Giters

grapl-security / grapl

Graph platform for Detection and Response

Home Page:https://www.graplsecurity.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Allow for AND logic across edges

colin-grapl opened this issue · comments

commented

What did you want to do?

As a Grapl user I want to be able to express graphs that may contain multiple distinct nodes over a single edge.

As an example, a Parent Process with two child processes, each matching distinct patterns.

What did you actually end up doing instead?

Currently this sort of logic has to be handled in the on_response method, which is much less efficient and has a number of other caveats.

What can Grapl do differently?

Allow for supporting AND logic across a single edge.

ProcessQuery()
.with_children(
    ProcessQuery().with_process_name(eq="foo"),
    ProcessQuery().with_process_name(eq="bar"),
)