SpecterOps · StephenHinck · Apr 22, 2025 · Apr 18, 2025 · Apr 18, 2025 · Apr 18, 2025
diff --git a/docs/assets/CoerceNTLMADCS_RelayTargets.png b/docs/assets/CoerceNTLMADCS_RelayTargets.png
diff --git a/docs/assets/new_collector_downloads.png b/docs/assets/new_collector_downloads.png
diff --git a/docs/docs.json b/docs/docs.json
@@ -367,12 +367,13 @@
                 "pages": [
                   "resources/release-notes/overview",
                   "resources/release-notes/summary",
+                  "resources/release-notes/v7-3-0",
                   "resources/release-notes/v7-2-1",
                   "resources/release-notes/v7-2-0",
-                  "resources/release-notes/2024-12-09-v6-3-0",
                   {
                     "group": "Archive",
                     "pages": [
+                      "resources/release-notes/2024-12-09-v6-3-0",
                       "resources/release-notes/2024-11-14-v6-2-0",
                       "resources/release-notes/2024-10-22-v6-1-0",
                       "resources/release-notes/2024-09-30-v6-0-0",

diff --git a/docs/manage-bloodhound/auth/saml-entra-id.mdx b/docs/manage-bloodhound/auth/saml-entra-id.mdx
@@ -3,23 +3,12 @@ Title: "SAML: Entra ID Configuration"
 description: "This document provides instructions for creating an application within Entra ID for compatibility with BloodHound Enterprise."
 ---
 
-<img noZoom src="/assets/enterprise-AND-community-edition-pill-tag.svg"/> 
+<img noZoom src="/assets/enterprise-AND-community-edition-pill-tag.svg"/>
 
 For general instructions on adding a SAML provider to BloodHound Enterprise or for configuring users to utilize a SAML provider, see [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml).
 
 See [SAML Order of Operations and Quick Reference](/manage-bloodhound/auth/saml) before starting.
 
-## SAML Settings
-
-The following SAML settings are required for Entra ID to integrate with BloodHound Enterprise:
-
-
-| **SAML Setting** | **Value** |
-| --- | --- |
-| **Identifier**<br/><br/>**(Entity ID)** | https://&lt;DOMAIN&gt;.bloodhoundenterprise.io/api/v1/login/saml/&lt;PROVIDER-NAME&gt;<br/><br/>_&lt;DOMAIN&gt;: the subdomain of your tenant URL._<br/><br/>_&lt;PROVIDER-NAME&gt;: the name chosen for the SAML provider within the BloodHound Enterprise configuration_ |
-| **Reply URL**<br/><br/>**(Assertion Consumer Service URL)** | https://&lt;DOMAIN&gt;.bloodhoundenterprise.io/api/v1/login/saml/&lt;PROVIDER-NAME&gt;/acs<br/><br/>_&lt;DOMAIN&gt;: the subdomain of your tenant URL._<br/><br/>_&lt;PROVIDER-NAME&gt;: the name chosen for the SAML provider within the BloodHound Enterprise configuration_ |
-| **Sign On URL**<br/><br/>**(Optional)** | https://&lt;DOMAIN&gt;.bloodhoundenterprise.io/api/v1/login/saml/&lt;PROVIDER-NAME&gt;<br/><br/>_&lt;DOMAIN&gt;: the subdomain of your tenant URL._<br/><br/>_&lt;PROVIDER-NAME&gt;: the name chosen for the SAML provider within the BloodHound Enterprise configuration_ |
-
 ## Create an Enterprise Application
 
 1.  Login to Azure at [https://portal.azure.com](https://portal.azure.com)

diff --git a/docs/manage-bloodhound/auth/saml-google.mdx b/docs/manage-bloodhound/auth/saml-google.mdx
@@ -3,7 +3,7 @@ title: "SAML: Google IDP Configuration"
 description: "This document provides instructions for creating an application within Google for compatibility with BloodHound Enterprise."
 ---
 
-<img noZoom src="/assets/enterprise-AND-community-edition-pill-tag.svg"/> 
+<img noZoom src="/assets/enterprise-AND-community-edition-pill-tag.svg"/>
 
 For general instructions on adding a SAML provider to BloodHound Enterprise, or for configuring users to utilize a SAML provider, see [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml).
 
