- Entra Graph API Collector

- Defender Metadata Collector

- Sentinel Metadata Connector

- AD/LDAP Connector (Hybrid optional)

Normalizes identity, permission, group, and risk metadata.

- Graph Database (Neo4j or equivalent)

Identity Nodes + Group Nodes + Device Nodes + Role Nodes

- Permission Edges + Escalation Edges + Movement Edges

- Derived relationships (effective roles, nested privileges, drift)

Builds the unified identity/privilege/lateral-movement model.

- Path Enumeration Module

- Weighted Scoring Model

- MITRE ATT&CK Path Mapping

- Privilege Escalation Analyzer

- Lateral Movement Predictor

Outputs the Top 3-5 most likely attack paths.

- Identity Hardening Suggestions

- Privilege Cleanup Actions

- Misconfiguration Fixes

- Policy & Access Recommendations

Converts predictions into SOC-ready mitigations.

- Attack Path Visualization

- High-Risk Identities Panel

- Recommendations View

- Environment Overview

- HTML/PDF Report Generator

Provides clear, actionable, real-time visibility to the SOC.

- Azure single-tenant deployment

- Containerized microservices

- Secrets & identity control via Key Vault

- Encryption at rest & in transit

- Role-based access control

Ensures secure, isolated, & compliant environment for MVP.