cartography 0.101.1rc1__py3-none-any.whl → 0.102.0rc1__py3-none-any.whl

cartography/intel/entra/users.py

@@ -0,0 +1,205 @@
+import logging
+from typing import Any
+
+import neo4j
+from azure.identity import ClientSecretCredential
+from msgraph import GraphServiceClient
+from msgraph.generated.models.organization import Organization
+from msgraph.generated.models.user import User
+
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.entra.tenant import EntraTenantSchema
+from cartography.models.entra.user import EntraUserSchema
+from cartography.util import timeit
+
+logger = logging.getLogger(__name__)
+
+
+@timeit
+async def get_tenant(client: GraphServiceClient) -> Organization:
+    """
+    Get tenant information from Microsoft Graph API
+    """
+    org = await client.organization.get()
+    return org.value[0]  # Get the first (and typically only) tenant
+
+
+@timeit
+async def get_users(client: GraphServiceClient) -> list[User]:
+    """
+    Get all users from Microsoft Graph API with pagination support
+    """
+    all_users: list[User] = []
+    request_configuration = client.users.UsersRequestBuilderGetRequestConfiguration(
+        query_parameters=client.users.UsersRequestBuilderGetQueryParameters(
+            # Request more items per page to reduce number of API calls
+            top=999,
+        ),
+    )
+
+    page = await client.users.get(request_configuration=request_configuration)
+    while page:
+        all_users.extend(page.value)
+        if not page.odata_next_link:
+            break
+        page = await client.users.with_url(page.odata_next_link).get()
+
+    return all_users
+
+
+@timeit
+def transform_users(users: list[User]) -> list[dict[str, Any]]:
+    """
+    Transform the API response into the format expected by our schema
+    """
+    result: list[dict[str, Any]] = []
+    for user in users:
+        transformed_user = {
+            'id': user.id,
+            'user_principal_name': user.user_principal_name,
+            'display_name': user.display_name,
+            'given_name': user.given_name,
+            'surname': user.surname,
+            'mail': user.mail,
+            'other_mails': user.other_mails,
+            'preferred_language': user.preferred_language,
+            'preferred_name': user.preferred_name,
+            'state': user.state,
+            'usage_location': user.usage_location,
+            'user_type': user.user_type,
+            'show_in_address_list': user.show_in_address_list,
+            'sign_in_sessions_valid_from_date_time': user.sign_in_sessions_valid_from_date_time,
+            'security_identifier': user.on_premises_security_identifier,
+            'account_enabled': user.account_enabled,
+            'age_group': user.age_group,
+            'business_phones': user.business_phones,
+            'city': user.city,
+            'company_name': user.company_name,
+            'consent_provided_for_minor': user.consent_provided_for_minor,
+            'country': user.country,
+            'created_date_time': user.created_date_time,
+            'creation_type': user.creation_type,
+            'deleted_date_time': user.deleted_date_time,
+            'department': user.department,
+            'employee_id': user.employee_id,
+            'employee_type': user.employee_type,
+            'external_user_state': user.external_user_state,
+            'external_user_state_change_date_time': user.external_user_state_change_date_time,
+            'hire_date': user.hire_date,
+            'is_management_restricted': user.is_management_restricted,
+            'is_resource_account': user.is_resource_account,
+            'job_title': user.job_title,
+            'last_password_change_date_time': user.last_password_change_date_time,
+            'mail_nickname': user.mail_nickname,
+            'office_location': user.office_location,
