Neo4jClient Node/Relationship Class conventions

0
votes

Is there a standard naming convention for the properties/methods of a node/relationship class when working with Neo4jClient?

I'm following this link Neo4jClient - Retrieving relationship from Cypher query to create my relationship class

However, there are certain properties of my relationship which i can't get any value despite the relationship having it. While debugging my code, i realized certain properties was not retrieved from the relationship when creating the relationship object.

this is my relationship class

public class Creates
{
    private string _raw;
    private int _sourcePort;
    private string _image;
    private int _DestinationPort;
    private int _eventcode;
    private string _name;
    private string _src_ip;
    private int _src_port;
    private string _dvc;
    private int _signature_ID;
    private string _dest_ip;
    private string _computer;
    private string _sourceType;
    private int _recordID;
    private int _processID;
    private DateTime _time;
    private int _dest_port;

    public string Raw { get { return _raw; } set { _raw = value; } }
    public int SourcePort { get { return _sourcePort; } set { _sourcePort = value; } }
    public string Image { get { return _image; } set { _image = value; } }
    public int DestinationPort { get { return _DestinationPort; } set { _DestinationPort = value; } }
    public int Eventcode { get { return _eventcode; } set { _eventcode = value; } }
    public string Name { get { return _name; } set { _name = value; } }
    public string Src_ip { get { return _src_ip; } set { _src_ip = value; } }
    public int Src_port { get { return _src_port; } set { _src_port = value; } }
    public string DVC { get { return _dvc; } set { _dvc = value; } }
    public int Signature_ID { get { return _signature_ID; } set { _signature_ID = value; } }
    public string Dest_ip { get { return _dest_ip; } set { _dest_ip = value; } }
    public string Computer { get { return _computer; } set { _computer = value; } }
    public string SourceType { get { return _sourceType; } set { _sourceType = value; } }
    public int RecordID { get { return _recordID; } set { _recordID = value; } }
    public int ProcessID { get { return _processID; } set { _processID = value; } }
    public DateTime Indextime { get { return _time; } set { _time = value; } }
    public int Dest_port { get { return _dest_port; } set { _dest_port = value; } }
}

This is another class

public class ProcessConnectedIP
{
    public Neo4jClient.RelationshipInstance<Pivot> bindto { get; set; }
    public Neo4jClient.Node<LogEvent> bindip { get; set; }
    public Neo4jClient.RelationshipInstance<Pivot> connectto { get; set; }
    public Neo4jClient.Node<LogEvent> connectip { get; set; }
}

This is my neo4jclient query to get the relationship object

public IEnumerable<ProcessConnectedIP> GetConnectedIPs(string nodeName)
    {
        try
        {
            var result =
                  this.client.Cypher.Match("(sourceNode:Process{name:{nameParam}})-[b:Bind_IP]->(bind:IP_Address)-[c:Connect_IP]->(connect:IP_Address)")
                .WithParam("nameParam", nodeName)
                .Where("b.dest_ip = c.dest_ip")
                .AndWhere("c.Image=~{imageParam}")
                .WithParam("imageParam", $".*" + nodeName + ".*")
                .Return((b, bind, c, connect) => new ProcessConnectedIP
                {
                    bindto = b.As<RelationshipInstance<Creates>>(),
                    bindip = bind.As<Node<LogEvent>>(),
                    connectto = c.As<RelationshipInstance<Creates>>(),
                    connectip = connect.As<Node<LogEvent>>()
                })
                .Results;
            return result;
        }catch(Exception ex)
        {
            Console.WriteLine("GetConnectedIPs: Error Msg: " + ex.Message);
            return null;
        }
    }

This is the method to read the results

public void MyMethod(string name)
    {
        IEnumerable<ProcessConnectedIP> result = clientDAL.GetConnectedIPs(name);
        if(result != null)
        {
            var results = result.ToList();
            Console.WriteLine(results.Count());
            foreach (ProcessConnectedIP item in results)
            {
                Console.WriteLine(item.Data.Src_ip);
                Console.WriteLine(item.bindto.StartNodeReference.Id);
                Console.WriteLine(item.bindto.EndNodeReference.Id);
                Console.WriteLine(item.connectto.StartNodeReference.Id);
                Console.WriteLine(item.connectto.EndNodeReference.Id);

                Node<LogEvent> ans = item.bindip;
                LogEvent log = ans.Data;
                Console.WriteLine(log.Name);

                Node<LogEvent> ans1 = item.connectip;
                LogEvent log1 = ans1.Data;
                Console.WriteLine(log1.Name);
            }
        }
    }

Somehow, i'm only able to populate the relationship object with src_ip/src_port/dest_ip/dest_port values. the rest are empty.

Is there any possible reason why? I've played with upper/lower cases on the properties names but it does not seem to work.

This is the section of the graph im working with enter image description here

This is the relationship properties sample:

_raw: Some XML dataSourcePort: 49767Image: C:\Windows\explorer.exeDestinationPort: 443EventCode: 3Name: Bind IPsrc_ip: 172.10.10.104dvc: COMPUTER-NAMEsrc_port: 49767signature_id: 3dest_ip: 172.10.10.11Computer: COMPUTRE-NAME_sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/OperationalRecordID: 13405621ProcessId: 7184_time: 2017-08-28T15:15:39+08:00dest_port: 443

2
c#neo4jneo4jclient

2 Answers

1
votes

I'm not entirely sure how your Creates class is ever populated, in particular those fields - as your Src_port property doesn't match the src_port in the sample you provided (case wise).

I think it's probably best to go back to a super simple version. Neo4jClient will map your properties to the properties in the Relationship as long as they have the same name (and it is case-sensitive).

So start with a new Creates class (and use auto properties - it'll make your life a lot easier!)

public class Creates
{
    public string Computer { get; set; }
}

Run your query with that and see if you get a result, then keep on adding properties that match the name and type you expect to get back (int, string etc)

0
votes

It seems that i have to give neo4j node/relationship property names in lowercase and without special characters at the start of the property name, in order for the above codes to work.

The graph was not created by me at the start thus i had to work on it with what was given. I had to get the developer who created the graph to create the nodes with lowercases in order for the above to work.