cartography 0.101.1rc2__py3-none-any.whl → 0.102.0rc1__py3-none-any.whl

cartography/_version.py

@@ -17,5 +17,5 @@ __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
 
-__version__ = version = '0.101.1rc2'
-__version_tuple__ = version_tuple = (0, 101, 1)
+__version__ = version = '0.102.0rc1'
+__version_tuple__ = version_tuple = (0, 102, 0)

cartography/cli.py

@@ -211,6 +211,30 @@ class CLI:
                 'The name of environment variable containing Azure Client Secret for Service Principal Authentication.'
             ),
         )
+        parser.add_argument(
+            '--entra-tenant-id',
+            type=str,
+            default=None,
+            help=(
+                'Entra Tenant Id for Service Principal Authentication.'
+            ),
+        )
+        parser.add_argument(
+            '--entra-client-id',
+            type=str,
+            default=None,
+            help=(
+                'Entra Client Id for Service Principal Authentication.'
+            ),
+        )
+        parser.add_argument(
+            '--entra-client-secret-env-var',
+            type=str,
+            default=None,
+            help=(
+                'The name of environment variable containing Entra Client Secret for Service Principal Authentication.'
+            ),
+        )
         parser.add_argument(
             '--aws-requested-syncs',
             type=str,
@@ -615,6 +639,16 @@ class CLI:
         else:
             config.azure_client_secret = None
 
+        # Entra config
+        if config.entra_tenant_id and config.entra_client_id and config.entra_client_secret_env_var:
+            logger.debug(
+                "Reading Client Secret for Entra Authentication from environment variable %s",
+                config.entra_client_secret_env_var,
+            )
+            config.entra_client_secret = os.environ.get(config.entra_client_secret_env_var)
+        else:
+            config.entra_client_secret = None
+
         # Okta config
         if config.okta_org_id and config.okta_api_key_env_var:
             logger.debug(f"Reading API key for Okta from environment variable {config.okta_api_key_env_var}")
@@ -798,5 +832,9 @@ def main(argv=None):
     logging.getLogger('botocore').setLevel(logging.WARNING)
     logging.getLogger('googleapiclient').setLevel(logging.WARNING)
     logging.getLogger('neo4j').setLevel(logging.WARNING)
+    logging.getLogger('azure.identity').setLevel(logging.WARNING)
+    logging.getLogger('httpx').setLevel(logging.WARNING)
+    logging.getLogger('azure.core.pipeline.policies.http_logging_policy').setLevel(logging.WARNING)
+
     argv = argv if argv is not None else sys.argv[1:]
     sys.exit(CLI(prog='cartography').main(argv))

cartography/config.py

@@ -41,6 +41,12 @@ class Config:
     :param azure_client_id: Client Id for connecting in a Service Principal Authentication approach. Optional.
     :type azure_client_secret: str
     :param azure_client_secret: Client Secret for connecting in a Service Principal Authentication approach. Optional.
+    :type entra_tenant_id: str
+    :param entra_tenant_id: Tenant Id for connecting in a Service Principal Authentication approach. Optional.
+    :type entra_client_id: str
+    :param entra_client_id: Client Id for connecting in a Service Principal Authentication approach. Optional.
+    :type entra_client_secret: str
+    :param entra_client_secret: Client Secret for connecting in a Service Principal Authentication approach. Optional.
     :type aws_requested_syncs: str
     :param aws_requested_syncs: Comma-separated list of AWS resources to sync. Optional.
     :type analysis_job_directory: str
@@ -133,6 +139,9 @@ class Config:
         azure_tenant_id=None,
         azure_client_id=None,
         azure_client_secret=None,
+        entra_tenant_id=None,
+        entra_client_id=None,
+        entra_client_secret=None,
         aws_requested_syncs=None,
         analysis_job_directory=None,
         oci_sync_all_profiles=None,
@@ -191,6 +200,9 @@ class Config:
         self.azure_tenant_id = azure_tenant_id
         self.azure_client_id = azure_client_id
         self.azure_client_secret = azure_client_secret
+        self.entra_tenant_id = entra_tenant_id
+        self.entra_client_id = entra_client_id
+        self.entra_client_secret = entra_client_secret
         self.aws_requested_syncs = aws_requested_syncs
         self.analysis_job_directory = analysis_job_directory
         self.oci_sync_all_profiles = oci_sync_all_profiles

cartography/data/indexes.cypher

@@ -191,9 +191,6 @@ CREATE INDEX IF NOT EXISTS FOR (n:KMSGrant) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:LaunchConfiguration) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:LaunchConfiguration) ON (n.name);
 CREATE INDEX IF NOT EXISTS FOR (n:LaunchConfiguration) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancer) ON (n.dnsname);
-CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancer) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancer) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancerV2) ON (n.dnsname);
 CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancerV2) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:LoadBalancerV2) ON (n.lastupdated);

cartography/intel/aws/ec2/launch_templates.py

@@ -37,37 +37,18 @@ def get_launch_template_versions(
     boto3_session: boto3.session.Session,
     region: str,
     launch_templates: list[dict[str, Any]],
-) -> tuple[list[dict[str, Any]], list[dict[str, Any]]]:
-    found_versions: list[dict[str, Any]] = []
-    found_templates: list[dict[str, Any]] = []
+) -> list[dict[str, Any]]:
+    template_versions: list[dict[str, Any]] = []
     for template in launch_templates:
         launch_template_id = template['LaunchTemplateId']
-        try:
-            versions = get_launch_template_versions_by_template(
-                boto3_session,
-                launch_template_id,
-                region,
-            )
-            # If the call succeeded, the template still exists.
-            # Add it and its versions (list might be empty if no versions exist).
-            found_templates.append(template)
-            found_versions.extend(versions)
-        except botocore.exceptions.ClientError as e:
-            if e.response['Error']['Code'] == 'InvalidLaunchTemplateId.NotFound':
-                logger.warning(
-                    "Launch template %s no longer exists in region %s, skipping.",
-                    launch_template_id, region,
-                )
-                # Skip this template, don't add it or its versions
-                continue
-            else:
-                # Re-raise any other client error
-                raise
-
-    return found_versions, found_templates
+        versions = get_launch_template_versions_by_template(boto3_session, launch_template_id, region)
+        template_versions.extend(versions)
+
+    return template_versions
 
