Skip to content
cartography documentation logo
cartography documentation <no title>
Type to start searching
    cartography
    • cartography documentation
    cartography
    • What is Cartography?
    • Why Cartography?
    • Basic Use
    • Install and Run Cartography On Test Machine
    • Usage Tutorial
    • Cartography Schema
    • How to use Drift-Detection
    • Sample queries
    • Cartography Production Operations
    • Intel Modules
    • Amazon Web Services (AWS)
    • Microsoft Azure
    • Lastpass
    • Crowdstrike
    • CVE
    • DigitalOcean
    • Duo
    • Google Cloud Compute (GCP)
    • Github
    • Google GSuite
    • Jamf
    • Kandji
    • Kubernetes
    • Lastpass
    • Okta
    • PagerDuty
    • Semgrep
    • SnipeIT
    • Development Docs
    • Cartography Developer Guide
    • How to extend Cartography with Analysis Jobs
    • How to write a new intel module
    • Get In Touch
    • Contact
    • Community Meeting
    • Show Source
    • Usage Tutorial
      • What RDS instances are installed in my AWS accounts?
        • ℹ️ Protip - customizing your view
      • Which RDS instances have encryption turned off?
      • Which EC2 instances are directly exposed to the internet?
      • Which S3 buckets have a policy granting any level of anonymous access to the bucket?
      • How many unencrypted RDS instances do I have in all my AWS accounts?
      • Given a node label, what other node labels can be connected to it?
      • Given a node label, what are the possible property names defined on it?
      • Learning more
      • Data Enrichment
      • Extending Cartography with Analysis Jobs
      • Mapping AWS Access Permissions
      • Permalinking Bookmarklet
    • Cartography Schema
      • ℹ️ Quick notes on notation
      • Cartography metadata schema
        • SyncMetadata:ModuleSyncMetadata
      • AWS Schema
        • AWSAccount
          • Relationships
        • AWSCidrBlock
          • AWSIpv4CidrBlock
          • AWSIpv6CidrBlock
          • Relationships
        • AWSGroup
          • Relationships
        • AWSInspectorFinding
          • Relationships
        • AWSInspectorPackage
          • Relationships
        • AWSLambda
          • Relationships
        • AWSLambdaFunctionAlias
          • Relationships
        • AWSLambdaEventSourceMapping
          • Relationships
        • AWSLambdaLayer
          • Relationships
        • AWSPolicy
          • Relationships
        • AWSPolicyStatement
          • Relationships
        • AWSPrincipal
          • Relationships
        • AWSPrincipal::AWSUser
          • Relationships
        • AWSPrincipal::AWSRole
          • Relationships
        • AWSTransitGateway
          • Relationships
        • AWSTransitGatewayAttachment
          • Relationships
        • AWSVpc
          • Relationships
        • Tag::AWSTag
          • Relationships
        • AccountAccessKey
          • Relationships
        • DBSubnetGroup
          • Relationships
        • DNSRecord
          • Relationships
        • DNSRecord::AWSDNSRecord
          • Relationships
        • DNSZone
          • Relationships
        • DNSZone::AWSDNSZone
          • Relationships
        • DynamoDBTable
          • Relationships
        • EC2Instance
          • Relationships
        • EC2KeyPair
          • Relationships
        • EC2PrivateIp
          • Relationships
        • EC2Reservation
          • Relationships
        • EC2SecurityGroup
          • Relationships
        • EC2Subnet
          • Relationships
        • AWSInternetGateway
          • Relationships
        • ECRRepository
          • Relationships
        • EC2NetworkAcl
          • Relationships
        • EC2NetworkAclRule :: IpPermissionInbound / IpPermissionEgress
          • Relationships
        • ECRRepositoryImage
          • Relationships
        • ECRImage
          • Relationships
        • Package
          • Relationships
        • ECRScanFinding (:Risk:CVE)
          • Relationships
        • EKSCluster
          • Relationships
        • EMRCluster
          • Relationships
        • ESDomain
          • Relationships
        • Endpoint
          • Relationships
        • Endpoint::ELBListener
          • Relationships
        • Endpoint::ELBV2Listener
          • Relationships
        • Ip
          • Relationships
        • IpRule
          • Relationships
        • IpRule::IpPermissionInbound
          • Relationships
        • LoadBalancer
          • Relationships
