Although the maintainers are planning to migrate to migrate to a newer Neo4j version by then, I’m not holding my breath. Fortunately, support for Neo4j 3.5 was extended to 27th May 2022. Although a pull request for migration to Neo4j 4.4 was contributed on 30th January 2021, the Lyft team completely missed this deadline. The biggest of these is that Cartography still requires the outdated Neo4j 3.5, which was planned to reach its end-of-life on 28th November 2021. Good to Knowīefore we dive into setting up Cartography and its dependencies, I want to point out some issues I ran into, in order to minimise frustration. Sacha Faust’s “ Automating Security Visibility and Democratization” 30-minute talk at BSidesSF 2019 serves as a great intro to Cartography, and also illustrates several of the early data relationships it collected. This is extremely useful to understand the relationship between different infrastructural and security assets, which can sometimes reveal security flaws that need to be addressed.Ĭartography is written in Python and maintained by Lyft. Once in Neo4j, the data can be queried using the Cypher language and the results can be visualised. What is Cartography?Ĭartography is a tool that can explore cloud and Software as a Service (SaaS) providers (such as AWS, Azure, GCP, GitHub, Okta and others), gather metadata about them, and store it in a Neo4j graph database. Through this article, I hope to make it less painful for other people checking out Cartography for the first time. However, getting it to work the first time is more painful than it needs to be. This tool is great for taking stock of your infrastructural and security assets, visualising them, and running security audits. I have recently been working with Cartography.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |