Free AI web copilot to create summaries, insights and extended knowledge, download it at here

Abstract

ties. You can think of communities as a group of people, organizations, locations, or events that are closely related. For example, if you are building the graph with a movie script, the node representing the main character and the node representing her friend might be grouped as a community.After the communities are created, GraphRAG will start to generate a summary for each community. Those summaries describe the relationship or the topic within the group of nodes and their relations.We don’t just stop after creating the first level of communities. Once the first level of the community is built, GraphRAG will treat those communities as the nodes for the next level, and construct communities for a higher level. This approach can help create the overview at different levels of granularity. If your question is more for the high level (e.g. what’s the story theme), then this approach can help find the answer in a broader context. We will discuss more details in the next section.<figure id="4800"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*Ceqgh7YqTrOE95AonGln_Q.png"><figcaption>Clustering illustration (source: <a href="https://arxiv.org/pdf/2404.16130">original paper</a>)</figcaption></figure><h2 id="70fb">3. MapReduce approach for information extraction</h2>Finally, we can explain why the former techniques help improve the quality of the answers generated. GraphRAG supports two kinds of query modes: global search and local search.Global search: Community Summary -> Global answerGlobal search aims to provide the answer to questions that require understanding at a higher level. The solution is to aggregate the insight across the community summaries. The global search approach is very different from the traditional RAG, where the answer is based on semantically similar documents, we try first to generate the overview for elements in the document and use the summarized result to answer the question.<figure id="4477"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*YZqEe6E0uA1zRSrnaVdZjw.png"><figcaption>Global search illustration (source: <a href="https://microsoft.github.io/graphrag/posts/query/0-global_search/">Microsoft</a>)</figcaption></figure>Local search: Knowledge Graph -> Local answerOn the other hand, local search starts from the entities in question and uses the knowledge graph to find the most relevant information. For example, given the entity in the query, we may first use the information of connected nodes. In the official implementation, there’s also an option to use graph embedding to find the most relevant nodes in the graph.Now we have walked through all the interesting ideas behind GraphRAG, we can discuss what we can learn from it and how we can apply it in different scenarios.<figure id="543d"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*lcq4N_WFNy8XOhPrzeICHQ.png"><figcaption>Local search illustration (source: <a href="https://microsoft.github.io/graphrag/posts/query/1-local_search/">Microsoft</a>)</figcaption></figure><h1 id="e4fc">Implication: what can we learn from GraphRAG</h1>Although GraphRAG is a powerful tool, there are still some reasons that we

Options

may not want to use it directly:Indexing cost is highGraphRAG uses LLM to generate all the components in a graph, and its system prompt is also quite long (e.g. entity extraction prompt has roughly 1500 tokens). Even if you have only a few documents, the system prompt is still a burden as it increases the number of input tokens. Besides building the knowledge graph itself, the community summaries of communities also lead to a large number of output tokens.Not suitable for documents without obvious entities or documents that are well-structuredSome documents might make it harder to construct the knowledge graph or it’s already well organized and you can directly leverage its structure. In this case, building a knowledge graph index is not necessary. For example, if you are using the API documents as the reference, having a knowledge graph could be overkill as the raw document already describes the relationship clearly. Another example is the spreadsheet data, in this case, it’s too complicated to express the relationship with a graph.Finally, in a recent <a href="https://www.microsoft.com/en-us/research/blog/graphrag-new-tool-for-complex-data-discovery-now-on-github/">blog post</a>, Microsoft provides the following suggestion:<blockquote id="81e1">The overall suitability of GraphRAG for any given use case, however, depends on whether the benefits of structured knowledge representations, readymade community summaries, and support for global queries outweigh the upfront costs of graph index construction.</blockquote>GraphRAG is unnecessarily the go-to solution for all cases. But still, we can borrow some of the ideas from GraphRAG’s implementation even if your use case is not suitable:Implication 1: Pre-summarize the information at different levelsWe can pre-aggregate the insights across documents and use them to generate the answer. When building the summary, we can create the summary with different amounts of details, and store the mapping between documents and the summary.At the query stage, we can first find the most relevant summaries using the similarity search. Next, we can either use the mapping to find the corresponding documents, or we can also use it to generate the answer like GraphRag.Implication 2: Entity as the matching fieldWe can first use LLM to list relevant entities for our documents. When a query is passed, we first extract the entity from the query and use it to find the related documents directly. For example, we can use LLM to find the entities in the question and use full-text search or search filters to find the documents. If the document does not have obvious entities, we can also try to generate extra metadata or tags.SummaryGraphRAG provides a novel approach to solving the traditional RAG’s drawback, that is, answering questions that require the global context of the documents. Besides that, its local search feature also provides an alternative for using only the semantical similarity search. Even we don’t directly use the tool itself, we can still use the concept to improve the RAG implementation.</article></body>

Creating an AWS Account Alias

ACM.417 Automating the creation of an alias for AWS Organizations accounts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: Cloud Governance | IAM | AWS Security

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In the last post I explained how naming conventions can help simplify the complexity of roles and policies.

Naming Conventions That Minimize Complexity for Policies and Roles

ACM.416 Revisiting the names of AWS Organizational Units, Accounts, and Roles

medium.com

Before I proceed with creating my accounts I want to add a couple of functions to my account_functions.sh file to create and delete an AWS account alias.

When you create an account alias it will appear on the AWS IAM dashboard. Initially you’ll only see the account number and have the option to create the alias. After you create the alias it will appear here.

You have to call the function from the account where you’re creating the alias. I wish this was an option to add on a new account using CloudFormation but it’s not because it falls under IAM, I guess.

I’ll include my account functions file when I set the org SSM Parameter in the root account and call my function from there to match the alias on the root account to the organization value stored in SSM.

Recall that the value for the parameter is retrieved in the included file.

Now I can re-run the root-adminrole job that sets the parameter:

Head back over to the IAM dashboard and validate that the alias exists.

Now when AWS IAM users log into that account they can use the alias in the signing URL:

https://[your-alias-here].signin.aws.amazon.com/console

And on this screen where you login as a non-root user to an account:

And also when you switch roles:

Now that I’ve got a function to create a new alias, I want to call it every time I create a new account. Note that an alias must be unique, like an AWS account number. So I am going to create my alias using the org prefix plus the account name like this:

[org]-[account name]

Hopefully that will be unique enough. If not we might need to add logic to make additional adjustments.

I can add the following to my account deployment script:

This is all quite simple except for the assume_role function which currently doesn’t exist. Calculating the name of the organization role we want to assume is simple, because I’ve named my role consistently as explained in the last post.

Assuming the role is a bit more challenging. I also realize I have an issue in my MFA SCP for organizations potentially.

Requiring MFA in an AWS Organizations Service Control Policy

ACM.403 Denying non-role actions without MFA in your organization

medium.com

I’ll fix all that in the next post.

Follow for updates.

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab