Create link analysis graph based on sql server database data

Good afternoon,
I’m looking for a link analysis graph solution which can create a relation between 2 or more data. right now I have SQL database data which I want to relate it between those data.
my data are consist of : IP_destination, threat_name, IP_source data. I want to create a relation graph between that 3 data.
in term of those needs, I have some question regarding the siren link analysis graph feature:

  • what is the data type that can be displayed with that link analysis graph feature…?
  • can I used log data pulled by logstash as the data source of that link analysis graph feature?
  • can I use that link analysis graph feature to create relation between IP_source and IP_destination based on SQL server?
    thank you
    regards,

@nicola.bertolin Should be able to help you with this.

Hi, when do you talk about data, are you referring to:
-Different tables in the same databases?
-Multiple databases with one table each?
-Only one table with 3 columns (dest, thread, source)?

About your questions:

  1. If your data is only in one database you can use any type. If you want joins between your external database with data stored in elasticsearch, you have to use INT as datatype.
    2.For logstash yes, you can use it to ingest your data in elasticsearch.
  2. If your data is stored in a single table, you can define the relationship through an intermediate node (virtual entity), here the documentation.

Hope this will help you. Let us know if you have any question.

If you want to create a graph with IPs they should be mapped to “Entity Identifiers” (EIDs). This documentation is handy

https://docs.support.siren.io/10.2.4/platform/en/siren-investigate/data-model/how-to-use-entity-identifiers.html

https://docs.support.siren.io/10.2.4/platform/en/siren-investigate/data-model/creating-an-index-pattern-search.html