The Truth is Out There: Solving the Mysteries of Lateral Movement Paths by Feeding Logs to the Hound – Olaf Hartong

For a long time, BloodHound has been the go-to tool for many red teams to uncover possible lateral movement paths in an environment. Fortunately, there are blue teams that also use it to great value. However, there are a lot of teams that struggle to use it due to lack of time or knowledge. On top of that, keeping the information in the BloodHound database up-to-date and using it for automatic detection and enrichment is often not implemented.

Introducing FalconHound, a toolkit that integrates with Microsoft Sentinel, Defender for Endpoint, the Azure Graph API, Neo4j and the BloodHound API to get the most out of your data. Some of its features allow it to track sessions, changes to the environment, alerts, and incidents on your entities and much, much more. All in near-real time! This additional context allows you to make better decisions and focus on the most important alerts and incidents. Allowing you, for instance, to run new path calculations frequently based on modifications, sessions or alerts and respond to these attacks which are very hard to detect without this information.