cartography
cartography copied to clipboard
Cross-platform attack path - Cartography unable to find permissions_relationships.yaml file
Title: Cross-platform attack path - Cartography unable to find permissions_relationships.yaml file
Description: I'm trying to integrate my AWS account and my OKTA Account, I can see both separately in my graph, but I can not see any job that does cross-platform attack path
To Reproduce:
I performed Cartography
cartography --neo4j-uri bolt://localhost:7687 --neo4j-password-prompt --neo4j-user neo4j --okta-api-key-env-var Okta --okta-org-id trial-********
Logs:
WARNING:cartography.intel.aws.permission_relationships:Permission relationships mapping file /home/****/*******/AWS//cartography/data/permission_relationships.yaml not found, skipping sync stage cartography.intel.aws.permission_relationships. If you want to run this sync, please explicitly set a value for --permission-relationships-file in the command line interface.
Screenshots:
OKTA human
AWSRoles
OKTAApplication
I performed this query
MATCH (h:Human)-[c:CAN_ASSUME_ROLE]->(r:AWSPrincipal) return * limit 30;
But I didn't receive any results
Hi @achantavy More PrintScreen about configurations:
AWS Identity Provider
OKTA Provisioning APP
Hi @filipi86 - What's the value of your Okta AWS SAML regex?
Cartography sets it by default here: https://github.com/lyft/cartography/blob/85ae844ae25e2d113e2add2903cfb4931ae9ab61/cartography/cli.py#L245-L252 but you can override it if your organization does something different.
Also as reference see https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Amazon-Web-Service.html; I think Okta's default regex is ^aws\#\S+\#(?{{role}}[\w\-]+)\#(?{{accountid}}\d+)$
.
Hi @achantavy. I followed the docs and I put it.
![image](https://user-images.githubusercontent.com/31785433/186646530-b9f172ae-0fc8-4f40-a784-235cf95cb39c.png)
OKTA App
OKTA AWS Maybe something is wrong here..What do you thing?
Hi @achantavy, I'm trying to solve it!. I created a new relationship file, probably the syntax is wrong.
![image](https://user-images.githubusercontent.com/31785433/186714093-22e05ac6-7563-40ef-bb91-36991b42a53d.png)
but, now I have information about CAN_ASSUME_ROLE
, CAN_READ
and CAN_WRITE
as you can see below
![image](https://user-images.githubusercontent.com/31785433/186714195-1f272025-8519-462d-92a6-035b905a94a6.png)
But, doesn't work yet!.. :(
![image](https://user-images.githubusercontent.com/31785433/186734983-860b621e-04d3-4668-97a9-b9ea01713bc5.png)
HI @achantavy, Any updates, or help?
Hi @ramonpetgrave64, Can you help with that!?
Are you sure that you've been able to sync all of the Nodes mentioned in this query? https://github.com/lyft/cartography/blob/2ca876b9c587b37b9797d373a384faf79278bf91/cartography/intel/okta/awssaml.py#L99
Are you sure that you've been able to sync all of the Nodes mentioned in this query?
https://github.com/lyft/cartography/blob/2ca876b9c587b37b9797d373a384faf79278bf91/cartography/intel/okta/awssaml.py#L99
Hi @ramonpetgrave64 Yes, I shared the printScreen with the integration :)
AWS Identity Provider
OKTA Provisioning APP
Any suggestion?
And you're sure you have OktaGroup nodes?
And you're sure you have OktaGroup nodes? This is the OktaGroup that I have
OktaApplication
Hi @ramonpetgrave64, Any updates, any ideas?
When you double click the OktaGroup nodes, are there any members attached? It could help if did a local installation of cartography and then inserted your own debug statements into the code. https://lyft.github.io/cartography/dev/developer-guide.html?highlight=pip%20install%20cartography