 
 @timeit
+@aws_handle_regions
 def get_launch_template_versions_by_template(
         boto3_session: boto3.session.Session,
         launch_template_id: str,
@@ -76,15 +57,27 @@ def get_launch_template_versions_by_template(
     client = boto3_session.client('ec2', region_name=region, config=get_botocore_config())
     v_paginator = client.get_paginator('describe_launch_template_versions')
     template_versions = []
-    for versions_page in v_paginator.paginate(LaunchTemplateId=launch_template_id):
-        template_versions.extend(versions_page['LaunchTemplateVersions'])
+    try:
+        for versions in v_paginator.paginate(LaunchTemplateId=launch_template_id):
+            template_versions.extend(versions['LaunchTemplateVersions'])
+    except botocore.exceptions.ClientError as e:
+        error_code = e.response['Error']['Code']
+        if error_code == 'InvalidLaunchTemplateId.NotFound':
+            logger.warning("Launch template %s no longer exists in region %s", launch_template_id, region)
+        else:
+            raise
     return template_versions
 
 
-def transform_launch_templates(templates: list[dict[str, Any]]) -> list[dict[str, Any]]:
+def transform_launch_templates(templates: list[dict[str, Any]], versions: list[dict[str, Any]]) -> list[dict[str, Any]]:
+    valid_template_ids = {v['LaunchTemplateId'] for v in versions}
     result: list[dict[str, Any]] = []
     for template in templates:
+        if template['LaunchTemplateId'] not in valid_template_ids:
+            continue
+
         current = template.copy()
+        # Convert CreateTime to timestamp string
         current['CreateTime'] = str(int(current['CreateTime'].timestamp()))
         result.append(current)
     return result
@@ -176,11 +169,13 @@ def sync_ec2_launch_templates(
     for region in regions:
         logger.info(f"Syncing launch templates for region '{region}' in account '{current_aws_account_id}'.")
         templates = get_launch_templates(boto3_session, region)
-        versions, found_templates = get_launch_template_versions(boto3_session, region, templates)
+        versions = get_launch_template_versions(boto3_session, region, templates)
 
-        # Transform and load only the templates that were found to exist
-        transformed_templates = transform_launch_templates(found_templates)
+        # Transform and load the templates that have versions
+        transformed_templates = transform_launch_templates(templates, versions)
         load_launch_templates(neo4j_session, transformed_templates, region, current_aws_account_id, update_tag)
+
+        # Transform and load the versions
         transformed_versions = transform_launch_template_versions(versions)
         load_launch_template_versions(neo4j_session, transformed_versions, region, current_aws_account_id, update_tag)
 

cartography/intel/aws/ec2/load_balancers.py

@@ -1,190 +1,168 @@
 import logging
-from typing import Dict
-from typing import List
 
 import boto3
 import neo4j
 
 from .util import get_botocore_config
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.aws.ec2.load_balancer_listeners import ELBListenerSchema
+from cartography.models.aws.ec2.load_balancers import LoadBalancerSchema
 from cartography.util import aws_handle_regions
-from cartography.util import run_cleanup_job
 from cartography.util import timeit
 
 logger = logging.getLogger(__name__)
 
 
+def _get_listener_id(load_balancer_id: str, port: int, protocol: str) -> str:
+    """
+    Generate a unique ID for a load balancer listener.
+
+    Args:
+        load_balancer_id: The ID of the load balancer
+        port: The listener port
+        protocol: The listener protocol
+
+    Returns:
+        A unique ID string for the listener
+    """
+    return f"{load_balancer_id}{port}{protocol}"
+
+
+def transform_load_balancer_listener_data(load_balancer_id: str, listener_data: list[dict]) -> list[dict]:
+    """
+    Transform load balancer listener data into a format suitable for cartography ingestion.
+
+    Args:
+        load_balancer_id: The ID of the load balancer
+        listener_data: List of listener data from AWS API
+
+    Returns:
+        List of transformed listener data
+    """
+    transformed = []
+    for listener in listener_data:
+        listener_info = listener['Listener']
+        transformed_listener = {
+            'id': _get_listener_id(load_balancer_id, listener_info['LoadBalancerPort'], listener_info['Protocol']),
+            'port': listener_info.get('LoadBalancerPort'),
+            'protocol': listener_info.get('Protocol'),
+            'instance_port': listener_info.get('InstancePort'),
+            'instance_protocol': listener_info.get('InstanceProtocol'),
+            'policy_names': listener.get('PolicyNames', []),
+            'LoadBalancerId': load_balancer_id,
+        }
+        transformed.append(transformed_listener)
+    return transformed
+
+
+def transform_load_balancer_data(load_balancers: list[dict]) -> tuple[list[dict], list[dict]]:
+    """
+    Transform load balancer data into a format suitable for cartography ingestion.
+
+    Args:
+        load_balancers: List of load balancer data from AWS API
+
+    Returns:
+        Tuple of (transformed load balancer data, transformed listener data)
+    """
+    transformed = []
+    listener_data = []
+
+    for lb in load_balancers:
+        load_balancer_id = lb['DNSName']
+        transformed_lb = {
+            'id': load_balancer_id,
+            'name': lb['LoadBalancerName'],
+            'dnsname': lb['DNSName'],
+            'canonicalhostedzonename': lb.get('CanonicalHostedZoneName'),
+            'canonicalhostedzonenameid': lb.get('CanonicalHostedZoneNameID'),
+            'scheme': lb.get('Scheme'),
+            'createdtime': str(lb['CreatedTime']),
+            'GROUP_NAME': lb.get('SourceSecurityGroup', {}).get('GroupName'),
+            'GROUP_IDS': [str(group) for group in lb.get('SecurityGroups', [])],
+            'INSTANCE_IDS': [instance['InstanceId'] for instance in lb.get('Instances', [])],
+            'LISTENER_IDS': [
+                _get_listener_id(
+                    load_balancer_id,
+                    listener['Listener']['LoadBalancerPort'],
+                    listener['Listener']['Protocol'],
+                ) for listener in lb.get('ListenerDescriptions', [])
+            ],
+        }
+        transformed.append(transformed_lb)
+
+        # Classic ELB listeners are not returned anywhere else in AWS, so we must parse them out
+        # of the describe_load_balancers response.
+        if lb.get('ListenerDescriptions'):
+            listener_data.extend(
+                transform_load_balancer_listener_data(
+                    load_balancer_id,
+                    lb.get('ListenerDescriptions', []),
+                ),
+            )
+
+    return transformed, listener_data
+
+
 @timeit
 @aws_handle_regions
-def get_loadbalancer_data(boto3_session: boto3.session.Session, region: str) -> List[Dict]:
+def get_loadbalancer_data(boto3_session: boto3.session.Session, region: str) -> list[dict]:
     client = boto3_session.client('elb', region_name=region, config=get_botocore_config())
     paginator = client.get_paginator('describe_load_balancers')
-    elbs: List[Dict] = []
+    elbs: list[dict] = []
     for page in paginator.paginate():
         elbs.extend(page['LoadBalancerDescriptions'])
     return elbs
 
