Azure Schema¶
AzureTenant¶
Representation of an Azure Tenant.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The Azure Tenant ID number |
Relationships¶
Azure Principal is part of the Azure Account.
(AzureTenant)-[RESOURCE]->(AzurePrincipal)
AzurePrincipal¶
Representation of an Azure Principal..
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
Email of the Azure Principal |
Relationships¶
Azure Principal is part of the Azure Account.
(AzurePrincipal)-[RESOURCE]->(AzureTenant)
AzureSubscription¶
Representation of an Azure Subscription..
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The Azure Subscription ID number |
name |
The friendly name that identifies the subscription |
path |
The full ID for the Subscription |
state |
Can be one of |
Relationships¶
Azure Tenant contains one or more Subscriptions.
(AzureTenant)-[RESOURCE]->(AzureSubscription)
VirtualMachine¶
Representation of an Azure Virtual Machine.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The Azure Virtual Machine ID number |
type |
The type of the resource |
location |
The location where Virtual Machine is created |
resourcegroup |
The Resource Group where Virtual Machine is created |
name |
The friendly name that identifies the Virtual Machine |
plan |
The plan associated with the Virtual Machine |
size |
The size of the Virtual Machine |
license_type |
The type of license |
computer_name |
The computer name |
identity_type |
The type of identity used for the virtual machine |
zones |
The Virtual Machine zones |
ultra_ssd_enabled |
Enables or disables a capability on the virtual machine or virtual machine scale set. |
priority |
Specifies the priority for the virtual machine |
eviction_policy |
Specifies the eviction policy for the Virtual Machine |
Relationships¶
Azure Subscription contains one or more Virtual Machines.
(AzureSubscription)-[RESOURCE]->(VirtualMachine)
AzureDataDisk¶
Representation of an Azure Data Disk.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The Azure Data Disk ID number |
lun |
Specifies the logical unit number of the data disk |
name |
The data disk name |
vhd |
The virtual hard disk associated with data disk |
image |
The source user image virtual hard disk |
size |
The size of the disk in GB |
caching |
Specifies the caching requirement |
createoption |
Specifies how the disk should be created |
write_accelerator_enabled |
Specifies whether writeAccelerator should be enabled or disabled on the data disk |
managed_disk_storage_type |
The data disk storage type |
Relationships¶
Azure Virtual Machines are attached to Data Disks.
(VirtualMachine)-[ATTACHED_TO]->(AzureDataDisk)
AzureDisk¶
Representation of an Azure Disk.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The Azure Disk ID number |
type |
The type of the resource |
location |
The location where Disk is created |
resourcegroup |
The Resource Group where Disk is created |
name |
The friendly name that identifies the Disk |
createoption |
Specifies how the disk should be created |
disksizegb |
The size of the disk in GB |
encryption |
Specifies whether the disk has encryption enabled |
maxshares |
Specifies how many machines can share the disk |
ostype |
The operating system type of the disk |
tier |
Performance Tier associated with the disk |
sku |
The disk sku name |
zones |
The logical zone list for disk |
Relationships¶
Azure Subscription contains one or more Disks.
(AzureSubscription)-[RESOURCE]->(AzureDisk)
AzureSnapshot¶
Representation of an Azure Snapshot.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The Azure Snapshot ID number |
type |
The type of the resource |
location |
The location where snapshot is created |
resourcegroup |
The Resource Group where snapshot is created |
name |
The friendly name that identifies the snapshot |
createoption |
Specifies how the disk should be created |
disksizegb |
The size of the snapshot in GB |
encryption |
Specifies whether the snapshot has encryption enabled |
incremental |
Indicates whether a snapshot is incremental or not |
network_access_policy |
Policy for accessing the snapshot via network |
ostype |
The operating system type of the snapshot |
tier |
Performance Tier associated with the snapshot |
sku |
The snapshot sku name |
zones |
The logical zone list for snapshot |
Relationships¶
Azure Subscription contains one or more Snapshots.
(AzureSubscription)-[RESOURCE]->(AzureSnapshot)
AzureSQLServer¶
Representation of an AzureSQLServer.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The resource ID |
location |
The location where the resource is created |
resourcegroup |
The Resource Group where SQL Server is created |
name |
The friendly name that identifies the SQL server |
kind |
Specifies the kind of SQL server |
state |
The state of the server |
version |
The version of the server |
Relationships¶
Azure Subscription contains one or more SQL Servers.
(AzureSubscription)-[RESOURCE]->(AzureSQLServer)Azure SQL Server can be used by one or more Azure Server DNS Aliases.
(AzureSQLServer)-[USED_BY]->(AzureServerDNSAlias)Azure SQL Server can be administered by one or more Azure Server AD Administrators.
(AzureSQLServer)-[ADMINISTERED_BY]->(AzureServerADAdministrator)Azure SQL Server has one or more Azure Recoverable Database.
(AzureSQLServer)-[RESOURCE]->(AzureRecoverableDatabase)Azure SQL Server has one or more Azure Restorable Dropped Database.
(AzureSQLServer)-[RESOURCE]->(AzureRestorableDroppedDatabase)Azure SQL Server has one or more Azure Failover Group.
(AzureSQLServer)-[RESOURCE]->(AzureFailoverGroup)Azure SQL Server has one or more Azure Elastic Pool.
(AzureSQLServer)-[RESOURCE]->(AzureElasticPool)Azure SQL Server has one or more Azure SQL Database.
