Merge pull request #656 from BloodHoundAD/4.3

feat: add support for new azure primatives

docs/data-analysis/nodes.rst

@@ -822,6 +822,8 @@ At the top of the node info tab you will see the following info:
 Overview
 ------------
 * **See VM within Tenant**: Unrolls the VM membership within Azure, displaying the VM’s resource group & subscription.
+* **Managed Identities**: Shows the assigned managed identity service principals for the VM.
+
 
 Node Properties
 ------------------
@@ -898,3 +900,366 @@ Inbound Object Control
   control of this object through Azure group delegation.
 * **Transitive Object Controllers**: The number of objects in AD that can achieve
   control of this object through object-control attack paths
+
+AZAutomationAccount
+^^^^^
+
+Automation Accounts are one of several services falling under the umbrella of “Azure Automation”. Azure admins can use Automation Accounts to automate a variety of business operations, such as creating and configuring Virtual Machines in Azure.
+
+Automation Accounts offer different process automation services, but at the core of all those services are what are called Runbooks.
+
+Read more about how attackers abuse Automation Accounts in this blog post: https://medium.com/p/82667d17187a 
+
+
+At the top of the node info tab you will see the following info:
+
+* **NAME**: The full name of the asset
+
+Overview
+------------
+* **See asset within Tenant**: Unrolls the asset's membership within Azure, displaying the asset’s resource group & subscription.
+* **Managed Identities**: Shows the assigned managed identity service principals for the asset.
+
+
+Node Properties
+------------------
+
+* **Object ID**: The Azure objectid for the asset.
+
+Extra Properties
+-------------------
+
+* **tenantid**: The Azure tenant ID for the asset.
+
+
+Inbound Object Control
+-------------------------
+
+* **Explicit Object Controllers**: The number of principals that are in a role that has the ability to control this asset.
+* **Unrolled Object Controllers**: The actual number of principals that have control of this
+  asset through security group delegation. This number can sometimes be wildly higher than
+  the previous number.
+* **Transitive Object Controllers**: The number of assets in Azure that can achieve control of this object through control attack paths.
+
+AZContainerRegistry
+^^^^^
+
+Azure Container Registry (ACR) is Microsoft’s implementation of the Open Container Initiative’s (OCI) Distribution Spec, which itself is based on the original Docker Registry protocol. In plain English: ACR stores and manages container images for you. ACR serves those images, making them available to run locally, on some remote system, or as an Azure Container Instance. You can think of ACR as being somewhat analogous to your very own Docker Registry.
+
+Read more about how attackers abuse Container Registries in this blog post: https://medium.com/p/1f407bfaa465 
+
+
+At the top of the node info tab you will see the following info:
+
+* **NAME**: The full name of the asset
+
+Overview
+------------
+* **See asset within Tenant**: Unrolls the asset's membership within Azure, displaying the asset’s resource group & subscription.
+* **Managed Identities**: Shows the assigned managed identity service principals for the asset.
+
+
+Node Properties
+------------------
+
+* **Object ID**: The Azure objectid for the asset.
+
+Extra Properties
+-------------------
+
+* **tenantid**: The Azure tenant ID for the asset.
+
+
+Inbound Object Control
+-------------------------
+
+* **Explicit Object Controllers**: The number of principals that are in a role that has the ability to control this asset.
+* **Unrolled Object Controllers**: The actual number of principals that have control of this
+  asset through security group delegation. This number can sometimes be wildly higher than
+  the previous number.
+* **Transitive Object Controllers**: The number of assets in Azure that can achieve control of this object through control attack paths.
+
+AZFunctionApp
+^^^^^
+
+Functions are one of several services falling under the umbrella of “Azure Automation”. Azure admins can create functions using a variety of language (C#, Java, PowerShell, etc.), then run those functions on-demand in Azure. Functions are hosted and grouped together in Azure using Function Apps.
+
+Read more about how attackers abuse Function Apps in this blog post: https://medium.com/p/300065251cbe 
+
+
+At the top of the node info tab you will see the following info:
+
+* **NAME**: The full name of the asset
+
+Overview
+------------
+* **See asset within Tenant**: Unrolls the asset's membership within Azure, displaying the asset’s resource group & subscription.
+* **Managed Identities**: Shows the assigned managed identity service principals for the asset.
+
+
+Node Properties
+------------------
+
+* **Object ID**: The Azure objectid for the asset.
