cartography 0.101.1rc1__py3-none-any.whl → 0.102.0rc1__py3-none-any.whl

cartography/_version.py

@@ -17,5 +17,5 @@ __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
 
-__version__ = version = '0.101.1rc1'
-__version_tuple__ = version_tuple = (0, 101, 1)
+__version__ = version = '0.102.0rc1'
+__version_tuple__ = version_tuple = (0, 102, 0)

cartography/cli.py

@@ -211,6 +211,30 @@ class CLI:
                 'The name of environment variable containing Azure Client Secret for Service Principal Authentication.'
             ),
         )
+        parser.add_argument(
+            '--entra-tenant-id',
+            type=str,
+            default=None,
+            help=(
+                'Entra Tenant Id for Service Principal Authentication.'
+            ),
+        )
+        parser.add_argument(
+            '--entra-client-id',
+            type=str,
+            default=None,
+            help=(
+                'Entra Client Id for Service Principal Authentication.'
+            ),
+        )
+        parser.add_argument(
+            '--entra-client-secret-env-var',
+            type=str,
+            default=None,
+            help=(
+                'The name of environment variable containing Entra Client Secret for Service Principal Authentication.'
+            ),
+        )
         parser.add_argument(
             '--aws-requested-syncs',
             type=str,
@@ -615,6 +639,16 @@ class CLI:
         else:
             config.azure_client_secret = None
 
+        # Entra config
+        if config.entra_tenant_id and config.entra_client_id and config.entra_client_secret_env_var:
+            logger.debug(
+                "Reading Client Secret for Entra Authentication from environment variable %s",
+                config.entra_client_secret_env_var,
+            )
+            config.entra_client_secret = os.environ.get(config.entra_client_secret_env_var)
+        else:
+            config.entra_client_secret = None
+
         # Okta config
         if config.okta_org_id and config.okta_api_key_env_var:
             logger.debug(f"Reading API key for Okta from environment variable {config.okta_api_key_env_var}")
@@ -798,5 +832,9 @@ def main(argv=None):
     logging.getLogger('botocore').setLevel(logging.WARNING)
     logging.getLogger('googleapiclient').setLevel(logging.WARNING)
     logging.getLogger('neo4j').setLevel(logging.WARNING)
+    logging.getLogger('azure.identity').setLevel(logging.WARNING)
+    logging.getLogger('httpx').setLevel(logging.WARNING)
+    logging.getLogger('azure.core.pipeline.policies.http_logging_policy').setLevel(logging.WARNING)
+
     argv = argv if argv is not None else sys.argv[1:]
     sys.exit(CLI(prog='cartography').main(argv))

cartography/config.py

@@ -41,6 +41,12 @@ class Config:
     :param azure_client_id: Client Id for connecting in a Service Principal Authentication approach. Optional.
     :type azure_client_secret: str
     :param azure_client_secret: Client Secret for connecting in a Service Principal Authentication approach. Optional.
+    :type entra_tenant_id: str
+    :param entra_tenant_id: Tenant Id for connecting in a Service Principal Authentication approach. Optional.
+    :type entra_client_id: str
+    :param entra_client_id: Client Id for connecting in a Service Principal Authentication approach. Optional.
+    :type entra_client_secret: str
+    :param entra_client_secret: Client Secret for connecting in a Service Principal Authentication approach. Optional.
     :type aws_requested_syncs: str
     :param aws_requested_syncs: Comma-separated list of AWS resources to sync. Optional.
     :type analysis_job_directory: str
@@ -133,6 +139,9 @@ class Config:
         azure_tenant_id=None,
         azure_client_id=None,
         azure_client_secret=None,
+        entra_tenant_id=None,
+        entra_client_id=None,
+        entra_client_secret=None,
         aws_requested_syncs=None,
         analysis_job_directory=None,
         oci_sync_all_profiles=None,
@@ -191,6 +200,9 @@ class Config:
         self.azure_tenant_id = azure_tenant_id
         self.azure_client_id = azure_client_id
         self.azure_client_secret = azure_client_secret
+        self.entra_tenant_id = entra_tenant_id
+        self.entra_client_id = entra_client_id
+        self.entra_client_secret = entra_client_secret
         self.aws_requested_syncs = aws_requested_syncs
         self.analysis_job_directory = analysis_job_directory
         self.oci_sync_all_profiles = oci_sync_all_profiles

