diff --git a/packages/cue/bh/ad/ad.cue b/packages/cue/bh/ad/ad.cue index 4d11096025..dd71d1bca9 100644 --- a/packages/cue/bh/ad/ad.cue +++ b/packages/cue/bh/ad/ad.cue @@ -1293,12 +1293,6 @@ SyncedToEntraUser: types.#Kind & { schema: "active_directory" } -AllADAttacks: types.#Kind & { - symbol: "AllADAttacks" - schema: "active_directory" - representation: "ALL_AD_ATTACKS" -} - // Relationship Kinds RelationshipKinds: [ Owns, @@ -1369,8 +1363,7 @@ RelationshipKinds: [ ADCSESC10a, ADCSESC10b, ADCSESC13, - SyncedToEntraUser, - AllADAttacks + SyncedToEntraUser ] // ACL Relationships diff --git a/packages/cue/bh/azure/azure.cue b/packages/cue/bh/azure/azure.cue index 4751156557..f08d3ead4f 100644 --- a/packages/cue/bh/azure/azure.cue +++ b/packages/cue/bh/azure/azure.cue @@ -723,12 +723,6 @@ SyncedToADUser: types.#Kind & { representation: "SyncedToADUser" } -AllAZAttacks: types.#Kind & { - symbol: "AllAZAttacks" - schema: "azure" - representation: "ALL_AZ_ATTACKS" -} - RelationshipKinds: [ AvereContributor, Contains, @@ -776,8 +770,7 @@ RelationshipKinds: [ AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, - SyncedToADUser, - AllAZAttacks + SyncedToADUser ] AppRoleTransitRelationshipKinds: [ diff --git a/packages/cue/bh/common/common.cue b/packages/cue/bh/common/common.cue index a24f1d5f9a..ed10a44d4b 100644 --- a/packages/cue/bh/common/common.cue +++ b/packages/cue/bh/common/common.cue @@ -162,9 +162,23 @@ MigrationData: types.#Kind & { representation: "MigrationData" } +AllADAttacks: types.#Kind & { + symbol: "AllADAttacks" + schema: "active_directory" + representation: "ALL_AD_ATTACKS" +} + +AllAZAttacks: types.#Kind & { + symbol: "AllAZAttacks" + schema: "azure" + representation: "ALL_AZ_ATTACKS" +} + NodeKinds: [ MigrationData, ] RelationshipKinds: [ + AllADAttacks, + AllAZAttacks ] diff --git a/packages/go/cypher/models/cypher/format/format.go b/packages/go/cypher/models/cypher/format/format.go index d61d74fd61..5a6ebb5859 100644 --- a/packages/go/cypher/models/cypher/format/format.go +++ b/packages/go/cypher/models/cypher/format/format.go @@ -25,6 +25,7 @@ import ( "github.com/specterops/bloodhound/cypher/models/cypher" "github.com/specterops/bloodhound/graphschema/ad" "github.com/specterops/bloodhound/graphschema/azure" + "github.com/specterops/bloodhound/graphschema/common" "github.com/specterops/bloodhound/dawgs/graph" ) @@ -40,11 +41,11 @@ func writeJoinedKinds(output io.Writer, delimiter string, kinds graph.Kinds) err } // if kind is a shortcut edge type, further expansion is required - if kind == ad.AllADAttacks { + if kind == common.AllADAttacks { if err := writeJoinedKinds(output, delimiter, ad.PathfindingRelationships()); err != nil { return err } - } else if kind == azure.AllAZAttacks { + } else if kind == common.AllAZAttacks { if err := writeJoinedKinds(output, delimiter, azure.PathfindingRelationships()); err != nil { return err } diff --git a/packages/go/graphschema/ad/ad.go b/packages/go/graphschema/ad/ad.go index 803c8f33e1..27e38f0da3 100644 --- a/packages/go/graphschema/ad/ad.go +++ b/packages/go/graphschema/ad/ad.go @@ -110,7 +110,6 @@ var ( ADCSESC10b = graph.StringKind("ADCSESC10b") ADCSESC13 = graph.StringKind("ADCSESC13") SyncedToEntraUser = graph.StringKind("SyncedToEntraUser") - AllADAttacks = graph.StringKind("ALL_AD_ATTACKS") ) type Property string @@ -858,7 +857,7 @@ func Nodes() []graph.Kind { return []graph.Kind{Entity, User, Computer, Group, GPO, OU, Container, Domain, LocalGroup, LocalUser, AIACA, RootCA, EnterpriseCA, NTAuthStore, CertTemplate, IssuancePolicy} } func Relationships() []graph.Kind { - return []graph.Kind{Owns, GenericAll, GenericWrite, WriteOwner, WriteDACL, MemberOf, ForceChangePassword, AllExtendedRights, AddMember, HasSession, Contains, GPLink, AllowedToDelegate, GetChanges, GetChangesAll, GetChangesInFilteredSet, TrustedBy, AllowedToAct, AdminTo, CanPSRemote, CanRDP, ExecuteDCOM, HasSIDHistory, AddSelf, DCSync, ReadLAPSPassword, ReadGMSAPassword, DumpSMSAPassword, SQLAdmin, AddAllowedToAct, WriteSPN, AddKeyCredentialLink, LocalToComputer, MemberOfLocalGroup, RemoteInteractiveLogonPrivilege, SyncLAPSPassword, WriteAccountRestrictions, WriteGPLink, RootCAFor, DCFor, PublishedTo, ManageCertificates, ManageCA, DelegatedEnrollmentAgent, Enroll, HostsCAService, WritePKIEnrollmentFlag, WritePKINameFlag, NTAuthStoreFor, TrustedForNTAuth, EnterpriseCAFor, IssuedSignedBy, GoldenCert, EnrollOnBehalfOf, OIDGroupLink, ExtendedByPolicy, ADCSESC1, ADCSESC3, ADCSESC4, ADCSESC5, ADCSESC6a, ADCSESC6b, ADCSESC7, ADCSESC9a, ADCSESC9b, ADCSESC10a, ADCSESC10b, ADCSESC13, SyncedToEntraUser, AllADAttacks} + return []graph.Kind{Owns, GenericAll, GenericWrite, WriteOwner, WriteDACL, MemberOf, ForceChangePassword, AllExtendedRights, AddMember, HasSession, Contains, GPLink, AllowedToDelegate, GetChanges, GetChangesAll, GetChangesInFilteredSet, TrustedBy, AllowedToAct, AdminTo, CanPSRemote, CanRDP, ExecuteDCOM, HasSIDHistory, AddSelf, DCSync, ReadLAPSPassword, ReadGMSAPassword, DumpSMSAPassword, SQLAdmin, AddAllowedToAct, WriteSPN, AddKeyCredentialLink, LocalToComputer, MemberOfLocalGroup, RemoteInteractiveLogonPrivilege, SyncLAPSPassword, WriteAccountRestrictions, WriteGPLink, RootCAFor, DCFor, PublishedTo, ManageCertificates, ManageCA, DelegatedEnrollmentAgent, Enroll, HostsCAService, WritePKIEnrollmentFlag, WritePKINameFlag, NTAuthStoreFor, TrustedForNTAuth, EnterpriseCAFor, IssuedSignedBy, GoldenCert, EnrollOnBehalfOf, OIDGroupLink, ExtendedByPolicy, ADCSESC1, ADCSESC3, ADCSESC4, ADCSESC5, ADCSESC6a, ADCSESC6b, ADCSESC7, ADCSESC9a, ADCSESC9b, ADCSESC10a, ADCSESC10b, ADCSESC13, SyncedToEntraUser} } func ACLRelationships() []graph.Kind { return []graph.Kind{AllExtendedRights, ForceChangePassword, AddMember, AddAllowedToAct, GenericAll, WriteDACL, WriteOwner, GenericWrite, ReadLAPSPassword, ReadGMSAPassword, Owns, AddSelf, WriteSPN, AddKeyCredentialLink, GetChanges, GetChangesAll, GetChangesInFilteredSet, WriteAccountRestrictions, WriteGPLink, SyncLAPSPassword, DCSync, ManageCertificates, ManageCA, Enroll, WritePKIEnrollmentFlag, WritePKINameFlag} diff --git a/packages/go/graphschema/azure/azure.go b/packages/go/graphschema/azure/azure.go index 752980d03f..00b20f190f 100644 --- a/packages/go/graphschema/azure/azure.go +++ b/packages/go/graphschema/azure/azure.go @@ -92,7 +92,6 @@ var ( AZMGGrantAppRoles = graph.StringKind("AZMGGrantAppRoles") AZMGGrantRole = graph.StringKind("AZMGGrantRole") SyncedToADUser = graph.StringKind("SyncedToADUser") - AllAZAttacks = graph.StringKind("ALL_AZ_ATTACKS") ) type Property string @@ -354,7 +353,7 @@ func (s Property) Is(others ...graph.Kind) bool { return false } func Relationships() []graph.Kind { - return []graph.Kind{AvereContributor, Contains, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, ScopedTo, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, ApplicationReadWriteAll, AppRoleAssignmentReadWriteAll, DirectoryReadWriteAll, GroupReadWriteAll, GroupMemberReadWriteAll, RoleManagementReadWriteDirectory, ServicePrincipalEndpointReadWriteAll, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser, AllAZAttacks} + return []graph.Kind{AvereContributor, Contains, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, ScopedTo, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, ApplicationReadWriteAll, AppRoleAssignmentReadWriteAll, DirectoryReadWriteAll, GroupReadWriteAll, GroupMemberReadWriteAll, RoleManagementReadWriteDirectory, ServicePrincipalEndpointReadWriteAll, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser} } func AppRoleTransitRelationshipKinds() []graph.Kind { return []graph.Kind{AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole} diff --git a/packages/go/graphschema/common/common.go