Each graph consists of nodes (indicators, detections, and others), and relationships connecting the nodes. Both nodes and relationships can be added to a graph manually or as a result of transformation.
Nodes
A node is a single point on a graph that may be linked to other points. There are different types of nodes, such as indicators, detections, or groups. Nodes of different types are displayed on the graph with different symbols. See the description of the different node types in the table below.
Node types
Icon |
Type |
Description |
URL |
Standard Kaspersky CyberTrace indicators.
|
|
Hash |
||
IP |
||
External URL |
External indicator (observable) received from a source other than the Kaspersky CyberTrace database. A graph can contain an external indicator and a standard Kaspersky CyberTrace indicator that have the same value. |
|
External Hash |
||
External IP |
||
Action/Detections |
An intermediate node between other nodes. This intermediate node appears as the result of a transformation. |
|
Detection |
Detection event. |
|
Report |
Report that contains information about the related indicator. |
|
Group |
Several nodes grouped together. |
Relationships
Nodes are connected to each other with relationships. Relationships can be directed or undirected.
A directed relationship can lead only to nodes of the types Action and Detections. This kind of relationship appears when Kaspersky CyberTrace performs transformation and a new relationship leads from the initial node to the node added after the transformation.
For example, if a user launches a transformation in order to find detections related to an indicator, a directed relationship may appear leading from the indicator to a node of type Detections. In turn, the undirected relationships will connect the new Detections node with nodes of type Detection.
In most cases, the undirected relationship connects two nodes that have something in common.
For example, a dangerous file can have different hashes (MD5, SHA1, and SHA256), and each of them is a separate indicator of threat. All these nodes can be connected with undirected relationships.
You can create undirected relationships manually, whereas directed relationships can only be the result of transformation.
Page top