• Usage Tutorial
  • Permalinking Bookmarklet
  • ℹ️ Already know how to query Neo4j? You can skip to our reference material!
  • What RDS instances are installed in my AWS accounts?
    • ℹ️ Protip - customizing your view
  • Which RDS instances have encryption turned off?
  • Which EC2 instances are directly exposed to the internet?
  • Which S3 buckets have a policy granting any level of anonymous access to the bucket?
  • How many unencrypted RDS instances do I have in all my AWS accounts?
  • Learning more
  • Data Enrichment
  • Extending Cartography with Analysis Jobs
  • Mapping AWS Access Permissions
• Cartography Schema
  • ℹ️ Quick notes on notation
  • AWS Schema
    • AWSAccount
      • Relationships
    • AWSCidrBlock
      • AWSIpv4CidrBlock
      • AWSIpv6CidrBlock
      • Relationships
    • AWSGroup
      • Relationships
    • AWSLambda
      • Relationships
    • AWSLambdaFunctionAlias
      • Relationships
    • AWSLambdaEventSourceMapping
      • Relationships
    • AWSLambdaLayer
      • Relationships
    • AWSPolicy
      • Relationships
    • AWSPolicyStatement
      • Relationships
    • AWSPrincipal
      • Relationships
    • AWSPrincipal::AWSUser
      • Relationships
    • AWSPrincipal::AWSRole
      • Relationships
    • AWSTransitGateway
      • Relationships
    • AWSTransitGatewayAttachment
      • Relationships
    • AWSVpc
      • Relationships
    • Tag::AWSTag
      • Relationships
    • AccountAccessKey
      • Relationships
    • DBSubnetGroup
      • Relationships
    • DNSRecord
      • Relationships
    • DNSRecord::AWSDNSRecord
      • Relationships
    • DNSZone
      • Relationships
    • DNSZone::AWSDNSZone
      • Relationships
    • DynamoDBTable
      • Relationships
    • EC2Instance
      • Relationships
    • EC2KeyPair
      • Relationships
    • EC2PrivateIp
      • Relationships
    • EC2Reservation
      • Relationships
    • EC2SecurityGroup
      • Relationships
    • EC2Subnet
      • Relationships
    • AWSInternetGateway
      • Relationships
    • ECRRepository
      • Relationships
    • ECRRepositoryImage
      • Relationships
    • ECRImage
      • Relationships
    • Package
      • Relationships
    • ECRScanFinding (:Risk:CVE)
      • Relationships
    • EKSCluster
      • Relationships
    • EMRCluster
      • Relationships
    • ESDomain
      • Relationships
    • Endpoint
      • Relationships
    • Endpoint::ELBListener
      • Relationships
    • Endpoint::ELBV2Listener
      • Relationships
    • Ip
      • Relationships
    • IpRule
      • Relationships
    • IpRule::IpPermissionInbound
      • Relationships
    • LoadBalancer
      • Relationships
    • LoadBalancerV2
      • Relationships
    • Nameserver
      • Relationships
    • NetworkInterface
      • Relationships
    • AWSPeeringConnection
      • Relationships
    • RedshiftCluster
      • Relationships
    • RDSCluster
      • Relationships
    • RDSInstance
      • Relationships
    • S3Acl
      • Relationships
    • S3Bucket
      • Relationships
    • KMSKey
      • Relationships
    • KMSAlias
      • Relationships
    • KMSGrant
      • Relationships
    • APIGatewayRestAPI
      • Relationships
    • APIGatewayStage
      • Relationships
    • APIGatewayClientCertificate
      • Relationships
    • APIGatewayResource
      • Relationships
    • AutoScalingGroup
      • Relationships
    • EC2Image
      • Relationships
    • EC2ReservedInstance
      • Relationships
    • SecretsManagerSecret
      • Relationships
    • EBSVolume
      • Relationships
    • EBSSnapshot
      • Relationships
    • SQSQueue
      • Relationships
    • SecurityHub
      • Relationships
    • AWSConfigurationRecorder
      • Relationships
    • AWSConfigDeliveryChannel
      • Relationships
    • AWSConfigRule
      • Relationships
    • LaunchConfiguration
      • Relationships
    • LaunchTemplate
      • Relationships
    • LaunchTemplateVersion
      • Relationships
    • ElasticIPAddress
      • Relationships
    • ECSCluster
      • Relationships
    • ECSContainerInstance
      • Relationships
    • ECSService
      • Relationships
    • ECSTaskDefinition
      • Relationships
    • ECSContainerDefinition
      • Relationships
    • ECSTask
      • Relationships
    • ECSContainer
      • Relationships
    • SSMInstanceInformation
      • Relationships
    • SSMInstancePatch
      • Relationships
  • Azure Schema
    • AzureTenant
      • Relationships
    • AzurePrincipal
      • Relationships
    • AzureSubscription
      • Relationships
    • VirtualMachine
      • Relationships
    • AzureDataDisk
      • Relationships
    • AzureDisk
      • Relationships
    • AzureSnapshot
      • Relationships
    • AzureSQLServer
      • Relationships
    • AzureServerDNSAlias
      • Relationships
    • AzureServerADAdministrator
      • Relationships
    • AzureRecoverableDatabase
      • Relationships
    • AzureRestorableDroppedDatabase
      • Relationships
    • AzureFailoverGroup
