Time to set up the server that will run Cartography. Cartography should work on both Linux and Windows servers, but bear in mind we’ve only tested it in Linux so far. Cartography supports Python 3.8. Older versions of Python may work but are not explicitly supported.
Run the Neo4j graph database version 4.x on your server.
⚠️ Neo4j 5.x will probably work but Cartography does not explicitly support it yet.
If you prefer Docker, follow the Neo4j Docker official docs to run a version 4.x container.
If you are using an ARM-based machine like an M1 Mac, you should use an ARM image otherwise performance will be very slow - Neo4j keeps ARM builds here.
If you’re just playing around, you can specify the
--env=NEO4J_AUTH=noneargument to your
dockercommand to run a Neo4j container without authentication.
Else if you prefer a manual install,
Neo4j requires a JVM (JDK/JRE 11 or higher) to be installed. One option is to install Amazon Coretto 11.
⚠️ Make sure you have `JAVA_HOME` environment variable set. The following works for Mac OS: `export JAVA_HOME=$(/usr/libexec/java_home)`
Go to the Neo4j download page, and download Neo4j Community Edition 4.4.*. If you prefer Docker, you can view Neo4j’s instructions [here].
Install Neo4j on the server you will run Cartography on.
⚠️ For local testing, you might want to turn off authentication via property `dbms.security.auth_enabled` in file /NEO4J_PATH/conf/neo4j.conf
Configure your data sources. See the configuration section of each relevant intel module for more details.
Get and run Cartography
pip install cartographyto install our code.
Finally, to sync your data:
For one account using the
defaultprofile defined in your AWS config file, run
cartography --neo4j-uri <uri for your neo4j instance; usually bolt://localhost:7687>
Or for a specific account defined as a separate profile in your AWS config file, set the
AWS_PROFILEenvironment variable, for example
AWS_PROFILE=other-profile cartography --neo4j-uri <uri for your neo4j instance; usually bolt://localhost:7687>
For more than one AWS account, run
AWS_CONFIG_FILE=/path/to/your/aws/config cartography --neo4j-uri <uri for your neo4j instance; usually bolt://localhost:7687> --aws-sync-all-profiles
You can view a full list of Cartography’s CLI arguments by running
The sync will pull data from your configured accounts and ingest data to Neo4j! This process might take a long time if your account has a lot of assets.
See our Operations Guide for tips on running Cartography in production.