Repo sync for protected branch

data-explorer/kusto/query/media/graphs/graph-example-bloodhound-ad-instance.mmd

@@ -0,0 +1,35 @@
+%%{ init: { 'flowchart': {'defaultRenderer': 'elk' } } }%%
+graph LR
+    %% Real Entities from BloodHound_AD dataset
+    ALICE["ALICE@PHANTOM\.CORP<br/>User<br/>Domain User"]
+
+    %% Her Computer
+    LAPTOP["ALICE-LAPTOP\.PHANTOM\.CORP<br/>Computer<br/>Workstation"]
+
+    %% Administrative Groups
+    DOMAINUSERS["DOMAIN USERS@PHANTOM\.CORP<br/>Group<br/>Default Domain Group"]
+
+    %% Domain Infrastructure
+    USERS["USERS@PHANTOM\.CORP<br/>Container<br/>AD Container"]
+    PHANTOM["PHANTOM\.CORP<br/>Domain<br/>AD Domain"]
+
+    %% Validated Attack Path Relationships
+    ALICE -->|AdminTo| LAPTOP
+    ALICE -->|MemberOf| DOMAINUSERS
+
+    %% Container Hierarchy
+    USERS -->|Contains| ALICE
+    PHANTOM -->|Contains| USERS
+
+    %% Styling
+    classDef user fill:#e3f2fd,stroke:#1976d2,stroke-width:3px
+    classDef computer fill:#fff3e0,stroke:#f57c00,stroke-width:2px
+    classDef group fill:#e8f5e8,stroke:#388e3c,stroke-width:2px
+    classDef admingroup fill:#ffebee,stroke:#d32f2f,stroke-width:3px
+    classDef infrastructure fill:#f1f8e9,stroke:#689f38,stroke-width:2px
+    classDef certificate fill:#fce4ec,stroke:#c2185b,stroke-width:3px
+
+    class ALICE user
+    class LAPTOP computer
+    class DOMAINUSERS,DOMAINADMINS group
+    class USERS,PHANTOM infrastructure

data-explorer/kusto/query/media/graphs/graph-example-bloodhound-ad-schema.mmd

@@ -0,0 +1,64 @@
+%%{ init: { 'flowchart': {'defaultRenderer': 'elk' } } }%%
+graph TD
+    %% Core AD Objects
+    USER[User<br/>Domain Users]
+    COMPUTER[Computer<br/>Domain Computers]
+    GROUP[Group<br/>Security Groups]
+    LOCALGROUP[ADLocalGroup<br/>Local Groups]
+
+    %% AD Infrastructure
+    DOMAIN[Domain<br/>AD Domains]
+    OU[OU<br/>Organizational Units]
+    CONTAINER[Container<br/>AD Containers]
+    GPO[GPO<br/>Group Policy Objects]
+
+    %% Certificate Infrastructure
+    CERT[CertTemplate<br/>Certificate Templates]
+    ENTCA[EnterpriseCA<br/>Certificate Authorities]
+    ROOTCA[RootCA<br/>Root CAs]
+
+    %% Domain Hierarchy & Containment
+    DOMAIN -->|Contains| CONTAINER
+    CONTAINER -->|Contains| USER
+    CONTAINER -->|Contains| GROUP
+    DOMAIN -->|Contains| OU
+    OU -->|Contains| USER
+    OU -->|Contains| COMPUTER
+
+    %% Group Memberships
+    USER -->|MemberOf| GROUP
+    USER -->|MemberOf| LOCALGROUP
+    GROUP -->|MemberOf| GROUP
+
+    %% Administrative Access
+    USER -->|AdminTo| COMPUTER
+    GROUP -->|AdminTo| COMPUTER
+    USER -->|GenericAll| USER
+    GROUP -->|GenericAll| GROUP
+
+    %% Dangerous Permissions
+    USER -->|WriteDacl| GROUP
+    GROUP -->|WriteOwner| CERT
+    USER -->|GenericWrite| GPO
+
+    %% Certificate Attack Paths
+    USER -->|GenericAll| ROOTCA
+    GROUP -->|WriteDacl| ENTCA
+
+    %% Object Ownership
+    GROUP -->|Owns| CONTAINER
+    USER -->|Owns| CERT
+
+    %% Styling
+    classDef user fill:#e3f2fd,stroke:#1976d2,stroke-width:3px
+    classDef computer fill:#fff3e0,stroke:#f57c00,stroke-width:2px
+    classDef group fill:#e8f5e8,stroke:#388e3c,stroke-width:2px
+    classDef infrastructure fill:#f1f8e9,stroke:#689f38,stroke-width:2px
+    classDef certificate fill:#fce4ec,stroke:#c2185b,stroke-width:2px
+    classDef dangerous fill:#ffebee,stroke:#d32f2f,stroke-width:3px
+
+    class USER user
+    class COMPUTER computer
+    class GROUP,LOCALGROUP group
+    class DOMAIN,OU,CONTAINER,GPO infrastructure
+    class CERT,ENTCA,ROOTCA certificate

