PyPI - cartography - Versions diffs - 0.104.0rc2__py3-none-any.whl → 0.123.0__py3-none-any.whl - Mend

cartography 0.104.0rc2py3-none-any.whl → 0.123.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (642) hide show

cartography/_version.py +16 -3
cartography/cli.py +466 -5
cartography/client/aws/__init__.py +19 -0
cartography/client/aws/ecr.py +51 -0
cartography/client/core/tx.py +357 -8
cartography/config.py +153 -0
cartography/data/azure_permission_relationships.yaml +20 -0
cartography/data/gcp_permission_relationships.yaml +21 -0
cartography/data/indexes.cypher +0 -186
cartography/data/jobs/analysis/aws_ec2_keypair_analysis.json +2 -2
cartography/data/jobs/analysis/keycloak_inheritance.json +30 -0
cartography/data/jobs/cleanup/gcp_compute_vpc_cleanup.json +0 -12
cartography/data/jobs/cleanup/github_repos_cleanup.json +2 -0
cartography/driftdetect/cli.py +3 -2
cartography/graph/cleanupbuilder.py +198 -41
cartography/graph/job.py +54 -6
cartography/graph/querybuilder.py +528 -27
cartography/graph/statement.py +5 -1
cartography/intel/airbyte/__init__.py +105 -0
cartography/intel/airbyte/connections.py +120 -0
cartography/intel/airbyte/destinations.py +81 -0
cartography/intel/airbyte/organizations.py +59 -0
cartography/intel/airbyte/sources.py +78 -0
cartography/intel/airbyte/tags.py +64 -0
cartography/intel/airbyte/users.py +106 -0
cartography/intel/airbyte/util.py +122 -0
cartography/intel/airbyte/workspaces.py +63 -0
cartography/intel/aws/__init__.py +24 -9
cartography/intel/aws/acm.py +124 -0
cartography/intel/aws/apigateway.py +253 -22
cartography/intel/aws/apigatewayv2.py +116 -0
cartography/intel/aws/cloudtrail.py +17 -39
cartography/intel/aws/cloudtrail_management_events.py +962 -0
cartography/intel/aws/cloudwatch.py +150 -4
cartography/intel/aws/codebuild.py +132 -0
cartography/intel/aws/cognito.py +201 -0
cartography/intel/aws/config.py +7 -3
cartography/intel/aws/ec2/elastic_ip_addresses.py +3 -1
cartography/intel/aws/ec2/instances.py +25 -1
cartography/intel/aws/ec2/internet_gateways.py +4 -2
cartography/intel/aws/ec2/load_balancer_v2s.py +11 -5
cartography/intel/aws/ec2/network_interfaces.py +5 -1
cartography/intel/aws/ec2/reserved_instances.py +3 -1
cartography/intel/aws/ec2/security_groups.py +140 -122
cartography/intel/aws/ec2/snapshots.py +47 -84
cartography/intel/aws/ec2/subnets.py +37 -63
cartography/intel/aws/ec2/tgw.py +11 -5
cartography/intel/aws/ec2/volumes.py +1 -1
cartography/intel/aws/ec2/vpc.py +140 -124
cartography/intel/aws/ec2/vpc_peerings.py +262 -125
cartography/intel/aws/ecr.py +269 -98
cartography/intel/aws/ecr_image_layers.py +923 -0
cartography/intel/aws/ecs.py +251 -380
cartography/intel/aws/efs.py +179 -11
cartography/intel/aws/elasticache.py +102 -79
cartography/intel/aws/elasticsearch.py +13 -4
cartography/intel/aws/eventbridge.py +164 -0
cartography/intel/aws/glue.py +181 -0
cartography/intel/aws/guardduty.py +443 -0
cartography/intel/aws/iam.py +750 -493
cartography/intel/aws/identitycenter.py +605 -83
cartography/intel/aws/inspector.py +221 -105
cartography/intel/aws/kms.py +173 -201
cartography/intel/aws/lambda_function.py +272 -189
cartography/intel/aws/organizations.py +10 -9
cartography/intel/aws/permission_relationships.py +10 -20
cartography/intel/aws/rds.py +337 -446
cartography/intel/aws/redshift.py +9 -4
cartography/intel/aws/resourcegroupstaggingapi.py +78 -19
cartography/intel/aws/resources.py +18 -0
cartography/intel/aws/route53.py +386 -332
cartography/intel/aws/s3.py +322 -14
cartography/intel/aws/secretsmanager.py +81 -49
cartography/intel/aws/securityhub.py +3 -1
cartography/intel/aws/sns.py +62 -2
cartography/intel/aws/sqs.py +36 -90
cartography/intel/aws/ssm.py +3 -5
cartography/intel/azure/__init__.py +202 -48
cartography/intel/azure/aks.py +175 -0
cartography/intel/azure/app_service.py +105 -0
cartography/intel/azure/compute.py +59 -112
cartography/intel/azure/container_instances.py +95 -0
cartography/intel/azure/cosmosdb.py +222 -361
cartography/intel/azure/data_factory.py +85 -0
cartography/intel/azure/data_factory_dataset.py +128 -0
cartography/intel/azure/data_factory_linked_service.py +119 -0
cartography/intel/azure/data_factory_pipeline.py +142 -0
cartography/intel/azure/data_lake.py +124 -0
cartography/intel/azure/event_grid.py +94 -0
cartography/intel/azure/functions.py +124 -0
cartography/intel/azure/load_balancers.py +263 -0
cartography/intel/azure/logic_apps.py +101 -0
cartography/intel/azure/monitor.py +105 -0
cartography/intel/azure/network.py +467 -0
cartography/intel/azure/permission_relationships.py +466 -0
cartography/intel/azure/rbac.py +309 -0
cartography/intel/azure/resource_groups.py +82 -0
cartography/intel/azure/security_center.py +106 -0
cartography/intel/azure/sql.py +145 -292
cartography/intel/azure/storage.py +185 -262
cartography/intel/azure/subscription.py +21 -43
cartography/intel/azure/tenant.py +39 -30
cartography/intel/azure/util/common.py +13 -0
cartography/intel/azure/util/credentials.py +49 -174
cartography/intel/azure/util/tag.py +41 -0
cartography/intel/create_indexes.py +2 -1
cartography/intel/crowdstrike/spotlight.py +5 -2
cartography/intel/dns.py +5 -2
cartography/intel/entra/__init__.py +100 -1
cartography/intel/entra/app_role_assignments.py +284 -0
cartography/intel/entra/applications.py +182 -0
cartography/intel/entra/federation/__init__.py +0 -0
cartography/intel/entra/federation/aws_identity_center.py +77 -0
cartography/intel/entra/groups.py +198 -0
cartography/intel/entra/ou.py +48 -24
cartography/intel/entra/service_principals.py +217 -0
cartography/intel/entra/users.py +105 -57
cartography/intel/gcp/__init__.py +334 -396
cartography/intel/gcp/bigtable_app_profile.py +101 -0
cartography/intel/gcp/bigtable_backup.py +91 -0
cartography/intel/gcp/bigtable_cluster.py +93 -0
cartography/intel/gcp/bigtable_instance.py +86 -0
cartography/intel/gcp/bigtable_table.py +87 -0
cartography/intel/gcp/cai.py +292 -0
cartography/intel/gcp/clients.py +112 -0
cartography/intel/gcp/compute.py +128 -119
cartography/intel/gcp/crm/__init__.py +0 -0
cartography/intel/gcp/crm/folders.py +114 -0
cartography/intel/gcp/crm/orgs.py +70 -0
cartography/intel/gcp/crm/projects.py +120 -0
cartography/intel/gcp/dns.py +83 -169
cartography/intel/gcp/gke.py +72 -113
cartography/intel/gcp/iam.py +111 -91
cartography/intel/gcp/permission_relationships.py +394 -0
cartography/intel/gcp/policy_bindings.py +225 -0
cartography/intel/gcp/storage.py +75 -159
cartography/intel/github/__init__.py +62 -25
cartography/intel/github/commits.py +423 -0
cartography/intel/github/repos.py +463 -85
cartography/intel/github/teams.py +3 -3
cartography/intel/github/users.py +5 -0
cartography/intel/github/util.py +12 -0
cartography/intel/googleworkspace/__init__.py +193 -0
