Labels on a graph connection/edge in Kibana Graph

Hello,

I have been experimenting with x-pack graph module in Kibana. In our use case we have set of 'nodes' which are related in 'subject' 'predicate' 'object' manner. Is there a way to represent 'predicate' on the connection between 'subject' and 'object'?

In my example, I have set of nodes "Rule_Name" which "detects" a security threat "CVE-XXX". I was able to represent each connection/edge as document which has information about end nodes and their relationship like "subject: Rule_Name --> predicate: Detects --> object:CVE". However in visualization, I was not able to set "detects" as a label, instead my only option was to represent it as separate node.

kibana-graph927×694 24.7 KB

Is there a way to provide "detects" as label on the edge?

Reference:
I have come across this thread: Label on Edges?
and @Mark_Harwood said Graph module might be lacking that feature. His quote:

Right now we don't have special UI logic for the special case where one edge = one document but we may look at adding this in future.

Is there any support in current version of graph for these type of relationships?

Thank you.

No, each edge connecting a pair of terms could represent many documents (perhaps millions) which means there could be different roles/directions describing the pairing of these terms. The use of a "connecting" term as in your example would be one way to clarify the relationship.
However, rather than using a single "detects" term as in your example you could use a unique term to define the relationship e.g. use 2 documents like this:

{ "subject": "ip:xyz", relationship:"ip:XYZ-->detects-->CVE:123" }

and

{ "threat": "CVE:123", relationship:"ip:XYZ-->detects-->CVE:123" }

This might give you cleaner looking graphs which have less of the "pentagram" look to them (all nodes connected by criss-crossing lines) and instead cleaner separation of relationships.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.