Writing Search Queries in SlashID
SlashID stores all monitored data in a graph database, allowing you to write powerful and flexible queries using Cypher, which is Neo4j's native query language.
Through the Queries section in the SlashID console, you can search for any entity (e.g., users, non-human identities (NHIs), policies etc) and explore their relationships.
To effectively write queries, it’s important to understand the graph structure:
- Entities are represented as nodes in the graph
- Relationships between entities (e.g., "allows access to" or "created by") are represented as edges
Below is a detailed breakdown of the node types (entities), their properties, and the relationship types (edges) available for querying.
Entity (Node) Types
Labels
Each node in the graph is defined by two fields (node "labels" in Neo4j terminology):
- Class: specifies what kind of entity the node represents, such as an identity or a credential
- Source type: indicates the system or environment the entity originates from
Neo4j labels are like categories that define the node and are primarily used for indexing and efficient querying.
Entity Classes
A node's class can be one of the following:
Application
Credential
Identity
Policy
Resource
Source Types
Nodes may originate from various sources, categorized as follows:
active_directory
aws_account
azure_tenant
entra_tenant
gate_instance
gcp_project
google_workspace_instance
okta_org
postgres_instance
slashid
snowflake_account
Properties
Each entity (node) can have optional properties stored as key-value pairs, which contain additional data about the entity.
These are the possible properties:
identifier_from_source
: unique identifier assigned by the source systementity_type
: type of entity (more specific than class), specific to the source typeentity_id
: internal ID assigned by SlashIDname
: human-readable name for the entitystatus
: current state of the entity (e.g., "active", "deleted")source_identifier
: ID of the data sourcetags
: custom labels applied to specific entities for grouping and filtering
Properties in Neo4j are not indexed by default, which means that searching by properties (e.g., name
, status
)
may be slower than searching by labels.
Relationship (Edge) Types
Relationships define how entities are connected within the graph.
Each relationship type comes in two directions — one for the initiator and one for the recipient.
Relationship Type | Inverse Relationship | Description |
---|---|---|
ALLOWS_ACCESS_TO | IS ALLOWED_ACCESS_BY | Grants access to a resource |
ASSIGNED_TO | IS_ASSIGNED | Denotes assignment of an entity (e.g., a role to a user) |
CREATED | CREATED_BY | An entity (e.g., user, system) created another entity |
CAN_ACCESS | CAN_BE_ACCESSED | Indicates an entity has general access to another entity |
CAN_ASSUME | CAN_BE_ASSUMED_BY | Represents the ability to assume a role or identity |
CAN_READ | CAN_BE_READ_BY | Specifies read permissions on an entity |
CAN_WRITE | CAN_BE_WRITTEN_BY | Specifies write permissions on an entity |
CONTAINS | IS_CONTAINED_BY | Indicates an entity is nested inside another (e.g., a policy inside a group) |
DEFINES_PERMISSIONS_OF | HAS_PERMISSIONS_DEFINED_BY | Defines permissions of another entity |
DENIES_ACCESS_TO | IS_DENIED_ACCESS_BY | Explicitly denies access |
FEDERATES_TO | FEDERATED BY | Represents federated identity relationships |
HAS_CREDENTIAL | IS_CREDENTIAL_OF | Associates a credential with an identity |
HAS_MEMBER | IS_MEMBER_OF | Represents group membership |
OWNS | IS_OWNED_BY | Indicates ownership of an entity |
You can find a few examples covering common use cases in the Examples section.