(AzureSQLServer)-[RESOURCE]->(AzureSQLDatabase)
AzureServerDNSAlias¶
Representation of an AzureServerDNSAlias.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The resource ID |
name |
The name of the server DNS alias |
dnsrecord |
The fully qualified DNS record for alias. |
Relationships¶
Azure SQL Server can be used by one or more Azure Server DNS Aliases.
(AzureSQLServer)-[USED_BY]->(AzureServerDNSAlias)
AzureServerADAdministrator¶
Representation of an AzureServerADAdministrator.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The resource ID |
name |
The name of the resource. |
administratortype |
The type of the server administrator. |
login |
The login name of the server administrator. |
Relationships¶
Azure SQL Server can be administered by one or more Azure Server AD Administrators.
(AzureSQLServer)-[ADMINISTERED_BY]->(AzureServerADAdministrator)
AzureRecoverableDatabase¶
Representation of an AzureRecoverableDatabase.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The resource ID |
name |
The name of the resource. |
edition |
The edition of the database. |
servicelevelobjective |
The service level objective name of the database. |
lastbackupdate |
The last available backup date of the database (ISO8601 format). |
Relationships¶
Azure SQL Server has one or more Azure Recoverable Database.
(AzureSQLServer)-[RESOURCE]->(AzureRecoverableDatabase)
AzureRestorableDroppedDatabase¶
Representation of an AzureRestorableDroppedDatabase.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The resource ID |
name |
The name of the resource. |
location |
The geo-location where the resource lives. |
databasename |
The name of the database. |
creationdate |
The creation date of the database (ISO8601 format). |
deletiondate |
The deletion date of the database (ISO8601 format). |
restoredate |
The earliest restore date of the database (ISO8601 format). |
edition |
The edition of the database. |
servicelevelobjective |
The service level objective name of the database. |
maxsizebytes |
The max size in bytes of the database. |
Relationships¶
Azure SQL Server has one or more Azure Restorable Dropped Database.
(AzureSQLServer)-[RESOURCE]->(AzureRestorableDroppedDatabase)
AzureFailoverGroup¶
Representation of an AzureFailoverGroup.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The resource ID |
name |
The name of the resource. |
location |
The geo-location where the resource lives. |
replicationrole |
Local replication role of the failover group instance. |
replicationstate |
Replication state of the failover group instance. |
Relationships¶
Azure SQL Server has one or more Azure Failover Group.
(AzureSQLServer)-[RESOURCE]->(AzureFailoverGroup)
AzureElasticPool¶
Representation of an AzureElasticPool.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The resource ID |
name |
The name of the resource. |
location |
The location of the resource. |
kind |
The kind of elastic pool. |
creationdate |
The creation date of the elastic pool (ISO8601 format). |
state |
The state of the elastic pool. |
maxsizebytes |
The storage limit for the database elastic pool in bytes. |
licensetype |
The license type to apply for this elastic pool. |
zoneredundant |
Specifies whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones. |
Relationships¶
Azure SQL Server has one or more Azure Elastic Pool.
(AzureSQLServer)-[RESOURCE]->(AzureElasticPool)
AzureSQLDatabase¶
Representation of an AzureSQLDatabase.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The resource ID |
name |
The name of the resource. |
location |
The location of the resource. |
kind |
The kind of database. |
creationdate |
The creation date of the database (ISO8601 format). |
databaseid |
The ID of the database. |
maxsizebytes |
The max size of the database expressed in bytes. |
licensetype |
The license type to apply for this database. |
secondarylocation |
The default secondary region for this database. |
elasticpoolid |
The resource identifier of the elastic pool containing this database. |
collation |
The collation of the database. |
failovergroupid |
Failover Group resource identifier that this database belongs to. |
zoneredundant |
Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. |
restorabledroppeddbid |
The resource identifier of the restorable dropped database associated with create operation of this database. |
recoverabledbid |
The resource identifier of the recoverable database associated with create operation of this database. |
Relationships¶
Azure SQL Server has one or more Azure SQL Database.
(AzureSQLServer)-[RESOURCE]->(AzureSQLDatabase)Azure SQL Database contains one or more Azure Replication Links.
(AzureSQLDatabase)-[CONTAINS]->(AzureReplicationLink)Azure SQL Database contains a Database Threat Detection Policy.
(AzureSQLDatabase)-[CONTAINS]->(AzureDatabaseThreatDetectionPolicy)Azure SQL Database contains one or more Restore Points.
(AzureSQLDatabase)-[CONTAINS]->(AzureRestorePoint)Azure SQL Database contains Transparent Data Encryption.
(AzureSQLDatabase)-[CONTAINS]->(AzureTransparentDataEncryption)
AzureReplicationLink¶
Representation of an AzureReplicationLink.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The resource ID |
name |
The name of the resource. |
location |
Location of the server that contains this firewall rule. |
partnerdatabase |
The name of the partner database. |
partnerlocation |
The Azure Region of the partner database. |
partnerrole |
The role of the database in the replication link. |
partnerserver |
The name of the server hosting the partner database. |
mode |
Replication mode of this replication link. |
state |
The replication state for the replication link. |
percentcomplete |
The percentage of seeding complete for the replication link. |
role |
The role of the database in the replication link. |
starttime |
The start time for the replication link. |
terminationallowed |
Legacy value indicating whether termination is allowed. |
Relationships¶
Azure SQL Database contains one or more Azure Replication Links.