cartography/intel/googleworkspace/devices.py +254 -0
cartography/intel/googleworkspace/groups.py +568 -0
cartography/intel/googleworkspace/oauth_apps.py +259 -0
cartography/intel/googleworkspace/tenant.py +85 -0
cartography/intel/googleworkspace/users.py +138 -0
cartography/intel/gsuite/__init__.py +17 -9
cartography/intel/gsuite/groups.py +291 -0
cartography/intel/gsuite/users.py +142 -0
cartography/intel/jamf/computers.py +7 -1
cartography/intel/keycloak/__init__.py +153 -0
cartography/intel/keycloak/authenticationexecutions.py +322 -0
cartography/intel/keycloak/authenticationflows.py +77 -0
cartography/intel/keycloak/clients.py +187 -0
cartography/intel/keycloak/groups.py +126 -0
cartography/intel/keycloak/identityproviders.py +94 -0
cartography/intel/keycloak/organizations.py +163 -0
cartography/intel/keycloak/realms.py +61 -0
cartography/intel/keycloak/roles.py +202 -0
cartography/intel/keycloak/scopes.py +73 -0
cartography/intel/keycloak/users.py +70 -0
cartography/intel/keycloak/util.py +47 -0
cartography/intel/kubernetes/__init__.py +60 -14
cartography/intel/kubernetes/clusters.py +86 -0
cartography/intel/kubernetes/eks.py +402 -0
cartography/intel/kubernetes/namespaces.py +59 -57
cartography/intel/kubernetes/pods.py +168 -75
cartography/intel/kubernetes/rbac.py +597 -0
cartography/intel/kubernetes/secrets.py +95 -45
cartography/intel/kubernetes/services.py +131 -67
cartography/intel/kubernetes/util.py +142 -14
cartography/intel/oci/iam.py +23 -9
cartography/intel/oci/organizations.py +3 -1
cartography/intel/oci/utils.py +28 -5
cartography/intel/okta/applications.py +15 -5
cartography/intel/okta/awssaml.py +14 -10
cartography/intel/okta/factors.py +3 -1
cartography/intel/okta/groups.py +5 -2
cartography/intel/okta/organization.py +3 -1
cartography/intel/okta/origins.py +3 -1
cartography/intel/okta/roles.py +5 -2
cartography/intel/okta/users.py +10 -2
cartography/intel/ontology/__init__.py +44 -0
cartography/intel/ontology/devices.py +54 -0
cartography/intel/ontology/users.py +54 -0
cartography/intel/ontology/utils.py +176 -0
cartography/intel/pagerduty/escalation_policies.py +13 -6
cartography/intel/pagerduty/schedules.py +9 -4
cartography/intel/pagerduty/services.py +7 -3
cartography/intel/pagerduty/teams.py +5 -2
cartography/intel/pagerduty/users.py +3 -1
cartography/intel/pagerduty/vendors.py +3 -1
cartography/intel/scaleway/__init__.py +127 -0
cartography/intel/scaleway/iam/__init__.py +0 -0
cartography/intel/scaleway/iam/apikeys.py +71 -0
cartography/intel/scaleway/iam/applications.py +71 -0
cartography/intel/scaleway/iam/groups.py +71 -0
cartography/intel/scaleway/iam/users.py +71 -0
cartography/intel/scaleway/instances/__init__.py +0 -0
cartography/intel/scaleway/instances/flexibleips.py +86 -0
cartography/intel/scaleway/instances/instances.py +92 -0
cartography/intel/scaleway/projects.py +79 -0
cartography/intel/scaleway/storage/__init__.py +0 -0
cartography/intel/scaleway/storage/snapshots.py +86 -0
cartography/intel/scaleway/storage/volumes.py +84 -0
cartography/intel/scaleway/utils.py +37 -0
cartography/intel/sentinelone/__init__.py +75 -0
cartography/intel/sentinelone/account.py +140 -0
cartography/intel/sentinelone/agent.py +139 -0
cartography/intel/sentinelone/api.py +124 -0
cartography/intel/sentinelone/application.py +248 -0
cartography/intel/sentinelone/cve.py +119 -0
cartography/intel/sentinelone/utils.py +28 -0
cartography/intel/slack/__init__.py +78 -0
cartography/intel/slack/channels.py +80 -0
cartography/intel/slack/groups.py +90 -0
cartography/intel/slack/teams.py +65 -0
cartography/intel/slack/users.py +57 -0
cartography/intel/slack/utils.py +29 -0
cartography/intel/spacelift/__init__.py +161 -0
cartography/intel/spacelift/account.py +73 -0
cartography/intel/spacelift/ec2_ownership.py +280 -0
cartography/intel/spacelift/runs.py +463 -0
cartography/intel/spacelift/spaces.py +112 -0
cartography/intel/spacelift/stacks.py +119 -0
cartography/intel/spacelift/util.py +122 -0
cartography/intel/spacelift/workerpools.py +131 -0
cartography/intel/spacelift/workers.py +128 -0
cartography/intel/trivy/__init__.py +272 -0
cartography/intel/trivy/scanner.py +386 -0
cartography/models/airbyte/__init__.py +0 -0
cartography/models/airbyte/connection.py +138 -0
cartography/models/airbyte/destination.py +75 -0
cartography/models/airbyte/organization.py +19 -0
cartography/models/airbyte/source.py +75 -0
cartography/models/airbyte/stream.py +74 -0
cartography/models/airbyte/tag.py +69 -0
cartography/models/airbyte/user.py +115 -0
cartography/models/airbyte/workspace.py +46 -0
cartography/models/anthropic/apikey.py +4 -0
cartography/models/anthropic/user.py +4 -0
cartography/models/aws/acm/__init__.py +0 -0
cartography/models/aws/acm/certificate.py +75 -0
cartography/models/aws/apigateway/__init__.py +0 -0
cartography/models/aws/apigateway/apigatewaydeployment.py +74 -0
cartography/models/aws/apigateway/apigatewayintegration.py +79 -0
cartography/models/aws/apigateway/apigatewaymethod.py +74 -0
cartography/models/aws/apigatewayv2/__init__.py +0 -0
cartography/models/aws/apigatewayv2/apigatewayv2.py +53 -0
cartography/models/aws/cloudtrail/management_events.py +153 -0
cartography/models/aws/cloudtrail/trail.py +45 -0
cartography/models/aws/cloudwatch/log_metric_filter.py +79 -0
cartography/models/aws/cloudwatch/metric_alarm.py +53 -0
cartography/models/aws/codebuild/__init__.py +0 -0
cartography/models/aws/codebuild/project.py +49 -0
cartography/models/aws/cognito/__init__.py +0 -0
cartography/models/aws/cognito/identity_pool.py +70 -0
cartography/models/aws/cognito/user_pool.py +47 -0
cartography/models/aws/dynamodb/tables.py +2 -0
cartography/models/aws/ec2/instances.py +25 -1
cartography/models/aws/ec2/networkinterfaces.py +4 -0
cartography/models/aws/ec2/security_group_rules.py +109 -0
cartography/models/aws/ec2/security_groups.py +90 -0
cartography/models/aws/ec2/snapshots.py +58 -0
cartography/models/aws/ec2/subnet_instance.py +2 -0
cartography/models/aws/ec2/subnet_networkinterface.py +2 -0
cartography/models/aws/ec2/subnets.py +65 -0
cartography/models/aws/ec2/volumes.py +20 -0
cartography/models/aws/ec2/vpc.py +46 -0
cartography/models/aws/ec2/vpc_cidr.py +102 -0
cartography/models/aws/ec2/vpc_peering.py +157 -0
cartography/models/aws/ecr/__init__.py +0 -0
cartography/models/aws/ecr/image.py +146 -0
cartography/models/aws/ecr/image_layer.py +107 -0
cartography/models/aws/ecr/repository.py +72 -0
cartography/models/aws/ecr/repository_image.py +95 -0
cartography/models/aws/ecs/__init__.py +0 -0
cartography/models/aws/ecs/clusters.py +64 -0
cartography/models/aws/ecs/container_definitions.py +93 -0
cartography/models/aws/ecs/container_instances.py +84 -0
cartography/models/aws/ecs/containers.py +101 -0
