I try to find decision for saving scan results (and later a lot of different information about vulnerabilities, hosts, nets etc). But I try to understand whether graph db is suitable for that? Because I was stuck on current small example:
I have IPs , Ports and Dates. Every day I'm scanning and getting partly new partly the same results. - The real problem (at least for me) that after few days scanning I’ll get few nodes like that. Let:
in Date1 -> was foundIP1 -> withPort22
in Date2 -> was foundIP1 -> withPort80
(in bold - nodes, in italic - edges)
And now I want to make query about IP1 and his Ports was opened in Date1 . But in response will be both Ports (22 and 80) because in current scheme there aren’t any mentions between Date and Port .
So I try to think up proper scheme that will allow such requests without creating new objects IP1_new and Port_new linked to Date2
Thanks, I also thought about such variant. But how it would look when I'll get additional scan results with same values:
on "15-01-2020", IP "10.0.0.1" with "Port22"
on "20-01-2020", IP "10.0.0.1" with "Port22"
Is it possible to set few relations from the same IP1 to same Port22 with different properties? For quering:
MATCH (:IP {ipaddress: "10.0.0.1"})-[:with {date: "14-01-2020"}]->(p:Port)
RETURN p
MATCH (:IP {ipaddress: "10.0.0.1"})-[:with {date: "15-01-2020"}]->(p:Port)
RETURN p
MATCH (:IP {ipaddress: "10.0.0.1"})-[:with {date: "20-01-2020"}]->(p:Port)
RETURN p