diff --git a/agile_operations/network_infrastructure/README.md b/agile_operations/network_infrastructure/README.md index 50724425..f1db7403 100644 --- a/agile_operations/network_infrastructure/README.md +++ b/agile_operations/network_infrastructure/README.md @@ -58,14 +58,13 @@ model and traverse it in real time. This solution kit combines: - **Time hierarchy** A time dimension for temporal analysis and visualization: - `Time_Year`, `Time_Date_Month`, `Time_Date`, `Time_Date_Hour`, - `Time_Date_Minute`. + `Time_Date`, `Time_Date_Minute`. - **Topology and connectivity** `Connect_To` edges between devices and impact/causal relationships such as: `Impacts`, `Linked_With_Alert`, `Linked_With_Incident`, `From_Device`, `To_Device`, plus relationships along the time hierarchy - (`Has_Minute`, `Has_Hour`, `Has_Date`, `Has_Month`, `Has_Year`). + (`Has_Minute`, `Has_Date`). You can use the included queries as building blocks for operations, security analysis, and incident investigation - or extend the graph with diff --git a/agile_operations/network_infrastructure/legacy_loading_job/load_data_no_s3.gsql b/agile_operations/network_infrastructure/legacy_loading_job/load_data_no_s3.gsql index 2a7c6f47..0cb27e04 100644 --- a/agile_operations/network_infrastructure/legacy_loading_job/load_data_no_s3.gsql +++ b/agile_operations/network_infrastructure/legacy_loading_job/load_data_no_s3.gsql @@ -79,10 +79,7 @@ CREATE LOADING JOB load_event_data FOR GRAPH Network_Infrastructure { event_id, event_type, event_timestamp, - event_year, - event_date_month, event_date, - event_date_hour, event_date_minute, impacted_device, device_from, @@ -91,10 +88,7 @@ CREATE LOADING JOB load_event_data FOR GRAPH Network_Infrastructure { $0, $1, $2, - gsql_substring($2, 0, 4), - gsql_substring($2, 0, 7), gsql_substring($2, 0, 10), - gsql_concat(gsql_substring($2, 0, 13), ":00:00"), gsql_concat(gsql_substring($2, 0, 16), ":00"), $3, $4, @@ -104,20 +98,12 @@ CREATE LOADING JOB load_event_data FOR GRAPH Network_Infrastructure { LOAD TEMP_TABLE event_data_temp TO VERTEX Event VALUES ($"event_id", $"event_timestamp"), TO VERTEX Event_Type VALUES ($"event_type"), - TO VERTEX Time_Year VALUES ($"event_year"), - TO VERTEX Time_Date_Month VALUES ($"event_date_month"), - TO VERTEX Time_Date VALUES ($"event_date"), - TO VERTEX Time_Date_Hour VALUES ($"event_date_hour"), - TO VERTEX Time_Date_Minute VALUES ($"event_date_minute"), + TO VERTEX Time_Date VALUES ($"event_date", $"event_date"), + TO VERTEX Time_Date_Minute VALUES ($"event_date_minute", $"event_date_minute"), TO EDGE Event_Has_Type VALUES ($"event_id", $"event_type"), TO EDGE Has_Minute VALUES ($"event_id", $"event_date_minute"), - TO EDGE Has_Hour VALUES ($"event_date_minute", $"event_date_hour"), - TO EDGE Has_Date VALUES ($"event_date_hour", $"event_date"), - TO EDGE Has_Month VALUES ($"event_date", $"event_date_month"), - TO EDGE Has_Year VALUES ($"event_date_month", $"event_year"), - TO EDGE Impacts VALUES ($"event_id", $"impacted_device") WHERE gsql_is_not_empty_string($"impacted_device"), - TO EDGE From_Device VALUES ($"event_id", $"device_from") WHERE gsql_is_not_empty_string($"device_from"), - TO EDGE To_Device VALUES ($"event_id", $"device_to") WHERE gsql_is_not_empty_string($"device_to") + TO EDGE Has_Date VALUES ($"event_date_minute", $"event_date"), + TO EDGE Impacts VALUES ($"event_id", $"impacted_device") WHERE gsql_is_not_empty_string($"impacted_device") ; } @@ -129,10 +115,7 @@ CREATE LOADING JOB load_alert_data FOR GRAPH Network_Infrastructure { alert_id, alert_type, alert_timestamp, - alert_year, - alert_date_month, alert_date, - alert_date_hour, alert_date_minute, impacted_device, device_from, @@ -142,10 +125,7 @@ CREATE LOADING JOB load_alert_data FOR GRAPH Network_Infrastructure { $0, $1, $2, - gsql_substring($2, 0, 4), - gsql_substring($2, 0, 7), gsql_substring($2, 0, 10), - gsql_concat(gsql_substring($2, 0, 13), ":00:00"), gsql_concat(gsql_substring($2, 0, 16), ":00"), $3, $4, @@ -158,22 +138,14 @@ CREATE LOADING JOB load_alert_data FOR GRAPH Network_Infrastructure { TO VERTEX Alert VALUES ($"alert_id", $"severity"), TO VERTEX Event_Type VALUES ("Alert"), TO VERTEX Alert_Type VALUES ($"alert_type"), - TO VERTEX Time_Year VALUES ($"alert_year"), - TO VERTEX Time_Date_Month VALUES ($"alert_date_month"), TO VERTEX Time_Date VALUES ($"alert_date"), - TO VERTEX Time_Date_Hour VALUES ($"alert_date_hour"), TO VERTEX Time_Date_Minute VALUES ($"alert_date_minute"), TO EDGE Event_Has_Type VALUES ($"alert_id", "Alert"), TO EDGE Alert_Has_Type VALUES ($"alert_id", $"alert_type"), TO EDGE Linked_With_Alert VALUES ($"alert_id", $"alert_id"), TO EDGE Has_Minute VALUES ($"alert_id", $"alert_date_minute"), - TO EDGE Has_Hour VALUES ($"alert_date_minute", $"alert_date_hour"), - TO EDGE Has_Date VALUES ($"alert_date_hour", $"alert_date"), - TO EDGE Has_Month VALUES ($"alert_date", $"alert_date_month"), - TO EDGE Has_Year VALUES ($"alert_date_month", $"alert_year"), - TO EDGE Impacts VALUES ($"alert_id", $"impacted_device") WHERE gsql_is_not_empty_string($"impacted_device"), - TO EDGE From_Device VALUES ($"alert_id", $"device_from") WHERE gsql_is_not_empty_string($"device_from"), - TO EDGE To_Device VALUES ($"alert_id", $"device_to") WHERE gsql_is_not_empty_string($"device_to") + TO EDGE Has_Date VALUES ($"alert_date_minute", $"alert_date"), + TO EDGE Impacts VALUES ($"alert_id", $"impacted_device") WHERE gsql_is_not_empty_string($"impacted_device") ; } @@ -185,10 +157,7 @@ CREATE LOADING JOB load_incident_data FOR GRAPH Network_Infrastructure { incident_id, incident_type, incident_timestamp, - incident_year, - incident_date_month, incident_date, - incident_date_hour, incident_date_minute, impacted_device, device_from, @@ -198,10 +167,7 @@ CREATE LOADING JOB load_incident_data FOR GRAPH Network_Infrastructure { $0, $1, $2, - gsql_substring($2, 0, 4), - gsql_substring($2, 0, 7), gsql_substring($2, 0, 10), - gsql_concat(gsql_substring($2, 0, 13), ":00:00"), gsql_concat(gsql_substring($2, 0, 16), ":00"), $3, $4, @@ -214,22 +180,14 @@ CREATE LOADING JOB load_incident_data FOR GRAPH Network_Infrastructure { TO VERTEX Incident VALUES ($"incident_id", $"severity"), TO VERTEX Event_Type VALUES ("Incident"), TO VERTEX Incident_Type VALUES ($"incident_type"), - TO VERTEX Time_Year VALUES ($"incident_year"), - TO VERTEX Time_Date_Month VALUES ($"incident_date_month"), TO VERTEX Time_Date VALUES ($"incident_date"), - TO VERTEX Time_Date_Hour VALUES ($"incident_date_hour"), TO VERTEX Time_Date_Minute VALUES ($"incident_date_minute"), TO EDGE Event_Has_Type VALUES ($"incident_id", "Incident"), TO EDGE Incident_Has_Type VALUES ($"incident_id", $"incident_type"), TO EDGE Linked_With_Incident VALUES ($"incident_id", $"incident_id"), TO EDGE Has_Minute VALUES ($"incident_id", $"incident_date_minute"), - TO EDGE Has_Hour VALUES ($"incident_date_minute", $"incident_date_hour"), - TO EDGE Has_Date VALUES ($"incident_date_hour", $"incident_date"), - TO EDGE Has_Month VALUES ($"incident_date", $"incident_date_month"), - TO EDGE Has_Year VALUES ($"incident_date_month", $"incident_year"), - TO EDGE Impacts VALUES ($"incident_id", $"impacted_device") WHERE gsql_is_not_empty_string($"impacted_device"), - TO EDGE From_Device VALUES ($"incident_id", $"device_from") WHERE gsql_is_not_empty_string($"device_from"), - TO EDGE To_Device VALUES ($"incident_id", $"device_to") WHERE gsql_is_not_empty_string($"device_to") + TO EDGE Has_Date VALUES ($"incident_date_minute", $"incident_date"), + TO EDGE Impacts VALUES ($"incident_id", $"impacted_device") WHERE gsql_is_not_empty_string($"impacted_device") ; } diff --git a/agile_operations/network_infrastructure/loading_job/load_alert_data.gsql b/agile_operations/network_infrastructure/loading_job/load_alert_data.gsql index fa39392e..05d40b04 100644 --- a/agile_operations/network_infrastructure/loading_job/load_alert_data.gsql +++ b/agile_operations/network_infrastructure/loading_job/load_alert_data.gsql @@ -14,10 +14,7 @@ CREATE LOADING JOB load_alert_data FOR GRAPH Network_Infrastructure { alert_id, alert_type, alert_timestamp, - alert_year, - alert_date_month, alert_date, - alert_date_hour, alert_date_minute, impacted_device, device_from, @@ -27,10 +24,7 @@ CREATE LOADING JOB load_alert_data FOR GRAPH Network_Infrastructure { $0, $1, $2, - gsql_substring($2, 0, 4), - gsql_substring($2, 0, 7), gsql_substring($2, 0, 10), - gsql_concat(gsql_substring($2, 0, 13), ":00:00"), gsql_concat(gsql_substring($2, 0, 16), ":00"), $3, $4, @@ -43,22 +37,14 @@ CREATE LOADING JOB load_alert_data FOR GRAPH Network_Infrastructure { TO VERTEX Alert VALUES ($"alert_id", $"severity"), TO VERTEX Event_Type VALUES ("Alert"), TO VERTEX Alert_Type VALUES ($"alert_type"), - TO VERTEX Time_Year VALUES ($"alert_year"), - TO VERTEX Time_Date_Month VALUES ($"alert_date_month"), - TO VERTEX Time_Date VALUES ($"alert_date"), - TO VERTEX Time_Date_Hour VALUES ($"alert_date_hour"), - TO VERTEX Time_Date_Minute VALUES ($"alert_date_minute"), + TO VERTEX Time_Date VALUES ($"alert_date", $"alert_date"), + TO VERTEX Time_Date_Minute VALUES ($"alert_date_minute", $"alert_date_minute"), TO EDGE Event_Has_Type VALUES ($"alert_id", "Alert"), TO EDGE Alert_Has_Type VALUES ($"alert_id", $"alert_type"), TO EDGE Linked_With_Alert VALUES ($"alert_id", $"alert_id"), TO EDGE Has_Minute VALUES ($"alert_id", $"alert_date_minute"), - TO EDGE Has_Hour VALUES ($"alert_date_minute", $"alert_date_hour"), - TO EDGE Has_Date VALUES ($"alert_date_hour", $"alert_date"), - TO EDGE Has_Month VALUES ($"alert_date", $"alert_date_month"), - TO EDGE Has_Year VALUES ($"alert_date_month", $"alert_year"), - TO EDGE Impacts VALUES ($"alert_id", $"impacted_device") WHERE gsql_is_not_empty_string($"impacted_device"), - TO EDGE From_Device VALUES ($"alert_id", $"device_from") WHERE gsql_is_not_empty_string($"device_from"), - TO EDGE To_Device VALUES ($"alert_id", $"device_to") WHERE gsql_is_not_empty_string($"device_to") + TO EDGE Has_Date VALUES ($"alert_date_minute", $"alert_date"), + TO EDGE Impacts VALUES ($"alert_id", $"impacted_device") WHERE gsql_is_not_empty_string($"impacted_device") ; } diff --git a/agile_operations/network_infrastructure/loading_job/load_event_data.gsql b/agile_operations/network_infrastructure/loading_job/load_event_data.gsql index ed15876a..22321ed2 100644 --- a/agile_operations/network_infrastructure/loading_job/load_event_data.gsql +++ b/agile_operations/network_infrastructure/loading_job/load_event_data.gsql @@ -14,10 +14,7 @@ CREATE LOADING JOB load_event_data FOR GRAPH Network_Infrastructure { event_id, event_type, event_timestamp, - event_year, - event_date_month, event_date, - event_date_hour, event_date_minute, impacted_device, device_from, @@ -26,10 +23,7 @@ CREATE LOADING JOB load_event_data FOR GRAPH Network_Infrastructure { $0, $1, $2, - gsql_substring($2, 0, 4), - gsql_substring($2, 0, 7), gsql_substring($2, 0, 10), - gsql_concat(gsql_substring($2, 0, 