:name: cybersecurity :long-name: Graphs for Cybersecurity :description: Cybersecurity, Active Directory environment auditing and analysis of possible attack paths using graph :icon: documentation/img/cybersecurity-icon.svg :tags: Cybersecurity, ITSecurity, ActiveDirectory, Auditing, Attack Paths Analysis, AD Management :author: Neo4j :demodb: false :data: true :use-load-script: false :use-dump-file: data/cyber-security-ad-44.dump :zip-file: false :use-plugin: apoc, graph-data-science :target-db-version: 4.4 :bloom-perspective: bloom/Windows_Domains.json,bloom/Attack_Path_Analysis.json :guide: documentation/cybersecurity.adoc :model: documentation/img/model.svg :example: documentation/img/example.svg :data-load-image1: documentation/img/1-load-file.png :data-load-image2: documentation/img/2-import-dump-or-create-new-dbms.png :data-load-image3: documentation/img/3-create-new-graph-dbms.png :attack-image: bloom.gif :rendered-guide: https://guides.neo4j.com/sandbox/{name} :cypher: cypher :slides: documentation/Cybersecurity_Connections-2021.pdf :nodes: 953 :relationships: 4858 image::{icon}[width=100] == {long-name} Description: _{description}_ Nodes {nodes} Relationships {relationships} .Model image::{model}[width=750] .Example image::{example}[width=750] .Bloom image::{attack-image}[width=750] .Example Query: [source,cypher,role=query-example,param-name=name,param-value="HilaryOlivia226@TestCompany.Local",result-column=computer,expected-result="xxx"] ---- MATCH (u:User {name: $name})-[:CAN_RDP]->(r) RETURN r.name as computer ---- === Setup This is for Neo4j version: {target-db-version} ifeval::[{use-plugin} != false] Required plugins: {use-plugin} endif::[] ifeval::[{demodb} != false] The database is also available on https://demo.neo4jlabs.com:7473 Username "{name}", password: "{name}", database: "{name}" endif::[] Rendered guide available via: `:play {rendered-guide}` Unrendered guide: link:{guide}[] In this demo, the https://bloodhound.readthedocs.io/en/latest/[BloodHound Tools project^] was used to populate a fictitious Active Directory graph in Neo4j. However, for simplicity, we have made a few small changes and created ready-made dump file and json data files for example demonstration purpose. You can load data with any of these methods. ifeval::[{data} != false] ==== Data files Import flat files (csv, json, etc) using Cypher's https://neo4j.com/docs/cypher-manual/current/clauses/load-csv/[`LOAD CSV`], https://neo4j.com/labs/apoc/4.1/import/load-json/[LOAD JSON], https://neo4j.com/labs/apoc/[APOC library], or https://neo4j.com/developer/data-import/[other methods]. endif::[] ifeval::[{use-dump-file} != false] ==== Dump file: `link:{use-dump-file}[]` * You can create a new Project in https://neo4j.com/product/developer-tools/#desktop[Neo4j Desktop] from our example repositories, or * Drop the file into the `Files` section of a project in Neo4j Desktop. Then choose the option to `Create new DBMS from dump` option from the file options, or * Use the neo4j-admin tool to load data from the command line with the command below. [source,shell,subs=attributes] ---- bin/neo4j-admin load --from {use-dump-file} [--database "database"] ---- * Upload the dump file to Neo4j Aura via https://console.neo4j.io/#import-instructions endif::[] ifeval::[{use-load-script} != false] ==== Data load script: `{use-load-script}` [source,shell,subs=attributes] ---- bin/cypher-shell -u neo4j -p "password" -f {use-load-script} [-d "database"] ---- Or import in Neo4j Browser by dragging or pasting the content of {use-load-script}. endif::[] ifeval::[{zip-file} != false] ==== Zip file Download the zip file link:{repo}/raw/master/{name}.zip[{name}.zip] and add it as "project from file" to https://neo4j.com/developer/neo4j-desktop[Neo4j Desktop^]. endif::[] === Feedback Feel free to submit issues or pull requests for improvement on this repository.