cartography/models/aws/ecs/services.py +134 -0
cartography/models/aws/ecs/task_definitions.py +135 -0
cartography/models/aws/ecs/tasks.py +134 -0
cartography/models/aws/efs/access_point.py +77 -0
cartography/models/aws/efs/file_system.py +60 -0
cartography/models/aws/efs/mount_target.py +29 -2
cartography/models/aws/elasticache/__init__.py +0 -0
cartography/models/aws/elasticache/cluster.py +65 -0
cartography/models/aws/elasticache/topic.py +67 -0
cartography/models/aws/eventbridge/__init__.py +0 -0
cartography/models/aws/eventbridge/rule.py +77 -0
cartography/models/aws/eventbridge/target.py +71 -0
cartography/models/aws/glue/__init__.py +0 -0
cartography/models/aws/glue/connection.py +51 -0
cartography/models/aws/glue/job.py +69 -0
cartography/models/aws/guardduty/__init__.py +1 -0
cartography/models/aws/guardduty/detectors.py +50 -0
cartography/models/aws/guardduty/findings.py +121 -0
cartography/models/aws/iam/access_key.py +103 -0
cartography/models/aws/iam/account_role.py +24 -0
cartography/models/aws/iam/federated_principal.py +60 -0
cartography/models/aws/iam/group.py +60 -0
cartography/models/aws/iam/group_membership.py +27 -0
cartography/models/aws/iam/inline_policy.py +78 -0
cartography/models/aws/iam/managed_policy.py +51 -0
cartography/models/aws/iam/policy_statement.py +57 -0
cartography/models/aws/iam/role.py +83 -0
cartography/models/aws/iam/root_principal.py +52 -0
cartography/models/aws/iam/service_principal.py +30 -0
cartography/models/aws/iam/sts_assumerole_allow.py +38 -0
cartography/models/aws/iam/user.py +59 -0
cartography/models/aws/identitycenter/awsidentitycenter.py +1 -0
cartography/models/aws/identitycenter/awspermissionset.py +70 -0
cartography/models/aws/identitycenter/awssogroup.py +70 -0
cartography/models/aws/identitycenter/awsssouser.py +49 -9
cartography/models/aws/inspector/findings.py +37 -0
cartography/models/aws/inspector/packages.py +1 -31
cartography/models/aws/kms/__init__.py +0 -0
cartography/models/aws/kms/aliases.py +86 -0
cartography/models/aws/kms/grants.py +65 -0
cartography/models/aws/kms/keys.py +88 -0
cartography/models/aws/lambda_function/__init__.py +0 -0
cartography/models/aws/lambda_function/alias.py +74 -0
cartography/models/aws/lambda_function/event_source_mapping.py +88 -0
cartography/models/aws/lambda_function/lambda_function.py +91 -0
cartography/models/aws/lambda_function/layer.py +72 -0
cartography/models/aws/rds/__init__.py +0 -0
cartography/models/aws/rds/cluster.py +91 -0
cartography/models/aws/rds/event_subscription.py +146 -0
cartography/models/aws/rds/instance.py +156 -0
cartography/models/aws/rds/snapshot.py +108 -0
cartography/models/aws/rds/subnet_group.py +101 -0
cartography/models/aws/route53/__init__.py +0 -0
cartography/models/aws/route53/dnsrecord.py +235 -0
cartography/models/aws/route53/nameserver.py +63 -0
cartography/models/aws/route53/subzone.py +40 -0
cartography/models/aws/route53/zone.py +47 -0
cartography/models/aws/s3/notification.py +24 -0
cartography/models/aws/secretsmanager/secret.py +106 -0
cartography/models/aws/secretsmanager/secret_version.py +0 -2
cartography/models/aws/sns/topic_subscription.py +74 -0
cartography/models/aws/sqs/__init__.py +0 -0
cartography/models/aws/sqs/queue.py +89 -0
cartography/models/azure/__init__.py +0 -0
cartography/models/azure/aks_cluster.py +54 -0
cartography/models/azure/aks_nodepool.py +54 -0
cartography/models/azure/app_service.py +59 -0
cartography/models/azure/container_instance.py +57 -0
cartography/models/azure/cosmosdb/__init__.py +0 -0
cartography/models/azure/cosmosdb/account.py +77 -0
cartography/models/azure/cosmosdb/accountfailoverpolicy.py +77 -0
cartography/models/azure/cosmosdb/cassandrakeyspace.py +82 -0
cartography/models/azure/cosmosdb/cassandratable.py +81 -0
cartography/models/azure/cosmosdb/corspolicy.py +74 -0
cartography/models/azure/cosmosdb/dblocation.py +120 -0
cartography/models/azure/cosmosdb/mongodbcollection.py +82 -0
cartography/models/azure/cosmosdb/mongodbdatabase.py +78 -0
cartography/models/azure/cosmosdb/privateendpointconnection.py +81 -0
cartography/models/azure/cosmosdb/sqlcontainer.py +88 -0
cartography/models/azure/cosmosdb/sqldatabase.py +78 -0
cartography/models/azure/cosmosdb/tableresource.py +76 -0
cartography/models/azure/cosmosdb/virtualnetworkrule.py +78 -0
cartography/models/azure/data_factory/__init__.py +0 -0
cartography/models/azure/data_factory/data_factory.py +51 -0
cartography/models/azure/data_factory/data_factory_dataset.py +94 -0
cartography/models/azure/data_factory/data_factory_linked_service.py +78 -0
cartography/models/azure/data_factory/data_factory_pipeline.py +93 -0
cartography/models/azure/data_lake_filesystem.py +51 -0
cartography/models/azure/event_grid_topic.py +57 -0
cartography/models/azure/function_app.py +59 -0
cartography/models/azure/load_balancer/__init__.py +0 -0
cartography/models/azure/load_balancer/load_balancer.py +49 -0
cartography/models/azure/load_balancer/load_balancer_backend_pool.py +73 -0
cartography/models/azure/load_balancer/load_balancer_frontend_ip.py +75 -0
cartography/models/azure/load_balancer/load_balancer_inbound_nat_rule.py +78 -0
cartography/models/azure/load_balancer/load_balancer_rule.py +108 -0
cartography/models/azure/logic_apps.py +56 -0
cartography/models/azure/monitor.py +54 -0
cartography/models/azure/network_interface.py +112 -0
cartography/models/azure/network_security_group.py +50 -0
cartography/models/azure/permission_relationships.py +60 -0
cartography/models/azure/principal.py +41 -0
cartography/models/azure/public_ip_address.py +50 -0
cartography/models/azure/rbac.py +268 -0
cartography/models/azure/resource_groups.py +52 -0
cartography/models/azure/security_center.py +50 -0
cartography/models/azure/sql/__init__.py +0 -0
cartography/models/azure/sql/databasethreatdetectionpolicy.py +85 -0
cartography/models/azure/sql/elasticpool.py +77 -0
cartography/models/azure/sql/failovergroup.py +73 -0
cartography/models/azure/sql/recoverabledatabase.py +75 -0
cartography/models/azure/sql/replicationlink.py +81 -0
cartography/models/azure/sql/restorabledroppeddatabase.py +82 -0
cartography/models/azure/sql/restorepoint.py +74 -0
cartography/models/azure/sql/serveradadministrator.py +74 -0
cartography/models/azure/sql/serverdnsalias.py +71 -0
cartography/models/azure/sql/sqldatabase.py +85 -0
cartography/models/azure/sql/sqlserver.py +50 -0
cartography/models/azure/sql/transparentdataencryption.py +76 -0
cartography/models/azure/storage/__init__.py +0 -0
cartography/models/azure/storage/account.py +59 -0
cartography/models/azure/storage/blobcontainer.py +85 -0
cartography/models/azure/storage/blobservice.py +71 -0
cartography/models/azure/storage/fileservice.py +71 -0