@@ -36,15 +36,7 @@ See [SAML Order of Operations and Quick Reference](/manage-bloodhound/auth/saml)
 4.  On the next screen, download the metadata file and continue.
 
 
-5.  Enter the ACS URL and Entity ID as follows:
-
-    **ACS URL:**
-
-    https://_TENANT_NAME_.bloodhoundenterprise.io/api/v1/login/saml/google/acs
-
-    **Entity ID:** https://_TENANT_NAME_.bloodhoundenterprise.io/api/v1/login/saml/google  
-
-    **\*IMPORTANT: Replace “TENANT NAME” with your specific bloodhound tenant name.\* **
+5.  Enter the ACS URL and Entity ID as provided in the BloodHound Enterprise console:
 
 <Frame>
   <img src="/assets/image-2-61.png"/>

diff --git a/docs/manage-bloodhound/auth/saml-okta.mdx b/docs/manage-bloodhound/auth/saml-okta.mdx
@@ -3,7 +3,7 @@ title: "SAML: Okta Configuration"
 description: "This document provides instructions for creating an application within Okta for compatibility with BloodHound Enterprise."
 ---
 
-<img noZoom src="/assets/enterprise-AND-community-edition-pill-tag.svg"/> 
+<img noZoom src="/assets/enterprise-AND-community-edition-pill-tag.svg"/>
 
  For general instructions on adding a SAML provider to BloodHound Enterprise, or for configuring users to utilize a SAML provider, see [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml).
 
@@ -27,8 +27,6 @@ The following SAML settings are required for Okta to integrate with BloodHound E
 
 | **SAML Setting** | **Value** |
 | --- | --- |
-| **Single sign on URL** | https://&lt;DOMAIN&gt;.bloodhoundenterprise.io/api/v1/login/saml/&lt;PROVIDER-NAME&gt;/acs<br/><br/>_&lt;DOMAIN&gt;: the subdomain of your tenant URL._<br/><br/>_&lt;PROVIDER-NAME&gt;: the name chosen for the SAML provider within the BloodHound Enterprise configuration_ |
-| **Audience URI (SP Entity ID)** | https://&lt;DOMAIN&gt;.bloodhoundenterprise.io/api/v1/login/saml/&lt;PROVIDER-NAME&gt;<br/><br/>_&lt;DOMAIN&gt;: the subdomain of your tenant URL._<br/><br/>_&lt;PROVIDER-NAME&gt;: the name chosen for the SAML provider within the BloodHound Enterprise configuration_ |
 | **Name ID format** | EmailAddress |
 | **Application username** | Email |
 

diff --git a/docs/manage-bloodhound/auth/saml.mdx b/docs/manage-bloodhound/auth/saml.mdx
@@ -3,7 +3,7 @@ title: SAML in BloodHound
 description: "BloodHound supports SAML 2.0 for Single Sign On to authenticate users to your tenant environment."
 ---
 
-<img noZoom src="/assets/enterprise-AND-community-edition-pill-tag.svg"/> 
+<img noZoom src="/assets/enterprise-AND-community-edition-pill-tag.svg"/>
 
 This integration provides authentication only, user creation and role management will still occur from within BloodHound's "Manage Users" interface.
 
@@ -32,8 +32,6 @@ Currently, BloodHound requires the configuration of SAML system in the following
 | --- | --- |
 | **IDP Name Format** | urn:oasis:names:tc:SAML:2.0:attrname-format:uri |
 | **Required SAML Attributes** | Either of the following will map to the user's email address in BloodHound:<br/><br/>_http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress_<br/><br/>_urn:oid:0.9.2342.19200300.100.1.3_ |
-| **Tenant Callback URL** | https://&lt;DOMAIN&gt;.bloodhoundenterprise.io/api/v1/login/saml/&lt;PROVIDER-NAME&gt;/acs<br/><br/>_&lt;DOMAIN&gt;: the subdomain of your tenant URL._<br/><br/>_&lt;PROVIDER-NAME&gt;: the name chosen for the SAML provider within the BloodHound configuration  <br/>_ |
-| **SP Entity ID** | https://&lt;DOMAIN&gt;.bloodhoundenterprise.io/api/v1/login/saml/&lt;PROVIDER-NAME&gt;<br/><br/>_&lt;DOMAIN&gt;: the subdomain of your tenant URL._<br/><br/>_&lt;PROVIDER-NAME&gt;: the name chosen for the SAML provider within the BloodHound configuration_ |
 
