BP-2488: Findings

[jeff-matthews]

Purpose

This pull request (PR) addresses a gap in doc coverage for the Attack Paths page in BloodHound Enterprise as described in BP-2488.

It also proposes a new structure for the Analyze Attack Path Data section in the left nav:

Note

I think we should move the BloodHound Configuration page to the Manage BloodHound section, but that's out of scope for this PR. It'll probably happen soon when I document the API key expiration feature.

Staging

https://specterops-bp-2488-findings.mintlify.app/analyze-data/findings/attack-paths

TODOs

• Consider using snippets for shared glossary definitions
• Consider using visuals to supplement conceptual explanations

Summary by CodeRabbit

• Documentation
  • New comprehensive guides for analyzing Attack Paths, managing Risk Acceptance, and viewing Posture data
  • Reorganized navigation structure with clearer "Findings and Remediation" section
  • Updated glossary definitions for key concepts including Attack Paths, Exposure, Impact, Complex Edges, and Metatrees
  • Legacy documentation links automatically redirect to new pages

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c37e7fc4-1164-4adf-b51b-5206fed8b547

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

The PR reorganizes BloodHound Enterprise documentation by restructuring attack path and risk acceptance content into a new findings folder, creating dedicated pages for Attack Paths, Risk Acceptance, and Posture findings, removing outdated pages, updating navigation structure with redirects, and establishing a reusable post-processed edges snippet component.

Changes

Cohort / File(s)	Summary
New Findings Documentation Pages docs/analyze-data/findings/attack-paths.mdx, docs/analyze-data/findings/posture.mdx, docs/analyze-data/findings/risk-acceptance.mdx	Three new pages added documenting Attack Paths analysis, Posture overview and metrics, and risk acceptance workflows with user guidance and UI descriptions.
Removed Documentation docs/analyze-data/accept-findings.mdx, docs/analyze-data/posture-page.mdx	Two legacy documentation pages removed, with content migrated to new structure under findings folder.
Navigation Restructuring docs/docs.json, docs/analyze-data/overview.mdx	Navigation structure reorganized into "Findings and Remediation", "Explore", and "Privilege Zones" groups; overview page converted from CardGroup to Columns layout with updated routes and descriptions.
Snippet Component Creation docs/snippets/analysis/post-processed-edges.mdx	New reusable MDX snippet component created to centralize post-processed edges list with accordion display, replacing inline hardcoded content.
Link Updates and Documentation Corrections docs/analyze-data/privilege-zones/overview.mdx, docs/integrations/splunk/siem/use.mdx, docs/opengraph/developer/schema.mdx, docs/resources/glossary/overview.mdx, docs/resources/release-notes/2026-01-22.mdx	Updated documentation links from old paths to new findings paths; glossary expanded with new terms (Complex Edge, Metatree, Post-Processing) and refined definitions; schema updated to use snippet component; various formatting standardizations applied.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 Hops of joy through docs we bring,
New findings pages, a cleaner thing!
Attack paths structured, posture refined,
Redirects mapped, no links left behind!
Risk acceptance glossed, snippets reused,
Documentation blooming, beautifully used! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'BP-2488: Findings' is vague and non-descriptive, using generic terminology that does not convey meaningful information about the substantial documentation restructuring and content additions.	Use a more descriptive title that captures the main intent, such as 'Restructure Attack Path analysis documentation with new Findings section' or 'Add Attack Paths, Risk Acceptance, and Posture documentation pages'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch BP-2488-findings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
bloodhound	🟢 Ready	View Preview	Mar 26, 2026, 4:17 PM

[jeff-matthews]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (2)

docs/docs.json (1)

1512-1514: Prefer a direct redirect to avoid chaining legacy posture routes.

This mapping currently creates an extra hop (/analyze-data/bloodhound-gui/posture-page → /analyze-data/posture-page → /analyze-data/findings/posture).

🚦 Proposed refinement

     {
         "source": "/analyze-data/bloodhound-gui/posture-page",
-        "destination": "/analyze-data/posture-page"
+        "destination": "/analyze-data/findings/posture"
     },

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/docs.json` around lines 1512 - 1514, Update the redirect mapping that
currently maps "source": "/analyze-data/bloodhound-gui/posture-page" to
"destination": "/analyze-data/posture-page" so it points directly to the final
route; change the destination to "/analyze-data/findings/posture" to remove the
intermediate hop and avoid chained redirects.

docs/analyze-data/findings/posture.mdx (1)

34-37: Consider removing duplicate time picker reference.

Lines 34 and 37 both mention that custom date ranges include a time picker. The repetition within the same section may be unnecessary.

♻️ Proposed fix to reduce duplication

 Choose from preset ranges or set a custom range to compare specific analysis runs. Custom date ranges include a time picker, so you can set exact start and end times.
 
