cartography 0.107.0rc2__py3-none-any.whl → 0.108.0rc1__py3-none-any.whl

cartography/intel/sentinelone/application.py

@@ -0,0 +1,248 @@
+import logging
+from typing import Any
+
+import neo4j
+
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.intel.sentinelone.api import get_paginated_results
+from cartography.intel.sentinelone.utils import get_application_id
+from cartography.intel.sentinelone.utils import get_application_version_id
+from cartography.models.sentinelone.application import S1ApplicationSchema
+from cartography.models.sentinelone.application_version import (
+    S1ApplicationVersionSchema,
+)
+from cartography.util import timeit
+
+logger = logging.getLogger(__name__)
+
+
+@timeit
+def get_application_data(
+    account_id: str, api_url: str, api_token: str
+) -> list[dict[str, Any]]:
+    """
+    Get application data from SentinelOne API
+    :param account_id: SentinelOne account ID
+    :param api_url: SentinelOne API URL
+    :param api_token: SentinelOne API token
+    :return: A list of application data dictionaries
+    """
+    logger.info(f"Retrieving SentinelOne application data for account {account_id}")
+    applications = get_paginated_results(
+        api_url=api_url,
+        endpoint="/web/api/v2.1/application-management/inventory",
+        api_token=api_token,
+        params={
+            "accountIds": account_id,
+            "limit": 1000,
+        },
+    )
+
+    logger.info(f"Retrieved {len(applications)} applications from SentinelOne")
+    return applications
+
+
+@timeit
+def get_application_installs(
+    app_inventory: list[dict[str, Any]], account_id: str, api_url: str, api_token: str
+) -> list[dict[str, Any]]:
+    """
+    Get application installs from SentinelOne API
+    :param app_inventory: List of applications to get installs for
+    :param account_id: SentinelOne account ID
+    :param api_url: SentinelOne API URL
+    :param api_token: SentinelOne API token
+    :return: A list of application installs data dictionaries
+    """
+    logger.info(
+        f"Retrieving SentinelOne application installs for "
+        f"{len(app_inventory)} applications in account "
+        f"{account_id}",
+    )
+
+    application_installs = []
+    for i, app in enumerate(app_inventory):
+        logger.info(
+            f"Retrieving SentinelOne installs for {app.get('applicationName')} "
+            f"{app.get('applicationVendor')} ({i + 1}/{len(app_inventory)})",
+        )
+        name = app["applicationName"]
+        vendor = app["applicationVendor"]
+        app_installs = get_paginated_results(
+            api_url=api_url,
+            endpoint="/web/api/v2.1/application-management/inventory/endpoints",
+            api_token=api_token,
+            params={
+                "accountIds": account_id,
+                "limit": 1000,
+                "applicationName": name,
+                "applicationVendor": vendor,
+            },
+        )
+
+        # Replace applicationVendor and applicationName with original values
+        # for consistency with the application data
+        for app_install in app_installs:
+            app_install["applicationVendor"] = vendor
+            app_install["applicationName"] = name
+        application_installs.extend(app_installs)
+
+    return application_installs
+
+
+def transform_applications(
+    applications_list: list[dict[str, Any]],
+) -> list[dict[str, Any]]:
+    """
+    Transform SentinelOne application data for loading into Neo4j
+    :param applications_list: Raw application data from the API
+    :return: Transformed application data
+    """
+    transformed_data = []
+    for app in applications_list:
+        vendor = app["applicationVendor"].strip()
+        name = app["applicationName"].strip()
+        app_id = get_application_id(name, vendor)
+        transformed_app = {
+            "id": app_id,
+            "name": name,
+            "vendor": vendor,
+        }
+        transformed_data.append(transformed_app)
+
+    return transformed_data
+
+
+def transform_application_versions(
+    application_installs_list: list[dict[str, Any]],