 
 @timeit
-def load_load_balancer_listeners(
-    neo4j_session: neo4j.Session, load_balancer_id: str, listener_data: List[Dict],
+def load_load_balancers(
+    neo4j_session: neo4j.Session, data: list[dict], region: str, current_aws_account_id: str,
     update_tag: int,
 ) -> None:
-    ingest_listener = """
-    MATCH (elb:LoadBalancer{id: $LoadBalancerId})
-    WITH elb
-    UNWIND $Listeners as data
-        MERGE (l:Endpoint:ELBListener{id: elb.id + toString(data.Listener.LoadBalancerPort) +
-                toString(data.Listener.Protocol)})
-        ON CREATE SET l.port = data.Listener.LoadBalancerPort, l.protocol = data.Listener.Protocol,
-        l.firstseen = timestamp()
-        SET l.instance_port = data.Listener.InstancePort, l.instance_protocol = data.Listener.InstanceProtocol,
-        l.policy_names = data.PolicyNames,
-        l.lastupdated = $update_tag
-        WITH l, elb
-        MERGE (elb)-[r:ELB_LISTENER]->(l)
-        ON CREATE SET r.firstseen = timestamp()
-        SET r.lastupdated = $update_tag
-    """
-
-    neo4j_session.run(
-        ingest_listener,
-        LoadBalancerId=load_balancer_id,
-        Listeners=listener_data,
-        update_tag=update_tag,
+    load(
+        neo4j_session,
+        LoadBalancerSchema(),
+        data,
+        Region=region,
+        AWS_ID=current_aws_account_id,
+        lastupdated=update_tag,
     )
 
 
 @timeit
-def load_load_balancer_subnets(
-    neo4j_session: neo4j.Session, load_balancer_id: str, subnets_data: List[Dict],
-    update_tag: int,
-) -> None:
-    ingest_load_balancer_subnet = """
-    MATCH (elb:LoadBalancer{id: $ID}), (subnet:EC2Subnet{subnetid: $SUBNET_ID})
-    MERGE (elb)-[r:SUBNET]->(subnet)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $update_tag
-    """
-
-    for subnet_id in subnets_data:
-        neo4j_session.run(
-            ingest_load_balancer_subnet,
-            ID=load_balancer_id,
-            SUBNET_ID=subnet_id,
-            update_tag=update_tag,
-        )
-
-
-@timeit
-def load_load_balancers(
-    neo4j_session: neo4j.Session, data: List[Dict], region: str, current_aws_account_id: str,
+def load_load_balancer_listeners(
+    neo4j_session: neo4j.Session, data: list[dict], region: str, current_aws_account_id: str,
     update_tag: int,
 ) -> None:
-    ingest_load_balancer = """
-    MERGE (elb:LoadBalancer{id: $ID})
-    ON CREATE SET elb.firstseen = timestamp(), elb.createdtime = $CREATED_TIME
-    SET elb.lastupdated = $update_tag, elb.name = $NAME, elb.dnsname = $DNS_NAME,
-    elb.canonicalhostedzonename = $HOSTED_ZONE_NAME, elb.canonicalhostedzonenameid = $HOSTED_ZONE_NAME_ID,
-    elb.scheme = $SCHEME, elb.region = $Region
-    WITH elb
-    MATCH (aa:AWSAccount{id: $AWS_ACCOUNT_ID})
-    MERGE (aa)-[r:RESOURCE]->(elb)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $update_tag
-    """
-
-    ingest_load_balancersource_security_group = """
-    MATCH (elb:LoadBalancer{id: $ID}),
-    (group:EC2SecurityGroup{name: $GROUP_NAME})
-    MERGE (elb)-[r:SOURCE_SECURITY_GROUP]->(group)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $update_tag
-    """
-
-    ingest_load_balancer_security_group = """
-    MATCH (elb:LoadBalancer{id: $ID}),
-    (group:EC2SecurityGroup{groupid: $GROUP_ID})
-    MERGE (elb)-[r:MEMBER_OF_EC2_SECURITY_GROUP]->(group)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $update_tag
-    """
-
-    ingest_instances = """
-    MATCH (elb:LoadBalancer{id: $ID}), (instance:EC2Instance{instanceid: $INSTANCE_ID})
-    MERGE (elb)-[r:EXPOSE]->(instance)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $update_tag
-    WITH instance
-    MATCH (aa:AWSAccount{id: $AWS_ACCOUNT_ID})
-    MERGE (aa)-[r:RESOURCE]->(instance)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $update_tag
-    """
-
-    for lb in data:
-        load_balancer_id = lb["DNSName"]
-
-        neo4j_session.run(
-            ingest_load_balancer,
-            ID=load_balancer_id,
-            CREATED_TIME=str(lb["CreatedTime"]),
-            NAME=lb["LoadBalancerName"],
-            DNS_NAME=load_balancer_id,
-            HOSTED_ZONE_NAME=lb.get("CanonicalHostedZoneName"),
-            HOSTED_ZONE_NAME_ID=lb.get("CanonicalHostedZoneNameID"),
-            SCHEME=lb.get("Scheme", ""),
-            AWS_ACCOUNT_ID=current_aws_account_id,
-            Region=region,
-            update_tag=update_tag,
-        )
-
-        if lb["Subnets"]:
-            load_load_balancer_subnets(neo4j_session, load_balancer_id, lb["Subnets"], update_tag)
-
-        if lb["SecurityGroups"]:
-            for group in lb["SecurityGroups"]:
-                neo4j_session.run(
-                    ingest_load_balancer_security_group,
-                    ID=load_balancer_id,
-                    GROUP_ID=str(group),
-                    update_tag=update_tag,
-                )
-
-        if lb["SourceSecurityGroup"]:
-            source_group = lb["SourceSecurityGroup"]
-            neo4j_session.run(
-                ingest_load_balancersource_security_group,
-                ID=load_balancer_id,
-                GROUP_NAME=source_group["GroupName"],
-                update_tag=update_tag,
-            )
-
-        if lb["Instances"]:
-            for instance in lb["Instances"]:
-                neo4j_session.run(
-                    ingest_instances,
-                    ID=load_balancer_id,
-                    INSTANCE_ID=instance["InstanceId"],
-                    AWS_ACCOUNT_ID=current_aws_account_id,
-                    update_tag=update_tag,
-                )
-
-        if lb["ListenerDescriptions"]:
-            load_load_balancer_listeners(neo4j_session, load_balancer_id, lb["ListenerDescriptions"], update_tag)
+    load(
+        neo4j_session,
+        ELBListenerSchema(),
+        data,
+        Region=region,
+        AWS_ID=current_aws_account_id,
+        lastupdated=update_tag,
+    )
 
 
 @timeit
-def cleanup_load_balancers(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
-    run_cleanup_job('aws_ingest_load_balancers_cleanup.json', neo4j_session, common_job_parameters)
+def cleanup_load_balancers(neo4j_session: neo4j.Session, common_job_parameters: dict) -> None:
+    GraphJob.from_node_schema(ELBListenerSchema(), common_job_parameters).run(neo4j_session)
+    GraphJob.from_node_schema(LoadBalancerSchema(), common_job_parameters).run(neo4j_session)
 
