User Manual for the AzureHound Managed Application Available on the Marketplace

[ishikap-metron]

Adding a New Directory for the AzureHound Managed Application User Guide Published on the Marketplace

Summary by CodeRabbit

• Documentation
  • Added a comprehensive user guide with step-by-step instructions and screenshots for deploying and configuring the SpecterOps AzureHound Managed Application from the Azure Marketplace.
  • Covers portal navigation, deployment settings (subscription, resource group, region, managed app name), Microsoft Entra ID app registration, obtaining tokens/secrets, required configuration parameters, starting scans, verifying deployment, and viewing real-time container logs for monitoring and troubleshooting.

[coderabbitai]

Walkthrough

Added a new markdown user guide that documents step-by-step deployment and configuration of the SpecterOps AzureHound Managed Application from the Azure Marketplace, covering portal navigation, Entra ID app registration, required configuration values, deployment review, job initiation, status verification, and log access.

Changes

Cohort / File(s)	Change Summary
User Guide Documentation published-azurehound-application-user-guide/USER_GUIDE.md	Added a comprehensive user guide detailing how to deploy and configure the AzureHound Managed Application via the Azure Marketplace, including Entra ID app registration steps, required configuration parameters, deployment review, job start/verification, and screenshots for guidance.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

In a nibble of code and a hop of light,
I penned the steps to deploy just right.
Screenshots lined like carrots in rows,
Follow the trail where the Azure wind blows.
🐇✨

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

published-azurehound-application-user-guide/USER_GUIDE.md (3)

1-1: Use a proper Markdown heading instead of bold text

Replace the leading bold title with an H1 (#) so it’s picked up by TOC generators and passes MD036.

---

21-21: Convert bold section titles to headings

**Steps to Register…**, **Create a new Application Secret**, and **Start a job in Bloodhound** should be ## or ### headings for consistency and Markdown-lint compliance.

Also applies to: 31-31, 65-65

---

5-10: Provide descriptive alt text for screenshots

Alt attributes like “image10” don’t aid screen-reader users. Replace with concise descriptions of what the screenshot shows (e.g., "Marketplace search for AzureHound").

Also applies to: 18-19, 44-45, 74-76, 80-84, 90-96

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 361ba8f and bab5da6.

📒 Files selected for processing (1)

• published-azurehound-application-user-guide/USER_GUIDE.md (1 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

published-azurehound-application-user-guide/USER_GUIDE.md

1-1: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

21-21: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

31-31: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

59-59: Bare URL used

(MD034, no-bare-urls)

---

65-65: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

[coderabbitai]

💡 Verification agent

❓ Verification inconclusive

Wrap bare URL in a Markdown link and verify public availability

Bare links fail MD034 and the storage account appears to point at a dev environment (saazurehounddev).
Example:

-https://saazurehounddev.blob.core.windows.net/azurefunction/containerRestartFunction.zip
+[Azure Function package](https://saazurehounddev.blob.core.windows.net/azurefunction/containerRestartFunction.zip)

Confirm the URI is intended for production distribution before publishing.

---

Wrap bare URL in a Markdown link and confirm storage account
Please replace the standalone link with a descriptive Markdown link and verify that saazurehounddev is the correct, publicly accessible endpoint for production distribution.

• File: published-azurehound-application-user-guide/USER_GUIDE.md
Lines: 59–60

- https://saazurehounddev.blob.core.windows.net/azurefunction/containerRestartFunction.zip
+ [Azure Function package](https://saazurehounddev.blob.core.windows.net/azurefunction/containerRestartFunction.zip)

Ensure the URI points to the intended (public/production) storage account before publishing.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	https://saazurehounddev.blob.core.windows.net/azurefunction/containerRestartFunction.zip
	[Azure Function package](https://saazurehounddev.blob.core.windows.net/azurefunction/containerRestartFunction.zip)

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

59-59: Bare URL used

(MD034, no-bare-urls)

🤖 Prompt for AI Agents

In published-azurehound-application-user-guide/USER_GUIDE.md around lines 59 to
60, the URL is presented as a bare link. Replace the bare URL with a descriptive
Markdown link text that clearly indicates what the link points to. Additionally,
verify that the storage account name 'saazurehounddev' is the correct and
publicly accessible endpoint intended for production use before finalizing the
change.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

published-azurehound-application-user-guide/USER_GUIDE.md (1)

58-58: Confirm Azure Function package endpoint is production and publicly accessible

The link now uses a proper Markdown label (thanks). The storage account name still looks like a dev environment (saazurehounddev). Confirm this is the intended public, production endpoint for distribution. If not, replace with the production URI or a versioned release artifact.