(AzureSQLDatabase)-[CONTAINS]->(AzureReplicationLink)
AzureDatabaseThreatDetectionPolicy¶
Representation of an AzureDatabaseThreatDetectionPolicy.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The resource ID |
name |
The name of the resource. |
location |
The geo-location where the resource lives. |
kind |
The kind of the resource. |
emailadmins |
Specifies that the alert is sent to the account administrators. |
emailaddresses |
Specifies the semicolon-separated list of e-mail addresses to which the alert is sent. |
retentiondays |
Specifies the number of days to keep in the Threat Detection audit logs. |
state |
Specifies the state of the policy. |
storageendpoint |
Specifies the blob storage endpoint. |
useserverdefault |
Specifies whether to use the default server policy. |
disabledalerts |
Specifies the semicolon-separated list of alerts that are disabled, or empty string to disable no alerts. |
Relationships¶
Azure SQL Database contains a Database Threat Detection Policy.
(AzureSQLDatabase)-[CONTAINS]->(AzureDatabaseThreatDetectionPolicy)
AzureRestorePoint¶
Representation of an AzureRestorePoint.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The resource ID |
name |
The name of the resource. |
location |
The geo-location where the resource lives. |
restoredate |
The earliest time to which this database can be restored. |
restorepointtype |
The type of restore point. |
creationdate |
The time the backup was taken. |
Relationships¶
Azure SQL Database contains one or more Restore Points.
(AzureSQLDatabase)-[CONTAINS]->(AzureRestorePoint)
AzureTransparentDataEncryption¶
Representation of an AzureTransparentDataEncryption.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The resource ID |
name |
The name of the resource. |
location |
The resource location. |
status |
The status of the database transparent data encryption. |
Relationships¶
Azure SQL Database contains Transparent Data Encryption.
(AzureSQLDatabase)-[CONTAINS]->(AzureTransparentDataEncryption)
AzureStorageAccount¶
Representation of an AzureStorageAccount.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
Fully qualified resource ID for the resource. |
type |
The type of the resource. |
location |
The geo-location where the resource lives. |
resourcegroup |
The Resource Group where the storage account is created |
name |
The name of the resource. |
kind |
Gets the Kind of the resource. |
creationtime |
Gets the creation date and time of the storage account in UTC. |
hnsenabled |
Specifies if the Account HierarchicalNamespace is enabled. |
primarylocation |
Gets the location of the primary data center for the storage account. |
secondarylocation |
Gets the location of the geo-replicated secondary for the storage account. |
provisioningstate |
Gets the status of the storage account at the time the operation was called. |
statusofprimary |
Gets the status availability status of the primary location of the storage account. |
statusofsecondary |
Gets the status availability status of the secondary location of the storage account. |
supportshttpstrafficonly |
Allows https traffic only to storage service if sets to true. |
Relationships¶
Azure Subscription contains one or more Storage Accounts.
(AzureSubscription)-[RESOURCE]->(AzureStorageAccount)Azure Storage Accounts uses one or more Queue Services.
(AzureStorageAccount)-[USES]->(AzureStorageQueueService)Azure Storage Accounts uses one or more Table Services.
(AzureStorageAccount)-[USES]->(AzureStorageTableService)Azure Storage Accounts uses one or more File Services.
(AzureStorageAccount)-[USES]->(AzureStorageFileService)Azure Storage Accounts uses one or more Blob Services.
(AzureStorageAccount)-[USES]->(AzureStorageBlobService)Azure Storage Accounts can be tagged with Azure Tags.
(:AzureStorageAccount)-[:TAGGED]->(:AzureTag)
AzureStorageQueueService¶
Representation of an AzureStorageQueueService.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
Fully qualified resource ID for the resource. |
type |
The type of the resource. |
name |
The name of the queue service. |
Relationships¶
Azure Storage Accounts uses one or more Queue Services.
(AzureStorageAccount)-[USES]->(AzureStorageQueueService)Queue Service contains one or more queues.
(AzureStorageQueueService)-[CONTAINS]->(AzureStorageQueue)
AzureStorageTableService¶
Representation of an AzureStorageTableService.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
Fully qualified resource ID for the resource. |
type |
The type of the resource. |
name |
The name of the table service. |
Relationships¶
Azure Storage Accounts uses one or more Table Services.
(AzureStorageAccount)-[USES]->(AzureStorageTableService)Table Service contains one or more tables.
(AzureStorageTableService)-[CONTAINS]->(AzureStorageTable)
AzureStorageFileService¶
Representation of an AzureStorageFileService.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
Fully qualified resource ID for the resource. |
type |
The type of the resource. |
name |
The name of the file service. |
Relationships¶
Azure Storage Accounts uses one or more File Services.
(AzureStorageAccount)-[USES]->(AzureStorageFileService)Table Service contains one or more file shares.
(AzureStorageFileService)-[CONTAINS]->(AzureStorageFileShare)
AzureStorageBlobService¶
Representation of an AzureStorageBlobService.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
Fully qualified resource ID for the resource. |
type |
The type of the resource. |
name |
The name of the blob service. |
Relationships¶
Azure Storage Accounts uses one or more Blob Services.
(AzureStorageAccount)-[USES]->(AzureStorageBlobService)Blob Service contains one or more blob containers.
(AzureStorageBlobService)-[CONTAINS]->(AzureStorageBlobContainer)
AzureStorageQueue¶
Representation of an AzureStorageQueue.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
Fully qualified resource ID for the resource. |
type |
The type of the resource. |
name |
The name of the queue. |
Relationships¶
Queue Service contains one or more queues.
(AzureStorageQueueService)-[CONTAINS]->(AzureStorageQueue)
AzureStorageTable¶
Representation of an AzureStorageTable.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
Fully qualified resource ID for the resource. |
type |
The type of the resource. |
name |
The name of the table resource. |
tablename |
Table name under the specified account. |
Relationships¶
Table Service contains one or more tables.
(AzureStorageTableService)-[CONTAINS]->(AzureStorageTable)
AzureStorageBlobContainer¶
Representation of an AzureStorageBlobContainer.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
Fully qualified resource ID for the resource. |
type |
The type of the resource. |
name |
The name of the resource. |
deleted |
Indicates whether the blob container was deleted. |
deletedtime |
Blob container deletion time. |
defaultencryptionscope |
Default the container to use specified encryption scope for all writes. |
publicaccess |
Specifies whether data in the container may be accessed publicly and the level of access. |
leasestatus |
The lease status of the container. |
leasestate |
Lease state of the container. |
lastmodifiedtime |
Specifies the date and time the container was last modified. |
remainingretentiondays |
Specifies the remaining retention days for soft deleted blob container. |
version |
The version of the deleted blob container. |
hasimmutabilitypolicy |
Specifies the if the container has an ImmutabilityPolicy or not. |
haslegalhold |
Specifies if the container has any legal hold tags. |
leaseduration |
Specifies whether the lease on a container is of infinite or fixed duration, only when the container is leased. |
Relationships¶
Blob Service contains one or more blob containers.
(AzureStorageBlobService)-[CONTAINS]->(AzureStorageBlobContainer)
AzureCosmosDBAccount¶
Representation of an AzureCosmosDBAccount.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The unique resource identifier of the ARM resource. |
location |
The location of the resource group to which the resource belongs. |
resourcegroup |
The Resource Group where the database account is created. |
name |
The name of the ARM resource. |
kind |
Indicates the type of database account. |
type |
The type of Azure resource. |
ipranges |
List of IpRules. |
capabilities |
List of Cosmos DB capabilities for the account. |
documentendpoint |
The connection endpoint for the Cosmos DB database account. |
virtualnetworkfilterenabled |
Flag to indicate whether to enable/disable Virtual Network ACL rules. |
enableautomaticfailover |
Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. |
provisioningstate |
The status of the Cosmos DB account at the time the operation was called. |
multiplewritelocations |
Enables the account to write in multiple locations. |
accountoffertype |
The offer type for the Cosmos DB database account. |
publicnetworkaccess |
Whether requests from Public Network are allowed. |
enablecassandraconnector |
Enables the cassandra connector on the Cosmos DB C* account. |
connectoroffer |
The cassandra connector offer type for the Cosmos DB database C* account. |
disablekeybasedmetadatawriteaccess |
Disable write operations on metadata resources (databases, containers, throughput) via account keys. |
keyvaulturi |
The URI of the key vault. |
enablefreetier |
Flag to indicate whether Free Tier is enabled. |
enableanalyticalstorage |
Flag to indicate whether to enable storage analytics. |
defaultconsistencylevel |
The default consistency level and configuration settings of the Cosmos DB account. |
maxstalenessprefix |
When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. |
maxintervalinseconds |
When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. |
Relationships¶
Azure Subscription contains one or more database accounts.
(AzureSubscription)-[RESOURCE]->(AzureCosmosDBAccount)Azure Database Account can be read from, written from and is associated with Azure CosmosDB Locations.
(AzureCosmosDBAccount)-[CAN_WRITE_FROM]->(AzureCosmosDBLocation)(AzureCosmosDBAccount)-[CAN_READ_FROM]->(AzureCosmosDBLocation)(AzureCosmosDBAccount)-[ASSOCIATED_WITH]->(AzureCosmosDBLocation)Azure Database Account contains one or more Cors Policy.
(AzureCosmosDBAccount)-[CONTAINS]->(AzureCosmosDBCorsPolicy)Azure Database Account contains one or more failover policies.
(AzureCosmosDBAccount)-[CONTAINS]->(AzureCosmosDBAccountFailoverPolicy)Azure Database Account is configured with one or more private endpoint connections.
(AzureCosmosDBAccount)-[CONFIGURED_WITH]->(AzureCDBPrivateEndpointConnection)Azure Database Account is configured with one or more virtual network rules.
(AzureCosmosDBAccount)-[CONFIGURED_WITH]->(AzureCosmosDBVirtualNetworkRule)Azure Database Account contains one or more SQL databases.
(AzureCosmosDBAccount)-[CONTAINS]->(AzureCosmosDBSqlDatabase)Azure Database Account contains one or more Cassandra keyspace.
(AzureCosmosDBAccount)-[CONTAINS]->(AzureCosmosDBCassandraKeyspace)Azure Database Account contains one or more MongoDB Database.
(AzureCosmosDBAccount)-[CONTAINS]->(AzureCosmosDBMongoDBDatabase)Azure Database Account contains one or more table resource.
(AzureCosmosDBAccount)-[CONTAINS]->(AzureCosmosDBTableResource)
AzureCosmosDBLocation¶
Representation of an Azure CosmosDB Location.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The unique identifier of the region within the database account. |
locationname |
The name of the region. |
documentendpoint |
The connection endpoint for the specific region. |
provisioningstate |
The status of the Cosmos DB account at the time the operation was called. |
failoverpriority |
The failover priority of the region. |
iszoneredundant |
Flag to indicate whether or not this region is an AvailabilityZone region. |
Relationships¶
Azure Database Account has write permissions from, read permissions from and is associated with Azure CosmosDB Locations.