13), ":00:00"), gsql_concat(gsql_substring($2, 0, 16), ":00"), $3, $4, @@ -39,20 +33,12 @@ CREATE LOADING JOB load_event_data FOR GRAPH Network_Infrastructure { LOAD TEMP_TABLE event_data_temp TO VERTEX Event VALUES ($"event_id", $"event_timestamp"), TO VERTEX Event_Type VALUES ($"event_type"), - TO VERTEX Time_Year VALUES ($"event_year"), - TO VERTEX Time_Date_Month VALUES ($"event_date_month"), - TO VERTEX Time_Date VALUES ($"event_date"), - TO VERTEX Time_Date_Hour VALUES ($"event_date_hour"), - TO VERTEX Time_Date_Minute VALUES ($"event_date_minute"), + TO VERTEX Time_Date VALUES ($"event_date", $"event_date"), + TO VERTEX Time_Date_Minute VALUES ($"event_date_minute", $"event_date_minute"), TO EDGE Event_Has_Type VALUES ($"event_id", $"event_type"), TO EDGE Has_Minute VALUES ($"event_id", $"event_date_minute"), - TO EDGE Has_Hour VALUES ($"event_date_minute", $"event_date_hour"), - TO EDGE Has_Date VALUES ($"event_date_hour", $"event_date"), - TO EDGE Has_Month VALUES ($"event_date", $"event_date_month"), - TO EDGE Has_Year VALUES ($"event_date_month", $"event_year"), - TO EDGE Impacts VALUES ($"event_id", $"impacted_device") WHERE gsql_is_not_empty_string($"impacted_device"), - TO EDGE From_Device VALUES ($"event_id", $"device_from") WHERE gsql_is_not_empty_string($"device_from"), - TO EDGE To_Device VALUES ($"event_id", $"device_to") WHERE gsql_is_not_empty_string($"device_to") + TO EDGE Has_Date VALUES ($"event_date_minute", $"event_date"), + TO EDGE Impacts VALUES ($"event_id", $"impacted_device") WHERE gsql_is_not_empty_string($"impacted_device") ; } diff --git a/agile_operations/network_infrastructure/loading_job/load_incident_data.gsql b/agile_operations/network_infrastructure/loading_job/load_incident_data.gsql index f0481aa7..cab7107f 100644 --- a/agile_operations/network_infrastructure/loading_job/load_incident_data.gsql +++ b/agile_operations/network_infrastructure/loading_job/load_incident_data.gsql @@ -14,10 +14,7 @@ CREATE LOADING JOB load_incident_data FOR GRAPH Network_Infrastructure { incident_id, incident_type, incident_timestamp, - incident_year, - incident_date_month, incident_date, - incident_date_hour, incident_date_minute, impacted_device, device_from, @@ -27,10 +24,7 @@ CREATE LOADING JOB load_incident_data FOR GRAPH Network_Infrastructure { $0, $1, $2, - gsql_substring($2, 0, 4), - gsql_substring($2, 0, 7), gsql_substring($2, 0, 10), - gsql_concat(gsql_substring($2, 0, 13), ":00:00"), gsql_concat(gsql_substring($2, 0, 16), ":00"), $3, $4, @@ -43,22 +37,14 @@ CREATE LOADING JOB load_incident_data FOR GRAPH Network_Infrastructure { TO VERTEX Incident VALUES ($"incident_id", $"severity"), TO VERTEX Event_Type VALUES ("Incident"), TO VERTEX Incident_Type VALUES ($"incident_type"), - TO VERTEX Time_Year VALUES ($"incident_year"), - TO VERTEX Time_Date_Month VALUES ($"incident_date_month"), - TO VERTEX Time_Date VALUES ($"incident_date"), - TO VERTEX Time_Date_Hour VALUES ($"incident_date_hour"), - TO VERTEX Time_Date_Minute VALUES ($"incident_date_minute"), + TO VERTEX Time_Date VALUES ($"incident_date", $"incident_date"), + TO VERTEX Time_Date_Minute VALUES ($"incident_date_minute", $"incident_date_minute"), TO EDGE Event_Has_Type VALUES ($"incident_id", "Incident"), TO EDGE Incident_Has_Type VALUES ($"incident_id", $"incident_type"), TO EDGE Linked_With_Incident VALUES ($"incident_id", $"incident_id"), TO EDGE Has_Minute VALUES ($"incident_id", $"incident_date_minute"), - TO EDGE Has_Hour VALUES ($"incident_date_minute", $"incident_date_hour"), - TO EDGE Has_Date VALUES ($"incident_date_hour", $"incident_date"), - TO EDGE Has_Month VALUES ($"incident_date", $"incident_date_month"), - TO EDGE Has_Year VALUES ($"incident_date_month", $"incident_year"), - TO EDGE Impacts VALUES ($"incident_id", $"impacted_device") WHERE gsql_is_not_empty_string($"impacted_device"), - TO EDGE From_Device VALUES ($"incident_id", $"device_from") WHERE gsql_is_not_empty_string($"device_from"), - TO EDGE To_Device VALUES ($"incident_id", $"device_to") WHERE gsql_is_not_empty_string($"device_to") + TO EDGE Has_Date VALUES ($"incident_date_minute", $"incident_date"), + TO EDGE Impacts VALUES ($"incident_id", $"impacted_device") WHERE gsql_is_not_empty_string($"impacted_device") ; } diff --git a/agile_operations/network_infrastructure/meta/images/Network_Infrastructure_Schema_Image.png b/agile_operations/network_infrastructure/meta/images/Network_Infrastructure_Schema_Image.png index 88ba9c23..89223d39 100644 Binary files a/agile_operations/network_infrastructure/meta/images/Network_Infrastructure_Schema_Image.png and b/agile_operations/network_infrastructure/meta/images/Network_Infrastructure_Schema_Image.png differ diff --git a/agile_operations/network_infrastructure/meta/schema.json b/agile_operations/network_infrastructure/meta/schema.json index 61b58504..dede249e 100644 --- a/agile_operations/network_infrastructure/meta/schema.json +++ b/agile_operations/network_infrastructure/meta/schema.json @@ -2,504 +2,401 @@ "error": false, "message": "", "results": { - "GraphName": "Network_Infrastructure", - "VertexTypes": [ + "EdgeTypes": [ { + "Attributes": [], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + }, + "FromVertexTypeName": "Alert", + "IsDirected": false, "IsLocal": true, - "Attributes": [ - { - "AttributeType": { - "Name": "DATETIME" - }, - "AttributeName": "time" - } - ], - "PrimaryId": { - "AttributeType": { - "Name": "STRING" - }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" - }, - "Name": "Event" + "Name": "Alert_Has_Type", + "ToVertexTypeName": "Alert_Type" }, { + "Attributes": [], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + }, + "FromVertexTypeName": "Device", + "IsDirected": false, "IsLocal": true, - "Attributes": [], - "PrimaryId": { - "AttributeType": { - "Name": "STRING" - }, - "PrimaryIdAsAttribute": true, - "AttributeName": "ip_address" - }, - "Name": "IP" + "Name": "Connect_To", + "ToVertexTypeName": "Device" }, { + "Attributes": [], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + }, + "FromVertexTypeName": "Event", + "IsDirected": false, "IsLocal": true, - "Attributes": [ - { - "AttributeType": { - "Name": "STRING" - }, - "AttributeName": "name" - }, - { - "AttributeType": { - "Name": "STRING" - }, - "AttributeName": "device_type" - } - ], - "PrimaryId": { - "AttributeType": { - "Name": "STRING" - }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" - }, - "Name": "Device" + "Name": "Linked_With_Alert", + "ToVertexTypeName": "Alert" }, { + "Attributes": [], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + }, + "FromVertexTypeName": "Incident", + "IsDirected": false, "IsLocal": true, - "Attributes": [ - { - "AttributeType": { - "Name": "INT" - }, - "AttributeName": "severity" - } - ], - "PrimaryId": { - "AttributeType": { - "Name": "STRING" - }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" - }, - "Name": "Alert" + "Name": "Incident_Has_Type", + "ToVertexTypeName": "Incident_Type" }, { + "Attributes": [], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + }, + "FromVertexTypeName": "Event", + "IsDirected": false, "IsLocal": true, - "Attributes": [], - "PrimaryId": { - "AttributeType": { - "Name": "STRING" - }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" - }, - "Name": "Alert_Type" + "Name": "Linked_With_Incident", + "ToVertexTypeName": "Incident" }, { + "Attributes": [], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + }, + "FromVertexTypeName": "Event", + "IsDirected": false, "IsLocal": true, + "Name": "Event_Has_Type", + "ToVertexTypeName": "Event_Type" + }, + { "Attributes": [], - "PrimaryId": { - "AttributeType": { - "Name": "DATETIME" - }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" + "Config": { + }, - "Name": "Time_Date" + "FromVertexTypeName": "Event", + "IsDirected": false, + "IsLocal": true, + "Name": "Impacts", + "ToVertexTypeName": "Device" }, { + "Attributes": [], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + }, + "FromVertexTypeName": "Time_Date_Minute", + "IsDirected": false, "IsLocal": true, + "Name": "Has_Date", + "ToVertexTypeName": "Time_Date" + }, + { "Attributes": [], - "PrimaryId": { - "AttributeType": { - "Name": "INT" - }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" + "Config": { + }, - "Name": "Time_Year" + "FromVertexTypeName": "Event", + "IsDirected": false, + "IsLocal": true, + "Name": "Has_Minute", + "ToVertexTypeName": "Time_Date_Minute" }, { + "Attributes": [], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + }, + "EdgePairs": [ + { + "From": "Device", + "To": "Switch" + }, + { + "From": "Device", + "To": "Server" + }, + { + "From": "Device", + "To": "Router" + }, + { + "From": "Device", + "To": "Firewall" + } + ], + "FromVertexTypeName": "Device", + "IsDirected": false, "IsLocal": true, + "Name": "Device_Has_Type", + "ToVertexTypeName": "*" + } + ], + "GraphName": "Network_Infrastructure", + "VertexTypes": [ + { "Attributes": [ { + "AttributeName": "time", "AttributeType": { - "Name": "INT" - }, - "AttributeName": "severity" + "Name": "DATETIME" + } } ], + "Config": { + "PRIMARY_ID_AS_ATTRIBUTE": true, + "STATS": "OUTDEGREE_BY_EDGETYPE" + }, + "IsLocal": true, + "Name": "Event", "PrimaryId": { + "AttributeName": "id", "AttributeType": { "Name": "STRING" }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" - }, - "Name": "Incident" + "PrimaryIdAsAttribute": true + } }, { + "Attributes": [ + { + "AttributeName": "name", + "AttributeType": { + "Name": "STRING" + } + }, + { + "AttributeName": "device_type", + "AttributeType": { + "Name": "STRING" + } + } + ], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + "PRIMARY_ID_AS_ATTRIBUTE": true, + "STATS": "OUTDEGREE_BY_EDGETYPE" }, "IsLocal": true, - "Attributes": [], + "Name": "Device", "PrimaryId": { + "AttributeName": "id", "AttributeType": { "Name": "STRING" }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" - }, - "Name": "Incident_Type" + "PrimaryIdAsAttribute": true + } }, { + "Attributes": [ + { + "AttributeName": "severity", + "AttributeType": { + "Name": "INT" + } + } + ], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + "PRIMARY_ID_AS_ATTRIBUTE": true, + "STATS": "OUTDEGREE_BY_EDGETYPE" }, "IsLocal": true, - "Attributes": [], + "Name": "Alert", "PrimaryId": { + "AttributeName": "id", "AttributeType": { "Name": "STRING" }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" - }, - "Name": "Event_Type" + "PrimaryIdAsAttribute": true + } }, { + "Attributes": [], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + "PRIMARY_ID_AS_ATTRIBUTE": true, + "STATS": "OUTDEGREE_BY_EDGETYPE" }, "IsLocal": true, - "Attributes": [], + "Name": "Alert_Type", "PrimaryId": { + "AttributeName": "id", "AttributeType": { - "Name": "DATETIME" + "Name": "STRING" }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" - }, - "Name": "Time_Date_Hour" + "PrimaryIdAsAttribute": true + } }, { + "Attributes": [ + { + "AttributeName": "represented_date", + "AttributeType": { + "Name": "DATETIME" + } + } + ], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + "PRIMARY_ID_AS_ATTRIBUTE": true, + "STATS": "OUTDEGREE_BY_EDGETYPE" }, "IsLocal": true, - "Attributes": [], + "Name": "Time_Date", "PrimaryId": { + "AttributeName": "id", "AttributeType": { "Name": "STRING" }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" - }, - "Name": "Time_Date_Month" + "PrimaryIdAsAttribute": true + } }, { + "Attributes": [ + { + "AttributeName": "represented_date", + "AttributeType": { + "Name": "DATETIME" + } + } + ], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + "PRIMARY_ID_AS_ATTRIBUTE": true, + "STATS": "OUTDEGREE_BY_EDGETYPE" }, "IsLocal": true, - "Attributes": [], + "Name": "Time_Date_Minute", "PrimaryId": { + "AttributeName": "id", "AttributeType": { - "Name": "DATETIME" + "Name": "STRING" }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" - }, - "Name": "Time_Date_Minute" + "PrimaryIdAsAttribute": true + } }, { + "Attributes": [ + { + "AttributeName": "severity", + "AttributeType": { + "Name": "INT" + } + } + ], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + "PRIMARY_ID_AS_ATTRIBUTE": true, + "STATS": "OUTDEGREE_BY_EDGETYPE" }, "IsLocal": true, - "Attributes": [], + "Name": "Incident", "PrimaryId": { + "AttributeName": "id", "AttributeType": { "Name": "STRING" }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" - }, - "Name": "Router" + "PrimaryIdAsAttribute": true + } }, { + "Attributes": [], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + "PRIMARY_ID_AS_ATTRIBUTE": true, + "STATS": "OUTDEGREE_BY_EDGETYPE" }, "IsLocal": true, - "Attributes": [], + "Name": "Incident_Type", "PrimaryId": { + "AttributeName": "id", "AttributeType": { "Name": "STRING" }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" - }, - "Name": "Firewall" + "PrimaryIdAsAttribute": true + } }, { + "Attributes": [], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + "PRIMARY_ID_AS_ATTRIBUTE": true, + "STATS": "OUTDEGREE_BY_EDGETYPE" }, "IsLocal": true, - "Attributes": [], + "Name": "Event_Type", "PrimaryId": { + "AttributeName": "id", "AttributeType": { "Name": "STRING" }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" - }, - "Name": "Switch" + "PrimaryIdAsAttribute": true + } }, { + "Attributes": [], "Config": { - "STATS": "OUTDEGREE_BY_EDGETYPE", - "PRIMARY_ID_AS_ATTRIBUTE": true + "PRIMARY_ID_AS_ATTRIBUTE": true, + "STATS": "OUTDEGREE_BY_EDGETYPE" }, "IsLocal": true, - "Attributes": [ - { - "AttributeType": { - "Name": "STRING" - }, - "AttributeName": "mac_address" - } - ], + "Name": "Router", "PrimaryId": { + "AttributeName": "id", "AttributeType": { "Name": "STRING" }, - "PrimaryIdAsAttribute": true, - "AttributeName": "id" - }, - "Name": "Server" - } - ], - "EdgeTypes": [ - { - "IsDirected": false, - "ToVertexTypeName": "IP", - "Config": {}, - "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Event", - "Name": "Has_Source_IP" - }, - { - "IsDirected": false, - "ToVertexTypeName": "IP", - "Config": {}, - "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Event", - "Name": "Has_Target_IP" - }, - { - "IsDirected": false, - "ToVertexTypeName": "Device", - "Config": {}, - "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Event", - "Name": "To_Device" - }, - { - "IsDirected": false, - "ToVertexTypeName": "Device", - "Config": {}, - "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Event", - "Name": "From_Device" - }, - { - "IsDirected": false, - "ToVertexTypeName": "Alert_Type", - "Config": {}, - "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Alert", - "Name": "Alert_Has_Type" - }, - { - "IsDirected": false, - "ToVertexTypeName": "Device", - "Config": {}, - "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Device", - "Name": "Connect_To" - }, - { - "IsDirected": false, - "ToVertexTypeName": "IP", - "Config": {}, - "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Device", - "Name": "Device_Has_IP" - }, - { - "IsDirected": false, - "ToVertexTypeName": "Alert", - "Config": {}, - "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Event", - "Name": "Linked_With_Alert" - }, - { - "IsDirected": false, - "ToVertexTypeName": "Incident_Type", - "Config": {}, - "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Incident", - "Name": "Incident_Has_Type" - }, - { - "IsDirected": false, - "ToVertexTypeName": "Incident", - "Config": {}, - "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Event", - "Name": "Linked_With_Incident" - }, - { - "IsDirected": false, - "ToVertexTypeName": "Event_Type", - "Config": {}, - "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Event", - "Name": "Event_Has_Type" - }, - { - "IsDirected": false, - "ToVertexTypeName": "Device", - "Config": {}, - "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Event", - "Name": "Impacts" - }, - { - "IsDirected": false, - "ToVertexTypeName": "Time_Date", - "Config": {}, - "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Time_Date_Hour", - "Name": "Has_Date" + "PrimaryIdAsAttribute": true + } }, { - "IsDirected": false, - "ToVertexTypeName": "Time_Date_Month", - "Config": {}, - "IsLocal": true, "Attributes": [], - "FromVertexTypeName": "Time_Date", - "Name": "Has_Month" - }, - { - "IsDirected": false, - "ToVertexTypeName": "Time_Year", - "Config": {}, + "Config": { + "PRIMARY_ID_AS_ATTRIBUTE": true, + "STATS": "OUTDEGREE_BY_EDGETYPE" + }, "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Time_Date_Month", - "Name": "Has_Year" + "Name": "Firewall", + "PrimaryId": { + "AttributeName": "id", + "AttributeType": { + "Name": "STRING" + }, + "PrimaryIdAsAttribute": true + } }, { - "IsDirected": false, - "ToVertexTypeName": "Time_Date_Hour", - "Config": {}, - "IsLocal": true, "Attributes": [], - "FromVertexTypeName": "Time_Date_Minute", - "Name": "Has_Hour" - }, - { - "IsDirected": false, - "ToVertexTypeName": "Time_Date_Minute", - "Config": {}, + "Config": { + "PRIMARY_ID_AS_ATTRIBUTE": true, + "STATS": "OUTDEGREE_BY_EDGETYPE" + }, "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Event", - "Name": "Has_Minute" + "Name": "Switch", + "PrimaryId": { + "AttributeName": "id", + "AttributeType": { + "Name": "STRING" + }, + "PrimaryIdAsAttribute": true + } }, { - "IsDirected": false, - "ToVertexTypeName": "*", - "Config": {}, - "IsLocal": true, - "Attributes": [], - "FromVertexTypeName": "Device", - "EdgePairs": [ - { - "From": "Device", - "To": "Switch" - }, - { - "From": "Device", - "To": "Server" - }, - { - "From": "Device", - "To": "Router" - }, + "Attributes": [ { - "From": "Device", - "To": "Firewall" + "AttributeName": "mac_address", + "AttributeType": { + "Name": "STRING" + } } ], - "Name": "Device_Has_Type" + "Config": { + "PRIMARY_ID_AS_ATTRIBUTE": true, + "STATS": "OUTDEGREE_BY_EDGETYPE" + }, + "IsLocal": true, + "Name": "Server", + "PrimaryId": { + "AttributeName": "id", + "AttributeType": { + "Name": "STRING" + }, + "PrimaryIdAsAttribute": true + } } - ], - "UDTs": [] + ] } } \ No newline at end of file diff --git a/agile_operations/network_infrastructure/meta/style.json b/agile_operations/network_infrastructure/meta/style.json index 6f9cb7e8..7f4b22ba 100644 --- a/agile_operations/network_infrastructure/meta/style.json +++ b/agile_operations/network_infrastructure/meta/style.json @@ -6,109 +6,80 @@ "Alert": { "fillColor": "#8c564b", "other": {}, - "x": 575.4439431121987, - "y": 409.78987721815344 + "x": 895.723779123004, + "y": 108.264981942669 }, "Alert_Type": { "fillColor": "#e377c2", "other": {}, - "x": 805.9167470656048, - "y": 409.54117590232903 + "x": 1098.10625439051, + "y": 108.82333402382 }, "Device": { "fillColor": "#9467bd", "other": {}, - "x": 193.48402011133655, - "y": 641.9215376907896 + "x": 702.335476177302, + "y": 447.54237709063 }, "Event": { "fillColor": "#2ca02c", "other": {}, - "x": 363.4111306023198, - "y": 410.7190884322075 + "x": 701.681061545654, + "y": 242.156379885335 }, "Event_Type": { "fillColor": "#ffbb78", "other": {}, - "x": 162.90377090832715, - "y": 410.61464561967693 + "x": 485.484978999204, + "y": 238.558165624936 }, "Firewall": { "fillColor": "#f7b6d2", "other": {}, - "x": 90.1951489113576, - "y": 835.5952803880552 - }, - "IP": { - "fillColor": "#d62728", - "other": {}, - "x": 527.6010792613387, - "y": 633.7799617800096 + "x": 621.479839438844, + "y": 631.690256759996 }, "Incident": { "fillColor": "#17becf", "other": {}, - "x": 574.3474836423078, - "y": 266.29595327692255 + "x": 899.161758316403, + "y": 236.385765370512 }, "Incident_Type": { "fillColor": "#aec7e8", "other": {}, - "x": 800.9305514000001, - "y": 264.04335280128225 + "x": 1097.54010310826, + "y": 238.272015047423 }, "Router": { "fillColor": "#c49c94", "other": {}, - "x": -66.40918736097001, - "y": 829.1566401179075 + "x": 494.669061322146, + "y": 623.467738998129 }, "Server": { "fillColor": "#dbdb8d", "other": {}, - "x": 412.2958795078367, - "y": 839.0601032064711 + "x": 907.437690471245, + "y": 634.035226969694 }, "Switch": { "fillColor": "#c7c7c7", "other": {}, - "x": 273.46682861493946, - "y": 842.8851518471403 + "x": 772.894550792515, + "y": 636.374889687747 }, "Time_Date": { "fillColor": "#9bff87", - "icon": "icon_220", "other": {}, - "x": 47.397594449312656, - "y": 204.00877776177327 - }, - "Time_Date_Hour": { - "fillColor": "#9bff87", - "icon": "icon_220", - "other": {}, - "x": 205.12164188986057, - "y": 205.31118904843575 + "x": 488.40116969068, + "y": 41.2191798597393 }, "Time_Date_Minute": { "fillColor": "#9bff87", - "icon": "icon_220", - "other": {}, - "x": 364.5734136809228, - "y": 205.36089240075086 - }, - "Time_Date_Month": { - "fillColor": "#9bff87", - "icon": "icon_220", - "other": {}, - "x": -118.92699805525115, - "y": 204.05704909922628 - }, - "Time_Year": { - "fillColor": "#9bff87", - "icon": "icon_220", "other": {}, - "x": -287.70979970888163, - "y": 202.99309334255867 + "x": 703.026013218695, + "y": 44.7641475327227 } }, "edgeStyles": { @@ -120,10 +91,6 @@ "fillColor": "#637939", "other": {} }, - "Device_Has_IP": { - "fillColor": "#8ca252", - "other": {} - }, "Device_Has_Type": { "fillColor": "#7b4173", "other": {} @@ -132,38 +99,14 @@ "fillColor": "#bd9e39", "other": {} }, - "From_Device": { - "fillColor": "#6b6ecf", - "other": {} - }, "Has_Date": { "fillColor": "#e7cb94", "other": {} }, - "Has_Hour": { - "fillColor": "#d6616b", - "other": {} - }, "Has_Minute": { "fillColor": "#e7969c", "other": {} }, - "Has_Month": { - "fillColor": "#843c39", - "other": {} - }, - "Has_Source_IP": { - "fillColor": "#9edae5", - "other": {} - }, - "Has_Target_IP": { - "fillColor": "#393b79", - "other": {} - }, - "Has_Year": { - "fillColor": "#ad494a", - "other": {} - }, "Impacts": { "fillColor": "#e7ba52", "other": {} @@ -179,10 +122,6 @@ "Linked_With_Incident": { "fillColor": "#8c6d31", "other": {} - }, - "To_Device": { - "fillColor": "#5254a3", - "other": {} } } } diff --git a/agile_operations/network_infrastructure/queries/find_events_by_impacted_device_and_time_range.gsql b/agile_operations/network_infrastructure/queries/find_events_by_impacted_device_and_time_range.gsql