+            'on_premises_distinguished_name': user.on_premises_distinguished_name,
+            'on_premises_domain_name': user.on_premises_domain_name,
+            'on_premises_immutable_id': user.on_premises_immutable_id,
+            'on_premises_last_sync_date_time': user.on_premises_last_sync_date_time,
+            'on_premises_sam_account_name': user.on_premises_sam_account_name,
+            'on_premises_security_identifier': user.on_premises_security_identifier,
+            'on_premises_sync_enabled': user.on_premises_sync_enabled,
+            'on_premises_user_principal_name': user.on_premises_user_principal_name,
+        }
+        result.append(transformed_user)
+    return result
+
+
+@timeit
+def transform_tenant(tenant: Organization, tenant_id: str) -> dict[str, Any]:
+    """
+    Transform the tenant data into the format expected by our schema
+    """
+    return {
+        'id': tenant_id,
+        'created_date_time': tenant.created_date_time,
+        'default_usage_location': tenant.default_usage_location,
+        'deleted_date_time': tenant.deleted_date_time,
+        'display_name': tenant.display_name,
+        'marketing_notification_emails': tenant.marketing_notification_emails,
+        'mobile_device_management_authority': tenant.mobile_device_management_authority,
+        'on_premises_last_sync_date_time': tenant.on_premises_last_sync_date_time,
+        'on_premises_sync_enabled': tenant.on_premises_sync_enabled,
+        'partner_tenant_type': tenant.partner_tenant_type,
+        'postal_code': tenant.postal_code,
+        'preferred_language': tenant.preferred_language,
+        'state': tenant.state,
+        'street': tenant.street,
+        'tenant_type': tenant.tenant_type,
+    }
+
+
+@timeit
+def load_tenant(
+    neo4j_session: neo4j.Session,
+    tenant: dict[str, Any],
+    update_tag: int,
+) -> None:
+    load(
+        neo4j_session,
+        EntraTenantSchema(),
+        [tenant],
+        lastupdated=update_tag,
+    )
+
+
+@timeit
+def load_users(
+    neo4j_session: neo4j.Session,
+    users: list[dict[str, Any]],
+    tenant_id: str,
+    update_tag: int,
+) -> None:
+    logger.info(f"Loading {len(users)} Entra users")
+    load(
+        neo4j_session,
+        EntraUserSchema(),
+        users,
+        lastupdated=update_tag,
+        TENANT_ID=tenant_id,
+    )
+
+
+def cleanup(neo4j_session: neo4j.Session, common_job_parameters: dict[str, Any]) -> None:
+    GraphJob.from_node_schema(EntraUserSchema(), common_job_parameters).run(neo4j_session)
+
+
+@timeit
+async def sync_entra_users(
+    neo4j_session: neo4j.Session,
+    tenant_id: str,
+    client_id: str,
+    client_secret: str,
+    update_tag: int,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    """
+    Sync Entra users and tenant information
+    :param neo4j_session: Neo4J session for database interface
+    :param tenant_id: Entra tenant ID
+    :param client_id: Entra application client ID
+    :param client_secret: Entra application client secret
+    :param update_tag: Timestamp used to determine data freshness
+    :param common_job_parameters: dict of other job parameters to carry to sub-jobs
+    :return: None
+    """
+    # Initialize Graph client
+    credential = ClientSecretCredential(
+        tenant_id=tenant_id,
+        client_id=client_id,
+        client_secret=client_secret,
+    )
+    client = GraphServiceClient(credential, scopes=['https://graph.microsoft.com/.default'])
+
+    # Get tenant information
+    tenant = await get_tenant(client)
+    users = await get_users(client)
+
+    transformed_users = transform_users(users)
+    transformed_tenant = transform_tenant(tenant, tenant_id)
+
+    load_tenant(neo4j_session, transformed_tenant, update_tag)
+    load_users(neo4j_session, transformed_users, tenant_id, update_tag)
+
+    cleanup(neo4j_session, common_job_parameters)