 
 @timeit
 def sync_load_balancers(
-    neo4j_session: neo4j.Session, boto3_session: boto3.session.Session, regions: List[str], current_aws_account_id: str,
-    update_tag: int, common_job_parameters: Dict,
+    neo4j_session: neo4j.Session, boto3_session: boto3.session.Session, regions: list[str], current_aws_account_id: str,
+    update_tag: int, common_job_parameters: dict,
 ) -> None:
     for region in regions:
         logger.info("Syncing EC2 load balancers for region '%s' in account '%s'.", region, current_aws_account_id)
         data = get_loadbalancer_data(boto3_session, region)
-        load_load_balancers(neo4j_session, data, region, current_aws_account_id, update_tag)
+        transformed_data, listener_data = transform_load_balancer_data(data)
+
+        load_load_balancers(neo4j_session, transformed_data, region, current_aws_account_id, update_tag)
+        load_load_balancer_listeners(neo4j_session, listener_data, region, current_aws_account_id, update_tag)
+
     cleanup_load_balancers(neo4j_session, common_job_parameters)

cartography/intel/entra/__init__.py

@@ -0,0 +1,43 @@
+import asyncio
+import logging
+
+import neo4j
+
+from cartography.config import Config
+from cartography.intel.entra.users import sync_entra_users
+from cartography.util import timeit
+
+logger = logging.getLogger(__name__)
+
+
+@timeit
+def start_entra_ingestion(neo4j_session: neo4j.Session, config: Config) -> None:
+    """
+    If this module is configured, perform ingestion of Entra data. Otherwise warn and exit
+    :param neo4j_session: Neo4J session for database interface
+    :param config: A cartography.config object
+    :return: None
+    """
+
+    if not config.entra_tenant_id or not config.entra_client_id or not config.entra_client_secret:
+        logger.info(
+            'Entra import is not configured - skipping this module. '
+            'See docs to configure.',
+        )
+        return
+
+    common_job_parameters = {
+        "UPDATE_TAG": config.update_tag,
+        "TENANT_ID": config.entra_tenant_id,
+    }
+
+    asyncio.run(
+        sync_entra_users(
+            neo4j_session,
+            config.entra_tenant_id,
+            config.entra_client_id,
+            config.entra_client_secret,
+            config.update_tag,
+            common_job_parameters,
+        ),
+    )

cartography/intel/entra/users.py

@@ -0,0 +1,205 @@
+import logging
+from typing import Any
+
+import neo4j
+from azure.identity import ClientSecretCredential
+from msgraph import GraphServiceClient
+from msgraph.generated.models.organization import Organization
+from msgraph.generated.models.user import User
+
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.entra.tenant import EntraTenantSchema
+from cartography.models.entra.user import EntraUserSchema
+from cartography.util import timeit
+
+logger = logging.getLogger(__name__)
+
+
+@timeit
+async def get_tenant(client: GraphServiceClient) -> Organization:
+    """
+    Get tenant information from Microsoft Graph API
+    """
+    org = await client.organization.get()
+    return org.value[0]  # Get the first (and typically only) tenant
+
+
+@timeit
+async def get_users(client: GraphServiceClient) -> list[User]:
+    """
+    Get all users from Microsoft Graph API with pagination support
+    """
+    all_users: list[User] = []
+    request_configuration = client.users.UsersRequestBuilderGetRequestConfiguration(
+        query_parameters=client.users.UsersRequestBuilderGetQueryParameters(
+            # Request more items per page to reduce number of API calls
+            top=999,
+        ),
+    )
+
+    page = await client.users.get(request_configuration=request_configuration)
+    while page:
+        all_users.extend(page.value)
+        if not page.odata_next_link:
+            break
+        page = await client.users.with_url(page.odata_next_link).get()
+
+    return all_users
+
+
+@timeit
+def transform_users(users: list[User]) -> list[dict[str, Any]]:
+    """
+    Transform the API response into the format expected by our schema
+    """
+    result: list[dict[str, Any]] = []
+    for user in users:
+        transformed_user = {
+            'id': user.id,
+            'user_principal_name': user.user_principal_name,
+            'display_name': user.display_name,
+            'given_name': user.given_name,
+            'surname': user.surname,
+            'mail': user.mail,
+            'other_mails': user.other_mails,
+            'preferred_language': user.preferred_language,
+            'preferred_name': user.preferred_name,
+            'state': user.state,
+            'usage_location': user.usage_location,
+            'user_type': user.user_type,
+            'show_in_address_list': user.show_in_address_list,
+            'sign_in_sessions_valid_from_date_time': user.sign_in_sessions_valid_from_date_time,
+            'security_identifier': user.on_premises_security_identifier,
+            'account_enabled': user.account_enabled,
+            'age_group': user.age_group,
+            'business_phones': user.business_phones,
+            'city': user.city,
+            'company_name': user.company_name,
+            'consent_provided_for_minor': user.consent_provided_for_minor,
+            'country': user.country,
+            'created_date_time': user.created_date_time,
+            'creation_type': user.creation_type,
+            'deleted_date_time': user.deleted_date_time,
+            'department': user.department,
+            'employee_id': user.employee_id,
+            'employee_type': user.employee_type,
+            'external_user_state': user.external_user_state,
+            'external_user_state_change_date_time': user.external_user_state_change_date_time,
+            'hire_date': user.hire_date,
+            'is_management_restricted': user.is_management_restricted,
+            'is_resource_account': user.is_resource_account,
+            'job_title': user.job_title,
+            'last_password_change_date_time': user.last_password_change_date_time,
+            'mail_nickname': user.mail_nickname,
+            'office_location': user.office_location,
+            'on_premises_distinguished_name': user.on_premises_distinguished_name,
+            'on_premises_domain_name': user.on_premises_domain_name,
+            'on_premises_immutable_id': user.on_premises_immutable_id,
+            'on_premises_last_sync_date_time': user.on_premises_last_sync_date_time,
+            'on_premises_sam_account_name': user.on_premises_sam_account_name,
+            'on_premises_security_identifier': user.on_premises_security_identifier,
+            'on_premises_sync_enabled': user.on_premises_sync_enabled,
+            'on_premises_user_principal_name': user.on_premises_user_principal_name,
+        }
+        result.append(transformed_user)
+    return result
+
+
+@timeit
+def transform_tenant(tenant: Organization, tenant_id: str) -> dict[str, Any]:
+    """
+    Transform the tenant data into the format expected by our schema
+    """
+    return {
+        'id': tenant_id,
+        'created_date_time': tenant.created_date_time,
+        'default_usage_location': tenant.default_usage_location,
+        'deleted_date_time': tenant.deleted_date_time,
+        'display_name': tenant.display_name,
+        'marketing_notification_emails': tenant.marketing_notification_emails,
+        'mobile_device_management_authority': tenant.mobile_device_management_authority,
+        'on_premises_last_sync_date_time': tenant.on_premises_last_sync_date_time,
+        'on_premises_sync_enabled': tenant.on_premises_sync_enabled,
+        'partner_tenant_type': tenant.partner_tenant_type,
+        'postal_code': tenant.postal_code,
+        'preferred_language': tenant.preferred_language,
+        'state': tenant.state,
+        'street': tenant.street,
+        'tenant_type': tenant.tenant_type,
+    }
+
+
+@timeit
+def load_tenant(
+    neo4j_session: neo4j.Session,
+    tenant: dict[str, Any],
+    update_tag: int,
+) -> None:
+    load(
+        neo4j_session,
+        EntraTenantSchema(),
+        [tenant],
+        lastupdated=update_tag,
+    )
+
+
+@timeit
+def load_users(
+    neo4j_session: neo4j.Session,
+    users: list[dict[str, Any]],
+    tenant_id: str,
+    update_tag: int,
+) -> None:
+    logger.info(f"Loading {len(users)} Entra users")
+    load(
+        neo4j_session,
+        EntraUserSchema(),
+        users,
+        lastupdated=update_tag,
+        TENANT_ID=tenant_id,
+    )
+
+
+def cleanup(neo4j_session: neo4j.Session, common_job_parameters: dict[str, Any]) -> None:
+    GraphJob.from_node_schema(EntraUserSchema(), common_job_parameters).run(neo4j_session)
+
+
+@timeit
+async def sync_entra_users(
+    neo4j_session: neo4j.Session,
+    tenant_id: str,
+    client_id: str,
+    client_secret: str,
+    update_tag: int,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    """
+    Sync Entra users and tenant information
+    :param neo4j_session: Neo4J session for database interface
+    :param tenant_id: Entra tenant ID
+    :param client_id: Entra application client ID
+    :param client_secret: Entra application client secret
+    :param update_tag: Timestamp used to determine data freshness
+    :param common_job_parameters: dict of other job parameters to carry to sub-jobs
+    :return: None
+    """
+    # Initialize Graph client
+    credential = ClientSecretCredential(
+        tenant_id=tenant_id,
+        client_id=client_id,
+        client_secret=client_secret,
+    )
+    client = GraphServiceClient(credential, scopes=['https://graph.microsoft.com/.default'])
+
+    # Get tenant information
+    tenant = await get_tenant(client)
+    users = await get_users(client)
+
+    transformed_users = transform_users(users)
+    transformed_tenant = transform_tenant(tenant, tenant_id)
+
+    load_tenant(neo4j_session, transformed_tenant, update_tag)
+    load_users(neo4j_session, transformed_users, tenant_id, update_tag)
+
+    cleanup(neo4j_session, common_job_parameters)