cartography/models/azure/storage/fileshare.py +82 -0
cartography/models/azure/storage/queue.py +71 -0
cartography/models/azure/storage/queueservice.py +73 -0
cartography/models/azure/storage/table.py +72 -0
cartography/models/azure/storage/tableservice.py +73 -0
cartography/models/azure/subnet.py +101 -0
cartography/models/azure/subscription.py +47 -0
cartography/models/azure/tags/__init__.py +0 -0
cartography/models/azure/tags/storage_tag.py +40 -0
cartography/models/azure/tags/tag.py +37 -0
cartography/models/azure/tenant.py +17 -0
cartography/models/azure/virtual_network.py +49 -0
cartography/models/azure/vm/__init__.py +0 -0
cartography/models/azure/vm/datadisk.py +80 -0
cartography/models/azure/vm/disk.py +55 -0
cartography/models/azure/vm/snapshot.py +56 -0
cartography/models/azure/vm/virtualmachine.py +59 -0
cartography/models/bigfix/bigfix_computer.py +1 -1
cartography/models/cloudflare/member.py +4 -0
cartography/models/core/common.py +1 -0
cartography/models/core/nodes.py +15 -2
cartography/models/core/relationships.py +44 -0
cartography/models/crowdstrike/hosts.py +1 -1
cartography/models/digitalocean/droplet.py +2 -0
cartography/models/duo/endpoint.py +1 -1
cartography/models/duo/phone.py +2 -2
cartography/models/duo/user.py +4 -0
cartography/models/entra/app_role_assignment.py +115 -0
cartography/models/entra/application.py +49 -0
cartography/models/entra/entra_user_to_aws_sso.py +41 -0
cartography/models/entra/group.py +117 -0
cartography/models/entra/service_principal.py +104 -0
cartography/models/entra/user.py +42 -51
cartography/models/gcp/__init__.py +0 -0
cartography/models/gcp/bigtable/__init__.py +0 -0
cartography/models/gcp/bigtable/app_profile.py +94 -0
cartography/models/gcp/bigtable/backup.py +91 -0
cartography/models/gcp/bigtable/cluster.py +73 -0
cartography/models/gcp/bigtable/instance.py +52 -0
cartography/models/gcp/bigtable/table.py +69 -0
cartography/models/gcp/compute/__init__.py +0 -0
cartography/models/gcp/compute/subnet.py +74 -0
cartography/models/gcp/compute/vpc.py +50 -0
cartography/models/gcp/crm/__init__.py +0 -0
cartography/models/gcp/crm/folders.py +98 -0
cartography/models/gcp/crm/organizations.py +21 -0
cartography/models/gcp/crm/projects.py +100 -0
cartography/models/gcp/dns.py +109 -0
cartography/models/gcp/gke.py +69 -0
cartography/models/gcp/iam.py +3 -0
cartography/models/gcp/permission_relationships.py +61 -0
cartography/models/gcp/policy_bindings.py +93 -0
cartography/models/gcp/storage/__init__.py +0 -0
cartography/models/gcp/storage/bucket.py +119 -0
cartography/models/github/commits.py +63 -0
cartography/models/github/dependencies.py +73 -0
cartography/models/github/manifests.py +49 -0
cartography/models/github/users.py +10 -0
cartography/models/googleworkspace/__init__.py +0 -0
cartography/models/googleworkspace/device.py +132 -0
cartography/models/googleworkspace/group.py +382 -0
cartography/models/googleworkspace/oauth_app.py +124 -0
cartography/models/googleworkspace/tenant.py +30 -0
cartography/models/googleworkspace/user.py +113 -0
cartography/models/gsuite/__init__.py +0 -0
cartography/models/gsuite/group.py +218 -0
cartography/models/gsuite/tenant.py +29 -0
cartography/models/gsuite/user.py +107 -0
cartography/models/kandji/device.py +1 -2
cartography/models/keycloak/__init__.py +0 -0
cartography/models/keycloak/authenticationexecution.py +160 -0
cartography/models/keycloak/authenticationflow.py +54 -0
cartography/models/keycloak/client.py +179 -0
cartography/models/keycloak/group.py +101 -0
cartography/models/keycloak/identityprovider.py +89 -0
cartography/models/keycloak/organization.py +116 -0
cartography/models/keycloak/organizationdomain.py +73 -0
cartography/models/keycloak/realm.py +173 -0
cartography/models/keycloak/role.py +126 -0
cartography/models/keycloak/scope.py +73 -0
cartography/models/keycloak/user.py +55 -0
cartography/models/kubernetes/__init__.py +0 -0
cartography/models/kubernetes/clusterrolebindings.py +138 -0
cartography/models/kubernetes/clusterroles.py +52 -0
cartography/models/kubernetes/clusters.py +26 -0
cartography/models/kubernetes/containers.py +133 -0
cartography/models/kubernetes/groups.py +107 -0
cartography/models/kubernetes/namespaces.py +51 -0
cartography/models/kubernetes/oidc.py +51 -0
cartography/models/kubernetes/pods.py +80 -0
cartography/models/kubernetes/rolebindings.py +159 -0
cartography/models/kubernetes/roles.py +76 -0
cartography/models/kubernetes/secrets.py +79 -0
cartography/models/kubernetes/serviceaccounts.py +77 -0
cartography/models/kubernetes/services.py +108 -0
cartography/models/kubernetes/users.py +105 -0
cartography/models/lastpass/user.py +4 -0
cartography/models/ontology/__init__.py +0 -0
cartography/models/ontology/device.py +137 -0
cartography/models/ontology/mapping/__init__.py +76 -0
cartography/models/ontology/mapping/data/__init__.py +0 -0
cartography/models/ontology/mapping/data/apikeys.py +93 -0
cartography/models/ontology/mapping/data/computeinstance.py +95 -0
cartography/models/ontology/mapping/data/containers.py +88 -0
cartography/models/ontology/mapping/data/databases.py +182 -0
cartography/models/ontology/mapping/data/devices.py +194 -0
cartography/models/ontology/mapping/data/thirdpartyapps.py +140 -0
cartography/models/ontology/mapping/data/useraccounts.py +416 -0
cartography/models/ontology/mapping/data/users.py +63 -0
cartography/models/ontology/mapping/specs.py +85 -0
cartography/models/ontology/user.py +51 -0
cartography/models/openai/adminapikey.py +4 -0
cartography/models/openai/apikey.py +4 -0
cartography/models/openai/user.py +4 -0
cartography/models/scaleway/__init__.py +0 -0
cartography/models/scaleway/iam/__init__.py +0 -0
cartography/models/scaleway/iam/apikey.py +100 -0
cartography/models/scaleway/iam/application.py +52 -0
cartography/models/scaleway/iam/group.py +95 -0
cartography/models/scaleway/iam/user.py +64 -0
cartography/models/scaleway/instance/__init__.py +0 -0
cartography/models/scaleway/instance/flexibleip.py +52 -0
cartography/models/scaleway/instance/instance.py +120 -0
cartography/models/scaleway/organization.py +19 -0
cartography/models/scaleway/project.py +48 -0
cartography/models/scaleway/storage/__init__.py +0 -0
cartography/models/scaleway/storage/snapshot.py +78 -0
cartography/models/scaleway/storage/volume.py +51 -0
cartography/models/sentinelone/__init__.py +1 -0
cartography/models/sentinelone/account.py +40 -0
cartography/models/sentinelone/agent.py +50 -0
cartography/models/sentinelone/application.py +44 -0
cartography/models/sentinelone/application_version.py +96 -0
cartography/models/sentinelone/cve.py +73 -0
cartography/models/slack/__init__.py +0 -0
cartography/models/slack/channels.py +92 -0
cartography/models/slack/group.py +129 -0