+
+Extra Properties
+-------------------
+
+* **tenantid**: The Azure tenant ID for the asset.
+
+
+Inbound Object Control
+-------------------------
+
+* **Explicit Object Controllers**: The number of principals that are in a role that has the ability to control this asset.
+* **Unrolled Object Controllers**: The actual number of principals that have control of this
+  asset through security group delegation. This number can sometimes be wildly higher than
+  the previous number.
+* **Transitive Object Controllers**: The number of assets in Azure that can achieve control of this object through control attack paths.
+
+AZLogicApp
+^^^^^
+
+Logic Apps are another Azure service falling under the general umbrella of “Azure Automation”. Admins can use Logic Apps to construct what are called “workflows”. Workflows are comprised of triggers and actions that occur as a result of those triggers.
+
+Read more about how attackers abuse Logic Apps in this blog post: https://medium.com/p/52b29354fc54 
+
+
+At the top of the node info tab you will see the following info:
+
+* **NAME**: The full name of the asset
+
+Overview
+------------
+* **See asset within Tenant**: Unrolls the asset's membership within Azure, displaying the asset’s resource group & subscription.
+* **Managed Identities**: Shows the assigned managed identity service principals for the asset.
+
+
+Node Properties
+------------------
+
+* **Object ID**: The Azure objectid for the asset.
+
+Extra Properties
+-------------------
+
+* **tenantid**: The Azure tenant ID for the asset.
+
+
+Inbound Object Control
+-------------------------
+
+* **Explicit Object Controllers**: The number of principals that are in a role that has the ability to control this asset.
+* **Unrolled Object Controllers**: The actual number of principals that have control of this
+  asset through security group delegation. This number can sometimes be wildly higher than
+  the previous number.
+* **Transitive Object Controllers**: The number of assets in Azure that can achieve control of this object through control attack paths.
+
+AZManagedCluster
+^^^^^
+
+Azure Kubernetes Service Managed Clusters provide Azure admins an easy way to create and maintain Kubernetes clusters.
+
+Read about how attackers abuse AKS Managed Clusters in this blog post: https://www.netspi.com/blog/technical/cloud-penetration-testing/extract-credentials-from-azure-kubernetes-service/ 
+
+
+At the top of the node info tab you will see the following info:
+
+* **NAME**: The full name of the asset
+
+Overview
+------------
+* **See asset within Tenant**: Unrolls the asset's membership within Azure, displaying the asset’s resource group & subscription.
+* **Managed Identities**: Shows the assigned managed identity service principals for the asset.
+
+
+Node Properties
+------------------
+
+* **Object ID**: The Azure objectid for the asset.
+
+Extra Properties
+-------------------
+
+* **tenantid**: The Azure tenant ID for the asset.
+
+
+Inbound Object Control
+-------------------------
+
+* **Explicit Object Controllers**: The number of principals that are in a role that has the ability to control this asset.
+* **Unrolled Object Controllers**: The actual number of principals that have control of this
+  asset through security group delegation. This number can sometimes be wildly higher than
+  the previous number.
+* **Transitive Object Controllers**: The number of assets in Azure that can achieve control of this object through control attack paths.
+
+AZVMScaleSet
+^^^^^
+
+Azure Virtual Machine Scale Sets are used by AKS Managed Clusters to spin up and spin down compute nodes. They can also by used by admins to spin up and manage virtual machines outside of the AKS use-case.
+
+Read about how attackers abuse Virtual Machine Scale Sets in this blog post: https://www.netspi.com/blog/technical/cloud-penetration-testing/extract-credentials-from-azure-kubernetes-service/ 
+
+
+At the top of the node info tab you will see the following info:
+
+* **NAME**: The full name of the asset
+
+Overview
+------------
+* **See asset within Tenant**: Unrolls the asset's membership within Azure, displaying the asset’s resource group & subscription.
+* **Managed Identities**: Shows the assigned managed identity service principals for the asset.
+
+
+Node Properties
+------------------
+
+* **Object ID**: The Azure objectid for the asset.
+
+Extra Properties
+-------------------
+
+* **tenantid**: The Azure tenant ID for the asset.
+
+
+Inbound Object Control
+-------------------------
+
+* **Explicit Object Controllers**: The number of principals that are in a role that has the ability to control this asset.