        • LoadBalancerV2
          • Relationships
        • Nameserver
          • Relationships
        • NetworkInterface
          • Relationships
        • AWSPeeringConnection
          • Relationships
        • RedshiftCluster
          • Relationships
        • RDSCluster
          • Relationships
        • RDSInstance
          • Relationships
        • RDSSnapshot
          • Relationships
        • S3Acl
          • Relationships
        • S3Bucket
          • Relationships
        • S3PolicyStatement
          • Relationships
        • KMSKey
          • Relationships
        • KMSAlias
          • Relationships
        • KMSGrant
          • Relationships
        • APIGatewayRestAPI
          • Relationships
        • APIGatewayStage
          • Relationships
        • APIGatewayClientCertificate
          • Relationships
        • APIGatewayResource
          • Relationships
        • AutoScalingGroup
          • Relationships
        • EC2Image
          • Relationships
        • EC2ReservedInstance
          • Relationships
        • SecretsManagerSecret
          • Relationships
        • EBSVolume
          • Relationships
        • EBSSnapshot
          • Relationships
        • SQSQueue
          • Relationships
        • SecurityHub
          • Relationships
        • AWSConfigurationRecorder
          • Relationships
        • AWSConfigDeliveryChannel
          • Relationships
        • AWSConfigRule
          • Relationships
        • LaunchConfiguration
          • Relationships
        • LaunchTemplate
          • Relationships
        • LaunchTemplateVersion
          • Relationships
        • ElasticIPAddress
          • Relationships
        • ECSCluster
          • Relationships
        • ECSContainerInstance
          • Relationships
        • ECSService
          • Relationships
        • ECSTaskDefinition
          • Relationships
        • ECSContainerDefinition
          • Relationships
        • ECSTask
          • Relationships
        • ECSContainer
          • Relationships
        • SSMInstanceInformation
          • Relationships
        • SSMInstancePatch
          • Relationships
        • AWSIdentityCenter
          • Relationships
        • AWSSSOUser
          • Relationships
        • AWSPermissionSet
          • Relationships
      • Azure Schema
        • AzureTenant
          • Relationships
        • AzurePrincipal
          • Relationships
        • AzureSubscription
          • Relationships
        • VirtualMachine
          • Relationships
        • AzureDataDisk
          • Relationships
        • AzureDisk
          • Relationships
        • AzureSnapshot
          • Relationships
        • AzureSQLServer
          • Relationships
        • AzureServerDNSAlias
          • Relationships
        • AzureServerADAdministrator
          • Relationships
        • AzureRecoverableDatabase
          • Relationships
        • AzureRestorableDroppedDatabase
          • Relationships
        • AzureFailoverGroup
          • Relationships
        • AzureElasticPool
          • Relationships
        • AzureSQLDatabase
          • Relationships
        • AzureReplicationLink
          • Relationships
        • AzureDatabaseThreatDetectionPolicy
          • Relationships
        • AzureRestorePoint
          • Relationships
        • AzureTransparentDataEncryption
          • Relationships
        • AzureStorageAccount
          • Relationships
        • AzureStorageQueueService
          • Relationships
        • AzureStorageTableService
          • Relationships
        • AzureStorageFileService
          • Relationships
        • AzureStorageBlobService
          • Relationships
        • AzureStorageQueue
          • Relationships
        • AzureStorageTable
          • Relationships
        • AzureStorageFileShare
          • Relationships
        • AzureStorageBlobContainer
          • Relationships
        • AzureCosmosDBAccount
          • Relationships
        • AzureCosmosDBLocation
          • Relationships
        • AzureCosmosDBCorsPolicy
          • Relationships
        • AzureCosmosDBAccountFailoverPolicy
          • Relationships
        • AzureCDBPrivateEndpointConnection
          • Relationships
        • AzureCosmosDBVirtualNetworkRule
          • Relationships
        • AzureCosmosDBSqlDatabase
          • Relationships
        • AzureCosmosDBCassandraKeyspace
          • Relationships
        • AzureCosmosDBMongoDBDatabase
          • Relationships