cartography/intel/kandji/devices.py

@@ -25,10 +25,34 @@ def get(kandji_base_uri: str, kandji_token: str) -> List[Dict[str, Any]]:
         'Authorization': f'Bearer {kandji_token}',
     }
 
+    offset = 0
+    limit = 300
+    params: dict[str, str | int] = {
+        "sort": "serial_number",
+        "limit": limit,
+        "offset": offset,
+    }
+
+    devices: List[Dict[str, Any]] = []
     session = Session()
-    req = session.get(api_endpoint, headers=headers, timeout=_TIMEOUT)
-    req.raise_for_status()
-    return req.json()
+    while True:
+        logger.debug("Kandji device offset: %s", offset)
+
+        params["offset"] = offset
+        response = session.get(api_endpoint, headers=headers, timeout=_TIMEOUT, params=params)
+        response.raise_for_status()
+
+        result = response.json()
+        # If no more result, we are done
+        if len(result) == 0:
+            break
+
+        devices.extend(result)
+
+        offset += limit
+
+    logger.debug("Kandji device count: %d", len(devices))
+    return devices
 
 
 @timeit

cartography/models/aws/ec2/load_balancer_listeners.py

@@ -0,0 +1,68 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class ELBListenerNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('id')
+    port: PropertyRef = PropertyRef('port')
+    protocol: PropertyRef = PropertyRef('protocol')
+    instance_port: PropertyRef = PropertyRef('instance_port')
+    instance_protocol: PropertyRef = PropertyRef('instance_protocol')
+    policy_names: PropertyRef = PropertyRef('policy_names')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ELBListenerToLoadBalancerRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ELBListenerToLoadBalancer(CartographyRelSchema):
+    target_node_label: str = 'LoadBalancer'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('LoadBalancerId')},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "ELB_LISTENER"
+    properties: ELBListenerToLoadBalancerRelProperties = ELBListenerToLoadBalancerRelProperties()
+
+
+@dataclass(frozen=True)
+class ELBListenerToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ELBListenerToAWSAccount(CartographyRelSchema):
+    target_node_label: str = 'AWSAccount'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: ELBListenerToAWSAccountRelProperties = ELBListenerToAWSAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class ELBListenerSchema(CartographyNodeSchema):
+    label: str = 'ELBListener'
+    properties: ELBListenerNodeProperties = ELBListenerNodeProperties()
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(['Endpoint'])
+    sub_resource_relationship: ELBListenerToAWSAccount = ELBListenerToAWSAccount()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            ELBListenerToLoadBalancer(),
+        ],
+    )

cartography/models/aws/ec2/load_balancers.py

@@ -0,0 +1,102 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class LoadBalancerNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('id')
+    name: PropertyRef = PropertyRef('name')
+    dnsname: PropertyRef = PropertyRef('dnsname', extra_index=True)
+    canonicalhostedzonename: PropertyRef = PropertyRef('canonicalhostedzonename')
+    canonicalhostedzonenameid: PropertyRef = PropertyRef('canonicalhostedzonenameid')
+    scheme: PropertyRef = PropertyRef('scheme')
+    region: PropertyRef = PropertyRef('Region', set_in_kwargs=True)
+    createdtime: PropertyRef = PropertyRef('createdtime')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class LoadBalancerToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class LoadBalancerToAWSAccount(CartographyRelSchema):
+    target_node_label: str = 'AWSAccount'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: LoadBalancerToAWSAccountRelProperties = LoadBalancerToAWSAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class LoadBalancerToSecurityGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class LoadBalancerToSourceSecurityGroup(CartographyRelSchema):
+    target_node_label: str = 'EC2SecurityGroup'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'name': PropertyRef('GROUP_NAME')},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "SOURCE_SECURITY_GROUP"
+    properties: LoadBalancerToSecurityGroupRelProperties = LoadBalancerToSecurityGroupRelProperties()
+
+
+@dataclass(frozen=True)
+class LoadBalancerToEC2SecurityGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class LoadBalancerToEC2SecurityGroup(CartographyRelSchema):
+    target_node_label: str = 'EC2SecurityGroup'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'groupid': PropertyRef('GROUP_IDS', one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "MEMBER_OF_EC2_SECURITY_GROUP"
+    properties: LoadBalancerToEC2SecurityGroupRelProperties = LoadBalancerToEC2SecurityGroupRelProperties()
+
+
+@dataclass(frozen=True)
+class LoadBalancerToEC2InstanceRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class LoadBalancerToEC2Instance(CartographyRelSchema):
+    target_node_label: str = 'EC2Instance'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'instanceid': PropertyRef('INSTANCE_IDS', one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "EXPOSE"
+    properties: LoadBalancerToEC2InstanceRelProperties = LoadBalancerToEC2InstanceRelProperties()
+
+
+@dataclass(frozen=True)
+class LoadBalancerSchema(CartographyNodeSchema):
+    label: str = 'LoadBalancer'
+    properties: LoadBalancerNodeProperties = LoadBalancerNodeProperties()
+    sub_resource_relationship: LoadBalancerToAWSAccount = LoadBalancerToAWSAccount()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            LoadBalancerToSourceSecurityGroup(),
+            LoadBalancerToEC2SecurityGroup(),
+            LoadBalancerToEC2Instance(),
+        ],
+    )

