API Reference
Start typing to search…

Invoke a relational search query.

post https://dashboard.kpmg.eiq.sh/api/v2/entities/relational-search

Relational search allows users to find entities which have relations to other entities, while both entity sets have specific search criteria.

The query representing nodes: query_1.es_query, or query_2.es_query are native elasticsearch supported query objects.

It is possible to search:

  1. Only directly related entities
  2. Both entities related directly or indirectly through any intermediary entity

For example, a relational query looking for "all ttps with tag 'bar' linked to indicators with tag 'apt-x'", will be:

{
    "data":{
        "query_1": {
            "es_query": {
                "query_string": {
                    "query": "data.type:ttp AND meta.tags: bar", "lenient": true,
                }
            }, "node_type": "entity",
        }, "query_2": {
            "es_query": {
                "query_string": {
                    "query": "data.type:indicator AND meta.tags: apt-x",
                    "lenient": true,
                }
            }, "node_type": "entity",
        }, "relation_query": {"query_string": {"query": "*", "lenient": true}},
        "output": "query_1",
    }
}

Required permissions

  • read entities
Language
Credentials
Click Try It! to start a request and see the response here!