index badf7cc1..f68e53ec 100644 --- a/agile_operations/network_infrastructure/queries/find_events_by_impacted_device_and_time_range.gsql +++ b/agile_operations/network_infrastructure/queries/find_events_by_impacted_device_and_time_range.gsql @@ -10,7 +10,7 @@ CREATE OR REPLACE QUERY find_events_by_impacted_device_and_time_range ( Purpose: Finds and visualizes events linked to a specific device within a given time range. - Also traces time hierarchy (Minute -> Hour -> Date -> Month -> Year) for chronological visualization. + Also traces time hierarchy (Minute -> Date) for chronological visualization. Optionally includes detailed event type information (Alert, Incident, and their classifications). Key Features: @@ -27,7 +27,7 @@ CREATE OR REPLACE QUERY find_events_by_impacted_device_and_time_range ( Outputs: - linked_events_within_time - Events impacting the input device within the time range. - - linked_time_date_minute / hour / date / month / year - Chronologically related time vertices. + - linked_time_date_minute and linked_time_date - Chronologically related time vertices. - linked_event_types - Event classification (if enabled). - linked_alerts_within_time, linked_incidents_within_time - Associated alerts and incidents. - linked_alert_types, linked_incident_types - Alert/Incident categories. @@ -48,23 +48,8 @@ CREATE OR REPLACE QUERY find_events_by_impacted_device_and_time_range ( ACCUM @@edges_to_display += e ; - linked_time_date_hour = SELECT t - FROM linked_time_date_minute:s -(Has_Hour:e)- Time_Date_Hour:t - ACCUM @@edges_to_display += e - ; - linked_time_date = SELECT t - FROM linked_time_date_hour:s -(Has_Date:e)- Time_Date:t - ACCUM @@edges_to_display += e - ; - - linked_time_date_month = SELECT t - FROM linked_time_date:s -(Has_Month:e)- Time_Date_Month:t - ACCUM @@edges_to_display += e - ; - - linked_time_year = SELECT t - FROM linked_time_date_month -(Has_Year:e)- Time_Year:t + FROM linked_time_date_minute:s -(Has_Date:e)- Time_Date:t ACCUM @@edges_to_display += e ; @@ -113,10 +98,7 @@ CREATE OR REPLACE QUERY find_events_by_impacted_device_and_time_range ( PRINT linked_time_date_minute, - linked_time_date_hour, - linked_time_date, - linked_time_date_month, - linked_time_year + linked_time_date ; PRINT @@edges_to_display; diff --git a/agile_operations/network_infrastructure/queries/find_events_by_time_range_and_event_type.gsql b/agile_operations/network_infrastructure/queries/find_events_by_time_range_and_event_type.gsql index be815431..58d6f0df 100644 --- a/agile_operations/network_infrastructure/queries/find_events_by_time_range_and_event_type.gsql +++ b/agile_operations/network_infrastructure/queries/find_events_by_time_range_and_event_type.gsql @@ -21,7 +21,7 @@ CREATE OR REPLACE QUERY find_events_by_time_range_and_event_type ( - selected_events_with_info: . event_id - Event identifier . event_time - Timestamp of the event - . event_type . Type classification (Security, System, Network, etc.) + . event_type - Type classification (e.g. "Router Back Online", "Server Internet Connection Restored") . event_alert_type - Enriched alert type data (if any) . event_incident_type - Enriched incident type data (if any) . impacted_devices_list - Devices affected by this event @@ -32,44 +32,22 @@ CREATE OR REPLACE QUERY find_events_by_time_range_and_event_type ( MaxAccum @alert_type; ListAccum @event_impacted_device_list; - INT start_year = year(start_time); - STRING start_time_date_month = datetime_format(start_time, "%Y-%m"); DATETIME start_time_date = to_datetime(datetime_format(start_time, "%Y-%m-%d")); - DATETIME start_time_date_hour = to_datetime(datetime_format(start_time, "%Y-%m-%d %H:00:00")); DATETIME start_time_date_minute = to_datetime(datetime_format(start_time, "%Y-%m-%d %H:%M:00")); - INT end_year = year(end_time); - STRING end_time_date_month = datetime_format(end_time, "%Y-%m"); DATETIME end_time_date = to_datetime(datetime_format(end_time, "%Y-%m-%d")); - DATETIME end_time_date_hour = to_datetime(datetime_format(end_time, "%Y-%m-%d %H:00:00")); DATETIME end_time_date_minute = to_datetime(datetime_format(end_time, "%Y-%m-%d %H:%M:00")); - - - all_time_years = {Time_Year.*}; - time_year_in_range = SELECT s - FROM all_time_years:s - WHERE s.id BETWEEN start_year AND end_year - ; - - time_date_month_in_range = SELECT t - FROM time_year_in_range:s -(Has_Year:e)- Time_Date_Month:t - WHERE t.id BETWEEN start_time_date_month AND end_time_date_month - ; + all_time_dates = {Time_Date.*}; - time_date_in_range = SELECT t - FROM time_date_month_in_range:s -(Has_Month:e)- Time_Date:t - WHERE t.id BETWEEN start_time_date AND end_time_date - ; - - time_date_hour_in_range = SELECT t - FROM time_date_in_range:s -(Has_Date:e)- Time_Date_Hour:t - WHERE t.id BETWEEN start_time_date_hour AND end_time_date_hour + time_date_in_range = SELECT s + FROM all_time_dates:s + WHERE s.represented_date BETWEEN start_time_date AND end_time_date ; time_date_minute_in_range = SELECT t - FROM time_date_hour_in_range:s -(Has_Hour:e)- Time_Date_Minute:t - WHERE t.id BETWEEN start_time_date_minute AND end_time_date_minute + FROM time_date_in_range:s -(Has_Date:e)- Time_Date_Minute:t + WHERE t.represented_date BETWEEN start_time_date_minute AND end_time_date_minute ; events_in_time_range = SELECT t @@ -77,7 +55,6 @@ CREATE OR REPLACE QUERY find_events_by_time_range_and_event_type ( WHERE t.time BETWEEN start_time AND end_time ; - // Collect the event type (+ filter) and collect the impacted device with the event selected_events_with_info = SELECT s FROM events_in_time_range:s -(Event_Has_Type:e)- Event_Type:t @@ -95,7 +72,6 @@ CREATE OR REPLACE QUERY find_events_by_time_range_and_event_type ( FROM selected_events_with_info:s -(Impacts:e)- Device:t ACCUM s.