The content graph commands provide a set of commands for creating, loading, and managing a graph database representation of the content repository, enabling you to visualize the metadata of content and the relationships between content packs, including dependencies.
The database is implemented with the Neo4j platform, and populated with data using the Neo4j Python driver. In the database, every content object has a unique node which contains its properties. Nodes of content objects that are associated with each other (for example, playbook A uses script B) have a directed relationship between them, that is represented in the graph.
Docker
These commands start a Neo4j service on Docker by default. Docker application should be running on the machine, and the service is configured automatically.
Note
The graph create command replaces the former create-content-graph command.
This command creates a content graph from a given content repository. The create graph command parses all content packs under the repository, including their relationships. The parsed content objects are then mapped to a repository model and uploaded to the database. When the graph creation is completed, it is available at http://localhost:7474
. The username is neo4j
and the password is contentgraph
.
Argument | Description |
---|---|
-o, --output-path | Output folder to save the zip file of the graph exported files. |
-mp, --marketplace | The marketplace to generate the graph for. The default value is xsoar. Other options are marketplacev2, xspanse, xsoar_saas, xsoar_on_prem. |
-nd, --no-dependencies | Whether dependencies should be included in the graph. |
-clt, --console-log-threshold | Minimum logging threshold for the console logger. Default value is |
-flt, --file-log-threshold | Minimum logging threshold for the file logger. Default value is |
-lp, --log-file-path | Path to the log file. Default path is |
Example
demisto-sdk graph create --marketplace marketplacev2 --no-dependencies
Creates a graph based on the XSIAM marketplace, not including dependencies.
Note
The update create command replaces the former update-content-graph command.
Updates the content graph from the official content graph This commands downloads the official content graph, imports it locally, and updates it with the changes in the given repository or by the --packs
argument. If you use the --packs
argument, only the specified packs are parsed gain and re-uploaded to the graph. When the graph update is complete, it is available at http://localhost:7474
. The username is neo4j
and the password is contentgraph
.
Argument | Description |
---|---|
-g, --use-git | If set to true, uses git to determine which packs to update. The default is |
-mp, --marketplace | The marketplace to generate the graph for. The default value is xsoar. Other options are marketplacev2, xspanse, xsoar_saas, xsoar_on_prem |
-i, --imported-path | Path to a content graph zip file to import. The default is |
-p, --packs | A comma-separated list of packs to update. By default, the value is |
-nd, --no-dependencies | Whether dependencies should be included in the graph. The default is |
-o, --output-path | Output folder to save the zip file of the graph exported files. |
-clt, --console-log-threshold | Minimum logging threshold for the console logger. Default value is |
-flt, --file-log-threshold | Minimum logging threshold for the file logger. Default value is |
-lp, --log-file-path | Path to the log file. Default path is |
Example
demisto-sdk graph update --marketplace marketplacev2 -packs Jira -i path/to/file.zip -o path/to/output/dir
Imports an XSIAM graph from file.zip, updates the Jira pack, and outputs the new file to the dir directory.
This command returns the relationships for a given content object.
Argument | Description |
---|---|
input | The path to a content item or a content pack. Required. |
-ct, --content-type | The content type of the related object. Example: |
-d. --depth | Maximum depth (length) of the relationship paths. The default value is 1. Possible values are between 1 and 5, inclusive. |
-nu, --no-update-graph | If provided, does not run an update on the graph before querying. If you do not include this argument, the update is run. |
-mp, --marketplace | The marketplace to generate the graph for. The default value is |
--mandatory-only | If set to |
--include-tests | If set to |
--include-deprecated | If set to |
--include-hidden | If set to |
-dir, --direction | Specifies whether to return only sources, only targets or both. The default is |
-o, --output-path | Output folder to save the file to. |
-clt, --console-log-threshold | Minimum logging threshold for the console logger. Default value is |
-flt, --file-log-threshold | Minimum logging threshold for the file logger. Default value is |
-lp, --log-file-path | Path to the log file. Default path is |
Examples
demisto-sdk graph get-relationships Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml
Returns all content items that either use or are being used by the SplunkPY integration directly.
demisto-sdk graph get-relationships Packs/Jira -d 5 --relationship depends_on --mandatory-only --direction targets
Returns the full-level dependencies of the Jira pack in Cortex XSOAR, but only mandatory dependencies, and excludes hidden packs or test dependencies.
This command returns the dependencies for a given content pack.
Argument | Description |
---|---|
pack | The ID of the pack to check dependencies for. This argument is required. |
-sr, --show-reasons/-- | This flag prints all of the relationships between the given content pack and its dependencies. The default is not to print these relationships. |
-d, --dependency | Get the data for a specific dependency pack ID. |
-mp, --marketplace | The marketplace to generate the graph for. The default value is |
-m, --mandatory-only | This flag returns only mandatory dependencies. |
-ald, --all-level-dependencies | This flag retrieves all levels of dependencies. |
--include-test-dependencies | This flag includes test dependencies in outputs. |
--include-hidden | This flag includes hidden packs in outputs. |
-dir, --direction | Specifies whether to return only sources, only targets or both sides of dependencies. The default is |
-nu, --no-update-graph | If provided, does not run an update on the graph before querying. If you do not include this argument, the update is run. |
-o, --output | Output folder to save the file to. |
-clt, --console-log-threshold | Minimum logging threshold for the console logger. Default value is |
-flt, --file-log-threshold | Minimum logging threshold for the file logger. Default value is |
-lp, --log-file-path | Path to the log file. Default path is |
Examples
demisto-sdk graph get-dependencies SplunkPy -sr
Returns the dependencies for the SplunkPY content pack and prints its relationships.
demisto-sdk graph get-dependencies Campaign -sr --include-test-dependencies --include-hidden -ald -m
Returns the dependencies for the Campaign content pack, prints its relationships, including test and hidden pack dependencies.
demisto-sdk graph get-dependencies Campaign -sr -ald -m -dir both
Returns the source and target all level dependencies for the Campaign content pack, prints only mandatory relationships.
demisto-sdk graph get-dependencies Campaign -sr -dir both -d Phishing
Returns the source and target dependencies for the Campaign content pack only for the Phishing content pack dependency.