cartography/models/crowdstrike/hosts.py

@@ -0,0 +1,49 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+
+
+@dataclass(frozen=True)
+class CrowdstrikeHostNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('device_id')
+    cid: PropertyRef = PropertyRef('cid')
+    instance_id: PropertyRef = PropertyRef('instance_id', extra_index=True)
+    serial_number: PropertyRef = PropertyRef('serial_number', extra_index=True)
+    status: PropertyRef = PropertyRef('status')
+    hostname: PropertyRef = PropertyRef('hostname')
+    machine_domain: PropertyRef = PropertyRef('machine_domain')
+    crowdstrike_first_seen: PropertyRef = PropertyRef('first_seen')
+    crowdstrike_last_seen: PropertyRef = PropertyRef('last_seen')
+    local_ip: PropertyRef = PropertyRef('local_ip')
+    external_ip: PropertyRef = PropertyRef('external_ip')
+    cpu_signature: PropertyRef = PropertyRef('cpu_signature')
+    bios_manufacturer: PropertyRef = PropertyRef('bios_manufacturer')
+    bios_version: PropertyRef = PropertyRef('bios_version')
+    mac_address: PropertyRef = PropertyRef('mac_address')
+    os_version: PropertyRef = PropertyRef('os_version')
+    os_build: PropertyRef = PropertyRef('os_build')
+    platform_id: PropertyRef = PropertyRef('platform_id')
+    platform_name: PropertyRef = PropertyRef('platform_name')
+    service_provider: PropertyRef = PropertyRef('service_provider')
+    service_provider_account_id: PropertyRef = PropertyRef('service_provider_account_id')
+    agent_version: PropertyRef = PropertyRef('agent_version')
+    system_manufacturer: PropertyRef = PropertyRef('system_manufacturer')
+    system_product_name: PropertyRef = PropertyRef('system_product_name')
+    product_type: PropertyRef = PropertyRef('product_type')
+    product_type_desc: PropertyRef = PropertyRef('product_type_desc')
+    provision_status: PropertyRef = PropertyRef('provision_status')
+    reduced_functionality_mode: PropertyRef = PropertyRef('reduced_functionality_mode')
+    kernel_version: PropertyRef = PropertyRef('kernel_version')
+    major_version: PropertyRef = PropertyRef('major_version')
+    minor_version: PropertyRef = PropertyRef('minor_version')
+    tags: PropertyRef = PropertyRef('tags')
+    modified_timestamp: PropertyRef = PropertyRef('modified_timestamp')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class CrowdstrikeHostSchema(CartographyNodeSchema):
+    label: str = 'CrowdstrikeHost'
+    properties: CrowdstrikeHostNodeProperties = CrowdstrikeHostNodeProperties()

cartography/models/entra/tenant.py

@@ -0,0 +1,33 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+
+
+@dataclass(frozen=True)
+class EntraTenantNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('id')
+    created_date_time: PropertyRef = PropertyRef('created_date_time')
+    default_usage_location: PropertyRef = PropertyRef('default_usage_location')
+    deleted_date_time: PropertyRef = PropertyRef('deleted_date_time')
+    display_name: PropertyRef = PropertyRef('display_name')
+    marketing_notification_emails: PropertyRef = PropertyRef('marketing_notification_emails')
+    mobile_device_management_authority: PropertyRef = PropertyRef('mobile_device_management_authority')
+    on_premises_last_sync_date_time: PropertyRef = PropertyRef('on_premises_last_sync_date_time')
+    on_premises_sync_enabled: PropertyRef = PropertyRef('on_premises_sync_enabled')
+    partner_tenant_type: PropertyRef = PropertyRef('partner_tenant_type')
+    postal_code: PropertyRef = PropertyRef('postal_code')
+    preferred_language: PropertyRef = PropertyRef('preferred_language')
+    state: PropertyRef = PropertyRef('state')
+    street: PropertyRef = PropertyRef('street')
+    tenant_type: PropertyRef = PropertyRef('tenant_type')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EntraTenantSchema(CartographyNodeSchema):
+    label: str = 'AzureTenant'
+    properties: EntraTenantNodeProperties = EntraTenantNodeProperties()
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(['EntraTenant'])