(AzureCosmosDBAccount)-[CAN_WRITE_FROM]->(AzureCosmosDBLocation)(AzureCosmosDBAccount)-[CAN_READ_FROM]->(AzureCosmosDBLocation)
(AzureCosmosDBAccount)-[ASSOCIATED_WITH]->(AzureCosmosDBLocation)
AzureCosmosDBCorsPolicy¶
Representation of an Azure Cosmos DB Cors Policy.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The unique resource identifier for Cors Policy. |
allowedorigins |
The origin domains that are permitted to make a request against the service via CORS. |
allowedmethods |
The methods (HTTP request verbs) that the origin domain may use for a CORS request. |
allowedheaders |
The request headers that the origin domain may specify on the CORS request. |
exposedheaders |
The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. |
maxageinseconds |
The maximum amount time that a browser should cache the preflight OPTIONS request. |
Relationships¶
Azure Database Account contains one or more Cors Policy.
(AzureCosmosDBAccount)-[CONTAINS]->(AzureCosmosDBCorsPolicy)
AzureCosmosDBAccountFailoverPolicy¶
Representation of an Azure Database Account Failover Policy.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The unique identifier of the region in which the database account replicates to. |
locationname |
The name of the region in which the database account exists. |
failoverpriority |
The failover priority of the region. A failover priority of 0 indicates a write region. |
Relationships¶
Azure Database Account contains one or more failover policies.
(AzureCosmosDBAccount)-[CONTAINS]->(AzureCosmosDBAccountFailoverPolicy)
AzureCDBPrivateEndpointConnection¶
Representation of an Azure Cosmos DB Private Endpoint Connection.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
Fully qualified resource Id for the resource. |
name |
The name of the resource. |
privateendpointid |
Resource id of the private endpoint. |
status |
The private link service connection status. |
actionrequired |
Any action that is required beyond basic workflow (approve/ reject/ disconnect). |
Relationships¶
Azure Database Account is configured with one or more private endpoint connections.
(AzureCosmosDBAccount)-[CONFIGURED_WITH]->(AzureCDBPrivateEndpointConnection)
AzureCosmosDBVirtualNetworkRule¶
Representation of an Azure Cosmos DB Virtual Network Rule.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
Resource ID of a subnet. |
ignoremissingvnetserviceendpoint |
Create firewall rule before the virtual network has vnet service endpoint enabled. |
Relationships¶
Azure Database Account is configured with one or more virtual network rules.
(AzureCosmosDBAccount)-[CONFIGURED_WITH]->(AzureCosmosDBVirtualNetworkRule)
AzureCosmosDBSqlDatabase¶
Representation of an AzureCosmosDBSqlDatabase.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The unique resource identifier of the ARM resource. |
name |
The name of the ARM resource. |
type |
The type of Azure resource. |
location |
The location of the resource group to which the resource belongs. |
throughput |
Value of the Cosmos DB resource throughput or autoscaleSettings. |
maxthroughput |
Represents maximum throughput, the resource can scale up to. |
Relationships¶
Azure Database Account contains one or more SQL databases.
(AzureCosmosDBAccount)-[CONTAINS]->(AzureCosmosDBSqlDatabase)SQL Databases contain one or more SQL containers.
(AzureCosmosDBSqlDatabase)-[CONTAINS]->(AzureCosmosDBSqlContainer)
AzureCosmosDBCassandraKeyspace¶
Representation of an AzureCosmosDBCassandraKeyspace.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The unique resource identifier of the ARM resource. |
name |
The name of the ARM resource. |
type |
The type of Azure resource. |
location |
The location of the resource group to which the resource belongs. |
throughput |
Value of the Cosmos DB resource throughput or autoscaleSettings. |
maxthroughput |
Represents maximum throughput, the resource can scale up to. |
Relationships¶
Azure Database Account contains one or more Cassandra keyspace.
(AzureCosmosDBAccount)-[CONTAINS]->(AzureCosmosDBCassandraKeyspace)Cassandra Keyspace contains one or more Cassandra tables.
(AzureCosmosDBCassandraKeyspace)-[CONTAINS]->(AzureCosmosDBCassandraTable)
AzureCosmosDBMongoDBDatabase¶
Representation of an AzureCosmosDBMongoDBDatabase.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The unique resource identifier of the ARM resource. |
name |
The name of the ARM resource. |
type |
The type of Azure resource. |
location |
The location of the resource group to which the resource belongs. |
throughput |
Value of the Cosmos DB resource throughput or autoscaleSettings. |
maxthroughput |
Represents maximum throughput, the resource can scale up to. |
Relationships¶
Azure Database Account contains one or more MongoDB Database.
(AzureCosmosDBAccount)-[CONTAINS]->(AzureCosmosDBMongoDBDatabase)MongoDB database contains one or more MongoDB collections.
(AzureCosmosDBMongoDBDatabase)-[CONTAINS]->(AzureCosmosDBMongoDBCollection)
AzureCosmosDBTableResource¶
Representation of an AzureCosmosDBTableResource.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The unique resource identifier of the ARM resource. |
name |
The name of the ARM resource. |
type |
The type of Azure resource. |
location |
The location of the resource group to which the resource belongs. |
throughput |
Value of the Cosmos DB resource throughput or autoscaleSettings. |
maxthroughput |
Represents maximum throughput, the resource can scale up to. |
Relationships¶
Azure Database Account contains one or more table resource.