cartography/models/aws/ec2/load_balancer_listeners.py

@@ -0,0 +1,68 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class ELBListenerNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('id')
+    port: PropertyRef = PropertyRef('port')
+    protocol: PropertyRef = PropertyRef('protocol')
+    instance_port: PropertyRef = PropertyRef('instance_port')
+    instance_protocol: PropertyRef = PropertyRef('instance_protocol')
+    policy_names: PropertyRef = PropertyRef('policy_names')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ELBListenerToLoadBalancerRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ELBListenerToLoadBalancer(CartographyRelSchema):
+    target_node_label: str = 'LoadBalancer'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('LoadBalancerId')},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "ELB_LISTENER"
+    properties: ELBListenerToLoadBalancerRelProperties = ELBListenerToLoadBalancerRelProperties()
+
+
+@dataclass(frozen=True)
+class ELBListenerToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ELBListenerToAWSAccount(CartographyRelSchema):
+    target_node_label: str = 'AWSAccount'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: ELBListenerToAWSAccountRelProperties = ELBListenerToAWSAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class ELBListenerSchema(CartographyNodeSchema):
+    label: str = 'ELBListener'
+    properties: ELBListenerNodeProperties = ELBListenerNodeProperties()
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(['Endpoint'])
+    sub_resource_relationship: ELBListenerToAWSAccount = ELBListenerToAWSAccount()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            ELBListenerToLoadBalancer(),
+        ],
+    )

cartography/models/aws/ec2/load_balancers.py

@@ -0,0 +1,102 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class LoadBalancerNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('id')
+    name: PropertyRef = PropertyRef('name')
+    dnsname: PropertyRef = PropertyRef('dnsname', extra_index=True)
+    canonicalhostedzonename: PropertyRef = PropertyRef('canonicalhostedzonename')
+    canonicalhostedzonenameid: PropertyRef = PropertyRef('canonicalhostedzonenameid')
+    scheme: PropertyRef = PropertyRef('scheme')
+    region: PropertyRef = PropertyRef('Region', set_in_kwargs=True)
+    createdtime: PropertyRef = PropertyRef('createdtime')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class LoadBalancerToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class LoadBalancerToAWSAccount(CartographyRelSchema):
+    target_node_label: str = 'AWSAccount'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: LoadBalancerToAWSAccountRelProperties = LoadBalancerToAWSAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class LoadBalancerToSecurityGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class LoadBalancerToSourceSecurityGroup(CartographyRelSchema):
+    target_node_label: str = 'EC2SecurityGroup'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'name': PropertyRef('GROUP_NAME')},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "SOURCE_SECURITY_GROUP"
+    properties: LoadBalancerToSecurityGroupRelProperties = LoadBalancerToSecurityGroupRelProperties()
+
+
+@dataclass(frozen=True)
+class LoadBalancerToEC2SecurityGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class LoadBalancerToEC2SecurityGroup(CartographyRelSchema):
+    target_node_label: str = 'EC2SecurityGroup'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'groupid': PropertyRef('GROUP_IDS', one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "MEMBER_OF_EC2_SECURITY_GROUP"
+    properties: LoadBalancerToEC2SecurityGroupRelProperties = LoadBalancerToEC2SecurityGroupRelProperties()
+
+
+@dataclass(frozen=True)
+class LoadBalancerToEC2InstanceRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class LoadBalancerToEC2Instance(CartographyRelSchema):
+    target_node_label: str = 'EC2Instance'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'instanceid': PropertyRef('INSTANCE_IDS', one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "EXPOSE"
+    properties: LoadBalancerToEC2InstanceRelProperties = LoadBalancerToEC2InstanceRelProperties()
+
+
+@dataclass(frozen=True)
+class LoadBalancerSchema(CartographyNodeSchema):
+    label: str = 'LoadBalancer'
+    properties: LoadBalancerNodeProperties = LoadBalancerNodeProperties()
+    sub_resource_relationship: LoadBalancerToAWSAccount = LoadBalancerToAWSAccount()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            LoadBalancerToSourceSecurityGroup(),
+            LoadBalancerToEC2SecurityGroup(),
+            LoadBalancerToEC2Instance(),
+        ],
+    )