cartography/models/entra/user.py

@@ -0,0 +1,83 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EntraUserNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('id')
+    user_principal_name: PropertyRef = PropertyRef('user_principal_name')
+    display_name: PropertyRef = PropertyRef('display_name')
+    given_name: PropertyRef = PropertyRef('given_name')
+    surname: PropertyRef = PropertyRef('surname')
+    # The underlying datatype calls this 'mail' but everything else in cartography uses 'email'
+    email: PropertyRef = PropertyRef('mail', extra_index=True)
+    other_mails: PropertyRef = PropertyRef('other_mails')
+    preferred_language: PropertyRef = PropertyRef('preferred_language')
+    preferred_name: PropertyRef = PropertyRef('preferred_name')
+    state: PropertyRef = PropertyRef('state')
+    usage_location: PropertyRef = PropertyRef('usage_location')
+    user_type: PropertyRef = PropertyRef('user_type')
+    show_in_address_list: PropertyRef = PropertyRef('show_in_address_list')
+    sign_in_sessions_valid_from_date_time: PropertyRef = PropertyRef('sign_in_sessions_valid_from_date_time')
+    security_identifier: PropertyRef = PropertyRef('security_identifier')
+    account_enabled: PropertyRef = PropertyRef('account_enabled')
+    city: PropertyRef = PropertyRef('city')
+    company_name: PropertyRef = PropertyRef('company_name')
+    consent_provided_for_minor: PropertyRef = PropertyRef('consent_provided_for_minor')
+    country: PropertyRef = PropertyRef('country')
+    created_date_time: PropertyRef = PropertyRef('created_date_time')
+    creation_type: PropertyRef = PropertyRef('creation_type')
+    deleted_date_time: PropertyRef = PropertyRef('deleted_date_time')
+    department: PropertyRef = PropertyRef('department')
+    employee_id: PropertyRef = PropertyRef('employee_id')
+    employee_type: PropertyRef = PropertyRef('employee_type')
+    external_user_state: PropertyRef = PropertyRef('external_user_state')
+    external_user_state_change_date_time: PropertyRef = PropertyRef('external_user_state_change_date_time')
+    hire_date: PropertyRef = PropertyRef('hire_date')
+    is_management_restricted: PropertyRef = PropertyRef('is_management_restricted')
+    is_resource_account: PropertyRef = PropertyRef('is_resource_account')
+    job_title: PropertyRef = PropertyRef('job_title')
+    last_password_change_date_time: PropertyRef = PropertyRef('last_password_change_date_time')
+    mail_nickname: PropertyRef = PropertyRef('mail_nickname')
+    office_location: PropertyRef = PropertyRef('office_location')
+    on_premises_distinguished_name: PropertyRef = PropertyRef('on_premises_distinguished_name')
+    on_premises_domain_name: PropertyRef = PropertyRef('on_premises_domain_name')
+    on_premises_immutable_id: PropertyRef = PropertyRef('on_premises_immutable_id')
+    on_premises_last_sync_date_time: PropertyRef = PropertyRef('on_premises_last_sync_date_time')
+    on_premises_sam_account_name: PropertyRef = PropertyRef('on_premises_sam_account_name')
+    on_premises_security_identifier: PropertyRef = PropertyRef('on_premises_security_identifier')
+    on_premises_sync_enabled: PropertyRef = PropertyRef('on_premises_sync_enabled')
+    on_premises_user_principal_name: PropertyRef = PropertyRef('on_premises_user_principal_name')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EntraTenantToUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:EntraUser)<-[:RESOURCE]-(:AzureTenant)
+class EntraUserToTenantRel(CartographyRelSchema):
+    target_node_label: str = 'AzureTenant'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('TENANT_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: EntraTenantToUserRelProperties = EntraTenantToUserRelProperties()
+
+
+@dataclass(frozen=True)
+class EntraUserSchema(CartographyNodeSchema):
+    label: str = 'EntraUser'
+    properties: EntraUserNodeProperties = EntraUserNodeProperties()
+    sub_resource_relationship: EntraUserToTenantRel = EntraUserToTenantRel()

