Skip to content
Merged
Show file tree
Hide file tree
Changes from 22 commits
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
3a25977
wip: draft features and complete fixed issues
jeff-matthews Apr 6, 2026
e4b55a1
wip: use full endpoint path
jeff-matthews Apr 6, 2026
4a597b5
wip: refine feature highlights
jeff-matthews Apr 6, 2026
3be6cc0
wip: reorder enterprise features
jeff-matthews Apr 6, 2026
d6cd51a
Merge branch 'release/v9.0.0' into BP-2480-release-notes
jeff-matthews Apr 6, 2026
238ca4e
chore: link to sharphound IWA docs
jeff-matthews Apr 6, 2026
e8f68e3
wip: draft enhancements and summary
jeff-matthews Apr 7, 2026
1985fb6
wip: add HasSession deletion
jeff-matthews Apr 7, 2026
383fe20
wip: query timeout, graph readability, and HasSession edge
jeff-matthews Apr 7, 2026
5f61903
Merge branch 'release/v9.0.0' into BP-2480-release-notes
jeff-matthews Apr 7, 2026
0e0ba29
chore: zone builder; not pzm
jeff-matthews Apr 7, 2026
38e342a
wip: cross link ETAC docs
jeff-matthews Apr 7, 2026
d0d8016
wip: column reorder
jeff-matthews Apr 7, 2026
fef094d
wip: graph export timestamp
jeff-matthews Apr 7, 2026
06746d1
wip: accessibility
jeff-matthews Apr 7, 2026
60f2efa
wip: navbar
jeff-matthews Apr 7, 2026
fe09a48
wip: navbar gif bhce
jeff-matthews Apr 7, 2026
4c64aca
wip: certification selection
jeff-matthews Apr 7, 2026
1adbbb3
wip: posture and reordering updates
jeff-matthews Apr 7, 2026
53ed2cc
wip: azcontributor fix for azurehound
jeff-matthews Apr 7, 2026
debf42f
wip: copyedit summary
jeff-matthews Apr 7, 2026
9426641
style: simulated review
jeff-matthews Apr 7, 2026
d4fa788
docs: apply suggestions from CR review
jeff-matthews Apr 8, 2026
af63638
chore: remove chow tool
jeff-matthews Apr 8, 2026
3c45b90
docs: apply suggestions form PM review
jeff-matthews Apr 8, 2026
65116ec
Merge branch 'release/v9.0.0' into BP-2480-release-notes
jeff-matthews Apr 8, 2026
3d8375c
chore: update opengraph apis
jeff-matthews Apr 8, 2026
a48559e
docs: apply suggestions form PM review
jeff-matthews Apr 8, 2026
a6531ce
fix: align summary with revised release notes
jeff-matthews Apr 8, 2026
e9cdbea
chore: add feature availability callouts
jeff-matthews Apr 8, 2026
9f55af4
style: use snippet for feature flag callout
jeff-matthews Apr 8, 2026
dabcd6b
chore: add the snippet jeff
jeff-matthews Apr 8, 2026
aebd5f7
chore: findings rewrite
jeff-matthews Apr 9, 2026
e7ad1d5
chore: add bhce badge to query bypass
jeff-matthews Apr 9, 2026
89ca94e
Merge branch 'release/v9.0.0' into BP-2480-release-notes
jeff-matthews Apr 9, 2026
37cac43
chore: link to api key exp docs and replace note with snippet
jeff-matthews Apr 9, 2026
4f584d0
Merge branch 'release/v9.0.0' into BP-2480-release-notes
jeff-matthews Apr 10, 2026
b883940
chore: remove api key expiration release notes
jeff-matthews Apr 10, 2026
7c150d5
fix: anchor links after api key exp deletion
jeff-matthews Apr 10, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions docs/analyze-data/explore/cypher-search.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,24 @@ BloodHound allows you to import and export queries for easy sharing and backup.
* **Import queries from JSON files**: Easily add new queries by dragging and dropping JSON files or compressed JSON files into the UI. BloodHound validates the files for correct syntax and notifies you of any errors.
* **Export a saved query to a JSON file**: Share or back up your queries by exporting them in JSON format. Export is available for saved queries only. You cannot export prebuilt queries directly.

### Disable Query Timeout

For queries that may require more time to execute, you can now [disable](/analyze-data/explore/cypher-search#disable-query-timeout) the default query timeout on a per-query basis.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please mark this as CE-only.