        • AzureCosmosDBTableResource
          • Relationships
        • AzureCosmosDBSqlContainer
          • Relationships
        • AzureCosmosDBCassandraTable
          • Relationships
        • AzureCosmosDBMongoDBCollection
          • Relationships
      • DigitalOcean Schema
        • DOAccount
          • Relationships
        • DOProject
          • Relationships
        • DODroplet
          • Relationships
      • GCP Schema
        • GCPOrganization
          • Relationships
        • GCPFolder
          • Relationships
        • GCPProject
        • Relationships
        • GCPBucket
          • Relationships
        • GCPDNSZone
          • Relationships
        • Label: GCPBucketLabel
        • GCPInstance
          • Relationships
        • GCPNetworkTag
          • Relationships
        • GCPVpc
          • Relationships
        • GCPNetworkInterface
          • Relationships
        • GCPNicAccessConfig
          • Relationships
        • GCPRecordSet
          • Relationships
        • GCPSubnet
          • Relationships
        • GCPFirewall
          • Relationships
        • GCPForwardingRule
          • Relationships
        • GKECluster
          • Relationships
        • IpRule::IpPermissionInbound::GCPIpRule
          • Relationships
        • IpRange
          • Relationships
      • Github Schema
        • GitHubRepository
          • Relationships
        • GitHubOrganization
          • Relationships
        • GitHubTeam
          • Relationships
        • GitHubUser
          • Relationships
        • GitHubBranch
          • Relationships
        • ProgrammingLanguage
          • Relationships
        • Dependency::PythonLibrary
          • Relationships
      • GSuite Schema
        • GSuiteUser
          • Relationships
        • GSuiteGroup
      • Jamf Schema
        • JamfComputerGroup
          • Relationships
      • Kubernetes Schema
        • KubernetesCluster
          • Relationships
        • KubernetesNamespace
          • Relationships
        • KubernetesPod
          • Relationships
        • KubernetesContainer
          • Relationships
        • KubernetesService
          • Relationships
        • KubernetesSecret
          • Relationships
      • Okta Schema
        • OktaOrganization
          • Relationships
        • OktaUser
          • Relationships
        • OktaGroup
          • Relationships
        • OktaApplication
          • Relationships
        • OktaUserFactor
          • Relationships
        • OktaTrustedOrigin
          • Relationships
        • OktaAdministrationRole
          • Relationships
        • Reply Uri
          • Relationships
      • Pagerduty Schema
        • PagerDutyEscalationPolicy
          • Relationships
        • PagerDutySchedule
          • Relationships
        • PagerDutyScheduleLayer
          • Relationships
        • PagerDutyService
          • Relationships
        • PagerDutyIntegration
          • Relationships
        • PagerDutyTeam
          • Relationships
        • PagerDutyUser
          • Relationships
    • How to use Drift-Detection
      • A Quick Example: Tracking internet-exposed EC2 instances
        • Setup
        • Running drift-detection
        • Using shortcuts instead of filenames to diff files
    • Sample queries
      • Which AWS IAM roles have admin permissions in my accounts?
      • Which AWS IAM roles in my environment have the ability to delete policies?
      • Which AWS IAM roles in my environment have an action that contains the word “create”?
      • What RDS instances are installed in my AWS accounts?
      • Which RDS instances have encryption turned off?
      • Which EC2 instances are exposed (directly or indirectly) to the internet?
      • Which ELB LoadBalancers are internet accessible?
      • Which ELBv2 LoadBalancerV2s (Application Load Balancers) are internet accessible?
      • Which S3 buckets have a policy granting any level of anonymous access to the bucket?
      • How many unencrypted RDS instances do I have in all my AWS accounts?
      • What languages are used in a given GitHub repository?
      • What are the dependencies used in a given GitHub repository?
      • Given a dependency, which GitHub repos depend on it?
      • What are all the dependencies used across all GitHub repos?
    Previous Install and Run Cartography On Test Machine
    Next Usage Tutorial
    © Copyright 2021-2024, Lyft.
    Created using Sphinx 5.0.0. and Material for Sphinx