Documentation needs to include "highvalue" as "system_tags":"admin_tier_0" and how to query for NOT highvalue

[TheKevinWang]

Despite clearly having high value nodes, the "highvalue" property is nowhere to be seen in neo4j and cannot be queried on. This used to work before SpecterOps.

After some digging, I realized this had been changed to a system_tag, which also contains the "owned" property.
"system_tags": "admin_tier_0",
OR
"system_tags": "admin_tier_0 owned",

So to find high value targets, I would use:
MATCH (m) where m.system_tags =~'admin_tier_0.*' RETURN m

For some reason, nothing seems to work for NOT highvalue. The following works in neo4j, but in Bloodhound results in an error "line 1:26 no viable alternative at input 'match (m) where not exists('"

match (m) where not exists(m.system_tags) return m limit 8

EDIT: I found a hack to do this that works in bloodhound:
match (m) where not 'system_tags' in keys(m) return m limit 8

It would be great is this was documented, including a way to query on NOT highvalue. Old bloodhound queries that use highvalue don't work anymore.

Component(s) Affected:

• UI
• API
• Neo4j
• PostgreSQL
• Data Collector (SharpHound, AzureHound)
• [x ] Other (tooling, documentation, etc.)

Steps to Reproduce:

Expected Behavior:

A description of what you expected to happen.

Actual Behavior:

A description of what actually happened.

Screenshots/Code Snippets/Sample Files:

If applicable, add screenshots, relevant code snippets, or sample files that help illustrate the issue.

git clone https://github.com/SpecterOps/BloodHound.git
cd BloodHound/examples/docker-compose
docker compose up

Environment Information:

BloodHound: [BloodHound version or revision]

Collector: [SharpHound version / AzureHound version]

OS: [your OS and version]

Browser (if UI related): [browser name and version]

Node.js (if UI related: [Node.js version]

Go (if API related): [Go version]

Database (if persistence related): [Neo4j version / PostgreSQL version]

Docker (if using Docker): [docker version]

Additional Information:

Any additional context or information that might be helpful in understanding and diagnosing the issue.

Potential Solution (Optional):

If you have any ideas about what might be causing the issue or how it could be fixed, you can share them here.

Related Issues:

If you've found related issues in the project's issue tracker, mention them here.

Contributor Checklist:

• [ x] I have searched the issue tracker to ensure this bug hasn't been reported before or is not already being addressed.
• [x ] I have provided clear steps to reproduce the issue.
• [ x] I have included relevant environment information details.
• [x ] I have attached necessary supporting documents.
• [ x] I have checked that any JSON files I am attempting to upload to BloodHound are valid.

[TheKevinWang]

found pre-built query