cartography/data/indexes.cypher

@@ -65,9 +65,6 @@ CREATE INDEX IF NOT EXISTS FOR (n:AccountAccessKey) ON (n.accesskeyid);
 CREATE INDEX IF NOT EXISTS FOR (n:AccountAccessKey) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AutoScalingGroup) ON (n.arn);
 CREATE INDEX IF NOT EXISTS FOR (n:AutoScalingGroup) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:CrowdstrikeHost) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:CrowdstrikeHost) ON (n.instance_id);
-CREATE INDEX IF NOT EXISTS FOR (n:CrowdstrikeHost) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:CVE) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:CVE) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:Dependency) ON (n.id);
@@ -194,9 +191,6 @@ CREATE INDEX IF NOT EXISTS FOR (n:KMSGrant) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:LaunchConfiguration) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:LaunchConfiguration) ON (n.name);
 CREATE INDEX IF NOT EXISTS FOR (n:LaunchConfiguration) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancer) ON (n.dnsname);
-CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancer) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancer) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancerV2) ON (n.dnsname);
 CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancerV2) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancerV2) ON (n.lastupdated);

cartography/data/jobs/cleanup/crowdstrike_import_cleanup.json

@@ -5,11 +5,6 @@
       "iterative": true,
       "iterationsize": 100
     },
-    {
-      "query": "MATCH (h:CrowdstrikeHost) WHERE h.lastupdated <> $UPDATE_TAG WITH h LIMIT $LIMIT_SIZE DETACH DELETE (h)",
-      "iterative": true,
-      "iterationsize": 100
-    },
     {
       "query": "MATCH (:CrowdstrikeFinding)<-[hc:HAS_CVE]-(:SpotlightVulnerability) WHERE hc.lastupdated <> $UPDATE_TAG WITH hc LIMIT $LIMIT_SIZE DELETE (hc)",
       "iterative": true,

cartography/intel/aws/ec2/launch_templates.py

@@ -69,10 +69,15 @@ def get_launch_template_versions_by_template(
     return template_versions
 
 
-def transform_launch_templates(templates: list[dict[str, Any]]) -> list[dict[str, Any]]:
+def transform_launch_templates(templates: list[dict[str, Any]], versions: list[dict[str, Any]]) -> list[dict[str, Any]]:
+    valid_template_ids = {v['LaunchTemplateId'] for v in versions}
     result: list[dict[str, Any]] = []
     for template in templates:
+        if template['LaunchTemplateId'] not in valid_template_ids:
+            continue
+
         current = template.copy()
+        # Convert CreateTime to timestamp string
         current['CreateTime'] = str(int(current['CreateTime'].timestamp()))
         result.append(current)
     return result
@@ -165,9 +170,13 @@ def sync_ec2_launch_templates(
         logger.info(f"Syncing launch templates for region '{region}' in account '{current_aws_account_id}'.")
         templates = get_launch_templates(boto3_session, region)
         versions = get_launch_template_versions(boto3_session, region, templates)
-        templates = transform_launch_templates(templates)
-        load_launch_templates(neo4j_session, templates, region, current_aws_account_id, update_tag)
-        versions = transform_launch_template_versions(versions)
-        load_launch_template_versions(neo4j_session, versions, region, current_aws_account_id, update_tag)
+
+        # Transform and load the templates that have versions
+        transformed_templates = transform_launch_templates(templates, versions)
+        load_launch_templates(neo4j_session, transformed_templates, region, current_aws_account_id, update_tag)
+
+        # Transform and load the versions
+        transformed_versions = transform_launch_template_versions(versions)
+        load_launch_template_versions(neo4j_session, transformed_versions, region, current_aws_account_id, update_tag)
 
     cleanup(neo4j_session, common_job_parameters)

cartography/intel/aws/ec2/load_balancers.py

@@ -1,190 +1,168 @@
 import logging
-from typing import Dict
-from typing import List
 
 import boto3
 import neo4j
 
 from .util import get_botocore_config
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.aws.ec2.load_balancer_listeners import ELBListenerSchema
+from cartography.models.aws.ec2.load_balancers import LoadBalancerSchema
 from cartography.util import aws_handle_regions
-from cartography.util import run_cleanup_job
 from cartography.util import timeit
 
 logger = logging.getLogger(__name__)
 