+) -> list[dict[str, Any]]:
+    """
+    Transform SentinelOne application installs for loading into Neo4j
+    :param application_installs_list: Raw application installs data from the API
+    :return: Transformed application installs data
+    """
+    transformed_data = []
+    for installed_version in application_installs_list:
+        app_name = installed_version["applicationName"]
+        app_vendor = installed_version["applicationVendor"]
+        version = installed_version["version"]
+
+        transformed_version = {
+            "id": get_application_version_id(
+                app_name,
+                app_vendor,
+                version,
+            ),
+            "application_id": get_application_id(
+                app_name,
+                app_vendor,
+            ),
+            "application_name": app_name,
+            "application_vendor": app_vendor,
+            "agent_uuid": installed_version.get("endpointUuid"),
+            "installation_path": installed_version.get("applicationInstallationPath"),
+            "installed_dt": installed_version.get("applicationInstallationDate"),
+            "version": version,
+        }
+        transformed_data.append(transformed_version)
+
+    return transformed_data
+
+
+@timeit
+def load_application_data(
+    neo4j_session: neo4j.Session,
+    data: list[dict[str, Any]],
+    account_id: str,
+    update_tag: int,
+) -> None:
+    """
+    Load SentinelOne application data into Neo4j
+    :param neo4j_session: Neo4j session
+    :param data: The transformed application data
+    :param account_id: The SentinelOne account ID
+    :param update_tag: Update tag to set on the nodes
+    :return: None
+    """
+    logger.info(f"Loading {len(data)} SentinelOne applications into Neo4j")
+    load(
+        neo4j_session,
+        S1ApplicationSchema(),
+        data,
+        lastupdated=update_tag,
+        S1_ACCOUNT_ID=account_id,
+    )
+
+
+@timeit
+def load_application_versions(
+    neo4j_session: neo4j.Session,
+    data: list[dict[str, Any]],
+    account_id: str,
+    update_tag: int,
+) -> None:
+    logger.info(f"Loading {len(data)} SentinelOne application versions into Neo4j")
+    load(
+        neo4j_session,
+        S1ApplicationVersionSchema(),
+        data,
+        lastupdated=update_tag,
+        S1_ACCOUNT_ID=account_id,
+    )
+
+
+@timeit
+def cleanup(
+    neo4j_session: neo4j.Session, common_job_parameters: dict[str, Any]
+) -> None:
+    logger.debug("Running SentinelOne S1Application cleanup")
+    GraphJob.from_node_schema(S1ApplicationSchema(), common_job_parameters).run(
+        neo4j_session
+    )
+    logger.debug("Running SentinelOne S1ApplicationVersion cleanup")
+    GraphJob.from_node_schema(S1ApplicationVersionSchema(), common_job_parameters).run(
+        neo4j_session
+    )
+
+
+@timeit
+def sync(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    """
+    Sync SentinelOne applications
+    :param neo4j_session: Neo4j session
+    :param common_job_parameters: Common job parameters containing API_URL, API_TOKEN, etc.
+    :return: None
+    """
+    logger.info("Syncing SentinelOne application data")
+    account_id = str(common_job_parameters["S1_ACCOUNT_ID"])
+    api_url = str(common_job_parameters["API_URL"])
+    api_token = str(common_job_parameters["API_TOKEN"])
+
+    applications = get_application_data(account_id, api_url, api_token)
+    application_versions = get_application_installs(
+        applications, account_id, api_url, api_token
+    )
+    transformed_applications = transform_applications(applications)
+    transformed_application_versions = transform_application_versions(
+        application_versions
+    )
+
+    load_application_data(
+        neo4j_session,
+        transformed_applications,
+        account_id,
+        common_job_parameters["UPDATE_TAG"],
+    )
+
+    load_application_versions(
+        neo4j_session,
+        transformed_application_versions,
+        account_id,
+        common_job_parameters["UPDATE_TAG"],
+    )
+
+    cleanup(neo4j_session, common_job_parameters)

