From 6169b365d0c925d7e08bb320af0fa890145788d9 Mon Sep 17 00:00:00 2001
From: N7WEra <59871507+N7WEra@users.noreply.github.com>
Date: Thu, 11 Feb 2021 09:54:47 +0000
Subject: [PATCH] Added a table to visualise the differences in collection
 methods

---
 docs/data-collection/sharphound-all-flags.rst | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/docs/data-collection/sharphound-all-flags.rst b/docs/data-collection/sharphound-all-flags.rst
index 387509d86..9fce3c0ef 100644
--- a/docs/data-collection/sharphound-all-flags.rst
+++ b/docs/data-collection/sharphound-all-flags.rst
@@ -56,6 +56,30 @@ Here are the less common CollectionMethods and what they do:
 * **ObjectProps** - Performs Object Properties collection for properties 
   such as LastLogon or PwdLastSet
 
+Table to demonstrate the differences
+------------------------------------
+
+|                                                                    | Default | All | DCOnly | ComputerOnly | Session | LoggedOn** | Group | ACL | GPOLocalGroup | Trusts | Container | LocalGroup | LocalAdmin | RDP | DCOM | PSRemote | ObjectProps |
+|:------------------------------------------------------------------:|:-------:|:---:|:------:|:------------:|:-------:|:----------:|:-----:|:---:|:-------------:|:------:|:---------:|:----------:|:----------:|:---:|:----:|:--------:|:-----------:|
+|                      Security group membership                     |    X    |  X  |    X   |              |         |      X     |   X   |     |               |        |           |            |            |     |      |          |             |
+|                            Domain Trusts                           |    X    |  X  |    X   |              |         |      X     |       |     |               |    X   |           |            |            |     |      |          |             |
+|                 abusable permissions on AD objects                 |    X    |  X  |    X   |              |         |      X     |       |  X  |               |        |           |            |            |     |      |          |             |
+|                          OU tree structure                         |    X    |  X  |    X   |              |         |      X     |       |     |               |        |     X     |            |            |     |      |          |             |
+|                         Group Policy links                         |    X    |  X  |    X   |              |         |      X     |       |     |               |        |     X     |            |            |     |      |          |             |
+|                        AD object properties                        |    X    |  X  |    X   |              |         |      X     |       |     |               |        |           |            |            |     |      |          |             |
+| Correlate Group Policy-enforced local groups to affected computers |    X    |     |    X   |              |         |            |       |     |       X       |        |           |            |            |     |      |          |             |
+|                            Local Groups                            |    X    |  X  |        |       X      |         |      X     |       |     |               |        |           |            |            |     |      |          |             |
+|                            User Session                            |    X    |  X  |        |       X      |    X    |      X     |       |     |               |        |           |            |            |     |      |          |             |
+|                            Local Admins                            |    X    |  X  |        |              |         |            |       |     |               |        |           |      X     |      X     |     |      |          |             |
+|                        RDP group membership                        |         |  X  |        |              |         |            |       |     |               |        |           |      X     |            |  X  |      |          |             |
+|                        DCOM group membership                       |         |  X  |        |              |         |            |       |     |               |        |           |      X     |            |     |   X  |          |             |
+|                      PSRemote group membership                     |         |  X  |        |              |         |            |       |     |               |        |           |      X     |            |     |      |     X    |             |
+|                            ObjectProps**                           |         |  X  |        |              |         |            |       |     |               |        |           |            |            |     |      |          |      X      |
+
+*Does session collection using the privileged collection method. Use this if you are running as a user with local admin rights on lots of systems for the best user session data.
+*ObjectProps - Performs Object Properties collection for properties such as LastLogon or PwdLastSet
+
+
 Domain
 ------