(AzureCosmosDBAccount)-[CONTAINS]->(AzureCosmosDBTableResource)
AzureCosmosDBSqlContainer¶
Representation of an AzureCosmosDBSqlContainer.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The unique resource identifier of the ARM resource. |
name |
The name of the ARM resource. |
type |
The type of Azure resource. |
location |
The location of the resource group to which the resource belongs. |
throughput |
Value of the Cosmos DB resource throughput or autoscaleSettings. |
maxthroughput |
Represents maximum throughput, the resource can scale up to. |
container |
Name of the Cosmos DB SQL container. |
defaultttl |
Default time to live. |
analyticalttl |
Specifies the Analytical TTL. |
isautomaticindexingpolicy |
Indicates if the indexing policy is automatic. |
indexingmode |
Indicates the indexing mode. |
conflictresolutionpolicymode |
Indicates the conflict resolution mode. |
Relationships¶
SQL Databases contain one or more SQL containers.
(AzureCosmosDBSqlDatabase)-[CONTAINS]->(AzureCosmosDBSqlContainer)
AzureCosmosDBCassandraTable¶
Representation of an AzureCosmosDBCassandraTable.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The unique resource identifier of the ARM resource. |
name |
The name of the ARM resource. |
type |
The type of Azure resource. |
location |
The location of the resource group to which the resource belongs. |
throughput |
Value of the Cosmos DB resource throughput or autoscaleSettings. |
maxthroughput |
Represents maximum throughput, the resource can scale up to. |
container |
Name of the Cosmos DB Cassandra table. |
defaultttl |
Time to live of the Cosmos DB Cassandra table. |
analyticalttl |
Specifies the Analytical TTL. |
Relationships¶
Cassandra Keyspace contains one or more Cassandra tables.
(AzureCosmosDBCassandraKeyspace)-[CONTAINS]->(AzureCosmosDBCassandraTable)
AzureCosmosDBMongoDBCollection¶
Representation of an AzureCosmosDBMongoDBCollection.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The unique resource identifier of the ARM resource. |
name |
The name of the ARM resource. |
type |
The type of Azure resource. |
location |
The location of the resource group to which the resource belongs. |
throughput |
Value of the Cosmos DB resource throughput or autoscaleSettings. |
maxthroughput |
Represents maximum throughput, the resource can scale up to. |
collectionname |
Name of the Cosmos DB MongoDB collection. |
analyticalttl |
Specifies the Analytical TTL. |
Relationships¶
MongoDB database contains one or more MongoDB collections.
(AzureCosmosDBMongoDBDatabase)-[CONTAINS]->(AzureCosmosDBMongoDBCollection)
AzureFunctionApp¶
Representation of an Azure Function App.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Function App. |
name |
The name of the Function App. |
kind |
The kind of the resource, used to identify it as a function app. |
location |
The Azure region where the Function App is deployed. |
state |
The operational state of the Function App (e.g., Running, Stopped). |
default_host_name |
The default hostname of the Function App. |
https_only |
A boolean indicating if the Function App is configured to only accept HTTPS traffic. |
Relationships¶
An Azure Function App is a resource within an Azure Subscription.
(AzureSubscription)-[RESOURCE]->(AzureFunctionApp)
AzureAppService¶
Representation of an Azure App Service.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the App Service. |
name |
The name of the App Service. |
kind |
The kind of the resource, used to identify it as an app service. |
location |
The Azure region where the App Service is deployed. |
state |
The operational state of the App Service (e.g., Running, Stopped). |
default_host_name |
The default hostname of the App Service. |
https_only |
A boolean indicating if the App Service is configured to only accept HTTPS traffic. |
Relationships¶
An Azure App Service is a resource within an Azure Subscription.
(AzureSubscription)-[RESOURCE]->(AzureAppService)
AzureEventGridTopic¶
Representation of an Azure Event Grid Topic.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Event Grid Topic. |
name |
The name of the Event Grid Topic. |
location |
The Azure region where the Topic is deployed. |
provisioning_state |
The deployment status of the Topic (e.g., Succeeded). |
public_network_access |
Indicates if the topic can be accessed from the public internet. |
Relationships¶
An Azure Event Grid Topic is a resource within an Azure Subscription.
(AzureSubscription)-[:RESOURCE]->(:AzureEventGridTopic)
AzureLogicApp¶
Representation of an Azure Logic App.
|id| The full resource ID of the Logic App. | |name| The name of the Logic App. | |location| The Azure region where the Logic App is deployed. | |state| The operational state of the Logic App (e.g., Enabled, Disabled). | |created_time| The timestamp of when the Logic App was created. | |changed_time| The timestamp of when the Logic App was last modified. | |version| The version of the Logic App’s definition. | |access_endpoint| The public URL that can be used to trigger the Logic App. |
Relationships¶
An Azure Logic App is a resource within an Azure Subscription.
(AzureSubscription)-[RESOURCE]->(AzureLogicApp)
AzureResourceGroup¶
Representation of an Azure Resource Group.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Resource Group. |
name |
The name of the Resource Group. |
location |
The Azure region where the Resource Group is deployed. |
provisioning_state |
The deployment status of the Resource Group (e.g., Succeeded). |
Relationships¶
An Azure Resource Group is a resource within an Azure Subscription.