cartography/intel/sentinelone/utils.py

@@ -2,8 +2,27 @@ import re
 
 
 def get_application_id(name: str, vendor: str) -> str:
+    """
+    Generate a normalized unique identifier for an application.
+    :param name: Application name
+    :param vendor: Application vendor/publisher
+    :return: Normalized unique identifier in format 'vendor:name'
+    """
     name_normalized = name.strip().lower().replace(" ", "_")
     vendor_normalized = vendor.strip().lower().replace(" ", "_")
     name_normalized = re.sub(r"[^\w]", "", name_normalized)
-    vendor_normalized = re.sub(r"[^\w\s]", "", vendor_normalized)
+    vendor_normalized = re.sub(r"[^\w]", "", vendor_normalized)
     return f"{vendor_normalized}:{name_normalized}"
+
+
+def get_application_version_id(name: str, vendor: str, version: str) -> str:
+    """
+    Generate a unique identifier for an application version
+    :param name: Application name
+    :param vendor: Application vendor
+    :param version: Application version
+    :return: Unique identifier for the application version in format 'vendor:name:version'
+    """
+    app_id = get_application_id(name, vendor)
+    version_normalized = version.strip().lower().replace(" ", "_")
+    return f"{app_id}:{version_normalized}"

cartography/models/aws/cloudwatch/log_metric_filter.py

@@ -0,0 +1,79 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class CloudWatchLogMetricFilterNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    arn: PropertyRef = PropertyRef("filterName", extra_index=True)
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    filter_name: PropertyRef = PropertyRef("filterName")
+    filter_pattern: PropertyRef = PropertyRef("filterPattern")
+    log_group_name: PropertyRef = PropertyRef("logGroupName")
+    metric_name: PropertyRef = PropertyRef("metricName")
+    metric_namespace: PropertyRef = PropertyRef("metricNamespace")
+    metric_value: PropertyRef = PropertyRef("metricValue")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class CloudWatchLogMetricFilterToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class CloudWatchLogMetricFilterToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: CloudWatchLogMetricFilterToAwsAccountRelProperties = (
+        CloudWatchLogMetricFilterToAwsAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class CloudWatchLogMetricFilterToCloudWatchLogGroupRelProperties(
+    CartographyRelProperties
+):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class CloudWatchLogMetricFilterToCloudWatchLogGroupRel(CartographyRelSchema):
+    target_node_label: str = "CloudWatchLogGroup"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"log_group_name": PropertyRef("logGroupName")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "METRIC_FILTER_OF"
+    properties: CloudWatchLogMetricFilterToCloudWatchLogGroupRelProperties = (
+        CloudWatchLogMetricFilterToCloudWatchLogGroupRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class CloudWatchLogMetricFilterSchema(CartographyNodeSchema):
+    label: str = "CloudWatchLogMetricFilter"
+    properties: CloudWatchLogMetricFilterNodeProperties = (
+        CloudWatchLogMetricFilterNodeProperties()
+    )
+    sub_resource_relationship: CloudWatchLogMetricFilterToAWSAccountRel = (
+        CloudWatchLogMetricFilterToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            CloudWatchLogMetricFilterToCloudWatchLogGroupRel(),
+        ]
+    )

cartography/models/aws/ec2/networkinterfaces.py

@@ -44,7 +44,9 @@ class EC2NetworkInterfaceNodeProperties(CartographyNodeProperties):
     requester_id: PropertyRef = PropertyRef("RequesterId", extra_index=True)
     requester_managed: PropertyRef = PropertyRef("RequesterManaged")
     source_dest_check: PropertyRef = PropertyRef("SourceDestCheck")
+    # TODO: remove subnetid once we have migrated to subnet_id
     subnetid: PropertyRef = PropertyRef("SubnetId", extra_index=True)
+    subnet_id: PropertyRef = PropertyRef("SubnetId", extra_index=True)
 