 
+def _get_listener_id(load_balancer_id: str, port: int, protocol: str) -> str:
+    """
+    Generate a unique ID for a load balancer listener.
+
+    Args:
+        load_balancer_id: The ID of the load balancer
+        port: The listener port
+        protocol: The listener protocol
+
+    Returns:
+        A unique ID string for the listener
+    """
+    return f"{load_balancer_id}{port}{protocol}"
+
+
+def transform_load_balancer_listener_data(load_balancer_id: str, listener_data: list[dict]) -> list[dict]:
+    """
+    Transform load balancer listener data into a format suitable for cartography ingestion.
+
+    Args:
+        load_balancer_id: The ID of the load balancer
+        listener_data: List of listener data from AWS API
+
+    Returns:
+        List of transformed listener data
+    """
+    transformed = []
+    for listener in listener_data:
+        listener_info = listener['Listener']
+        transformed_listener = {
+            'id': _get_listener_id(load_balancer_id, listener_info['LoadBalancerPort'], listener_info['Protocol']),
+            'port': listener_info.get('LoadBalancerPort'),
+            'protocol': listener_info.get('Protocol'),
+            'instance_port': listener_info.get('InstancePort'),
+            'instance_protocol': listener_info.get('InstanceProtocol'),
+            'policy_names': listener.get('PolicyNames', []),
+            'LoadBalancerId': load_balancer_id,
+        }
+        transformed.append(transformed_listener)
+    return transformed
+
+
+def transform_load_balancer_data(load_balancers: list[dict]) -> tuple[list[dict], list[dict]]:
+    """
+    Transform load balancer data into a format suitable for cartography ingestion.
+
+    Args:
+        load_balancers: List of load balancer data from AWS API
+
+    Returns:
+        Tuple of (transformed load balancer data, transformed listener data)
+    """
+    transformed = []
+    listener_data = []
+
+    for lb in load_balancers:
+        load_balancer_id = lb['DNSName']
+        transformed_lb = {
+            'id': load_balancer_id,
+            'name': lb['LoadBalancerName'],
+            'dnsname': lb['DNSName'],
+            'canonicalhostedzonename': lb.get('CanonicalHostedZoneName'),
+            'canonicalhostedzonenameid': lb.get('CanonicalHostedZoneNameID'),
+            'scheme': lb.get('Scheme'),
+            'createdtime': str(lb['CreatedTime']),
+            'GROUP_NAME': lb.get('SourceSecurityGroup', {}).get('GroupName'),
+            'GROUP_IDS': [str(group) for group in lb.get('SecurityGroups', [])],
+            'INSTANCE_IDS': [instance['InstanceId'] for instance in lb.get('Instances', [])],
+            'LISTENER_IDS': [
+                _get_listener_id(
+                    load_balancer_id,
+                    listener['Listener']['LoadBalancerPort'],
+                    listener['Listener']['Protocol'],
+                ) for listener in lb.get('ListenerDescriptions', [])
+            ],
+        }
+        transformed.append(transformed_lb)
+
+        # Classic ELB listeners are not returned anywhere else in AWS, so we must parse them out
+        # of the describe_load_balancers response.
+        if lb.get('ListenerDescriptions'):
+            listener_data.extend(
+                transform_load_balancer_listener_data(
+                    load_balancer_id,
+                    lb.get('ListenerDescriptions', []),
+                ),
+            )
+
+    return transformed, listener_data
+
+
 @timeit
 @aws_handle_regions
-def get_loadbalancer_data(boto3_session: boto3.session.Session, region: str) -> List[Dict]:
+def get_loadbalancer_data(boto3_session: boto3.session.Session, region: str) -> list[dict]:
     client = boto3_session.client('elb', region_name=region, config=get_botocore_config())
     paginator = client.get_paginator('describe_load_balancers')
-    elbs: List[Dict] = []
+    elbs: list[dict] = []
     for page in paginator.paginate():
         elbs.extend(page['LoadBalancerDescriptions'])
     return elbs
 