This gives you more control over long-running queries and allows you to retrieve results that may take longer to compute without being prematurely terminated by the timeout.
Comment thread
jeff-matthews marked this conversation as resolved.
Outdated

<Note>
This option is not visible by default and requires a database configuration change.
</Note>

<Frame>
<img
src="/images/release_notes/9_0_0/disable-query-timeout.png"
alt="Screenshot of the Cypher query timeout bypass option in the query editor"
style={{ width:"70%" }}
/>
</Frame>
Comment thread
jeff-matthews marked this conversation as resolved.

## Write Custom Queries

One of the most overlooked features of BloodHound is the ability to enter raw Cypher queries directly into the user interface. Likely, a lot of that has to do with the fact that it's not a very emphasized feature and requires learning Cypher. However, with some work, using raw Cypher queries can let you manipulate and examine BloodHound data in custom ways to help you further understand your network or identify interesting relationships.
Expand Down
6 changes: 3 additions & 3 deletions docs/analyze-data/explore/search.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,9 @@ For example, if you want to find a user named "bob", type "bob" in the search bo

### Filter by node type

You can also constrain your search to particular _built-in_ node types (AZ/AD) by prepending your search with the appropriate node label.
You can also constrain your search to particular node types by prepending your search with the appropriate node label.

<Note>Support for filtering by OpenGraph node types is coming at a later date.</Note>
<Tip>This works for both built-in node types (AD/AZ) and OpenGraph node types.</Tip>

For example, use the following search query to find group nodes that contain the word "admin":

Expand Down Expand Up @@ -211,7 +211,7 @@ Use the graph visualization options at the bottom of the **Explore** page to cus

- **Expand**—Maximize the graph view to fill the screen for better visibility

- **Columns**—Search, add and remove columns, reset column size, reset defaults, and pin columns in the table layout
- **Columns**—Search, add/remove, sort, reorder, reset column size, reset defaults, and pin columns in the table layout
</Tab>
</Tabs>

Expand Down
46 changes: 46 additions & 0 deletions docs/analyze-data/posture-page.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,52 @@ Filter the view by domain, privilege zone, and time range to assess your overall
/>
</Frame>

## Filters

You can filter the posture view by environment, privilege zone, hygiene, and time range to assess your overall risk and compare trends over time.

Use these filters to focus on specific areas of interest or to track the impact of remediation efforts. For example, you can filter by a specific environment to see how posture has changed in that environment over time, or filter by hygiene findings to track trends in tier-agnostic risks.

### Environment

The environment filter allows you to view posture trends for a specific platform, such as an Active Directory domain or Azure tenant.

This can help you understand how posture is changing within that environment and identify areas that may require additional attention.

You can also filter on severity levels to focus on trends in high-risk Attack Paths. For example, you can filter to show only **CRITICAL** Attack Paths to see how the most severe risks are changing over time.

### Date range

The date range filter allows you to compare posture trends between analysis runs. For example, you can compare the current state of your environment to a previous point in time to see how your risk posture has changed.

Choose from preset ranges or set a custom range to compare specific analysis runs. Custom date ranges include a time picker, so you can set exact start and end times.

<Tip>
For meaningful trend comparisons, use the same filter scope and similar date ranges across reviews. Custom date ranges include a time picker, so you can set exact start and end times.
</Tip>
Comment thread
jeff-matthews marked this conversation as resolved.

#### Custom Range

Use a custom time range when you need tighter control over posture trend boundaries for the **Attack Paths** table and posture charts.

The time picker disables future hour selections when the end date is set to today, and manual future end time entries are blocked with an inline validation error.

<Frame>
<img
src="/images/release_notes/9_0_0/time-validation.png"
alt="Screenshot showing the custom range validation improvements, including disabled future hour selections and inline validation error for manual future end time entries"
style={{ width: "70%" }}
/>
</Frame>

After you confirm a valid custom range, posture trend and completeness charts render through the selected end date.

### Chart scale

The chart scale filter allows you to adjust the scale of the posture graphs to better visualize trends. For example, if you have a large number of findings, you may want to use a logarithmic scale to better see changes over time.

The linear scale shows consistent ranges clearly, while the logarithmic scale highlights outliers and wide variations in the data.

## Attack Paths

The **Attack Paths** table displays the Attack Paths with active findings during the selected date range. Each Attack Path shows:
Expand Down
2 changes: 2 additions & 0 deletions docs/collect-data/enterprise-collection/data-retention.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ BloodHound Enterprise (BHE) will perform data reconciliation. That is, BHE will

[HasSession](/resources/edges/has-session) edges are generated to indicate patterns of behavior rather than session active at any exact moment. For this reason, HasSession edges are only reconciled based on their retention/time-to-live expiring, rather than reconciling upon follow-on collections no longer seeing the active session.