 
 @dataclass(frozen=True)

cartography/models/aws/ec2/security_group_rules.py

@@ -0,0 +1,109 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class IpRuleNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("RuleId")
+    ruleid: PropertyRef = PropertyRef("RuleId", extra_index=True)
+    groupid: PropertyRef = PropertyRef("GroupId", extra_index=True)
+    protocol: PropertyRef = PropertyRef("Protocol")
+    fromport: PropertyRef = PropertyRef("FromPort")
+    toport: PropertyRef = PropertyRef("ToPort")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class IpRuleToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class IpRuleToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: IpRuleToAWSAccountRelProperties = IpRuleToAWSAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class IpRuleToSecurityGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class IpRuleToSecurityGroupRel(CartographyRelSchema):
+    target_node_label: str = "EC2SecurityGroup"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"groupid": PropertyRef("GroupId")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "MEMBER_OF_EC2_SECURITY_GROUP"
+    properties: IpRuleToSecurityGroupRelProperties = (
+        IpRuleToSecurityGroupRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class IpRangeNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("RangeId")
+    range: PropertyRef = PropertyRef("RangeId")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class IpRangeToIpRuleRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class IpRangeToIpRuleRel(CartographyRelSchema):
+    target_node_label: str = "IpRule"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"ruleid": PropertyRef("RuleId")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "MEMBER_OF_IP_RULE"
+    properties: IpRangeToIpRuleRelProperties = IpRangeToIpRuleRelProperties()
+
+
+@dataclass(frozen=True)
+class IpRuleSchema(CartographyNodeSchema):
+    label: str = "IpRule"
+    properties: IpRuleNodeProperties = IpRuleNodeProperties()
+    sub_resource_relationship: IpRuleToAWSAccountRel = IpRuleToAWSAccountRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [IpRuleToSecurityGroupRel()]
+    )
+
+
+@dataclass(frozen=True)
+class IpPermissionInboundSchema(CartographyNodeSchema):
+    label: str = "IpRule"
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["IpPermissionInbound"])
+    properties: IpRuleNodeProperties = IpRuleNodeProperties()
+    sub_resource_relationship: IpRuleToAWSAccountRel = IpRuleToAWSAccountRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [IpRuleToSecurityGroupRel()]
+    )
+
+
+@dataclass(frozen=True)
+class IpRangeSchema(CartographyNodeSchema):
+    label: str = "IpRange"
+    properties: IpRangeNodeProperties = IpRangeNodeProperties()
+    sub_resource_relationship: IpRuleToAWSAccountRel = IpRuleToAWSAccountRel()
+    other_relationships: OtherRelationships = OtherRelationships([IpRangeToIpRuleRel()])

cartography/models/aws/ec2/security_groups.py

@@ -0,0 +1,90 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EC2SecurityGroupNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("GroupId")
+    groupid: PropertyRef = PropertyRef("GroupId", extra_index=True)
+    name: PropertyRef = PropertyRef("GroupName")
+    description: PropertyRef = PropertyRef("Description")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2SecurityGroupToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2SecurityGroupToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: EC2SecurityGroupToAWSAccountRelProperties = (
+        EC2SecurityGroupToAWSAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class EC2SecurityGroupToVpcRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2SecurityGroupToVpcRel(CartographyRelSchema):
+    target_node_label: str = "AWSVpc"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"vpcid": PropertyRef("VpcId")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "MEMBER_OF_EC2_SECURITY_GROUP"
+    properties: EC2SecurityGroupToVpcRelProperties = (
+        EC2SecurityGroupToVpcRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class EC2SecurityGroupToSourceGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2SecurityGroupToSourceGroupRel(CartographyRelSchema):
+    target_node_label: str = "EC2SecurityGroup"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"groupid": PropertyRef("SOURCE_GROUP_IDS", one_to_many=True)}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ALLOWS_TRAFFIC_FROM"
+    properties: EC2SecurityGroupToSourceGroupRelProperties = (
+        EC2SecurityGroupToSourceGroupRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class EC2SecurityGroupSchema(CartographyNodeSchema):
+    label: str = "EC2SecurityGroup"
+    properties: EC2SecurityGroupNodeProperties = EC2SecurityGroupNodeProperties()
+    sub_resource_relationship: EC2SecurityGroupToAWSAccountRel = (
+        EC2SecurityGroupToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            EC2SecurityGroupToVpcRel(),
+            EC2SecurityGroupToSourceGroupRel(),
+        ]
+    )