b/packages/go/graphschema/common/common.go index 6fd161585e..61f7ebce65 100644 --- a/packages/go/graphschema/common/common.go +++ b/packages/go/graphschema/common/common.go @@ -26,6 +26,8 @@ import ( var ( MigrationData = graph.StringKind("MigrationData") + AllADAttacks = graph.StringKind("ALL_AD_ATTACKS") + AllAZAttacks = graph.StringKind("ALL_AZ_ATTACKS") ) type Property string @@ -178,7 +180,7 @@ func Nodes() []graph.Kind { return []graph.Kind{MigrationData} } func Relationships() []graph.Kind { - return []graph.Kind{} + return []graph.Kind{AllADAttacks, AllAZAttacks} } func NodeKinds() []graph.Kind { return []graph.Kind{MigrationData} diff --git a/packages/javascript/bh-shared-ui/src/commonSearches.tsx b/packages/javascript/bh-shared-ui/src/commonSearches.tsx index 694edf0581..0a846f6b30 100644 --- a/packages/javascript/bh-shared-ui/src/commonSearches.tsx +++ b/packages/javascript/bh-shared-ui/src/commonSearches.tsx @@ -14,13 +14,13 @@ // // SPDX-License-Identifier: Apache-2.0 -import { ActiveDirectoryRelationshipKind, AzureRelationshipKind } from './graphSchema'; +import { CommonRelationshipKind } from './graphSchema'; const categoryAD = 'Active Directory'; const categoryAzure = 'Azure'; -const adTransitEdgeTypes = ActiveDirectoryRelationshipKind.AllADAttacks; -const azureTransitEdgeTypes = AzureRelationshipKind.AllAZAttacks; +const adTransitEdgeTypes = CommonRelationshipKind.AllADAttacks; +const azureTransitEdgeTypes = CommonRelationshipKind.AllAZAttacks; const highPrivilegedRoleDisplayNameRegex = 'Global Administrator.*|User Administrator.*|Cloud Application Administrator.*|Authentication Policy Administrator.*|Exchange Administrator.*|Helpdesk Administrator.*|Privileged Authentication Administrator.*'; diff --git a/packages/javascript/bh-shared-ui/src/graphSchema.ts b/packages/javascript/bh-shared-ui/src/graphSchema.ts index 65f0dbe870..3fc35376f9 100644 --- a/packages/javascript/bh-shared-ui/src/graphSchema.ts +++ b/packages/javascript/bh-shared-ui/src/graphSchema.ts @@ -140,7 +140,6 @@ export enum ActiveDirectoryRelationshipKind { ADCSESC10b = 'ADCSESC10b', ADCSESC13 = 'ADCSESC13', SyncedToEntraUser = 'SyncedToEntraUser', - AllADAttacks = 'ALL_AD_ATTACKS', } export function ActiveDirectoryRelationshipKindToDisplay(value: ActiveDirectoryRelationshipKind): string | undefined { switch (value) { @@ -282,8 +281,6 @@ export function ActiveDirectoryRelationshipKindToDisplay(value: ActiveDirectoryR return 'ADCSESC13'; case ActiveDirectoryRelationshipKind.SyncedToEntraUser: return 'SyncedToEntraUser'; - case ActiveDirectoryRelationshipKind.AllADAttacks: - return 'AllADAttacks'; default: return undefined; } @@ -780,7 +777,6 @@ export enum AzureRelationshipKind { AZMGGrantAppRoles = 'AZMGGrantAppRoles', AZMGGrantRole = 'AZMGGrantRole', SyncedToADUser = 'SyncedToADUser', - AllAZAttacks = 'ALL_AZ_ATTACKS', } export function AzureRelationshipKindToDisplay(value: AzureRelationshipKind): string | undefined { switch (value) { @@ -878,8 +874,6 @@ export function AzureRelationshipKindToDisplay(value: AzureRelationshipKind): st return 'AZMGGrantRole'; case AzureRelationshipKind.SyncedToADUser: return 'SyncedToADUser'; - case AzureRelationshipKind.AllAZAttacks: - return 'AllAZAttacks'; default: return undefined; } @@ -1043,6 +1037,20 @@ export function CommonNodeKindToDisplay(value: CommonNodeKind): string | undefin return undefined; } } +export enum CommonRelationshipKind { + AllADAttacks = 'ALL_AD_ATTACKS', + AllAZAttacks = 'ALL_AZ_ATTACKS', +} +export function CommonRelationshipKindToDisplay(value: CommonRelationshipKind): string | undefined { + switch (value) { + case CommonRelationshipKind.AllADAttacks: + return 'AllADAttacks'; + case CommonRelationshipKind.AllAZAttacks: + return 'AllAZAttacks'; + default: + return undefined; + } +} export enum CommonKindProperties { ObjectID = 'objectid', Name = 'name',