If you need to refresh session data immediately, an administrator can delete **HasSession** edges from **Database Management** before recollecting session data instead of waiting for the retention window to expire.
Comment thread
jeff-matthews marked this conversation as resolved.

## Data retention

BloodHound Enterprise (BHE) implements data retention, i.e., a time-to-live where data that has not been collected and ingested for a certain period will get deleted from BHE. This retention period is configurable and is by default:
Expand Down
3 changes: 2 additions & 1 deletion docs/docs.json
Original file line number Diff line number Diff line change
Expand Up @@ -832,14 +832,15 @@
"group": "Release Notes",
"pages": [
"resources/release-notes/summary",
"resources/release-notes/2026-04-13",
"resources/release-notes/2026-03-23",
"resources/release-notes/2026-03-04",
{
"group": "Archive",
"pages": [
{
"group": "2026",
"pages": [
"resources/release-notes/2026-03-04",
"resources/release-notes/2026-02-11",
"resources/release-notes/2026-01-22"
]
Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ After you save ETAC settings, scoped users see only the data and navigation opti
/>
</Frame>

- On the **Privilege Zones** page, a _Permission Denied!_ message can appear for ETAC users even when they have authorized environment access, depending on their role permissions and ETAC scope. When access is allowed, users can view objects from their authorized environments only; available actions still depend on role permissions.
- On the **Zone Builder** page, a _Permission Denied!_ message can appear for ETAC users even when they have authorized environment access, depending on their role permissions and ETAC scope. When access is allowed, users can view objects from their authorized environments only; available actions still depend on role permissions.

- Access to all other pages is unaffected, but the baseline [permissions](/manage-bloodhound/auth/users-and-roles#user-role-definitions) of the assigned role still apply.

Expand Down Expand Up @@ -72,7 +72,7 @@ Use the create or edit user workflow to configure ETAC for an eligible role and
- **Attack Paths**: The user sees no data and cannot use filters.
- **Explore**: The user can open the page, but sees a _Role-based access filtering applied_ message and cannot see data.
- **Posture**: The user can open the page, but cannot see data or use filters.
- **Privilege Zones**: The user can open the page, but may receive a _Permission Denied!_ message. Users can view objects from their authorized environments only; available actions still depend on role permissions.
- **Zone Builder**: The user can open the page, but may receive a _Permission Denied!_ message. Users can view objects from their authorized environments only; available actions still depend on role permissions.

</Step>
<Step title="Select environments manually">
Expand Down
2 changes: 1 addition & 1 deletion docs/opengraph/developer/api.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ description: "Information on how to use the OpenGraph API"
| `GET` | [/api/v2/custom-nodes/\{kind_name\}](/reference/custom-node-management/get-custom-node) | Get configuration for a specific node type. |
| `PUT` | [/api/v2/custom-nodes/\{kind_name\}](/reference/custom-node-management/update-custom-node) | Update the configuration of an existing node type. |
| `DELETE` | [/api/v2/custom-nodes/\{kind_name\}](/reference/custom-node-management/delete-custom-node) | Delete a custom node type. |
| `POST` | [/api/v2/clear-database](/reference/database/delete-your-bloodhound-data) | Clears all elements of the database including Base Node Types and Custom Node Types. |
| `POST` | [/api/v2/clear-database](/reference/database/delete-your-bloodhound-data) | Delete selected BloodHound data, including targeted graph data such as HasSession edges. |
Comment thread
jeff-matthews marked this conversation as resolved.
5 changes: 3 additions & 2 deletions docs/opengraph/faq.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,12 @@ You can remove generic data by using one of the following three (3) options:
- All Data
- Active Directory Data
- Azure Data
- HasSession edges
- … X Data (there will be 0 or more checkboxes here that allow you to delete any data that had been ingested with a `source_kind` provided)
- Sourceless Data (checking this box will delete all entities that do not have a kind that can be found in the `source_kinds` table. You can observe the `source_kinds` your BloodHound instance is currently aware of by calling `GET api/v2/graphs/source_kinds`.)

Use the **HasSession edges** option when you need to refresh time-sensitive session data without deleting the rest of the collected graph.
Comment thread
jeff-matthews marked this conversation as resolved.
Outdated

3. API: `Clear-Database`
- See the [OpenGraph API Page](/opengraph/api) for more information

Expand All @@ -36,8 +39,6 @@ Yes! BloodHound supports **Search** and **Pathfinding** for [_structured_](/open

For [_generic_](/opengraph/extensions/manage#generic-graphs) graphs, only **Search** is supported.

Filtering by OpenGraph node types in **Search** is not yet supported.

<Note>
All forms of OpenGraph data support Cypher querying in general.
</Note>
Expand Down
Loading
Loading