AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

Inside Cirro: Schemas and Extensible Identity Graphs

Need a way to model identity risk across evolving cloud environments? This workshop breaks down how Cirro’s extensible design supports consistent analysis as new systems and data sources are added.

Cirro is designed as a framework for modeling cloud environments through relationships rather than isolated objects. While its current focus is Azure and Entra ID, the underlying architecture is built to be extensible so that additional platforms, identity systems, and data sources can be incorporated over time.

This session explores the design philosophy behind Cirro and how its architecture supports extensible identity graph modeling. Led by Cirro creator Leron Gray, we discuss how separating data ingestion from graph modeling and analysis enables new environments to be integrated while maintaining a consistent approach to understanding identity relationships, configuration risk, and privilege propagation.

Session Summary:

This workshop explores how Cirro’s schema engine operates, focusing on how Azure resources and identities are modeled into a graph using flexible, YAML-based schemas. It explains how data is ingested from structured sources like SQLite, transformed through templated specifications, and loaded into Neo4j to represent relationships across both management and data planes. The session includes live demonstrations showing how new resource types such as network watchers and Key Vault certificates can be added dynamically. It also demonstrates how these resources are linked to identities to expand attack path visibility. The workshop highlights Cirro’s extensibility and its ability to evolve attack path modeling without requiring changes to core code.

Key Takeaways:

  • Cirro uses YAML-based schemas and templating to define how data becomes graph nodes and relationships
  • New resource types can be added without modifying core application code
  • Data ingestion relies on consistent sources and reusable schema logic
  • Both management plane and data plane data can be modeled and connected
  • Post-processing supports normalization, deduplication, and relationship enrichment
  • Linking resources to identities enables deeper attack path visibility
  • A flexible schema model supports continuous expansion as environments evolve

Learn more about Cirro: https://bishopfox.com/tools/cirro

Extend Your Knowledge

Check out these related resources.

Datasheet ai powered apt
Datasheet

AI-Powered Application Penetration Testing Datasheet

Most enterprises are managing dozens — sometimes hundreds — of applications with the same constrained budgets and headcount. Bishop Fox AI-Powered Application Penetration Testing delivers validated, expert-reviewed findings across your entire portfolio without the noise or overhead.

Learn More
Bishop Fox guide: 15 guardrails for shipping AI-generated code safely.
Guide

Secure AI-Assisted Development: 15 Guardrails for Shipping AI-Generated Code

Before releasing AI-developed software, use our recommended security guardrails checklist to learn how to constrain generated code, enforce security controls, and prevent silent risk from prompt to production.

Learn More
GigaOm Radar Report 2026 Attack Surface Management with security risk radar graphic and Bishop Fox branding.
Report

2026 GigaOm Radar for Attack Surface Management

Get an overview of the 2026 Attack Surface Management (ASM) market — along with the key features and business criteria met by the top solutions — and learn why Bishop Fox was named Leader and Fast Mover by the analysts at GigaOm.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.