data-explorer/kusto/query/media/graphs/graph-example-bloodhound-entra-instance.mmd

@@ -0,0 +1,47 @@
+%%{ init: { 'flowchart': {'defaultRenderer': 'elk' } } }%%
+graph TD
+    %% Real Entities from BloodHound_Entra dataset
+    JACOB[John Jacob<br/>AZUser<br/>admin_tier_0<br/>[email protected]]
+
+    %% Groups he owns
+    ALLUSERS[All Users<br/>AZGroup<br/>ID: 2f061293]
+    GAROLE[ThisGroupHasGARoleAlwaysActive<br/>AZGroup<br/>ID: 4c8435bf]
+
+    %% App he owns
+    AZUREHOUND[AzureHoundEnterprise<br/>AZApp<br/>ID: 5595629b]
+
+    %% Device he owns
+    WIN10[AADJoinedWin10<br/>AZDevice<br/>ID: 2a2dc5ab]
+
+    %% Administrative Role
+    GLOBALADMIN[Global Administrator<br/>AZRole<br/>Privileged Role]
+
+    %% Tenant
+    PHANTOM[Phantom Corp<br/>AZTenant<br/>phantomcorp.onmicrosoft.com]
+
+    %% Validated Relationships
+    JACOB -->|AZOwns<br/>Application Owner| AZUREHOUND
+    JACOB -->|AZOwns<br/>Group Owner| ALLUSERS
+    JACOB -->|AZOwns<br/>Group Owner| GAROLE
+    JACOB -->|AZOwns<br/>Device Owner| WIN10
+
+    %% Administrative Privileges
+    GLOBALADMIN -->|AZResetPassword<br/>Can Reset| JACOB
+
+    %% Tenant Containment
+    PHANTOM -->|AZContains<br/>Tenant Member| JACOB
+
+    %% Styling
+    classDef user fill:#e3f2fd,stroke:#1976d2,stroke-width:3px
+    classDef app fill:#f3e5f5,stroke:#7b1fa2,stroke-width:3px
+    classDef group fill:#e8f5e8,stroke:#388e3c,stroke-width:2px
+    classDef device fill:#fff3e0,stroke:#f57c00,stroke-width:2px
+    classDef role fill:#ffebee,stroke:#d32f2f,stroke-width:3px
+    classDef tenant fill:#e1f5fe,stroke:#0277bd,stroke-width:2px
+
+    class JACOB user
+    class AZUREHOUND app
+    class ALLUSERS,GAROLE group
+    class WIN10 device
+    class GLOBALADMIN role
+    class PHANTOM tenant