cartography/models/slack/team.py +22 -0
cartography/models/slack/user.py +62 -0
cartography/models/snipeit/asset.py +2 -0
cartography/models/snipeit/user.py +4 -0
cartography/models/spacelift/__init__.py +0 -0
cartography/models/spacelift/cloudtrailevent.py +120 -0
cartography/models/spacelift/run.py +162 -0
cartography/models/spacelift/space.py +131 -0
cartography/models/spacelift/spaceliftaccount.py +31 -0
cartography/models/spacelift/spaceliftgitcommit.py +157 -0
cartography/models/spacelift/stack.py +96 -0
cartography/models/spacelift/user.py +63 -0
cartography/models/spacelift/worker.py +97 -0
cartography/models/spacelift/workerpool.py +90 -0
cartography/models/tailscale/device.py +2 -1
cartography/models/tailscale/user.py +6 -1
cartography/models/trivy/__init__.py +0 -0
cartography/models/trivy/findings.py +66 -0
cartography/models/trivy/fix.py +66 -0
cartography/models/trivy/package.py +71 -0
cartography/rules/README.md +1 -0
cartography/rules/__init__.py +0 -0
cartography/rules/cli.py +261 -0
cartography/rules/data/__init__.py +0 -0
cartography/rules/data/rules/__init__.py +46 -0
cartography/rules/data/rules/cloud_security_product_deactivated.py +49 -0
cartography/rules/data/rules/compute_instance_exposed.py +51 -0
cartography/rules/data/rules/database_instance_exposed.py +53 -0
cartography/rules/data/rules/delegation_boundary_modifiable.py +90 -0
cartography/rules/data/rules/identity_administration_privileges.py +100 -0
cartography/rules/data/rules/inactive_user_active_accounts.py +48 -0
cartography/rules/data/rules/malicious_npm_dependencies_shai_hulud.py +2222 -0
cartography/rules/data/rules/mfa_missing.py +46 -0
cartography/rules/data/rules/object_storage_public.py +100 -0
cartography/rules/data/rules/policy_administration_privileges.py +104 -0
cartography/rules/data/rules/unmanaged_accounts.py +43 -0
cartography/rules/data/rules/workload_identity_admin_capabilities.py +193 -0
cartography/rules/formatters.py +108 -0
cartography/rules/runners.py +216 -0
cartography/rules/spec/__init__.py +0 -0
cartography/rules/spec/model.py +267 -0
cartography/rules/spec/result.py +38 -0
cartography/sync.py +25 -5
cartography/util.py +101 -31
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/METADATA +61 -22
cartography-0.123.0.dist-info/RECORD +856 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/entry_points.txt +1 -0
cartography/data/jobs/cleanup/aws_dns_cleanup.json +0 -65
cartography/data/jobs/cleanup/aws_import_account_access_key_cleanup.json +0 -17
cartography/data/jobs/cleanup/aws_import_ec2_security_groupinfo_cleanup.json +0 -24
cartography/data/jobs/cleanup/aws_import_groups_cleanup.json +0 -13
cartography/data/jobs/cleanup/aws_import_identity_center_cleanup.json +0 -16
cartography/data/jobs/cleanup/aws_import_lambda_cleanup.json +0 -50
cartography/data/jobs/cleanup/aws_import_principals_cleanup.json +0 -30
cartography/data/jobs/cleanup/aws_import_rds_clusters_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_rds_instances_cleanup.json +0 -47
cartography/data/jobs/cleanup/aws_import_rds_snapshots_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_roles_cleanup.json +0 -13
cartography/data/jobs/cleanup/aws_import_secrets_cleanup.json +0 -8
cartography/data/jobs/cleanup/aws_import_snapshots_cleanup.json +0 -30
cartography/data/jobs/cleanup/aws_import_users_cleanup.json +0 -8
cartography/data/jobs/cleanup/aws_import_vpc_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_vpc_peering_cleanup.json +0 -45
cartography/data/jobs/cleanup/aws_kms_details.json +0 -10
cartography/data/jobs/cleanup/azure_cosmosdb_cassandra_keyspace_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_cors_details.json +0 -15
cartography/data/jobs/cleanup/azure_cosmosdb_mongodb_database_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_sql_database_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_table_resources_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_database_account_cleanup.json +0 -85
cartography/data/jobs/cleanup/azure_import_disks_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_import_snapshots_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_import_virtual_machines_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_sql_server_cleanup.json +0 -125
cartography/data/jobs/cleanup/azure_storage_account_cleanup.json +0 -95
cartography/data/jobs/cleanup/azure_subscriptions_cleanup.json +0 -14
cartography/data/jobs/cleanup/azure_tenant_cleanup.json +0 -9
cartography/data/jobs/cleanup/gcp_compute_vpc_subnet_cleanup.json +0 -35
cartography/data/jobs/cleanup/gcp_crm_folder_cleanup.json +0 -23
cartography/data/jobs/cleanup/gcp_crm_organization_cleanup.json +0 -17
cartography/data/jobs/cleanup/gcp_crm_project_cleanup.json +0 -23
cartography/data/jobs/cleanup/gcp_dns_cleanup.json +0 -29
cartography/data/jobs/cleanup/gcp_gke_cluster_cleanup.json +0 -17
cartography/data/jobs/cleanup/gcp_storage_bucket_cleanup.json +0 -29
cartography/data/jobs/cleanup/gsuite_ingest_groups_cleanup.json +0 -23
cartography/data/jobs/cleanup/gsuite_ingest_users_cleanup.json +0 -11
cartography/data/jobs/cleanup/kubernetes_import_cleanup.json +0 -70
cartography/intel/gcp/crm.py +0 -355
cartography/intel/gsuite/api.py +0 -342
cartography-0.104.0rc2.dist-info/RECORD +0 -455
/cartography/data/jobs/{analysis → scoped_analysis}/aws_s3acl_analysis.json +0 -0
/cartography/models/aws/{apigateway.py → apigateway/apigateway.py} +0 -0
/cartography/models/aws/{apigatewaycertificate.py → apigateway/apigatewaycertificate.py} +0 -0
/cartography/models/aws/{apigatewayresource.py → apigateway/apigatewayresource.py} +0 -0
/cartography/models/aws/{apigatewaystage.py → apigateway/apigatewaystage.py} +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/WHEEL +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/licenses/LICENSE +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/top_level.txt +0 -0

cartography/intel/sentinelone/account.py ADDED Viewed

@@ -0,0 +1,140 @@
+import logging
+from typing import Any
+import neo4j
+from cartography.client.core.tx import load
+from cartography.intel.sentinelone.api import call_sentinelone_api
+from cartography.models.sentinelone.account import S1AccountSchema
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+@timeit
+def get_accounts(
+    api_url: str, api_token: str, account_ids: list[str] | None = None
+) -> list[dict[str, Any]]:
+    """
+    Get account data from SentinelOne API
+    :param api_url: The SentinelOne API URL
+    :param api_token: The SentinelOne API token
+    :param account_ids: Optional list of account IDs to filter for
+    :return: Raw account data from API
+    """
+    logger.info("Retrieving SentinelOne account data")
+    # Get accounts info
+    response = call_sentinelone_api(