(AzureSubscription)-[RESOURCE]->(:AzureResourceGroup)
AzureDataFactory¶
Representation of an Azure Data Factory.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Data Factory. |
name |
The name of the Data Factory. |
location |
The Azure region where the Data Factory is deployed. |
provisioning_state |
The deployment status of the Data Factory (e.g., Succeeded). |
create_time |
The timestamp of when the Data Factory was created. |
version |
The version of the Data Factory. |
Relationships¶
An Azure Data Factory is a resource within an Azure Subscription.
(AzureSubscription)-[:RESOURCE]->(:AzureDataFactory)An Azure Data Factory contains Pipelines, Datasets, and Linked Services.
(AzureDataFactory)-[:CONTAINS]->(:AzureDataFactoryPipeline) (AzureDataFactory)-[:CONTAINS]->(:AzureDataFactoryDataset) (AzureDataFactory)-[:CONTAINS]->(:AzureDataFactoryLinkedService)
AzureDataFactoryPipeline¶
Representation of a Pipeline within an Azure Data Factory.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Pipeline. |
name |
The name of the Pipeline. |
description |
The description of the Pipeline. |
Relationships¶
A Pipeline is a resource within an Azure Subscription.
(AzureSubscription)-[:RESOURCE]->(:AzureDataFactoryPipeline)A Pipeline uses one or more Datasets.
(AzureDataFactoryPipeline)-[:USES_DATASET]->(:AzureDataFactoryDataset)
AzureDataFactoryDataset¶
Representation of a Dataset within an Azure Data Factory.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Dataset. |
name |
The name of the Dataset. |
type |
The type of the Dataset (e.g., |
Relationships¶
A Dataset is a resource within an Azure Subscription.
(AzureSubscription)-[:RESOURCE]->(:AzureDataFactoryDataset)A Dataset uses a Linked Service for its connection.
(AzureDataFactoryDataset)-[:USES_LINKED_SERVICE]->(:AzureDataFactoryLinkedService)
AzureDataFactoryLinkedService¶
Representation of a Linked Service within an Azure Data Factory.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Linked Service. |
name |
The name of the Linked Service. |
type |
The type of the Linked Service (e.g., |
Relationships¶
A Linked Service is a resource within an Azure Subscription.
(AzureSubscription)-[:RESOURCE]->(:AzureDataFactoryLinkedService)
(External [:CONNECTS_TO] relationships will be added in a future PR.)
AzureKubernetesCluster¶
Representation of an Azure Kubernetes Service Cluster.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the AKS Cluster. |
name |
The name of the AKS Cluster. |
location |
The Azure region where the Cluster is deployed. |
provisioning_state |
The deployment status of the Cluster (e.g., Succeeded). |
kubernetes_version |
The version of Kubernetes the Cluster is running. |
fqdn |
The fully qualified domain name of the Cluster’s API server. |
Relationships¶
An Azure Kubernetes Cluster is a resource within an Azure Subscription.
(AzureSubscription)-[:RESOURCE]->(:AzureKubernetesCluster)
AzureKubernetesAgentPool¶
Representation of an Azure Kubernetes Service Agent Pool.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Agent Pool. |
name |
The name of the Agent Pool. |
provisioning_state |
The deployment status of the Agent Pool (e.g., Succeeded). |
vm_size |
The size of the virtual machines in the pool. |
os_type |
The operating system of the nodes (e.g., Linux). |
count |
The number of virtual machines in the pool. |
Relationships¶
An Azure Kubernetes Cluster has one or more Agent Pools.
(AzureKubernetesCluster)-[:HAS_AGENT_POOL]->(:AzureKubernetesAgentPool)
AzureContainerInstance¶
Representation of an Azure Container Instance.
|id| The full resource ID of the Container Instance. |
|name| The name of the Container Instance. |
|location| The Azure region where the Container Instance is deployed. |
|type| The type of the resource (e.g., Microsoft.ContainerInstance/containerGroups). |
|provisioning_state| The deployment status of the Container Instance (e.g., Succeeded). |
|ip_address| The public IP address of the Container Instance, if one is assigned. |
|os_type| The operating system type of the Container Instance (e.g., Linux or Windows). |
Relationships¶
An Azure Container Instance is a resource within an Azure Subscription.
(AzureSubscription)-[:RESOURCE]->(:AzureContainerInstance)
AzureLoadBalancer¶
Representation of an Azure Load Balancer.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Load Balancer. |
name |
The name of the Load Balancer. |
location |
The Azure region where the Load Balancer is deployed. |
sku_name |
The SKU of the Load Balancer (e.g., |
Relationships¶
An Azure Load Balancer is a resource within an Azure Subscription.
(AzureSubscription)-[:RESOURCE]->(:AzureLoadBalancer) (AzureSubscription)-[:RESOURCE]->(:AzureLoadBalancerFrontendIPConfiguration) (AzureSubscription)-[:RESOURCE]->(:AzureLoadBalancerBackendPool) (AzureSubscription)-[:RESOURCE]->(:AzureLoadBalancerRule) (AzureSubscription)-[:RESOURCE]->(:AzureLoadBalancerInboundNatRule)
An Azure Load Balancer contains its component parts.
