cartography icon indicating copy to clipboard operation
cartography copied to clipboard
verified publisher icon lyft

Ontology - Phase 1 - Users & Devices

Open jychp opened this issue 6 months ago • 0 comments

This PR introduces the first iteration of the ontology (see https://github.com/cartography-cncf/cartography/discussions/1579)!

It includes the following changes:

  • Adds a semantic UserAccount label to all nodes representing user accounts (as an extra label).

  • Introduces an abstract User node (replacing Human):

    • User nodes are automatically linked to any UserAccount node that has an email field.
    • Custom relationships can be added in specific cases.
    • Any new module defining a node with the UserAccount label and the appropriate field will automatically integrate with the ontology.

  • Introduces an abstract Device node to model user-owned devices

Structure:

  • The ontology is defined in a dedicated model: cartography.models.ontology.
  • Node creation and relationship mapping are handled in a dedicated ingestion module: cartography.intel.ontology.

Simplified algorithm:

  • For each module defined as a source of truth, existing nodes are fetched.
  • Abstract nodes are generated according to a defined mapping.
  • Abstract nodes are ingested into the graph.
  • It's possible to define module-specific Cypher queries; in this PR, some modules include a Cypher statement to create the (User)-[OWNS]->(Device) relationship based on their data.

Examples

Here is an example with Duo/Tailscale/SnipeIt before and after this PR: Screenshot From 2025-06-17 22-55-40 Screenshot From 2025-06-17 22-55-18

You can also have only the Ontology by simply queryin MATCH (o:Ontology) RETURN o Screenshot From 2025-06-18 15-05-31

How to test

You can simply test this PR using the env demo

uv run python3 -m demo

jychp avatar Jun 15 '25 12:06 jychp