@event_impacted_device_list += t.id ; - // Collect the Incident and Alert types into Event vertices. linked_alerts = SELECT t diff --git a/agile_operations/network_infrastructure/schema/create_network_infrastructure_graph.gsql b/agile_operations/network_infrastructure/schema/create_network_infrastructure_graph.gsql index 147c41b0..68cbe368 100644 --- a/agile_operations/network_infrastructure/schema/create_network_infrastructure_graph.gsql +++ b/agile_operations/network_infrastructure/schema/create_network_infrastructure_graph.gsql @@ -2,39 +2,27 @@ CREATE GRAPH Network_Infrastructure () CREATE SCHEMA_CHANGE JOB init_network_infrastructure_schema FOR GRAPH Network_Infrastructure { ADD VERTEX Event(PRIMARY_ID id STRING, time DATETIME) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; - ADD VERTEX IP(PRIMARY_ID ip_address STRING) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; ADD VERTEX Device(PRIMARY_ID id STRING, name STRING, device_type STRING) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; ADD VERTEX Alert(PRIMARY_ID id STRING, severity INT) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; ADD VERTEX Alert_Type(PRIMARY_ID id STRING) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; - ADD VERTEX Time_Date(PRIMARY_ID id DATETIME) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; - ADD VERTEX Time_Year(PRIMARY_ID id INT) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; + ADD VERTEX Time_Date(PRIMARY_ID id STRING, represented_date DATETIME) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; + ADD VERTEX Time_Date_Minute(PRIMARY_ID id STRING, represented_date DATETIME) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; ADD VERTEX Incident(PRIMARY_ID id STRING, severity INT) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; ADD VERTEX Incident_Type(PRIMARY_ID id STRING) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; ADD VERTEX Event_Type(PRIMARY_ID id STRING) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; - ADD VERTEX Time_Date_Hour(PRIMARY_ID id DATETIME) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; - ADD VERTEX Time_Date_Month(PRIMARY_ID id STRING) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; - ADD VERTEX Time_Date_Minute(PRIMARY_ID id DATETIME) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; ADD VERTEX Router(PRIMARY_ID id STRING) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; ADD VERTEX Firewall(PRIMARY_ID id STRING) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; ADD VERTEX Switch(PRIMARY_ID id STRING) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; ADD VERTEX Server(PRIMARY_ID id STRING, mac_address STRING) WITH STATS="OUTDEGREE_BY_EDGETYPE", PRIMARY_ID_AS_ATTRIBUTE="true"; - ADD UNDIRECTED EDGE Has_Source_IP(FROM Event, TO IP); - ADD UNDIRECTED EDGE Has_Target_IP(FROM Event, TO IP); - ADD UNDIRECTED EDGE To_Device(FROM Event, TO Device); - ADD UNDIRECTED EDGE From_Device(FROM Event, TO Device); ADD UNDIRECTED EDGE Alert_Has_Type(FROM Alert, TO Alert_Type); ADD UNDIRECTED EDGE Connect_To(FROM Device, TO Device); - ADD UNDIRECTED EDGE Device_Has_IP(FROM Device, TO IP); ADD UNDIRECTED EDGE Linked_With_Alert(FROM Event, TO Alert); ADD UNDIRECTED EDGE Incident_Has_Type(FROM Incident, TO Incident_Type); ADD UNDIRECTED EDGE Linked_With_Incident(FROM Event, TO Incident); ADD UNDIRECTED EDGE Event_Has_Type(FROM Event, TO Event_Type); ADD UNDIRECTED EDGE Impacts(FROM Event, TO Device); - ADD UNDIRECTED EDGE Has_Date(FROM Time_Date_Hour, TO Time_Date); - ADD UNDIRECTED EDGE Has_Month(FROM Time_Date, TO Time_Date_Month); - ADD UNDIRECTED EDGE Has_Year(FROM Time_Date_Month, TO Time_Year); - ADD UNDIRECTED EDGE Has_Hour(FROM Time_Date_Minute, TO Time_Date_Hour); + ADD UNDIRECTED EDGE Has_Date(FROM Time_Date_Minute, TO Time_Date); ADD UNDIRECTED EDGE Has_Minute(FROM Event, TO Time_Date_Minute); ADD UNDIRECTED EDGE Device_Has_Type(FROM Device, TO Switch|FROM Device, TO Server|FROM Device, TO Router|FROM Device, TO Firewall); } diff --git a/scripts/readme.md b/scripts/readme.md index fa17396f..385c7473 100644 --- a/scripts/readme.md +++ b/scripts/readme.md @@ -23,7 +23,7 @@ solution name/ 2. The `meta` folder contains metadata about the solution. - - `meta/schema.json` contains the API response from `/api/gsql-server/gsql/schema` for the schema. We need this in advance so we can show the schema in the UI before creating the schema. + - `meta/schema.json` contains the API response from `/api/gsql-server/gsql/v1/schema/graphs/${graphName}` for the schema (note that in TigerGraph version 3 or earlier, this should be `/api/gsql-server/gsql/schema`). We need this in advance so we can show the schema in the UI before creating the schema. - `meta/style.json` contains the API response from `/api/graph-styles/local/${graphName}` for the style. We need this in advance so we can show the style (the vertex's color and position) in the UI before creating the schema. This file is optional. - `meta/Insights*.json` contains the exported insights application configuration. If it exists, we will import the insights application when installing the solution. - `meta/icon.png`|`meta/icon.jpg` is the icon of the solution.