+        api_url=api_url,
+        endpoint="web/api/v2.1/accounts",
+        api_token=api_token,
+    )
+    accounts_data = response.get("data", [])
+    # Filter accounts by ID if specified
+    if account_ids:
+        accounts_data = [
+            account for account in accounts_data if account.get("id") in account_ids
+        ]
+        logger.info(f"Filtered accounts data to {len(accounts_data)} matching accounts")
+    if accounts_data:
+        logger.info(
+            f"Retrieved SentinelOne account data: {len(accounts_data)} accounts"
+        )
+    else:
+        logger.warning("No SentinelOne accounts retrieved")
+    return accounts_data
+def transform_accounts(accounts_data: list[dict[str, Any]]) -> list[dict[str, Any]]:
+    """
+    Transform raw account data into standardized format for Neo4j ingestion
+    :param accounts_data: Raw account data from API
+    :return: List of transformed account data
+    """
+    result: list[dict[str, Any]] = []
+    for account in accounts_data:
+        transformed_account = {
+            # Required fields - use direct access (will raise KeyError if missing)
+            "id": account["id"],
+            # Optional fields - use .get() with None default
+            "name": account.get("name"),
+            "account_type": account.get("accountType"),
+            "active_agents": account.get("activeAgents"),
+            "created_at": account.get("createdAt"),
+            "expiration": account.get("expiration"),
+            "number_of_sites": account.get("numberOfSites"),
+            "state": account.get("state"),
+        }
+        result.append(transformed_account)
+    return result
+def load_accounts(
+    neo4j_session: neo4j.Session,
+    accounts_data: list[dict[str, Any]],
+    update_tag: int,
+) -> None:
+    """
+    Load SentinelOne account data into Neo4j using the data model
+    :param neo4j_session: Neo4j session
+    :param accounts_data: List of account data to load
+    :param update_tag: Update tag for tracking data freshness
+    """
+    if not accounts_data:
+        logger.warning("No account data provided to load_accounts")
+        return
+    load(
+        neo4j_session,
+        S1AccountSchema(),
+        accounts_data,
+        lastupdated=update_tag,
+        firstseen=update_tag,
+    )
+    logger.info(f"Loaded {len(accounts_data)} SentinelOne account nodes")
+@timeit
+def sync_accounts(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: dict[str, Any],
+    account_ids: list[str] | None = None,
+) -> list[str]:
+    """
+    Sync SentinelOne account data using the modern sync pattern
+    :param neo4j_session: Neo4j session
+    :param api_url: SentinelOne API URL
+    :param api_token: SentinelOne API token
+    :param update_tag: Update tag for tracking data freshness
+    :param common_job_parameters: Job parameters for cleanup
+    :param account_ids: Optional list of account IDs to filter for
+    :return: List of synced account IDs
+    """
+    # 1. GET - Fetch data from API
+    accounts_raw_data = get_accounts(
+        common_job_parameters["API_URL"],
+        common_job_parameters["API_TOKEN"],
+        account_ids,
+    )
+    # 2. TRANSFORM - Shape data for ingestion
+    transformed_accounts = transform_accounts(accounts_raw_data)
+    # 3. LOAD - Ingest to Neo4j using data model
+    load_accounts(
+        neo4j_session,
+        transformed_accounts,
+        common_job_parameters["UPDATE_TAG"],
+    )
+    synced_account_ids = [account["id"] for account in transformed_accounts]
+    logger.info(f"Synced {len(synced_account_ids)} SentinelOne accounts")
+    return synced_account_ids

cartography/intel/sentinelone/agent.py ADDED Viewed

@@ -0,0 +1,139 @@
+import logging
+from typing import Any
+import neo4j
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.intel.sentinelone.api import get_paginated_results
+from cartography.models.sentinelone.agent import S1AgentSchema
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+@timeit
+def get_agents(api_url: str, api_token: str, account_id: str) -> list[dict[str, Any]]:
+    """
+    Get agent data from SentinelOne API
+    :param api_url: The SentinelOne API URL
+    :param api_token: The SentinelOne API token
+    :param account_id: The SentinelOne account ID
+    :return: Raw agent data from API
+    """
+    logger.info(f"Retrieving SentinelOne agent data for account {account_id}")
+    agents = get_paginated_results(
+        api_url=api_url,
+        endpoint="web/api/v2.1/agents",
+        api_token=api_token,
+        params={
+            "accountIds": account_id,
+            "limit": 1000,
+        },
+    )
+    logger.info(f"Retrieved {len(agents)} agents from SentinelOne account {account_id}")
+    return agents
+@timeit
+def transform_agents(agent_list: list[dict[str, Any]]) -> list[dict[str, Any]]:
+    """
+    Transform SentinelOne agent data for loading into Neo4j
+    :param agent_list: Raw agent data from the API
+    :return: Transformed agent data
+    """
+    result: list[dict[str, Any]] = []
+    for agent in agent_list:
+        transformed_agent = {
+            # Required fields - use direct access (will raise KeyError if missing)
+            "id": agent["id"],
+            # Optional fields - use .get() with None default
+            "uuid": agent.get("uuid"),
+            "computer_name": agent.get("computerName"),
+            "firewall_enabled": agent.get("firewallEnabled"),
+            "os_name": agent.get("osName"),
+            "os_revision": agent.get("osRevision"),
+            "domain": agent.get("domain"),
+            "last_active": agent.get("lastActiveDate"),
+            "last_successful_scan": agent.get("lastSuccessfulScanDate"),
+            "scan_status": agent.get("scanStatus"),
+            "serial_number": agent.get("serialNumber"),
+        }
+        result.append(transformed_agent)
+    return result
+@timeit
+def load_agents(
+    neo4j_session: neo4j.Session,
+    data: list[dict[str, Any]],
+    account_id: str,
+    update_tag: int,
+) -> None:
+    """
+    Load SentinelOne agent data into Neo4j
+    :param neo4j_session: Neo4j session
+    :param data: The transformed agent data
+    :param account_id: The SentinelOne account ID
+    :param update_tag: Update tag for tracking data freshness
+    :return: None
+    """
+    logger.info(
+        f"Loading {len(data)} SentinelOne agents into Neo4j for account {account_id}"
+    )
+    load(
+        neo4j_session,
+        S1AgentSchema(),
+        data,
+        lastupdated=update_tag,
+        S1_ACCOUNT_ID=account_id,
+    )
+@timeit
+def cleanup(
+    neo4j_session: neo4j.Session, common_job_parameters: dict[str, Any]
+) -> None:
+    """
