Invoke a relational search query.

post https://ic-playground.eclecticiq.com/api/v2/entities/relational-search

Relational search allows users to find entities which have relations to other
entities, while both entity sets have specific search criteria.

The query representing nodes: query_1.es_query, or query_2.es_query are native
elasticsearch supported query objects.

It is possible to search:

  1. Only directly related entities
  2. Both entities related directly or indirectly through any intermediary entity

For example, a relational query looking for "all ttps with tag 'bar' linked to
indicators with tag 'apt-x'", will be:

{
    "data":{
        "query_1": {
            "es_query": {
                "query_string": {
                    "query": "data.type:ttp AND meta.tags: bar", "lenient": true,
                }
            }, "node_type": "entity",
        }, "query_2": {
            "es_query": {
                "query_string": {
                    "query": "data.type:indicator AND meta.tags: apt-x",
                    "lenient": true,
                }
            }, "node_type": "entity",
        }, "relation_query": {"query_string": {"query": "*", "lenient": true}},
        "output": "query_1",
    }
}

Required permissions

  • read entities
Language
Authorization
Bearer
JWT
Click Try It! to start a request and see the response here!