 
 @timeit
-def load_load_balancer_listeners(
-    neo4j_session: neo4j.Session, load_balancer_id: str, listener_data: List[Dict],
+def load_load_balancers(
+    neo4j_session: neo4j.Session, data: list[dict], region: str, current_aws_account_id: str,
     update_tag: int,
 ) -> None:
-    ingest_listener = """
-    MATCH (elb:LoadBalancer{id: $LoadBalancerId})
-    WITH elb
-    UNWIND $Listeners as data
-        MERGE (l:Endpoint:ELBListener{id: elb.id + toString(data.Listener.LoadBalancerPort) +
-                toString(data.Listener.Protocol)})
-        ON CREATE SET l.port = data.Listener.LoadBalancerPort, l.protocol = data.Listener.Protocol,
-        l.firstseen = timestamp()
-        SET l.instance_port = data.Listener.InstancePort, l.instance_protocol = data.Listener.InstanceProtocol,
-        l.policy_names = data.PolicyNames,
-        l.lastupdated = $update_tag
-        WITH l, elb
-        MERGE (elb)-[r:ELB_LISTENER]->(l)
-        ON CREATE SET r.firstseen = timestamp()
-        SET r.lastupdated = $update_tag
-    """
-
-    neo4j_session.run(
-        ingest_listener,
-        LoadBalancerId=load_balancer_id,
-        Listeners=listener_data,
-        update_tag=update_tag,
+    load(
+        neo4j_session,
+        LoadBalancerSchema(),
+        data,
+        Region=region,
+        AWS_ID=current_aws_account_id,
+        lastupdated=update_tag,
     )
 
 
 @timeit
-def load_load_balancer_subnets(
-    neo4j_session: neo4j.Session, load_balancer_id: str, subnets_data: List[Dict],
-    update_tag: int,
-) -> None:
-    ingest_load_balancer_subnet = """
-    MATCH (elb:LoadBalancer{id: $ID}), (subnet:EC2Subnet{subnetid: $SUBNET_ID})
-    MERGE (elb)-[r:SUBNET]->(subnet)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $update_tag
-    """
-
-    for subnet_id in subnets_data:
-        neo4j_session.run(
-            ingest_load_balancer_subnet,
-            ID=load_balancer_id,
-            SUBNET_ID=subnet_id,
-            update_tag=update_tag,
-        )
-
-
-@timeit
-def load_load_balancers(
-    neo4j_session: neo4j.Session, data: List[Dict], region: str, current_aws_account_id: str,
+def load_load_balancer_listeners(
+    neo4j_session: neo4j.Session, data: list[dict], region: str, current_aws_account_id: str,
     update_tag: int,
 ) -> None:
-    ingest_load_balancer = """
-    MERGE (elb:LoadBalancer{id: $ID})
-    ON CREATE SET elb.firstseen = timestamp(), elb.createdtime = $CREATED_TIME
-    SET elb.lastupdated = $update_tag, elb.name = $NAME, elb.dnsname = $DNS_NAME,
-    elb.canonicalhostedzonename = $HOSTED_ZONE_NAME, elb.canonicalhostedzonenameid = $HOSTED_ZONE_NAME_ID,
-    elb.scheme = $SCHEME, elb.region = $Region
-    WITH elb
-    MATCH (aa:AWSAccount{id: $AWS_ACCOUNT_ID})
-    MERGE (aa)-[r:RESOURCE]->(elb)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $update_tag
-    """
-
-    ingest_load_balancersource_security_group = """
-    MATCH (elb:LoadBalancer{id: $ID}),
-    (group:EC2SecurityGroup{name: $GROUP_NAME})
-    MERGE (elb)-[r:SOURCE_SECURITY_GROUP]->(group)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $update_tag
-    """
-
-    ingest_load_balancer_security_group = """
-    MATCH (elb:LoadBalancer{id: $ID}),
-    (group:EC2SecurityGroup{groupid: $GROUP_ID})
-    MERGE (elb)-[r:MEMBER_OF_EC2_SECURITY_GROUP]->(group)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $update_tag
-    """
-
-    ingest_instances = """
-    MATCH (elb:LoadBalancer{id: $ID}), (instance:EC2Instance{instanceid: $INSTANCE_ID})
-    MERGE (elb)-[r:EXPOSE]->(instance)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $update_tag
-    WITH instance
-    MATCH (aa:AWSAccount{id: $AWS_ACCOUNT_ID})
-    MERGE (aa)-[r:RESOURCE]->(instance)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $update_tag
-    """
-
-    for lb in data:
-        load_balancer_id = lb["DNSName"]
-
-        neo4j_session.run(
-            ingest_load_balancer,
-            ID=load_balancer_id,
-            CREATED_TIME=str(lb["CreatedTime"]),
-            NAME=lb["LoadBalancerName"],
-            DNS_NAME=load_balancer_id,
-            HOSTED_ZONE_NAME=lb.get("CanonicalHostedZoneName"),
-            HOSTED_ZONE_NAME_ID=lb.get("CanonicalHostedZoneNameID"),
-            SCHEME=lb.get("Scheme", ""),
-            AWS_ACCOUNT_ID=current_aws_account_id,
-            Region=region,
-            update_tag=update_tag,
-        )
-
-        if lb["Subnets"]:
-            load_load_balancer_subnets(neo4j_session, load_balancer_id, lb["Subnets"], update_tag)
-
-        if lb["SecurityGroups"]:
-            for group in lb["SecurityGroups"]:
-                neo4j_session.run(
-                    ingest_load_balancer_security_group,
-                    ID=load_balancer_id,
-                    GROUP_ID=str(group),
-                    update_tag=update_tag,
-                )
-
-        if lb["SourceSecurityGroup"]:
-            source_group = lb["SourceSecurityGroup"]
-            neo4j_session.run(
-                ingest_load_balancersource_security_group,
-                ID=load_balancer_id,
-                GROUP_NAME=source_group["GroupName"],
-                update_tag=update_tag,
-            )
-
-        if lb["Instances"]:
-            for instance in lb["Instances"]:
-                neo4j_session.run(
-                    ingest_instances,
-                    ID=load_balancer_id,
-                    INSTANCE_ID=instance["InstanceId"],
-                    AWS_ACCOUNT_ID=current_aws_account_id,
-                    update_tag=update_tag,
-                )
-
-        if lb["ListenerDescriptions"]:
-            load_load_balancer_listeners(neo4j_session, load_balancer_id, lb["ListenerDescriptions"], update_tag)
+    load(
+        neo4j_session,
+        ELBListenerSchema(),
+        data,
+        Region=region,
+        AWS_ID=current_aws_account_id,
+        lastupdated=update_tag,
+    )
 