data-explorer/kusto/query/media/graphs/graph-example-bloodhound-entra-schema.mmd

@@ -0,0 +1,58 @@
+%%{ init: { 'flowchart': {'defaultRenderer': 'elk' } } }%%
+graph TD
+    %% Core Azure AD Entities
+    USER[AZUser<br/>Azure AD Users]
+    SP[AZServicePrincipal<br/>Service Principals]
+    APP[AZApp<br/>Applications]
+    GROUP[AZGroup<br/>Security Groups]
+    DEVICE[AZDevice<br/>Managed Devices]
+    ROLE[AZRole<br/>Azure Roles]
+
+    %% Azure Resource Hierarchy
+    TENANT[AZTenant<br/>Azure Tenant]
+    SUB[AZSubscription<br/>Subscriptions]
+    RG[AZResourceGroup<br/>Resource Groups]
+    VM[AZVM<br/>Virtual Machines]
+
+    %% Azure Resource Containment Hierarchy
+    TENANT -->|AZContains| SUB
+    TENANT -->|AZContains| USER
+    SUB -->|AZContains| RG
+    RG -->|AZContains| VM
+
+    %% Identity and Access Relationships
+    USER -->|AZMemberOf| GROUP
+    USER -->|AZOwns| APP
+    USER -->|AZOwns| DEVICE
+    USER -->|AZOwns| GROUP
+    USER -->|AZOwner| SUB
+    USER -->|AZOwner| RG
+
+    %% Service Principal Relationships
+    SP -->|AZRunsAs| APP
+    VM -->|AZManagedIdentity| SP
+
+    %% Administrative Permissions
+    ROLE -->|AZResetPassword| USER
+    GROUP -->|AZAddMembers| GROUP
+
+    %% High-Volume Permissions (simplified for readability)
+    ROLE -.->|AZMGAddOwner<br/>403k edges| RG
+    ROLE -.->|AZMGAddSecret<br/>345k edges| APP
+
+    %% Styling
+    classDef user fill:#e3f2fd,stroke:#1976d2,stroke-width:3px
+    classDef app fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px
+    classDef group fill:#e8f5e8,stroke:#388e3c,stroke-width:2px
+    classDef device fill:#fff3e0,stroke:#f57c00,stroke-width:2px
+    classDef resource fill:#fce4ec,stroke:#c2185b,stroke-width:2px
+    classDef role fill:#e1f5fe,stroke:#0277bd,stroke-width:2px
+    classDef hierarchy fill:#f1f8e9,stroke:#689f38,stroke-width:2px
+
+    class USER user
+    class SP,APP app
+    class GROUP group
+    class DEVICE device
+    class VM,RG resource
+    class ROLE role
+    class TENANT,SUB hierarchy

data-explorer/kusto/query/media/graphs/graph-example-ldbc-financial-instance.mmd

@@ -0,0 +1,42 @@
+%%{ init: { 'flowchart': {'defaultRenderer': 'elk' } } }%%
+graph TD
+    %% Connected Financial Network - Real People and Entities
+    HOUSE[House<br/>Person ID: 467<br/>Female, Born 1995]
+    BARKER[Barker<br/>Person ID: 6597069767083<br/>Transfer Recipient]
+
+    %% Real Accounts (fully connected)
+    ACC1[Renato Holness<br/>Account: 4619004367821865972<br/>House's Main Account]
+    ACC2[Luis Thies<br/>Account: 4687121312185844640<br/>Barker's Account]
+    ACC3[Daniel Joye<br/>Account: 4786200503987995554<br/>Barker's Second Account]
+
+    %% Real Loan and Mediums
+    LOAN1[Debt Consolidation Loan<br/>ID: 4843058449283547765<br/>Amount: $63.5M]
+    MEDIUM1[IPv6 Medium<br/>ID: 4398046511850<br/>Risk: Very High]
+    MEDIUM2[Phone Medium<br/>ID: 30786325577800<br/>Risk: Severe]
+
+    %% Validated Connected Relationships
+    HOUSE -->|OWN| ACC1
+    BARKER -->|OWN| ACC2
+    BARKER -->|OWN| ACC3
+    HOUSE -->|APPLY| LOAN1
+
+    %% Financial Transaction Flow
+    ACC1 -->|TRANSFER<br/>$4.3M| ACC2
+    ACC1 -->|TRANSFER<br/>$9.7M| ACC3
+    LOAN1 -->|DEPOSIT<br/>$7.2M| ACC1
+    ACC1 -->|REPAY<br/>$7.4M| LOAN1
+
+    %% Authentication Access
+    MEDIUM1 -->|SIGN_IN| ACC2
+    MEDIUM2 -->|SIGN_IN| ACC3
+
+    %% Styling
+    classDef person fill:#e1f5fe,stroke:#0277bd,stroke-width:3px
+    classDef account fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px
+    classDef loan fill:#fff3e0,stroke:#f57c00,stroke-width:2px
+    classDef medium fill:#fce4ec,stroke:#c2185b,stroke-width:2px
+
+    class HOUSE,BARKER person
+    class ACC1,ACC2,ACC3 account
+    class LOAN1 loan
+    class MEDIUM1,MEDIUM2 medium

