tier-zero-audit

Official

Audit Tier Zero access, cut drift, secure attack paths.

Authordreadnode
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Unvalidated drift in Bloodhound Enterprise's Tier Zero asset group creates unmonitored high-privilege access points, allowing unvetted principals to become part of critical attack paths and increasing organizational breach risk.

Core Features & Use Cases

  • Tier Zero Membership Audit: Enumerate all members of the Tier Zero asset group, including their inclusion selectors and certification status.
  • Drift Detection: Identify unvetted additions to Tier Zero, such as stale service accounts, obsolete OUs, or misclassified groups that no longer require high-value access.
  • Certification Management: Recommend certifications for legitimate Tier Zero members and flag drift for human-approved revocation, with full audit history review for change tracking.
  • Use Case: After a domain migration, use this skill to catch legacy computer objects incorrectly added to Tier Zero and certify new service accounts with required admin access to domain controllers.

Quick Start

Ask the AI to perform a Tier Zero audit in your Bloodhound Enterprise deployment to get a full drift report and actionable certification recommendations.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: tier-zero-audit
Download link: https://github.com/dreadnode/capabilities/archive/main.zip#tier-zero-audit

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.