post https://ic-playground.eclecticiq.com/api/v2/entities/relational-search
Relational search allows users to find entities which have relations to
other entities, while both entity sets
have specific search criteria.
As an example:
I want to make a search query that returns all indicators with tag 'APT-X' that have
established relationships with campaigns from source
'EclecticIQ Open Sources Feed' created in the past week.
The query representing nodes: query_1.es_query
, or query_2.es_query
are native elasticsearch supported query objects...
For example, a relational query looking for
"all ttps with tag 'bar' linked to indicators with tag 'apt-x'", will be:
{
"data":{
"query_1": {
"es_query": {
"query_string": {
"query": "data.type:ttp AND meta.tags:"bar"",
"lenient": true,
}
},
"node_type": "entity",
},
"query_2": {
"es_query": {
"query_string": {
"query": "data.type:indicator AND meta.tags:"apt-x"",
"lenient": true,
}
},
"node_type": "entity",
},
"relation_query": {"query_string": {"query": "*", "lenient": true}},
"output": "query_1",
}
}
Required permissions
read entities