 
 @timeit
-def cleanup_load_balancers(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
-    run_cleanup_job('aws_ingest_load_balancers_cleanup.json', neo4j_session, common_job_parameters)
+def cleanup_load_balancers(neo4j_session: neo4j.Session, common_job_parameters: dict) -> None:
+    GraphJob.from_node_schema(ELBListenerSchema(), common_job_parameters).run(neo4j_session)
+    GraphJob.from_node_schema(LoadBalancerSchema(), common_job_parameters).run(neo4j_session)
 
 
 @timeit
 def sync_load_balancers(
-    neo4j_session: neo4j.Session, boto3_session: boto3.session.Session, regions: List[str], current_aws_account_id: str,
-    update_tag: int, common_job_parameters: Dict,
+    neo4j_session: neo4j.Session, boto3_session: boto3.session.Session, regions: list[str], current_aws_account_id: str,
+    update_tag: int, common_job_parameters: dict,
 ) -> None:
     for region in regions:
         logger.info("Syncing EC2 load balancers for region '%s' in account '%s'.", region, current_aws_account_id)
         data = get_loadbalancer_data(boto3_session, region)
-        load_load_balancers(neo4j_session, data, region, current_aws_account_id, update_tag)
+        transformed_data, listener_data = transform_load_balancer_data(data)
+
+        load_load_balancers(neo4j_session, transformed_data, region, current_aws_account_id, update_tag)
+        load_load_balancer_listeners(neo4j_session, listener_data, region, current_aws_account_id, update_tag)
+
     cleanup_load_balancers(neo4j_session, common_job_parameters)

cartography/intel/crowdstrike/__init__.py

@@ -1,11 +1,14 @@
 import logging
+from typing import Any
 
 import neo4j
 
 from cartography.config import Config
+from cartography.graph.job import GraphJob
 from cartography.intel.crowdstrike.endpoints import sync_hosts
 from cartography.intel.crowdstrike.spotlight import sync_vulnerabilities
 from cartography.intel.crowdstrike.util import get_authorization
+from cartography.models.crowdstrike.hosts import CrowdstrikeHostSchema
 from cartography.stats import get_stats_client
 from cartography.util import merge_module_sync_metadata
 from cartography.util import run_cleanup_job
@@ -50,11 +53,7 @@ def start_crowdstrike_ingestion(
         config.update_tag,
         authorization,
     )
-    run_cleanup_job(
-        "crowdstrike_import_cleanup.json",
-        neo4j_session,
-        common_job_parameters,
-    )
+    cleanup(neo4j_session, common_job_parameters)
 
     group_id = "public"
     if config.crowdstrike_api_url:
@@ -67,3 +66,16 @@ def start_crowdstrike_ingestion(
         update_tag=config.update_tag,
         stat_handler=stat_handler,
     )
+
+
+@timeit
+def cleanup(neo4j_session: neo4j.Session, common_job_parameters: dict[str, Any]) -> None:
+    logger.info("Running Crowdstrike cleanup")
+    GraphJob.from_node_schema(CrowdstrikeHostSchema(), common_job_parameters).run(neo4j_session)
+
+    # Cleanup other crowdstrike assets not handled by the data model
+    run_cleanup_job(
+        "crowdstrike_import_cleanup.json",
+        neo4j_session,
+        common_job_parameters,
+    )

cartography/intel/crowdstrike/endpoints.py

@@ -6,6 +6,8 @@ import neo4j
 from falconpy.hosts import Hosts
 from falconpy.oauth2 import OAuth2
 
