Invoke a relational search query.

post https://ic-playground.eclecticiq.com/api/v2/entities/relational-search

Relational search allows users to find entities which have relations to
other entities, while both entity sets have specific search criteria.
As an example:
I want to make a search query that returns all indicators with tag 'APT-X' that have
established relationships with campaigns from source
'EclecticIQ Open Sources Feed' created in the past week.
The query representing nodes: query_1.es_query, or query_2.es_query
are native elasticsearch supported query objects...
For example, a relational query looking for
"all ttps with tag 'bar' linked to indicators with tag 'apt-x'", will be:

{
"data":{
"query_1": {
"es_query": {
"query_string": {
"query": "data.type:ttp AND meta.tags:"bar"",
"lenient": true,
}
},
"node_type": "entity",
},
"query_2": {
"es_query": {
"query_string": {
"query": "data.type:indicator AND meta.tags:"apt-x"",
"lenient": true,
}
},
"node_type": "entity",
},
"relation_query": {"query_string": {"query": "*", "lenient": true}},
"output": "query_1",
}
}

Required permissions

  • read entities
Language
Authorization
Bearer
JWT
Click Try It! to start a request and see the response here!