      • Relationships
    • AzureElasticPool
      • Relationships
    • AzureSQLDatabase
      • Relationships
    • AzureReplicationLink
      • Relationships
    • AzureDatabaseThreatDetectionPolicy
      • Relationships
    • AzureRestorePoint
      • Relationships
    • AzureTransparentDataEncryption
      • Relationships
    • AzureStorageAccount
      • Relationships
    • AzureStorageQueueService
      • Relationships
    • AzureStorageTableService
      • Relationships
    • AzureStorageFileService
      • Relationships
    • AzureStorageBlobService
      • Relationships
    • AzureStorageQueue
      • Relationships
    • AzureStorageTable
      • Relationships
    • AzureStorageFileShare
      • Relationships
    • AzureStorageBlobContainer
      • Relationships
    • AzureCosmosDBAccount
      • Relationships
    • AzureCosmosDBLocation
      • Relationships
    • AzureCosmosDBCorsPolicy
      • Relationships
    • AzureCosmosDBAccountFailoverPolicy
      • Relationships
    • AzureCDBPrivateEndpointConnection
      • Relationships
    • AzureCosmosDBVirtualNetworkRule
      • Relationships
    • AzureCosmosDBSqlDatabase
      • Relationships
    • AzureCosmosDBCassandraKeyspace
      • Relationships
    • AzureCosmosDBMongoDBDatabase
      • Relationships
    • AzureCosmosDBTableResource
      • Relationships
    • AzureCosmosDBSqlContainer
      • Relationships
    • AzureCosmosDBCassandraTable
      • Relationships
    • AzureCosmosDBMongoDBCollection
      • Relationships
  • Crxcavtor Schema
    • GSuiteUser
      • Relationships
    • ChromeExtension
      • Relationships
  • DigitalOcean Schema
    • DOAccount
      • Relationships
    • DOProject
      • Relationships
    • DODroplet
      • Relationships
  • GCP Schema
    • GCPOrganization
      • Relationships
    • GCPFolder
      • Relationships
    • GCPProject
    • Relationships
    • GCPBucket
      • Relationships
    • GCPDNSZone
      • Relationships
    • Label: GCPBucketLabel
    • GCPInstance
      • Relationships
    • GCPNetworkTag
      • Relationships
    • GCPVpc
      • Relationships
    • GCPNetworkInterface
      • Relationships
    • GCPNicAccessConfig
      • Relationships
    • GCPRecordSet
      • Relationships
    • GCPSubnet
      • Relationships
    • GCPFirewall
      • Relationships
    • GCPForwardingRule
      • Relationships
    • GKECluster
      • Relationships
    • IpRule::IpPermissionInbound::GCPIpRule
      • Relationships
    • IpRange
      • Relationships
  • Github Schema
    • GitHubRepository
      • Relationships
    • GitHubOrganization
      • Relationships
    • GitHubUser
      • Relationships
    • GitHubBranch
      • Relationships
    • ProgrammingLanguage
      • Relationships
    • Dependency::PythonLibrary
      • Relationships
  • GSuite Schema
    • GSuiteUser
      • Relationships
    • GSuiteGroup
  • Jamf Schema
    • JamfComputerGroup
      • Relationships
  • Kubernetes Schema
    • KubernetesCluster
      • Relationships
    • KubernetesNamespace
      • Relationships
    • KubernetesPod
      • Relationships
    • KubernetesContainer
      • Relationships
    • KubernetesService
      • Relationships
  • Okta Schema
    • OktaOrganization
      • Relationships
    • OktaUser
      • Relationships
    • OktaGroup
      • Relationships
    • OktaApplication
      • Relationships
    • OktaUserFactor
      • Relationships
    • OktaTrustedOrigin
      • Relationships
    • OktaAdministrationRole
      • Relationships
    • Reply Uri
      • Relationships
  • Pagerduty Schema
    • PagerDutyEscalationPolicy
      • Relationships
    • PagerDutySchedule
      • Relationships
    • PagerDutyScheduleLayer
      • Relationships
    • PagerDutyService
      • Relationships
    • PagerDutyIntegration
      • Relationships
    • PagerDutyTeam
      • Relationships
    • PagerDutyUser
      • Relationships
• How to use Drift-Detection
  • A Quick Example: Tracking internet-exposed EC2 instances
    • Setup
    • Running drift-detection
    • Using shortcuts instead of filenames to diff files
• Sample queries
  • What RDS instances are installed in my AWS accounts?
  • Which RDS instances have encryption turned off?
  • Which EC2 instances are exposed (directly or indirectly) to the internet?
  • Which ELB LoadBalancers are internet accessible?
  • Which ELBv2 LoadBalancerV2s (Application Load Balancers) are internet accessible?
  • Which S3 buckets have a policy granting any level of anonymous access to the bucket?
  • How many unencrypted RDS instances do I have in all my AWS accounts?
  • What users have the TotallyFake Chrome extension installed?
  • What users have installed extensions that are risky based on CRXcavator scoring?
  • What languages are used in a given GitHub repository?
  • What are the dependencies used in a given GitHub repository?
  • Given a dependency, which GitHub repos depend on it?
  • What are all the dependencies used across all GitHub repos?