Optionally verify availability:

#!/bin/bash
# HEAD request should return HTTP/1.1 200 OK and a content-length
# If SAS is required, this will likely 403/404.
set -euo pipefail
URL='https://saazurehounddev.blob.core.windows.net/azurefunction/containerRestartFunction.zip'
curl -sI "$URL" | sed -n '1p;/^content-length:/Ip;/^content-type:/Ip;/^last-modified:/Ip'

🧹 Nitpick comments (8)

published-azurehound-application-user-guide/USER_GUIDE.md (8)

21-21: Fix heading level to satisfy MD001

Heading jumps from H1 to H3. Use H2 here.

-### Steps to Register an Application in Microsoft Entra ID
+## Steps to Register an Application in Microsoft Entra ID

---

38-38: Remove trailing colon in heading (MD026)

Headings should not end with punctuation.

-### To obtain the BloodHound Token ID and Token Secret, follow these steps:
+### To obtain the BloodHound Token ID and Token Secret

---

24-27: Clean up phrasing/hyphens for clarity

Unnecessary hyphens make the steps harder to read.

-- Click - **New registration**.
+- Click **New registration**.
@@
-- Under Supported account types, select - **Accounts in this organizational directory only**.
+- Under Supported account types, select **Accounts in this organizational directory only**.
@@
-- Click Register to create the Application.
+- Click Register to create the application.

---

57-57: Fix spacing typo

-- **BloodHound Token Secret** -Enter the Managed Client Token Secret.
+- **BloodHound Token Secret** - Enter the Managed Client Token Secret.

---

64-64: Standardize product casing (“BloodHound”)

-## Start a job in Bloodhound
+## Start a job in BloodHound

---

87-87: Minor wording tweak for clarity

-- In the Managed resource group, in Resources, search for the container app and open the Container App resource.
+- In the managed resource group, under Resources, search for the container app and open the Container App resource.

---

47-60: Add minimal examples to reduce user guesswork (optional)

Examples help users supply correctly formatted values.

 - **Azure Tenant ID** - Your Azure Tenant ID.
+- **Azure Tenant ID** - Your Azure tenant ID (e.g., 11111111-2222-3333-4444-555555555555).
@@
 - **BloodHound Instance Domain** - Enter your BloodHound instance domain name
+- **BloodHound Instance Domain** - Enter your BloodHound instance domain name (e.g., https://<your-subdomain>.specterops.io)

---

1-3: Consider adding a short “Prerequisites” section (optional)

Up front, clarify required roles and access to avoid deployment failures.

Suggested content to insert after the main title:

• Azure subscription with permissions to deploy Marketplace Managed Applications (Owner or Contributor on target RG).
• Permission to create an app registration and grant admin consent.
• Access to your BloodHound instance to create a Managed Client and retrieve Token ID/Secret.
• Ability to securely store the client secret.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bab5da6 and 956881d.

📒 Files selected for processing (1)

• published-azurehound-application-user-guide/USER_GUIDE.md (1 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

published-azurehound-application-user-guide/USER_GUIDE.md

21-21: Heading levels should only increment by one level at a time
Expected: h2; Actual: h3

(MD001, heading-increment)

---

38-38: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

[coderabbitai]

🛠️ Refactor suggestion

Specify Microsoft Graph permission type explicitly

Clarify these are Application permissions to avoid users adding Delegated permissions by mistake.

-- **Azure Application ID** - Register an application in Microsoft Entra ID, and grant it the Directory.Read.All, RoleManagement.Read.All API permissions and admin consent.
+- **Azure Application ID** - Register an application in Microsoft Entra ID, and grant it the Microsoft Graph Application permissions: Directory.Read.All and RoleManagement.Read.All. Then grant admin consent.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- **Azure Application ID** - Register an application in Microsoft Entra ID, and grant it the Directory.Read.All, RoleManagement.Read.All API permissions and admin consent.
	- **Azure Application ID** - Register an application in Microsoft Entra ID, and grant it the Microsoft Graph Application permissions: Directory.Read.All and RoleManagement.Read.All. Then grant admin consent.

🤖 Prompt for AI Agents

In published-azurehound-application-user-guide/USER_GUIDE.md around line 49, the
permission note currently lists Directory.Read.All and RoleManagement.Read.All
without specifying permission type; update the text to explicitly state these
are Microsoft Graph Application permissions (not Delegated permissions), e.g.,
append “(Application permissions)” or rephrase to “grant the following Microsoft
Graph Application permissions: Directory.Read.All and RoleManagement.Read.All,
and provide admin consent,” so readers cannot confuse them with Delegated
permissions.

[ishikap-metron]

I have read the CLA Document and I hereby sign the CLA