cartography/models/aws/ec2/snapshots.py

@@ -0,0 +1,58 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EBSSnapshotNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("SnapshotId")
+    snapshotid: PropertyRef = PropertyRef("SnapshotId", extra_index=True)
+    description: PropertyRef = PropertyRef("Description")
+    encrypted: PropertyRef = PropertyRef("Encrypted")
+    progress: PropertyRef = PropertyRef("Progress")
+    starttime: PropertyRef = PropertyRef("StartTime")
+    state: PropertyRef = PropertyRef("State")
+    statemessage: PropertyRef = PropertyRef("StateMessage")
+    volumeid: PropertyRef = PropertyRef("VolumeId")
+    volumesize: PropertyRef = PropertyRef("VolumeSize")
+    outpostarn: PropertyRef = PropertyRef("OutpostArn")
+    dataencryptionkeyid: PropertyRef = PropertyRef("DataEncryptionKeyId")
+    kmskeyid: PropertyRef = PropertyRef("KmsKeyId")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EBSSnapshotToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EBSSnapshotToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {
+            "id": PropertyRef("AWS_ID", set_in_kwargs=True),
+        }
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: EBSSnapshotToAWSAccountRelProperties = (
+        EBSSnapshotToAWSAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class EBSSnapshotSchema(CartographyNodeSchema):
+    label: str = "EBSSnapshot"
+    properties: EBSSnapshotNodeProperties = EBSSnapshotNodeProperties()
+    sub_resource_relationship: EBSSnapshotToAWSAccountRel = EBSSnapshotToAWSAccountRel()
+    other_relationships: OtherRelationships = OtherRelationships([])

cartography/models/aws/ec2/subnet_instance.py

@@ -15,7 +15,9 @@ from cartography.models.core.relationships import TargetNodeMatcher
 class EC2SubnetInstanceNodeProperties(CartographyNodeProperties):
     # arn: PropertyRef = PropertyRef('Arn', extra_index=True) TODO use arn; issue #1024
     id: PropertyRef = PropertyRef("SubnetId")
+    # TODO: remove subnetid once we have migrated to subnet_id
     subnetid: PropertyRef = PropertyRef("SubnetId", extra_index=True)
+    subnet_id: PropertyRef = PropertyRef("SubnetId", extra_index=True)
     region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
 

cartography/models/aws/ec2/subnet_networkinterface.py

@@ -16,6 +16,8 @@ from cartography.models.core.relationships import TargetNodeMatcher
 @dataclass(frozen=True)
 class EC2SubnetNetworkInterfaceNodeProperties(CartographyNodeProperties):
     id: PropertyRef = PropertyRef("SubnetId")
+    # TODO: remove subnetid once we have migrated to subnet_id
+    subnetid: PropertyRef = PropertyRef("SubnetId", extra_index=True)
     subnet_id: PropertyRef = PropertyRef("SubnetId", extra_index=True)
     region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)

cartography/models/aws/ec2/volumes.py

@@ -68,6 +68,24 @@ class EBSVolumeToEC2InstanceRel(CartographyRelSchema):
     )
 
 
+@dataclass(frozen=True)
+class EBSVolumeToEBSSnapshotRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EBSVolumeToEBSSnapshotRel(CartographyRelSchema):
+    target_node_label: str = "EBSSnapshot"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("SnapshotId")},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "CREATED_FROM"
+    properties: EBSVolumeToEBSSnapshotRelProperties = (
+        EBSVolumeToEBSSnapshotRelProperties()
+    )
+
+
 @dataclass(frozen=True)
 class EBSVolumeSchema(CartographyNodeSchema):
     """
@@ -80,6 +98,7 @@ class EBSVolumeSchema(CartographyNodeSchema):
     other_relationships: OtherRelationships = OtherRelationships(
         [
             EBSVolumeToEC2InstanceRel(),
+            EBSVolumeToEBSSnapshotRel(),
         ],
     )
 
@@ -110,5 +129,6 @@ class EBSVolumeInstanceSchema(CartographyNodeSchema):
     other_relationships: OtherRelationships = OtherRelationships(
         [
             EBSVolumeToEC2InstanceRel(),
+            EBSVolumeToEBSSnapshotRel(),
         ],
     )