Submitting Connections Between Data

ThreatExchange supports creating connections (aka edges) between ThreatIndicator objects to express relationships. Examples of when this can be useful are for describing URL re-direct chains or domain to IP address relationships.

Connections are not yet supported in the UI: please see here for details.

Using the API, connections are created via an HTTP POST request to the /related URI for a specific object:<object_id>/related

In the example below we will create a connection between between the domain object (788497497903212) and the IP address object (1061383593887032), which can resolve to via DNS.


Data returned:

"success": true

NOTE: Currently, this is not supported for Malware or MalwareFamily objects, but will be in the near future.