Skip to main content
Indie Security stores all discovered data in a Neo4j knowledge graph, enabling advanced querying and pattern analysis.

Overview

Relationship Mapping

Visualize connections between endpoints, parameters, and vulnerabilities.

Pattern Analysis

Query across assessments to find recurring vulnerability patterns.

Cross-Target Insights

Discover shared vulnerabilities across multiple applications.

Custom Queries

Write Cypher queries for custom security analysis.

Connecting to Neo4j

1

Get Connection Details

Navigate to DashboardSettingsIntegrationsNeo4j.
URI: bolt://graph.indiesecurity.com:7687
Username: your_org_id
Password: (generated)
2

Connect with Neo4j Browser

Open Neo4j Browser and connect:
:server connect
URL: bolt://graph.indiesecurity.com:7687
Username: your_org_id
Password: your_password
3

Verify Connection

Run a test query:
MATCH (n) RETURN count(n) LIMIT 1
You should see a count of nodes in your graph.

Data Model

The knowledge graph uses this schema:

Node Types

Node TypeDescription
TargetRoot node for each target application
EndpointDiscovered URL/API endpoint
ParameterInput parameter (query, body, header)
RequestCaptured HTTP request
ResponseHTTP response data
VulnerabilityDiscovered security issue
EvidenceProof of exploitation
SessionAuthentication session

Relationships

RelationshipDescription
HAS_ENDPOINTTarget → Endpoint
HAS_PARAMETEREndpoint → Parameter
SENT_REQUESTSession → Request
RECEIVED_RESPONSERequest → Response
HAS_VULNERABILITYEndpoint → Vulnerability
HAS_EVIDENCEVulnerability → Evidence

Example Queries

MATCH (t:Target)-[:HAS_ENDPOINT]->(e:Endpoint)
      -[:HAS_VULNERABILITY]->(v:Vulnerability)
WHERE v.type = 'sql_injection'
RETURN t.name, e.path, v.severity
ORDER BY v.severity DESC

MATCH (e:Endpoint)-[:HAS_PARAMETER]->(p:Parameter),
      (e)-[:HAS_VULNERABILITY]->(v:Vulnerability)
WHERE v.type = 'xss' AND v.parameter = p.name
RETURN e.path, p.name, p.type, v.payload

MATCH (e:Endpoint)-[:HAS_VULNERABILITY]->(v:Vulnerability)
WITH e, count(v) as vulnCount
WHERE vulnCount > 1
RETURN e.path, vulnCount
ORDER BY vulnCount DESC

MATCH (v1:Vulnerability)<-[:HAS_VULNERABILITY]-(e1:Endpoint)
      <-[:HAS_ENDPOINT]-(t1:Target),
      (v2:Vulnerability)<-[:HAS_VULNERABILITY]-(e2:Endpoint)
      <-[:HAS_ENDPOINT]-(t2:Target)
WHERE v1.type = v2.type AND t1 <> t2
RETURN v1.type, count(DISTINCT t1) as affectedTargets

Python SDK

Query the graph programmatically: 
from neo4j import GraphDatabase

driver = GraphDatabase.driver(
    "bolt://graph.indiesecurity.com:7687",
    auth=("your_org_id", "your_password")
)

def get_critical_findings(target_name):
    with driver.session() as session:
        result = session.run("""
            MATCH (t:Target {name: $target})
                  -[:HAS_ENDPOINT]->(e:Endpoint)
                  -[:HAS_VULNERABILITY]->(v:Vulnerability)
            WHERE v.severity = 'critical'
            RETURN e.path, v.type, v.description
        """, target=target_name)
        return [record.data() for record in result]

findings = get_critical_findings("production-app")
for finding in findings:
    print(f"{finding['e.path']}: {finding['v.type']}")

Security Considerations

Neo4j access provides read-only access to your security data. Credentials should be kept secure.
  • Credentials are scoped to your organization only
  • Read-only access by default
  • All queries are logged
  • Credentials can be rotated in dashboard settings

Next Steps

API Reference

Query data via REST API.

CI/CD Integration

Automate security analysis in pipelines.