data-explorer/kusto/query/media/graphs/graph-example-ldbc-financial-schema.mmd

@@ -0,0 +1,40 @@
+%%{ init: { 'flowchart': {'defaultRenderer': 'elk' } } }%%
+graph TD
+    %% Financial Entity Types
+    PERSON[PERSON<br/>Individual Customers<br/>785 nodes]
+    COMPANY[COMPANY<br/>Business Entities<br/>386 nodes]
+    ACCOUNT[ACCOUNT<br/>Financial Accounts<br/>2,055 nodes]
+    LOAN[LOAN<br/>Loan Products<br/>1,376 nodes]
+    MEDIUM[MEDIUM<br/>Transaction Channels<br/>978 nodes]
+
+    %% Core Financial Relationships
+    PERSON -->|OWN<br/>2,055| ACCOUNT
+    COMPANY -->|OWN| ACCOUNT
+    PERSON -->|APPLY<br/>1,376| LOAN
+    COMPANY -->|APPLY| LOAN
+    PERSON -->|GUARANTEE<br/>579| PERSON
+    COMPANY -->|GUARANTEE| COMPANY
+
+    %% Transaction Flows
+    ACCOUNT -->|TRANSFER<br/>8,132| ACCOUNT
+    ACCOUNT -->|WITHDRAW<br/>9,182| ACCOUNT
+    LOAN -->|DEPOSIT<br/>2,758| ACCOUNT
+    ACCOUNT -->|REPAY<br/>2,747| LOAN
+
+    %% Authentication & Investment
+    MEDIUM -->|SIGN_IN<br/>2,489| ACCOUNT
+    PERSON -->|INVEST<br/>1,983| COMPANY
+    COMPANY -->|INVEST| COMPANY
+
+    %% Styling
+    classDef personNode fill:#e1f5fe,stroke:#0277bd,stroke-width:3px
+    classDef companyNode fill:#e8f5e8,stroke:#388e3c,stroke-width:2px
+    classDef accountNode fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px
+    classDef loanNode fill:#fff3e0,stroke:#f57c00,stroke-width:2px
+    classDef mediumNode fill:#fce4ec,stroke:#c2185b,stroke-width:2px
+
+    class PERSON personNode
+    class COMPANY companyNode
+    class ACCOUNT accountNode
+    class LOAN loanNode
+    class MEDIUM mediumNode

data-explorer/kusto/query/media/graphs/graph-example-ldbc-snb-instances.mmd

@@ -0,0 +1,50 @@
+%%{ init: { 'flowchart': {'defaultRenderer': 'elk' } } }%%
+graph TD
+    %% Real People from the dataset
+    MP[Mahinda Perera<br/>Person ID: 933]
+    AK[Abdullah Koksal<br/>Person ID: 24189255811254]
+
+    %% Real Post and Comment (validated relationships)
+    POST1[About Aurangzeb<br/>Post ID: 893353296235<br/>Created by Abdullah]
+    COMMENT1[About Gloria Macapagal-Arroyo<br/>Comment ID: 893353296240<br/>Reply to Aurangzeb post]
+
+    %% Real Forum and Tags (validated)
+    FORUM1[Wall of Abdullah Koksal<br/>Forum ID: 755914248727]
+    TAG1[Aurangzeb<br/>Tag on post]
+    TAG2[Gloria_Macapagal-Arroyo<br/>Tag on comment]
+    TAG3[John_Rhys-Davies<br/>Tag on post]
+
+    %% Real Location
+    PLACE1[Location<br/>Geographic Entity]
+
+    %% Validated Social Network Relationships
+    MP -->|LIKES| POST1
+    MP -->|LIKES| COMMENT1
+    POST1 -->|HAS_CREATOR| AK
+    COMMENT1 -->|REPLY_OF| POST1
+
+    %% Validated Forum and Content Organization
+    MP -->|HAS_MEMBER| FORUM1
+    FORUM1 -->|CONTAINER_OF| POST1
+    POST1 -->|HAS_TAG| TAG1
+    POST1 -->|HAS_TAG| TAG3
+    COMMENT1 -->|HAS_TAG| TAG2
+
+    %% Geographic Context (common pattern)
+    MP -->|IS_LOCATED_IN| PLACE1
+    AK -->|IS_LOCATED_IN| PLACE1
+    POST1 -->|IS_LOCATED_IN| PLACE1
+    COMMENT1 -->|IS_LOCATED_IN| PLACE1
+
+    %% Styling
+    classDef person fill:#e1f5fe,stroke:#0277bd,stroke-width:3px
+    classDef content fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px
+    classDef forum fill:#e8f5e8,stroke:#388e3c,stroke-width:2px
+    classDef tag fill:#fff3e0,stroke:#f57c00,stroke-width:2px
+    classDef place fill:#fce4ec,stroke:#c2185b,stroke-width:2px
+
+    class MP,AK person
+    class POST1,COMMENT1 content
+    class FORUM1 forum
+    class TAG1,TAG2,TAG3 tag
+    class PLACE1 place