cartography/models/entra/tenant.py

@@ -0,0 +1,33 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+
+
+@dataclass(frozen=True)
+class EntraTenantNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('id')
+    created_date_time: PropertyRef = PropertyRef('created_date_time')
+    default_usage_location: PropertyRef = PropertyRef('default_usage_location')
+    deleted_date_time: PropertyRef = PropertyRef('deleted_date_time')
+    display_name: PropertyRef = PropertyRef('display_name')
+    marketing_notification_emails: PropertyRef = PropertyRef('marketing_notification_emails')
+    mobile_device_management_authority: PropertyRef = PropertyRef('mobile_device_management_authority')
+    on_premises_last_sync_date_time: PropertyRef = PropertyRef('on_premises_last_sync_date_time')
+    on_premises_sync_enabled: PropertyRef = PropertyRef('on_premises_sync_enabled')
+    partner_tenant_type: PropertyRef = PropertyRef('partner_tenant_type')
+    postal_code: PropertyRef = PropertyRef('postal_code')
+    preferred_language: PropertyRef = PropertyRef('preferred_language')
+    state: PropertyRef = PropertyRef('state')
+    street: PropertyRef = PropertyRef('street')
+    tenant_type: PropertyRef = PropertyRef('tenant_type')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EntraTenantSchema(CartographyNodeSchema):
+    label: str = 'AzureTenant'
+    properties: EntraTenantNodeProperties = EntraTenantNodeProperties()
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(['EntraTenant'])

cartography/models/entra/user.py

@@ -0,0 +1,83 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EntraUserNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('id')
+    user_principal_name: PropertyRef = PropertyRef('user_principal_name')
+    display_name: PropertyRef = PropertyRef('display_name')
+    given_name: PropertyRef = PropertyRef('given_name')
+    surname: PropertyRef = PropertyRef('surname')
+    # The underlying datatype calls this 'mail' but everything else in cartography uses 'email'
+    email: PropertyRef = PropertyRef('mail', extra_index=True)
+    other_mails: PropertyRef = PropertyRef('other_mails')
+    preferred_language: PropertyRef = PropertyRef('preferred_language')
+    preferred_name: PropertyRef = PropertyRef('preferred_name')
+    state: PropertyRef = PropertyRef('state')
+    usage_location: PropertyRef = PropertyRef('usage_location')
+    user_type: PropertyRef = PropertyRef('user_type')
+    show_in_address_list: PropertyRef = PropertyRef('show_in_address_list')
+    sign_in_sessions_valid_from_date_time: PropertyRef = PropertyRef('sign_in_sessions_valid_from_date_time')
+    security_identifier: PropertyRef = PropertyRef('security_identifier')
+    account_enabled: PropertyRef = PropertyRef('account_enabled')
+    city: PropertyRef = PropertyRef('city')
+    company_name: PropertyRef = PropertyRef('company_name')
+    consent_provided_for_minor: PropertyRef = PropertyRef('consent_provided_for_minor')
+    country: PropertyRef = PropertyRef('country')
+    created_date_time: PropertyRef = PropertyRef('created_date_time')
+    creation_type: PropertyRef = PropertyRef('creation_type')
+    deleted_date_time: PropertyRef = PropertyRef('deleted_date_time')
+    department: PropertyRef = PropertyRef('department')
+    employee_id: PropertyRef = PropertyRef('employee_id')
+    employee_type: PropertyRef = PropertyRef('employee_type')
+    external_user_state: PropertyRef = PropertyRef('external_user_state')
+    external_user_state_change_date_time: PropertyRef = PropertyRef('external_user_state_change_date_time')
+    hire_date: PropertyRef = PropertyRef('hire_date')
+    is_management_restricted: PropertyRef = PropertyRef('is_management_restricted')
+    is_resource_account: PropertyRef = PropertyRef('is_resource_account')
+    job_title: PropertyRef = PropertyRef('job_title')
+    last_password_change_date_time: PropertyRef = PropertyRef('last_password_change_date_time')
+    mail_nickname: PropertyRef = PropertyRef('mail_nickname')
+    office_location: PropertyRef = PropertyRef('office_location')
+    on_premises_distinguished_name: PropertyRef = PropertyRef('on_premises_distinguished_name')
+    on_premises_domain_name: PropertyRef = PropertyRef('on_premises_domain_name')
+    on_premises_immutable_id: PropertyRef = PropertyRef('on_premises_immutable_id')
+    on_premises_last_sync_date_time: PropertyRef = PropertyRef('on_premises_last_sync_date_time')
+    on_premises_sam_account_name: PropertyRef = PropertyRef('on_premises_sam_account_name')
+    on_premises_security_identifier: PropertyRef = PropertyRef('on_premises_security_identifier')
+    on_premises_sync_enabled: PropertyRef = PropertyRef('on_premises_sync_enabled')
+    on_premises_user_principal_name: PropertyRef = PropertyRef('on_premises_user_principal_name')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EntraTenantToUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:EntraUser)<-[:RESOURCE]-(:AzureTenant)
+class EntraUserToTenantRel(CartographyRelSchema):
+    target_node_label: str = 'AzureTenant'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('TENANT_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: EntraTenantToUserRelProperties = EntraTenantToUserRelProperties()
+
+
+@dataclass(frozen=True)
+class EntraUserSchema(CartographyNodeSchema):
+    label: str = 'EntraUser'
+    properties: EntraUserNodeProperties = EntraUserNodeProperties()
+    sub_resource_relationship: EntraUserToTenantRel = EntraUserToTenantRel()

cartography/sync.py

@@ -20,6 +20,7 @@ import cartography.intel.crowdstrike
 import cartography.intel.cve
 import cartography.intel.digitalocean
 import cartography.intel.duo
+import cartography.intel.entra
 import cartography.intel.gcp
 import cartography.intel.github
 import cartography.intel.gsuite
@@ -42,6 +43,7 @@ TOP_LEVEL_MODULES = OrderedDict({  # preserve order so that the default sync alw
     'create-indexes': cartography.intel.create_indexes.run,
     'aws': cartography.intel.aws.start_aws_ingestion,
     'azure': cartography.intel.azure.start_azure_ingestion,
+    'entra': cartography.intel.entra.start_entra_ingestion,
     'crowdstrike': cartography.intel.crowdstrike.start_crowdstrike_ingestion,
     'gcp': cartography.intel.gcp.start_gcp_ingestion,
     'gsuite': cartography.intel.gsuite.start_gsuite_ingestion,