 <Tip>
-  For meaningful trend comparisons, use the same filter scope and similar date ranges across reviews. Custom date ranges include a time picker, so you can set exact start and end times.
+  For meaningful trend comparisons, use the same filter scope and similar date ranges across reviews.
 </Tip>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/analyze-data/findings/posture.mdx` around lines 34 - 37, Remove the
duplicated sentence about the time picker by keeping it once and deleting the
other occurrence; specifically, in the section that currently contains both the
inline sentence "Custom date ranges include a time picker, so you can set exact
start and end times." and the identical sentence inside the <Tip> block, retain
the tip's phrasing (or the inline line) and remove the redundant copy so the
guidance appears only once in the "Choose from preset ranges..." paragraph/Tip
pair.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/analyze-data/findings/attack-paths.mdx`:
- Line 12: The sentence "These risks are represented as findings, which includes
prioritization data..." has a subject-verb agreement error; change the verb
"includes" to "include" so the clause reads "which include prioritization
data..." to match the plural subject "findings" (edit the findings sentence in
attack-paths.mdx).
- Line 20: Remove the internal drafting note "**DELETE ME**: Would like to use
some kind of visual..." from the attack-paths.mdx content (the visible callout
at line containing "**DELETE ME**"); replace it with a neutral, user-facing
callout requesting a non-sensitive visual or abstract illustration (e.g.,
"Consider adding an abstract visual or diagram to illustrate attack paths
without revealing sensitive findings") so the page contains no internal
editorial markers and still prompts for safe visuals.

In `@docs/analyze-data/findings/risk-acceptance.mdx`:
- Line 10: Fix two copy issues in the text: replace "for certain amount of time"
with "a certain amount of time" in the sentence that begins "Not every finding
requires immediate remediation..." and capitalize "Enterprise" where it appears
lowercase on the later line (the occurrence currently written as "enterprise")
so it reads "Enterprise"; update both string literals accordingly.

In `@docs/docs.json`:
- Around line 1612-1614: The redirect entry with "source":
"/analyze-data/accept-findings" has an incorrect "destination" value
"/analyze-data/findings/accept"; update the destination to
"/analyze-data/findings/risk-acceptance" so it points to the existing docs page
(docs/analyze-data/findings/risk-acceptance.mdx), keeping the same "source" key
and JSON structure.

In `@docs/resources/glossary/overview.mdx`:
- Around line 102-105: Remove the duplicated sentence in the "Hygiene"
definition: delete the repeated sentence "Examples include dangerous edges
originating from broadly populated default groups. Hygiene findings are
displayed separately in a dedicated filter view on the **Attack Path** and
**Posture** pages." so the Hygiene entry contains that explanation only once,
keeping the single correct instance under the "Hygiene" heading.

---

Nitpick comments:
In `@docs/analyze-data/findings/posture.mdx`:
- Around line 34-37: Remove the duplicated sentence about the time picker by
keeping it once and deleting the other occurrence; specifically, in the section
that currently contains both the inline sentence "Custom date ranges include a
time picker, so you can set exact start and end times." and the identical
sentence inside the <Tip> block, retain the tip's phrasing (or the inline line)
and remove the redundant copy so the guidance appears only once in the "Choose
from preset ranges..." paragraph/Tip pair.

In `@docs/docs.json`:
- Around line 1512-1514: Update the redirect mapping that currently maps
"source": "/analyze-data/bloodhound-gui/posture-page" to "destination":
"/analyze-data/posture-page" so it points directly to the final route; change
the destination to "/analyze-data/findings/posture" to remove the intermediate
hop and avoid chained redirects.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f901d0b7-e025-4589-afbf-e38f51bec0a7

📥 Commits

Reviewing files that changed from the base of the PR and between da7a211 and 206992e.

📒 Files selected for processing (13)

• docs/analyze-data/accept-findings.mdx
• docs/analyze-data/findings/attack-paths.mdx
• docs/analyze-data/findings/posture.mdx
• docs/analyze-data/findings/risk-acceptance.mdx
• docs/analyze-data/overview.mdx
• docs/analyze-data/posture-page.mdx
• docs/analyze-data/privilege-zones/overview.mdx
• docs/docs.json
• docs/integrations/splunk/siem/use.mdx
• docs/opengraph/developer/schema.mdx
• docs/resources/glossary/overview.mdx
• docs/resources/release-notes/2026-01-22.mdx
• docs/snippets/analysis/post-processed-edges.mdx

💤 Files with no reviewable changes (2)

• docs/analyze-data/accept-findings.mdx
• docs/analyze-data/posture-page.mdx

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Remove internal “DELETE ME” note before publishing.

Line 20 is an internal drafting note and should not appear in user-facing docs.

🧹 Proposed fix

->**DELETE ME**: Would like to use some kind of visual. How much of the UI can we show? Should we use an abstract image rather than an actual screenshot to avoid revealing findings?

If helpful, I can draft a replacement callout that requests visuals without exposing internal editorial notes.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

>**DELETE ME**: Would like to use some kind of visual. How much of the UI can we show? Should we use an abstract image rather than an actual screenshot to avoid revealing findings?

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/analyze-data/findings/attack-paths.mdx` at line 20, Remove the internal
drafting note "**DELETE ME**: Would like to use some kind of visual..." from the
attack-paths.mdx content (the visible callout at line containing "**DELETE
ME**"); replace it with a neutral, user-facing callout requesting a
non-sensitive visual or abstract illustration (e.g., "Consider adding an
abstract visual or diagram to illustrate attack paths without revealing
sensitive findings") so the page contains no internal editorial markers and
still prompts for safe visuals.