relationships
Creates, updates, deletes, gets or lists a relationships resource.
Overview
| Name | relationships |
| Type | Resource |
| Id | cloudflare.cloudforce_one.relationships |
Fields
The following fields are returned by SELECT queries:
- list
Returns a list of events related to the specified starting event.
| Name | Datatype | Description |
|---|---|---|
attacker | string | |
attackerCountry | string | |
category | string | |
datasetId | string | |
date | string | |
event | string | |
hasChildren | boolean | |
indicator | string | |
indicatorType | string | |
indicatorTypeId | number | |
insight | string | |
killChain | number | |
mitreAttack | array | |
mitreCapec | array | |
numReferenced | number | |
numReferences | number | |
rawId | string | |
referenced | array | |
referencedIds | array | |
references | array | |
referencesIds | array | |
releasabilityId | string | |
tags | array | |
targetCountry | string | |
targetIndustry | string | |
tlp | string | |
uuid | string |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list | select | account_id, event_id | direction, maxDepth, relationshipTypes, indicatorTypeIds, datasetId, includeParent, page, pageSize | The event_id must be defined (to list existing events (and their IDs), use the Filter and List Events endpoint). Also, must provide query parameters. |
post_dosevent_create_bulk_with_relationships | insert | account_id, data, datasetId | This method is deprecated. Please use event_create_bulk instead | |
create | exec | account_id, parentId, childIds, relationshipType, datasetId | Creates a directed relationship between two events. The relationship is from parent to child with a specified type. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | The Cloudflare account ID. |
event_id | string | The event ID. |
datasetId | string | The dataset ID to search within. |
direction | string | The direction to traverse the graph. Defaults to 'both' to search all. |
includeParent | boolean | Whether to include the starting event in the results. Defaults to true. |
indicatorTypeIds | array | An optional array of indicator type IDs to filter the results by. |
maxDepth | number | The maximum depth to traverse. Defaults to 5. |
page | number | |
pageSize | number | |
relationshipTypes | string | An optional array of relationship types to filter by. |
SELECT examples
- list
The event_id must be defined (to list existing events (and their IDs), use the Filter and List Events endpoint). Also, must provide query parameters.
SELECT
attacker,
attackerCountry,
category,
datasetId,
date,
event,
hasChildren,
indicator,
indicatorType,
indicatorTypeId,
insight,
killChain,
mitreAttack,
mitreCapec,
numReferenced,
numReferences,
rawId,
referenced,
referencedIds,
references,
referencesIds,
releasabilityId,
tags,
targetCountry,
targetIndustry,
tlp,
uuid
FROM cloudflare.cloudforce_one.relationships
WHERE account_id = '{{ account_id }}' -- required
AND event_id = '{{ event_id }}' -- required
AND direction = '{{ direction }}'
AND maxDepth = '{{ maxDepth }}'
AND relationshipTypes = '{{ relationshipTypes }}'
AND indicatorTypeIds = '{{ indicatorTypeIds }}'
AND datasetId = '{{ datasetId }}'
AND includeParent = '{{ includeParent }}'
AND page = '{{ page }}'
AND pageSize = '{{ pageSize }}'
;
INSERT examples
- post_dosevent_create_bulk_with_relationships
- Manifest
This method is deprecated. Please use event_create_bulk instead
INSERT INTO cloudflare.cloudforce_one.relationships (
data,
datasetId,
account_id
)
SELECT
'{{ data }}' /* required */,
'{{ datasetId }}' /* required */,
'{{ account_id }}'
RETURNING
createdEventsCount,
createdIndicatorsCount,
createdRelationshipsCount,
errorCount,
errors
;
# Description fields are for documentation purposes
- name: relationships
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the relationships resource.
- name: data
value:
- accountId: {{ accountId }}
attacker: "{{ attacker }}"
attackerCountry: "{{ attackerCountry }}"
category: "{{ category }}"
datasetId: "{{ datasetId }}"
date: "{{ date }}"
event: "{{ event }}"
indicator: "{{ indicator }}"
indicatorType: "{{ indicatorType }}"
indicators: "{{ indicators }}"
insight: "{{ insight }}"
raw:
data: "{{ data }}"
source: "{{ source }}"
tlp: "{{ tlp }}"
tags: "{{ tags }}"
targetCountry: "{{ targetCountry }}"
targetIndustry: "{{ targetIndustry }}"
tlp: "{{ tlp }}"
- name: datasetId
value: "{{ datasetId }}"
Lifecycle Methods
- create
Creates a directed relationship between two events. The relationship is from parent to child with a specified type.
EXEC cloudflare.cloudforce_one.relationships.create
@account_id='{{ account_id }}' --required
@@json=
'{
"childIds": "{{ childIds }}",
"datasetId": "{{ datasetId }}",
"parentId": "{{ parentId }}",
"relationshipType": "{{ relationshipType }}"
}'
;