{cartography-0.101.1rc2.dist-info → cartography-0.102.0rc1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cartography
-Version: 0.101.1rc2
+Version: 0.102.0rc1
 Summary: Explore assets and their relationships across your technical infrastructure.
 Maintainer: Cartography Contributors
 License: apache2
@@ -47,6 +47,7 @@ Requires-Dist: msrestazure>=0.6.4
 Requires-Dist: azure-mgmt-storage>=16.0.0
 Requires-Dist: azure-mgmt-sql<=1.0.0
 Requires-Dist: azure-identity>=1.5.0
+Requires-Dist: msgraph-sdk
 Requires-Dist: kubernetes>=22.6.0
 Requires-Dist: pdpyras>=4.3.0
 Requires-Dist: crowdstrike-falconpy>=0.5.1
@@ -61,6 +62,7 @@ Requires-Dist: pytest>=6.2.4; extra == "dev"
 Requires-Dist: pytest-mock; extra == "dev"
 Requires-Dist: pytest-cov==6.1.1; extra == "dev"
 Requires-Dist: pytest-rerunfailures; extra == "dev"
+Requires-Dist: pytest-asyncio; extra == "dev"
 Requires-Dist: types-PyYAML; extra == "dev"
 Requires-Dist: types-requests<2.32.0.20250329; extra == "dev"
 Dynamic: license-file
@@ -97,6 +99,7 @@ You can learn more about the story behind Cartography in our [presentation at BS
 - [GitHub](https://cartography-cncf.github.io/cartography/modules/github/index.html) - repos, branches, users, teams
 - [DigitalOcean](https://cartography-cncf.github.io/cartography/modules/digitalocean/index.html)
 - [Microsoft Azure](https://cartography-cncf.github.io/cartography/modules/azure/index.html) -  CosmosDB, SQL, Storage, Virtual Machine
+- [Microsoft Entra ID](https://cartography-cncf.github.io/cartography/modules/entra/index.html) -  Users
 - [Kubernetes](https://cartography-cncf.github.io/cartography/modules/kubernetes/index.html) - Cluster, Namespace, Service, Pod, Container
 - [PagerDuty](https://cartography-cncf.github.io/cartography/modules/pagerduty/index.html) - Users, teams, services, schedules, escalation policies, integrations, vendors
 - [Crowdstrike Falcon](https://cartography-cncf.github.io/cartography/modules/crowdstrike/index.html) - Hosts, Spotlight vulnerabilities, CVEs