 ## BloodHound Icons
 

diff --git a/docs/resources/release-notes/v7-2-1.mdx b/docs/resources/release-notes/v7-2-1.mdx
@@ -21,27 +21,3 @@ title: "2025-04-03 Release Notes (v7.2.1)"
     - SMB Signing requirements will now be reported correctly.
 - **AzureHound (v2.3.0)**
   - _No new release._
-
-## BloodHound (v7.2.1)
-
-### New and Improved Features
-
--
-
-### Bug Fixes
-
--
-
-## SharpHound (v2.6.2)
-
-### New and Improved Features
-
--
-
-### Bug Fixes
-
--
-
-## AzureHound (v2.3.0)
-
-_No new release._
diff --git a/docs/resources/release-notes/v7-3-0.mdx b/docs/resources/release-notes/v7-3-0.mdx
@@ -0,0 +1,109 @@
+---
+title: "2025-04-22 Release Notes (v7.3.0)"
+---
+
+## Announcements
+
+### Deep Linking Early Access is Live\!
+Not content with "just a back button," we went all-in, adding full deep-link support to the application. This supports going "forward" and "back" in the application and allows sharing links among teams when something interesting is discovered. This functionality may be enabled within the "Early Access" configuration section of the "Administration" section.\
+  \
+  BloodHound Enterprise customers will see support for deep linking across both the Attack Paths and Posture pages.\
+  \
+  Within the Explore view, links should include:
+  - Currently selected search tab
+  - The content searched within that tab (objects, cypher, etc)
+  - Any selected object or edge on the graph
+  - Selected Entity panel exp
+  - Selected graph layout
+
+### BloodHound Enterprise APIv1 Retirement (ETA: BlackHat 2025)
+
+BloodHound Enterprise APIv1 has served us well for many years but its time has come to an end. We will begin the process towards complete deprecation of our first API version and expect to complete the removal around BlackHat 2025 of this year (August). Thankfully, our CE customers have no need to worry about this transition, as APIv1 was never included in the product.
+
+For our Enterprise customers, the vast majority if you have already migrated off and will experience no impact as a result of this change. For the small number who still have integrations utilizing the old version, your TAM will reach out to you to help with your migration.
+
+## Summary
+
+- **BloodHound (v7.3.0)**
+  - New and Improved Features
+    - Deep-linking Early Access for all BloodHound\!
+    - NTLM relay is generally available.
+    - _[BHE Only]_ Introducing a new Collector Downloads page!
+    - Default layout on Explore is now Sequential.
+    - Added a "Relay Targets" entity panel to the CoerceAndRelayNTLMtoADCS edge type.
+    - Multiple Cypher enhancements and performance improvements for environments hosted in PostgreSQL graph databases.
+    - _[BHE Only]_ Removed the legacy `admin_rights_count` property from all user objects.
+    - _[BHE Only]_ Deprecated the "petri dish" view of Tier Zero, this will now display the Group Management page.
+  - Bug Fixes
+    - Resolved latent false positives related to CoerceAndRelayNTLMtoSMB (this fix will require recollecting SMB data).
+    - _[CE Only]_ GPOLocalGroup ingestion has been fixed (Huge thank you to [@martanne](https://github.com/martanne)!).
+    - Resolved an ingestion issue with AD trusts inaccurately setting the trust attributes to "0".
+    - AZResetPassword edges will no-longer be inserted against members of role-assignable groups.
+    - Resolved a specific issue with linking well known groups during ingestion.
+- **SharpHound (v2.6.5)**
+  - New and Improved Features
+    - GenericAll, WriteDacl, or WriteOwner edges now validate ObjectType (aceType) settings for creating edges, reducing false positives.
+    - ADCSESCx edges now requires an enabled Computer with a HostCAService edge to the EnterpriseCA, reducing false positives for when the CA host has been decommissioned.
+    - SharpHound will no longer attempt to resolve objects with a domain of "." to improve collection performance.
+  - Bug Fixes
+    - HostsCAService edges will now generate as a result of CertServices collections.
+    - Resolved an issue where timezone offsets would occasionally be applied twice on object creation timestamps.
+    - _[CE Only]_ SMB information will no longer be collected in DCOnly collections.
+- **AzureHound (v2.3.1)**
+  - _This release utilizes an updated signing certificate for BloodHound Enterprise customers. It does not contain any functional modifications._
