Graphs for Cybersecurity

Description: Cybersecurity, Active Directory environment auditing and analysis of possible attack paths using graph

Nodes 953 Relationships 4858

Figure 1. Model

Figure 2. Example

Figure 3. Bloom

Example Query:

MATCH (u:User {name: $name})-[:CAN_RDP]->(r) RETURN r.name as computer

Setup

This is for Neo4j version: 4.4

Required plugins: apoc, graph-data-science

Rendered guide available via: :play https://guides.neo4j.com/sandbox/cybersecurity

Unrendered guide: documentation/cybersecurity.adoc

In this demo, the BloodHound Tools project was used to populate a fictitious Active Directory graph in Neo4j.

However, for simplicity, we have made a few small changes and created ready-made dump file and json data files for example demonstration purpose. You can load data with any of these methods.

Data files

Import flat files (csv, json, etc) using Cypher’s LOAD CSV, LOAD JSON, APOC library, or other methods.

Dump file: data/cyber-security-ad-44.dump

• You can create a new Project in Neo4j Desktop from our example repositories, or

• Drop the file into the Files section of a project in Neo4j Desktop. Then choose the option to Create new DBMS from dump option from the file options, or

• Use the neo4j-admin tool to load data from the command line with the command below.

bin/neo4j-admin load --from data/cyber-security-ad-44.dump [--database "database"]

• Upload the dump file to Neo4j Aura via https://console.neo4j.io/#import-instructions

Feedback

Feel free to submit issues or pull requests for improvement on this repository.