+    Remove stale SentinelOne agent data from Neo4j
+    :param neo4j_session: Neo4j session
+    :param common_job_parameters: Common job parameters for cleanup
+    :return: None
+    """
+    logger.debug("Running S1Agent cleanup job")
+    GraphJob.from_node_schema(S1AgentSchema(), common_job_parameters).run(neo4j_session)
+@timeit
+def sync(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    """
+    Sync SentinelOne agents using the standard sync pattern
+    :param neo4j_session: Neo4j session
+    :param common_job_parameters: Common job parameters containing API_URL, API_TOKEN, S1_ACCOUNT_ID, UPDATE_TAG
+    :return: None
+    """
+    api_url = common_job_parameters["API_URL"]
+    api_token = common_job_parameters["API_TOKEN"]
+    account_id = common_job_parameters["S1_ACCOUNT_ID"]
+    update_tag = common_job_parameters["UPDATE_TAG"]
+    logger.info(f"Syncing SentinelOne agent data for account {account_id}")
+    # 1. GET - Fetch data from API
+    agents_raw_data = get_agents(api_url, api_token, account_id)
+    # 2. TRANSFORM - Shape data for ingestion
+    transformed_data = transform_agents(agents_raw_data)
+    # 3. LOAD - Ingest to Neo4j using data model
+    load_agents(neo4j_session, transformed_data, account_id, update_tag)
+    # 4. CLEANUP - Remove stale data
+    cleanup(neo4j_session, common_job_parameters)

cartography/intel/sentinelone/api.py ADDED Viewed

@@ -0,0 +1,124 @@
+from typing import Any
+import requests
+from cartography.util import backoff_handler
+from cartography.util import retries_with_backoff
+# Connect and read timeouts of 60 seconds each
+_TIMEOUT = (60, 60)
+def _call_sentinelone_api_base(
+    api_url: str,
+    endpoint: str,
+    api_token: str,
+    method: str = "GET",
+    params: dict[str, Any] | None = None,
+    data: dict[str, Any] | None = None,
+) -> dict[str, Any]:
+    """
+    Call the SentinelOne API
+    :param api_url: The base URL for the SentinelOne API
+    :param endpoint: The API endpoint to call
+    :param api_token: The API token for authentication
+    :param method: The HTTP method to use (default is GET)
+    :param params: Query parameters to include in the request
+    :param data: Data to include in the request body for POST/PUT methods
+    :return: The JSON response from the API
+    """
+    full_url = f"{api_url.rstrip('/')}/{endpoint.lstrip('/')}"
+    headers = {
+        "Accept": "application/json",
+        "Authorization": f"ApiToken {api_token}",
+        "Content-Type": "application/json",
+    }
+    response = requests.request(
+        method=method,
+        url=full_url,
+        headers=headers,
+        params=params,
+        json=data,
+        timeout=_TIMEOUT,
+    )
+    # Raise an exception for HTTP errors (this will be caught by backoff wrapper)
+    response.raise_for_status()
+    return response.json()
+def call_sentinelone_api(
+    api_url: str,
+    endpoint: str,
+    api_token: str,
+    method: str = "GET",
+    params: dict[str, Any] | None = None,
+    data: dict[str, Any] | None = None,
+) -> dict[str, Any]:
+    """
+    Call the SentinelOne API with backoff functionality
+    :param api_url: The base URL for the SentinelOne API
+    :param endpoint: The API endpoint to call
+    :param api_token: The API token for authentication
+    :param method: The HTTP method to use (default is GET)
+    :param params: Query parameters to include in the request
+    :param data: Data to include in the request body for POST/PUT methods
+    :return: The JSON response from the API
+    """
+    wrapped_func = retries_with_backoff(
+        func=_call_sentinelone_api_base,
+        exception_type=requests.exceptions.RequestException,  # Covers Timeout and HTTPError as subclasses
+        max_tries=5,  # Maximum number of retry attempts
+        on_backoff=backoff_handler,
+    )
+    return wrapped_func(api_url, endpoint, api_token, method, params, data)
+def get_paginated_results(
+    api_url: str,
+    endpoint: str,
+    api_token: str,
+    params: dict[str, Any] | None = None,
+) -> list[dict[str, Any]]:
+    """
+    Handle cursor-based pagination for SentinelOne API requests
+    :param api_url: The base URL for the SentinelOne API
+    :param endpoint: The API endpoint to call
+    :param api_token: The API token for authentication
+    :param params: Query parameters to include in the request
+    :return: A list of all items from all pages
+    """
+    query_params = params or {}
+    # Set default pagination parameters if not provided
+    if "limit" not in query_params:
+        query_params["limit"] = 100
+    next_cursor = None
+    total_items = []
+    while True:
+        if next_cursor:
+            query_params["cursor"] = next_cursor
+        response = call_sentinelone_api(
+            api_url=api_url,
+            endpoint=endpoint,
+            api_token=api_token,
+            params=query_params,
+        )
+        items = response.get("data", [])
+        if not items:
+            break
+        total_items.extend(items)
+        pagination = response.get("pagination", {})
+        next_cursor = pagination.get("nextCursor")
+        if not next_cursor:
+            break
+    return total_items

cartography/intel/sentinelone/application.py ADDED Viewed

@@ -0,0 +1,248 @@
+import logging
+from typing import Any
+import neo4j
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.intel.sentinelone.api import get_paginated_results
+from cartography.intel.sentinelone.utils import get_application_id
+from cartography.intel.sentinelone.utils import get_application_version_id
+from cartography.models.sentinelone.application import S1ApplicationSchema
+from cartography.models.sentinelone.application_version import (
+    S1ApplicationVersionSchema,
+)
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+@timeit
+def get_application_data(
+    account_id: str, api_url: str, api_token: str
+) -> list[dict[str, Any]]:
+    """
+    Get application data from SentinelOne API
+    :param account_id: SentinelOne account ID
+    :param api_url: SentinelOne API URL
+    :param api_token: SentinelOne API token
+    :return: A list of application data dictionaries
+    """
+    logger.info(f"Retrieving SentinelOne application data for account {account_id}")
+    applications = get_paginated_results(
+        api_url=api_url,
+        endpoint="/web/api/v2.1/application-management/inventory",
+        api_token=api_token,
+        params={
+            "accountIds": account_id,
+            "limit": 1000,
+        },
+    )
+    logger.info(f"Retrieved {len(applications)} applications from SentinelOne")
+    return applications
+@timeit
+def get_application_installs(