{cartography-0.101.1rc2.dist-info → cartography-0.102.0rc1.dist-info}/RECORD

@@ -1,11 +1,11 @@
 cartography/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/__main__.py,sha256=JftXT_nUPkqcEh8uxCCT4n-OyHYqbldEgrDS-4ygy0U,101
-cartography/_version.py,sha256=lOruTfTM2wWzcS6Tb58hcXZGJqOXqfj431-1AWYroHk,518
-cartography/cli.py,sha256=-77DOKUQn3N-TDIi55V4RHLb3k36ZGZ64o1XgiT0qmE,33370
-cartography/config.py,sha256=ZcadsKmooAkti9Kv0eDl8Ec1PcZDu3lWobtNaCnwY3k,11872
+cartography/_version.py,sha256=q6TYvfOuC2Uhe9vDriWNPGMCELT7yrGBm93mUcBnafo,518
+cartography/cli.py,sha256=-fGIdBx3IwauUeYojsb-NnQPma2wtS7mFRgOETyfCg4,34796
+cartography/config.py,sha256=xXM0OqsDl5Du55C-hr2LgjdtpU1_znPsmAgujrPGPgo,12553
 cartography/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/stats.py,sha256=-KiqrNfUe_39z9TKAQamJwKs5XePnzXscEJocAuNiJs,4420
-cartography/sync.py,sha256=ziD63T_774gXSuD5zdz6fLGvv1Kt2ntQySSVbmcCZb8,9708
+cartography/sync.py,sha256=LSDvK2vaMXhuNHvUkdncpDHAGdiJ7eP7-uDVhwLFjKM,9799
 cartography/util.py,sha256=VZgiHcAprn3nGzItee4_TggfsGWxWPTkLN-2MIhYUqM,14999
 cartography/client/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/client/aws/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -13,7 +13,7 @@ cartography/client/aws/iam.py,sha256=dYsGikc36DEsSeR2XVOVFFUDwuU9yWj_EVkpgVYCFgM
 cartography/client/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/client/core/tx.py,sha256=55Cf9DJGHHXQk4HmPOdFwr1eh9Pr1nzmIvs4XoCVr0g,10892
 cartography/data/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/data/indexes.cypher,sha256=t5HfeNoMRswsOEaZN3vy8XuJEbbXWOQ06l-94vTnHCo,26742
+cartography/data/indexes.cypher,sha256=aUHMiLPsEt09W61GyjJHfpkRJ07S2sGcpU9IReYxKC0,26551
 cartography/data/permission_relationships.yaml,sha256=RuKGGc_3ZUQ7ag0MssB8k_zaonCkVM5E8I_svBWTmGc,969
 cartography/data/jobs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/data/jobs/analysis/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -174,9 +174,9 @@ cartography/intel/aws/ec2/images.py,sha256=SLoxcy_PQgNomVMDMdutm0zXJCOLosiHJlN63
 cartography/intel/aws/ec2/instances.py,sha256=uI8eVJmeEybS8y_T8CVKAkwxJyVDCH7sbuEJYeWGSWY,12468
 cartography/intel/aws/ec2/internet_gateways.py,sha256=dI-4-85_3DGGZZBcY_DN6XqESx9P26S6jKok314lcnQ,2883
 cartography/intel/aws/ec2/key_pairs.py,sha256=g4imIo_5jk8upq9J4--erg-OZXG2i3cJMe6SnNCYj9s,2635
-cartography/intel/aws/ec2/launch_templates.py,sha256=Bv1mD5-44X1MkCh1Hif-uteozadfdgdQtnr9eX_kzjQ,6910
+cartography/intel/aws/ec2/launch_templates.py,sha256=JNCT7WKvHcM8Z6D1MDR65GsBiqmd6bMuRQAMu9BWRKY,6634
 cartography/intel/aws/ec2/load_balancer_v2s.py,sha256=95FfQQn740gexINIHDJizOM4OKzRtQT_y2XQMipQ5Dg,8661
-cartography/intel/aws/ec2/load_balancers.py,sha256=1GwErzGqi3BKCARqfGJcD_r_D84rFKVy5kNMas9jAok,6756
+cartography/intel/aws/ec2/load_balancers.py,sha256=ah9-lXvipzVDjGFqfpNCrEyBfdu-BdDeV2ZcPwJM78M,6013
 cartography/intel/aws/ec2/network_acls.py,sha256=_UiOx79OxcqH0ecRjcVMglAzz5XJ4aVYLlv6dl_ism4,6809
 cartography/intel/aws/ec2/network_interfaces.py,sha256=CzF8PooCYUQ2pk8DR8JDAhkWRUQSBj_27OsIfkL_-Cs,9199
 cartography/intel/aws/ec2/reserved_instances.py,sha256=jv8-VLI5KL8jN1QRI20yim8lzZ7I7wR8a5EF8DckahA,3122
@@ -220,6 +220,8 @@ cartography/intel/duo/phones.py,sha256=ueJheqSLD2xYcMus5eOiixPYS3_xVjgQzeomjV2a6
 cartography/intel/duo/tokens.py,sha256=bEEnjfc4waQnkRHVSnZLAeGE8wHOOZL7FA9m80GGQdQ,2396
 cartography/intel/duo/users.py,sha256=lc7ly_XKeUjJ50szw31WT_GiCrZfGKJv1zVUpmTchh4,4097
 cartography/intel/duo/web_authn_credentials.py,sha256=IbDf3CWqfEyI7f9zJugUvoDd6vZOECfb_7ANZaRYzuk,2636
+cartography/intel/entra/__init__.py,sha256=Qtn2-ZTZA-_3IzopJG1r2F8fkLd2DJ3b1H1ZbeF4xUA,1185
+cartography/intel/entra/users.py,sha256=Tv7LutCEZ4zo3E9MNT8Z8jwiyV2TTzCfvflGP3bz9c0,7523
 cartography/intel/gcp/__init__.py,sha256=sZHPfDCPZFCE5d6aj20Ow4AC0vrFxV7RCn_cMinCDmI,17650
 cartography/intel/gcp/compute.py,sha256=CH2cBdOwbLZCAbkfRJkkI-sFybXVKRWEUGDJANQmvyA,48333
 cartography/intel/gcp/crm.py,sha256=Uw5PILhVFhpM8gq7uu2v7F_YikDW3gsTZ3d7-e8Z1_k,12324
@@ -296,6 +298,8 @@ cartography/models/aws/ec2/keypair_instance.py,sha256=M1Ru8Z_2izW0cADAnQVVHaKsT_
 cartography/models/aws/ec2/launch_configurations.py,sha256=zdfWJEx93HXDXd_IzSEkhvcztkJI7_v_TCE_d8ZNAyI,2764
 cartography/models/aws/ec2/launch_template_versions.py,sha256=RitfnAuAj0XpFsCXkRbtUhHMAi8Vsvmtury231eKvGU,3897
 cartography/models/aws/ec2/launch_templates.py,sha256=GqiwFuMp72LNSt2eQlp2WfdU_vHsom-xKV5AaUewSHQ,2157
+cartography/models/aws/ec2/load_balancer_listeners.py,sha256=M7oYOinOQkEUijJjhs1oCffB5VmLWYSa92tVWKwMSJQ,2879
+cartography/models/aws/ec2/load_balancers.py,sha256=qJbPWePdO2vuyKzcVcSvKtHlEFMBkkUovZ826BaAcwg,4347
 cartography/models/aws/ec2/loadbalancerv2.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/aws/ec2/network_acl_rules.py,sha256=4Rq2J-Dce8J6y9J6YIalmYtuQRWLp652LXO1Xg6XGPE,3951
 cartography/models/aws/ec2/network_acls.py,sha256=pJKsXdMLB8L79lmTYpLJfFJ6p7PWpf3rBN6eW6y-5hY,3419
@@ -342,6 +346,9 @@ cartography/models/duo/phone.py,sha256=oxgMmwKLRiCWbAhqrTKE4ILseu0j96GugEIV_hchR
 cartography/models/duo/token.py,sha256=BS_AvF-TAGzCY9Owtqxr8g_s6716dnzFOO1IwkckmVA,2668
 cartography/models/duo/user.py,sha256=ih3DH_QveAve4cX9dmIwC5gVN6_RNnuLK3bfJ5I9u6g,6554
 cartography/models/duo/web_authn_credential.py,sha256=OcZnfG5zCMlphxSltRcAXQ12hHYJjxrBt6A9L28g7Vk,2920
+cartography/models/entra/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+cartography/models/entra/tenant.py,sha256=wxF6DTsLs653ObzPrEOj2xQ-YGtNJhg-E1desPQmmU0,1751
+cartography/models/entra/user.py,sha256=Y6am84AEYdVJHIFUHHF5XSgwCQ-aOekeu4ZABJhnfp0,4765
 cartography/models/gcp/iam.py,sha256=N7OGmnRlkIFZOv0rh3QGGBmYV7WYy3-xeE4Wv7StGOE,3071
 cartography/models/github/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/github/orgs.py,sha256=EcUmkeyoCJmkmzLsfKdUwwTE0N2IIwyaUrIK32dQybo,1106
@@ -362,9 +369,9 @@ cartography/models/snipeit/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 cartography/models/snipeit/asset.py,sha256=FyRAaeXuZjMy0eUQcSDFcgEAF5lbLMlvqp1Tv9d3Lv4,3238
 cartography/models/snipeit/tenant.py,sha256=p4rFnpNNuF1W5ilGBbexDaETWTwavfb38RcQGoImkQI,679
 cartography/models/snipeit/user.py,sha256=MsB4MiCVNTH6JpESime7cOkB89autZOXQpL6Z0l7L6o,2113
-cartography-0.101.1rc2.dist-info/licenses/LICENSE,sha256=kvLEBRYaQ1RvUni6y7Ti9uHeooqnjPoo6n_-0JO1ETc,11351
-cartography-0.101.1rc2.dist-info/METADATA,sha256=EJwfITVKkdw-MJYwpKuAVYQ9uBgh3RECunXMu3GiyK8,11909
-cartography-0.101.1rc2.dist-info/WHEEL,sha256=CmyFI0kx5cdEMTLiONQRbGQwjIoR1aIYB7eCAQ4KPJ0,91
-cartography-0.101.1rc2.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
-cartography-0.101.1rc2.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
-cartography-0.101.1rc2.dist-info/RECORD,,
+cartography-0.102.0rc1.dist-info/licenses/LICENSE,sha256=kvLEBRYaQ1RvUni6y7Ti9uHeooqnjPoo6n_-0JO1ETc,11351
+cartography-0.102.0rc1.dist-info/METADATA,sha256=GkNEwQom09u69HGJrgQGXtYl7pBv1k6uTjsu9bmjUdQ,12087
+cartography-0.102.0rc1.dist-info/WHEEL,sha256=CmyFI0kx5cdEMTLiONQRbGQwjIoR1aIYB7eCAQ4KPJ0,91
+cartography-0.102.0rc1.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
+cartography-0.102.0rc1.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
+cartography-0.102.0rc1.dist-info/RECORD,,