+from cartography.client.core.tx import load
+from cartography.models.crowdstrike.hosts import CrowdstrikeHostSchema
 from cartography.util import timeit
 
 logger = logging.getLogger(__name__)
@@ -24,55 +26,21 @@ def sync_hosts(
         load_host_data(neo4j_session, host_data, update_tag)
 
 
+@timeit
 def load_host_data(
-    neo4j_session: neo4j.Session, data: List[Dict], update_tag: int,
+    neo4j_session: neo4j.Session,
+    data: List[Dict],
+    update_tag: int,
 ) -> None:
     """
-    Transform and load scan information
-    """
-    ingestion_cypher_query = """
-    UNWIND $Hosts AS host
-        MERGE (h:CrowdstrikeHost{id: host.device_id})
-        ON CREATE SET h.cid = host.cid,
-            h.instance_id = host.instance_id,
-            h.serial_number = host.serial_number,
-            h.firstseen = timestamp()
-        SET h.status = host.status,
-            h.hostname = host.hostname,
-            h.machine_domain = host.machine_domain,
-            h.crowdstrike_first_seen = host.first_seen,
-            h.crowdstrike_last_seen = host.last_seen,
-            h.local_ip = host.local_ip,
-            h.external_ip = host.external_ip,
-            h.cpu_signature = host.cpu_signature,
-            h.bios_manufacturer = host.bios_manufacturer,
-            h.bios_version = host.bios_version,
-            h.mac_address = host.mac_address,
-            h.os_version = host.os_version,
-            h.os_build = host.os_build,
-            h.platform_id = host.platform_id,
-            h.platform_name = host.platform_name,
-            h.service_provider = host.service_provider,
-            h.service_provider_account_id = host.service_provider_account_id,
-            h.agent_version = host.agent_version,
-            h.system_manufacturer = host.system_manufacturer,
-            h.system_product_name = host.system_product_name,
-            h.product_type = host.product_type,
-            h.product_type_desc = host.product_type_desc,
-            h.provision_status = host.provision_status,
-            h.reduced_functionality_mode = host.reduced_functionality_mode,
-            h.kernel_version = host.kernel_version,
-            h.major_version = host.major_version,
-            h.minor_version = host.minor_version,
-            h.tags = host.tags,
-            h.modified_timestamp = host.modified_timestamp,
-            h.lastupdated = $update_tag
+    Load Crowdstrike host data into Neo4j.
     """
     logger.info(f"Loading {len(data)} crowdstrike hosts.")
-    neo4j_session.run(
-        ingestion_cypher_query,
-        Hosts=data,
-        update_tag=update_tag,
+    load(
+        neo4j_session,
+        CrowdstrikeHostSchema(),
+        data,
+        lastupdated=update_tag,
     )
 
 

cartography/intel/entra/__init__.py

@@ -0,0 +1,43 @@
+import asyncio
+import logging
+
+import neo4j
+
+from cartography.config import Config
+from cartography.intel.entra.users import sync_entra_users
+from cartography.util import timeit
+
+logger = logging.getLogger(__name__)
+
+
+@timeit
+def start_entra_ingestion(neo4j_session: neo4j.Session, config: Config) -> None:
+    """
+    If this module is configured, perform ingestion of Entra data. Otherwise warn and exit
+    :param neo4j_session: Neo4J session for database interface
+    :param config: A cartography.config object
+    :return: None
+    """
+
+    if not config.entra_tenant_id or not config.entra_client_id or not config.entra_client_secret:
+        logger.info(
+            'Entra import is not configured - skipping this module. '
+            'See docs to configure.',
+        )
+        return
+
+    common_job_parameters = {
+        "UPDATE_TAG": config.update_tag,
+        "TENANT_ID": config.entra_tenant_id,
+    }
+
+    asyncio.run(
+        sync_entra_users(
+            neo4j_session,
+            config.entra_tenant_id,
+            config.entra_client_id,
+            config.entra_client_secret,
+            config.update_tag,
+            common_job_parameters,
+        ),
+    )