json) in `${HOME}/.dlt`. - 3. Pull image from SpecterOps Docker Hub: `docker pull specterops/openhound:0.1.1-enterprise` + 1. Copy the contents from `bloodhound-enterprise` folder to `${HOME}`. + 2. Rename `.dlt-example` to `.dlt` and fill in your credentials in the toml files. + 3. Place any required key files (github.pem, okta.json) in `${HOME}/.dlt`. + 4. Pull image from SpecterOps Docker Hub: `docker pull specterops/openhound:0.1.1-enterprise` or run to pull from docker-compose.yml: `docker compose pull` - 4. Run all collectors: `docker compose up -d` + 5. Run all collectors: `docker compose up -d` or run a single one: `docker compose up -d scheduler-jamf` Full configuration reference: https://bloodhound.specterops.io/openhound/enterprise