Description
Hi,
When running AzureHound with the "group-members" flag, it appears that the JSON file contains a whole lot of irrelevant data. This is an issue in large environments. The size of the JSON file can grow to multiple gigabytes, which then cannot be ingested into BHCE due to the size limit (around 400MB from my testing). Using Chophound to cut the file into smaller pieces might do the trick, but even some single group nodes within the JSON are above 400MB which is above the BHCE upload limit for a given file. This results in data ingestion not being possible.
Looking through the JSON file, it appears that attributes on each of the group members like:
assignedLicenses
assignedPlans
provisionedPlans
Take up a large portion of the file.
Additionally, attributes like:
country
department
faxNumber
And a whole lot more, is present in the data for each group member.
I do not see why this data is part of the "group-members" ingestion.
I would think that 95% of the data collected can be removed.
In my mind, only the raw membership data should be included, as in:
groupId (Group ID)
memberId (ID of the groups or users that are members of said group)
All the other data for the groups and users themselves, should not be included in this data collection type.