(AzureLoadBalancer)-[:CONTAINS]->(:AzureLoadBalancerFrontendIPConfiguration) (AzureLoadBalancer)-[:CONTAINS]->(:AzureLoadBalancerBackendPool) (AzureLoadBalancer)-[:CONTAINS]->(:AzureLoadBalancerRule) (AzureLoadBalancer)-[:CONTAINS]->(:AzureLoadBalancerInboundNatRule)
AzureLoadBalancerFrontendIPConfiguration¶
Representation of a Frontend IP Configuration for an Azure Load Balancer.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Frontend IP Configuration. |
name |
The name of the Frontend IP Configuration. |
private_ip_address |
The private IP address of the configuration, if applicable. |
public_ip_address_id |
The resource ID of the associated Public IP Address object, if applicable. |
AzureLoadBalancerBackendPool¶
Representation of a Backend Pool for an Azure Load Balancer.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Backend Pool. |
name |
The name of the Backend Pool. |
AzureLoadBalancerRule¶
Representation of a Load Balancing Rule for an Azure Load Balancer.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Rule. |
name |
The name of the Rule. |
protocol |
The network protocol for the rule (e.g., |
frontend_port |
The port that receives traffic. |
backend_port |
The port that traffic is sent to. |
Relationships¶
A Rule uses a Frontend IP Configuration.
(AzureLoadBalancerRule)-[:USES_FRONTEND_IP]->(:AzureLoadBalancerFrontendIPConfiguration)A Rule routes traffic to a Backend Pool.
(AzureLoadBalancerRule)-[:ROUTES_TO]->(:AzureLoadBalancerBackendPool)
AzureLoadBalancerInboundNatRule¶
Representation of an Inbound NAT Rule for an Azure Load Balancer.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the NAT Rule. |
name |
The name of the NAT Rule. |
protocol |
The network protocol for the rule (e.g., |
frontend_port |
The public port that receives traffic. |
backend_port |
The private port on the target VM. |
Relationships¶
(External [:FORWARDS_TO] relationships to Network Interfaces will be added in a future PR.)
AzureTag¶
Representation of a key-value tag applied to an Azure resource. Tags with the same key and value share a single node in the graph, allowing for easy cross-resource querying.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
id |
Unique identifier for the tag, formatted as `{subscription_id} |
key |
The tag name (e.g., |
value |
The tag value (e.g., |
lastupdated |
The timestamp of the last time this tag was seen on any resource. |
Relationships¶
Azure Storage Accounts can be tagged with Azure Tags.
(:AzureStorageAccount)-[:TAGGED]->(:AzureTag)
AzureVirtualNetwork¶
Representation of an Azure Virtual Network.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Virtual Network. |
name |
The name of the Virtual Network. |
location |
The Azure region where the Virtual Network is deployed. |
provisioning_state |
The deployment status of the Virtual Network (e.g., Succeeded). |
Relationships¶
An Azure Virtual Network is a resource within an Azure Subscription.
(AzureSubscription)-[:RESOURCE]->(:AzureVirtualNetwork)An Azure Virtual Network contains one or more Subnets.
(AzureVirtualNetwork)-[:CONTAINS]->(:AzureSubnet)
AzureSubnet¶
Representation of a Subnet within an Azure Virtual Network.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Subnet. |
name |
The name of the Subnet. |
address_prefix |
The address prefix of the Subnet in CIDR notation. |
Relationships¶
A Subnet can be associated with a Network Security Group.
(AzureSubnet)-[:ASSOCIATED_WITH]->(:AzureNetworkSecurityGroup)
AzureNetworkSecurityGroup¶
Representation of an Azure Network Security Group (NSG).
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Network Security Group. |
name |
The name of the Network Security Group. |
location |
The Azure region where the NSG is deployed. |
Relationships¶
An Azure Network Security Group is a resource within an Azure Subscription.
(AzureSubscription)-[:RESOURCE]->(:AzureNetworkSecurityGroup)
AzureSecurityAssessment¶
Representation of an Azure Security Assessment.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Assessment. |
name |
The name of the Assessment. |
display_name |
The user-friendly display name of the Assessment. |
description |
The description of the security issue identified by the assessment. |
remediation_description |
The description of the steps required to remediate the issue. |
Relationships¶
An Azure Security Assessment is a resource within an Azure Subscription.
(AzureSubscription)-[HAS_ASSESSMENT]->(AzureSecurityAssessment)
AzureMonitorMetricAlert¶
Representation of an Azure Monitor Metric Alert.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the Metric Alert. |
name |
The name of the Metric Alert. |
location |
The Azure region where the Metric Alert is deployed. |
description |
The description of the Metric Alert. |
severity |
The severity of the alert, from 0 (critical) to 4 (verbose). |
enabled |
A boolean indicating if the alert rule is enabled. |
window_size |
The period of time (in ISO 8601 duration format) that is used to monitor alert activity. |
evaluation_frequency |
The frequency (in ISO 8601 duration format) with which the metric data is collected. |
last_updated_time |
The timestamp of when the alert rule was last modified. |
Relationships¶
An Azure Monitor Metric Alert is a resource within an Azure Subscription.
(AzureSubscription)-[:HAS_METRIC_ALERT]->(AzureMonitorMetricAlert)
AzureDataLakeFileSystem¶
Representation of an Azure Data Lake File System, which is a container within a Data Lake enabled Storage Account.
Field |
Description |
|---|---|
firstseen |
Timestamp of when a sync job discovered this node |
lastupdated |
Timestamp of the last time the node was updated |
id |
The full resource ID of the File System. |
name |
The name of the File System. |
public_access |
The public access level of the File System (e.g., None). |
last_modified_time |
The timestamp of when the File System was last modified. |
has_immutability_policy |
A boolean indicating if the data is protected from being changed or deleted. |
has_legal_hold |
A boolean indicating if the data is locked for legal reasons. |
Relationships¶
An Azure Storage Account contains one or more File Systems.
(AzureStorageAccount)-[:CONTAINS]->(:AzureDataLakeFileSystem)