Submitting Connections Between Data

ThreatExchange supports creating connections (aka edges) between ThreatIndicator objects to express relationships. Examples of when this can be useful are for describing URL re-direct chains or domain to IP address relationships.

Connections are not yet supported in the UI: please see here for details.

Using the API, connections are created via an HTTP POST request to the /related URI for a specific object:

https://graph.facebook.com/v2.8/<object_id>/related

In the example below we will create a connection between between the facebook.com domain object (788497497903212) and the 173.252.120.6 IP address object (1061383593887032), which facebook.com can resolve to via DNS.

https://graph.facebook.com/v2.8/788497497903212/related

POST DATA:
related_id=1061383593887032
&amp;access_token=<access_token>

Data returned:

{
"success": true
}

NOTE: Currently, this is not supported for Malware or MalwareFamily objects, but will be in the near future.