+    app_inventory: list[dict[str, Any]], account_id: str, api_url: str, api_token: str
+) -> list[dict[str, Any]]:
+    """
+    Get application installs from SentinelOne API
+    :param app_inventory: List of applications to get installs for
+    :param account_id: SentinelOne account ID
+    :param api_url: SentinelOne API URL
+    :param api_token: SentinelOne API token
+    :return: A list of application installs data dictionaries
+    """
+    logger.info(
+        f"Retrieving SentinelOne application installs for "
+        f"{len(app_inventory)} applications in account "
+        f"{account_id}",
+    )
+    application_installs = []
+    for i, app in enumerate(app_inventory):
+        logger.info(
+            f"Retrieving SentinelOne installs for {app.get('applicationName')} "
+            f"{app.get('applicationVendor')} ({i + 1}/{len(app_inventory)})",
+        )
+        name = app["applicationName"]
+        vendor = app["applicationVendor"]
+        app_installs = get_paginated_results(
+            api_url=api_url,
+            endpoint="/web/api/v2.1/application-management/inventory/endpoints",
+            api_token=api_token,
+            params={
+                "accountIds": account_id,
+                "limit": 1000,
+                "applicationName": name,
+                "applicationVendor": vendor,
+            },
+        )
+        # Replace applicationVendor and applicationName with original values
+        # for consistency with the application data
+        for app_install in app_installs:
+            app_install["applicationVendor"] = vendor
+            app_install["applicationName"] = name
+        application_installs.extend(app_installs)
+    return application_installs
+def transform_applications(
+    applications_list: list[dict[str, Any]],
+) -> list[dict[str, Any]]:
+    """
+    Transform SentinelOne application data for loading into Neo4j
+    :param applications_list: Raw application data from the API
+    :return: Transformed application data
+    """
+    transformed_data = []
+    for app in applications_list:
+        vendor = app["applicationVendor"].strip()
+        name = app["applicationName"].strip()
+        app_id = get_application_id(name, vendor)
+        transformed_app = {
+            "id": app_id,
+            "name": name,
+            "vendor": vendor,
+        }
+        transformed_data.append(transformed_app)
+    return transformed_data
+def transform_application_versions(
+    application_installs_list: list[dict[str, Any]],
+) -> list[dict[str, Any]]:
+    """
+    Transform SentinelOne application installs for loading into Neo4j
+    :param application_installs_list: Raw application installs data from the API
+    :return: Transformed application installs data
+    """
+    transformed_data = []
+    for installed_version in application_installs_list:
+        app_name = installed_version["applicationName"]
+        app_vendor = installed_version["applicationVendor"]
+        version = installed_version.get("version") or "unknown"
+        transformed_version = {
+            "id": get_application_version_id(
+                app_name,
+                app_vendor,
+                version,
+            ),
+            "application_id": get_application_id(
+                app_name,
+                app_vendor,
+            ),
+            "application_name": app_name,
+            "application_vendor": app_vendor,
+            "agent_uuid": installed_version.get("endpointUuid"),
+            "installation_path": installed_version.get("applicationInstallationPath"),
+            "installed_dt": installed_version.get("applicationInstallationDate"),
+            "version": version,
+        }
+        transformed_data.append(transformed_version)
+    return transformed_data
+@timeit
+def load_application_data(
+    neo4j_session: neo4j.Session,
+    data: list[dict[str, Any]],
+    account_id: str,
+    update_tag: int,
+) -> None:
+    """
+    Load SentinelOne application data into Neo4j
+    :param neo4j_session: Neo4j session
+    :param data: The transformed application data
+    :param account_id: The SentinelOne account ID
+    :param update_tag: Update tag to set on the nodes
+    :return: None
+    """
+    logger.info(f"Loading {len(data)} SentinelOne applications into Neo4j")
+    load(
+        neo4j_session,
+        S1ApplicationSchema(),
+        data,
+        lastupdated=update_tag,
+        S1_ACCOUNT_ID=account_id,
+    )
+@timeit
+def load_application_versions(
+    neo4j_session: neo4j.Session,
+    data: list[dict[str, Any]],
+    account_id: str,
+    update_tag: int,
+) -> None:
+    logger.info(f"Loading {len(data)} SentinelOne application versions into Neo4j")
+    load(
+        neo4j_session,
+        S1ApplicationVersionSchema(),
+        data,
+        lastupdated=update_tag,
+        S1_ACCOUNT_ID=account_id,
+    )
+@timeit
+def cleanup(
+    neo4j_session: neo4j.Session, common_job_parameters: dict[str, Any]
+) -> None:
+    logger.debug("Running SentinelOne S1Application cleanup")
+    GraphJob.from_node_schema(S1ApplicationSchema(), common_job_parameters).run(
+        neo4j_session
+    )
+    logger.debug("Running SentinelOne S1ApplicationVersion cleanup")
+    GraphJob.from_node_schema(S1ApplicationVersionSchema(), common_job_parameters).run(
+        neo4j_session
+    )
+@timeit
+def sync(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    """
+    Sync SentinelOne applications
+    :param neo4j_session: Neo4j session
+    :param common_job_parameters: Common job parameters containing API_URL, API_TOKEN, etc.
+    :return: None
+    """
+    logger.info("Syncing SentinelOne application data")
+    account_id = str(common_job_parameters["S1_ACCOUNT_ID"])
+    api_url = str(common_job_parameters["API_URL"])
+    api_token = str(common_job_parameters["API_TOKEN"])
+    applications = get_application_data(account_id, api_url, api_token)
+    application_versions = get_application_installs(
+        applications, account_id, api_url, api_token
+    )
+    transformed_applications = transform_applications(applications)
+    transformed_application_versions = transform_application_versions(
+        application_versions
+    )
+    load_application_data(
+        neo4j_session,
+        transformed_applications,
+        account_id,
+        common_job_parameters["UPDATE_TAG"],
+    )
+    load_application_versions(
+        neo4j_session,
+        transformed_application_versions,
+        account_id,
+        common_job_parameters["UPDATE_TAG"],
+    )
+    cleanup(neo4j_session, common_job_parameters)

cartography 0.104.0rc2__py3-none-any.whl → 0.123.0__py3-none-any.whl

cartography 0.104.0rc2py3-none-any.whl → 0.123.0py3-none-any.whl