+* **Unrolled Object Controllers**: The actual number of principals that have control of this
+  asset through security group delegation. This number can sometimes be wildly higher than
+  the previous number.
+* **Transitive Object Controllers**: The number of assets in Azure that can achieve control of this object through control attack paths.
+
+AzWebApp
+^^^^^
+
+Azure App Service is a Platform-as-a-Service product that promises to improve web application deployment, hosting, availability, and security. Web Apps hosted by Azure App Service are organized into Azure App Service Plans, which are Virtual Machines that the Web Apps in that plan all run on.
+
+Read more about how attackers abuse Web Apps in this blog post: https://medium.com/p/c3adefccff95 
+
+
+At the top of the node info tab you will see the following info:
+
+* **NAME**: The full name of the asset
+
+Overview
+------------
+* **See asset within Tenant**: Unrolls the asset's membership within Azure, displaying the asset’s resource group & subscription.
+* **Managed Identities**: Shows the assigned managed identity service principals for the asset.
+
+
+Node Properties
+------------------
+
+* **Object ID**: The Azure objectid for the asset.
+
+Extra Properties
+-------------------
+
+* **tenantid**: The Azure tenant ID for the asset.
+
+
+Inbound Object Control
+-------------------------
+
+* **Explicit Object Controllers**: The number of principals that are in a role that has the ability to control this asset.
+* **Unrolled Object Controllers**: The actual number of principals that have control of this
+  asset through security group delegation. This number can sometimes be wildly higher than
+  the previous number.
+* **Transitive Object Controllers**: The number of assets in Azure that can achieve control of this object through control attack paths.
+
+AzManagementGroup
+^^^^^
+
+At the top of the node info tab you will see the following info:
+
+* **NAME**: The full name of the asset
+
+Overview
+------------
+* **Reachable High Value Targets**: The count of how many high value
+  targets this asset has an attack path to. Click this number to see the shortest attack paths from this asset
+  to those high value targets.
+
+Node Properties
+------------------
+
+* **Object ID**: The Azure objectid for the asset.
+* **Tenant ID**: The Azure tenant ID for the asset.
+
+Extra Properties
+----------------
+
+No extra properties.
+
+Descendent Objects
+-------------------
+
+The number of assets under this asset categorized in Azure asset types.
+
+Inbound Object Control
+-------------------------
+
+* **Explicit Object Controllers**: The number of principals that are in a role that has the ability to control this asset.
+* **Unrolled Object Controllers**: The actual number of principals that have control of this
+  asset through security group delegation. This number can sometimes be wildly higher than
+  the previous number.
+* **Transitive Object Controllers**: The number of assets in Azure that can achieve control of this object through control attack paths.
+
+AzRole
+^^^^^
+
+At the top of the node info tab you will see the following info:
+
+* **NAME**: The full name of the role
+
+Node Properties
+------------------
+
+* **Object ID**: The Azure objectid for the role.
+* **Display Name**: The display name of the role.
+* **Enabled**: Whether the role is enabled or disabled.
+* **Description**: Description of the role.
+* **Template ID**: Template ID of the role.
+* **Tenant ID**: The Azure tenant ID for the role.
+
+Extra Properties
+----------------
+
+* **isbuiltin**: Whether the role is an Azure built-in role or custom.
+
+
+Assignments
+-------------------
+
+* **Active Assignments**: The assets with this role actively assigned.
+* **PIM Assignments**: The assets with this PIM assigned.
+
+AZKeyVault
+^^^^^
+
+At the top of the node info tab you will see the following info:
+
+* **NAME**: The full name of the asset
+
+Node Properties
+------------------
+
+* **Object ID**: The Azure objectid for the asset.
+* **Enable RBAC Authorization**: Whether the Key Vault has RBAC authorization enabled or not.
+* **Tenant ID**: The Azure tenant ID for the asset.
+
+Vault Readers
+-------------------
+
+The number of assets that can read keys, certificates, and secrets in the Key Vault.
+
+Inbound Object Control
+-------------------------
+
+* **Explicit Object Controllers**: The number of principals that are in a role that has the ability to control this asset.
+* **Unrolled Object Controllers**: The actual number of principals that have control of this
+  asset through security group delegation. This number can sometimes be wildly higher than
+  the previous number.
+* **Transitive Object Controllers**: The number of assets in Azure that can achieve control of this object through control attack paths.