+
+## BloodHound (v7.3.0)
+
+### New and Improved Features
+
+- **Deep-linking Early Access** - Not content with "just a back button," we went all-in, adding full deep-link support to the application. This supports going "forward" and "back" in the application and allows sharing links among teams when something interesting is discovered. This functionality may be enabled within the "Early Access" configuration section of the "Administration" section.\
+  \
+  BloodHound Enterprise customers will see support for deep linking across both the Attack Paths and Posture pages.\
+  \
+  Within the Explore view, links should include:
+  - Currently selected search tab
+  - The content searched within that tab (objects, cypher, etc)
+  - Any selected object or edge on the graph
+  - Selected Entity panel exp
+  - Selected graph layout
+- **NTLM relay is generally available** - After a successful early access period, NTLM relay attack paths are now generally available to all customers. This feature requires SharpHound v2.6.X+ and we highly recommend updating to the latest version of SharpHound to remediate all known bugs.
+- **_[BHE Only]_ New Collector Downloads page** - Long overdue for an upgrade, the BloodHound Enterprise Collector Downloads page is brand new. This new page adds several functional enhancements for all customers, including:\
+  - Breaks up AzureHound downloads into separate artifacts to reduce issues with AV flagging non-Windows binaries.
+  - Displays the release date of each collector client.
+  - Adds the ability to directly download the previous five versions of each client released (these will become available through future releases - they were not backfilled for this release).
+  - Adds the ability for download pre-release collector versions, when available.
+  - Adds ability to directly download CE collectors for instances where these are beneficial.
+  - Utilizes a new API path to avoid ad-blocking utilities from preventing display of the downloads.
+  <img src="/assets/new_collector_downloads.png"/>
+- **Default Explore layout: Sequential** - After running a query, most of our users change the layout to "Sequential." We decided it was time to save you the clicks and make this the default layout going forward!
+- **CoerceAndRelayNTLMToADCS Relay Targets** - Added a "Relay Targets" entity panel to the CoerceAndRelayNTLMToADCS edge type to provide the available relay targets for the Attack Path.
+  <img src="/assets/CoerceNTLMADCS_RelayTargets.png"/>
+- Multiple Cypher enhancements and performance improvements for environments hosted in PostgreSQL graph databases.
+- _[BHE Only]_ Removed the legacy `admin_rights_count` property from all user objects.
+- _[BHE Only]_ Deprecated the "petri dish" view of Tier Zero, this will now display the Group Management page.
+
+### Bug Fixes
+
+- Resolved latent false positives related to CoerceAndRelayNTLMtoSMB (this fix will require recollecting SMB data).
+- _[CE Only]_ GPOLocalGroup ingestion has been fixed (Huge thank you to [@martanne](https://github.com/martanne)!).
+- Resolved an ingestion issue with AD trusts inaccurately setting the trust attributes to "0".
+- AZResetPassword edges will no-longer be inserted against members of role-assignable groups.
+- Resolved a specific issue with linking well known groups during ingestion.
+
+## SharpHound (v2.6.5)
+
+### New and Improved Features
+
+- GenericAll, WriteDacl, or WriteOwner edges now validate ObjectType (aceType) settings for creating edges, reducing false positives.
+- ADCSESCx edges now requires an enabled Computer with a HostCAService edge to the EnterpriseCA, reducing false positives for when the CA host has been decommissioned.
+- SharpHound will no longer attempt to resolve objects with a domain of "." to improve collection performance.
+
+### Bug Fixes
+
+- HostsCAService edges will now generate as a result of CertServices collections.
+- Resolved an issue where timezone offsets would occasionally be applied twice on object creation timestamps.
+- _[CE Only]_ SMB information will no longer be collected in DCOnly collections.
+
+## AzureHound (v2.3.1)
+
+_This release utilizes an updated signing certificate for BloodHound Enterprise customers. It does not contain any functional modifications._