cartography/stats.py

@@ -97,7 +97,7 @@ def set_stats_client(stats_client: StatsClient) -> None:
     """
     This is used to set the module level stats client configured to talk with a statsd host
     """
-    global _scoped_stats_client
+    global _scoped_stats_client  # noqa: F824
     _scoped_stats_client.set_stats_client(stats_client)
 
 

cartography/sync.py

@@ -20,6 +20,7 @@ import cartography.intel.crowdstrike
 import cartography.intel.cve
 import cartography.intel.digitalocean
 import cartography.intel.duo
+import cartography.intel.entra
 import cartography.intel.gcp
 import cartography.intel.github
 import cartography.intel.gsuite
@@ -42,6 +43,7 @@ TOP_LEVEL_MODULES = OrderedDict({  # preserve order so that the default sync alw
     'create-indexes': cartography.intel.create_indexes.run,
     'aws': cartography.intel.aws.start_aws_ingestion,
     'azure': cartography.intel.azure.start_azure_ingestion,
+    'entra': cartography.intel.entra.start_entra_ingestion,
     'crowdstrike': cartography.intel.crowdstrike.start_crowdstrike_ingestion,
     'gcp': cartography.intel.gcp.start_gcp_ingestion,
     'gsuite': cartography.intel.gsuite.start_gsuite_ingestion,

{cartography-0.101.1rc1.dist-info → cartography-0.102.0rc1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cartography
-Version: 0.101.1rc1
+Version: 0.102.0rc1
 Summary: Explore assets and their relationships across your technical infrastructure.
 Maintainer: Cartography Contributors
 License: apache2
@@ -47,6 +47,7 @@ Requires-Dist: msrestazure>=0.6.4
 Requires-Dist: azure-mgmt-storage>=16.0.0
 Requires-Dist: azure-mgmt-sql<=1.0.0
 Requires-Dist: azure-identity>=1.5.0
+Requires-Dist: msgraph-sdk
 Requires-Dist: kubernetes>=22.6.0
 Requires-Dist: pdpyras>=4.3.0
 Requires-Dist: crowdstrike-falconpy>=0.5.1
@@ -61,6 +62,7 @@ Requires-Dist: pytest>=6.2.4; extra == "dev"
 Requires-Dist: pytest-mock; extra == "dev"
 Requires-Dist: pytest-cov==6.1.1; extra == "dev"
 Requires-Dist: pytest-rerunfailures; extra == "dev"
+Requires-Dist: pytest-asyncio; extra == "dev"
 Requires-Dist: types-PyYAML; extra == "dev"
 Requires-Dist: types-requests<2.32.0.20250329; extra == "dev"
 Dynamic: license-file
@@ -97,6 +99,7 @@ You can learn more about the story behind Cartography in our [presentation at BS
 - [GitHub](https://cartography-cncf.github.io/cartography/modules/github/index.html) - repos, branches, users, teams
 - [DigitalOcean](https://cartography-cncf.github.io/cartography/modules/digitalocean/index.html)
 - [Microsoft Azure](https://cartography-cncf.github.io/cartography/modules/azure/index.html) -  CosmosDB, SQL, Storage, Virtual Machine
+- [Microsoft Entra ID](https://cartography-cncf.github.io/cartography/modules/entra/index.html) -  Users
 - [Kubernetes](https://cartography-cncf.github.io/cartography/modules/kubernetes/index.html) - Cluster, Namespace, Service, Pod, Container
 - [PagerDuty](https://cartography-cncf.github.io/cartography/modules/pagerduty/index.html) - Users, teams, services, schedules, escalation policies, integrations, vendors
 - [Crowdstrike Falcon](https://cartography-cncf.github.io/cartography/modules/crowdstrike/index.html) - Hosts, Spotlight vulnerabilities, CVEs