Skip to content

Instantly share code, notes, and snippets.

@chppppp

chppppp/customqueries.json

Forked from seajaysec/customqueries.json
Created September 6, 2019 04:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save chppppp/577779b688cb3fc77e818556de7d44ed to your computer and use it in GitHub Desktop.
Save chppppp/577779b688cb3fc77e818556de7d44ed to your computer and use it in GitHub Desktop.
Download ZIP
bloodhound custom queries - there may be dupes
Raw
customqueries.json
{
"queries": [
{
"name": "Find all Domain Admins",
"queryList": [
{
"final": true,
"query":
"MATCH (n:Group) WHERE n.objectsid =~ {name} WITH n MATCH p=(n)<-[r:MemberOf*1..]-(m) RETURN p",
"props": {
"name": "(?i)S-1-5-.*-512"
},
"allowCollapse": false
}
]
},
{
"name": "Find Shortest Paths to Domain Admins",
"queryList": [
{
"final": false,
"title": "Select a Domain Admin group...",
"query":
"MATCH (n:Group) WHERE n.objectsid =~ {name} RETURN n.name ORDER BY n.name DESC",
"props": {
"name": "(?i)S-1-5-.*-512"
}
},
{
"final": true,
"query":
"MATCH (n:User),(m:Group {name:{result}}),p=shortestPath((n)-[r:MemberOf|AdminTo|HasSession|Contains|GpLink|Owns|DCSync|AllExtendedRights|ForceChangePassword|GenericAll|GenericWrite|WriteDacl|WriteOwner|CanRDP|ExecuteDCOM*1..]->(m)) RETURN p",
"allowCollapse": true,
"endNode": "{}"
}
]
},
{
"name": "Find DCSyncers",
"queryList": [
{
"final": false,
"title": "Select a Domain...",
"query":
"MATCH (n:Domain) RETURN n.name ORDER BY n.name DESC"
},
{
"final": true,
"query":
"MATCH p=(n1)-[:MemberOf|GetChanges*1..]->(u:Domain {name: {result}}) WITH p,n1 MATCH p2=(n1)-[:MemberOf|GetChangesAll*1..]->(u:Domain {name: {result}}) WITH p,p2 MATCH p3=(n2)-[:MemberOf|GenericAll|AllExtendedRights*1..]->(u:Domain {name: {result}}) RETURN p,p2,p3",
"allowCollapse": true,
"endNode": "{}"
}
]
},
{
"name": "Find logged in Admins",
"queryList": [
{
"final": true,
"query":
"MATCH p=(a:Computer)-[r:HasSession]->(b:User) WITH a,b,r MATCH p=shortestPath((b)-[:AdminTo|MemberOf*1..]->(a)) RETURN p",
"allowCollapse": true
}
]
},
{
"name": "Top Ten Users with Most Sessions",
"queryList": [
{
"final": true,
"query":
"MATCH (n:User),(m:Computer), (n)<-[r:HasSession]-(m) WHERE NOT n.name STARTS WITH 'ANONYMOUS LOGON' AND NOT n.name='' WITH n, count(r) as rel_count order by rel_count desc LIMIT 10 MATCH p=(m)-[r:HasSession]->(n) RETURN p",
"allowCollapse": true
}
]
},
{
"name": "Top Ten Computers with Most Sessions",
"queryList": [
{
"final": true,
"query":
"MATCH (n:User),(m:Computer), (n)<-[r:HasSession]-(m) WHERE NOT n.name STARTS WITH 'ANONYMOUS LOGON' AND NOT n.name='' WITH m, count(r) as rel_count order by rel_count desc LIMIT 10 MATCH p=(m)-[r:HasSession]->(n) RETURN n,r,m",
"allowCollapse": true
}
]
},
{
"name": "Top Ten Users with Most Local Admin Rights",
"queryList": [
{
"final": true,
"query":
"MATCH (n:User),(m:Computer), (n)-[r:AdminTo]->(m) WHERE NOT n.name STARTS WITH 'ANONYMOUS LOGON' AND NOT n.name='' WITH n, count(r) as rel_count order by rel_count desc LIMIT 10 MATCH p=(m)<-[r:AdminTo]-(n) RETURN p",
"allowCollapse": true
}
]
},
{
"name": "Top Ten Computers with Most Admins",
"queryList": [
{
"final": true,
"query":
"MATCH (n:User),(m:Computer), (n)-[r:AdminTo]->(m) WHERE NOT n.name STARTS WITH 'ANONYMOUS LOGON' AND NOT n.name='' WITH m, count(r) as rel_count order by rel_count desc LIMIT 10 MATCH p=(m)<-[r:AdminTo]-(n) RETURN p",
"allowCollapse": true
}
]
},
{
"name": "Users with Foreign Domain Group Membership",
"queryList": [
{
"final": false,
"title": "Select source domain...",
"query":
"MATCH (n:Domain) RETURN n.name ORDER BY n.name DESC"
},
{
"final": true,
"query":
"MATCH (n:User) WITH n MATCH (m:Group) WITH n,m MATCH p=(n)-[r:MemberOf]->(m) WHERE n.domain={result} AND NOT m.domain=n.domain RETURN p",
"startNode": "{}",
"allowCollapse": false
}
]
},
{
"name": "Groups with Foreign Domain Group Membership",
"queryList": [
{
"final": false,
"title": "Select source domain...",
"query":
"MATCH (n:Domain) RETURN n.name ORDER BY n.name DESC"
},
{
"final": true,
"query":
"MATCH (n:Group) WITH n MATCH (m:Group) WITH n,m MATCH p=(n)-[r:MemberOf]->(m) WHERE n.domain={result} AND NOT m.domain=n.domain AND NOT n.name=m.name RETURN p",
"startNode": "{}",
"allowCollapse": false
}
]
},
{
"name": "Map Domain Trusts",
"queryList": [
{
"final": true,
"query": "MATCH p=(n:Domain)-[r]-(m:Domain) RETURN p",
"allowCollapse": true
}
]
},
{
"name": "Shortest Path from SPN User",
"queryList": [
{
"final": false,
"title": "Select a domain...",
"query":
"MATCH (n:Domain) RETURN n.name ORDER BY n.name DESC"
},
{
"final": false,
"title": "Select a user",
"query":
"MATCH (n:User) WHERE n.domain={result} AND n.HasSPN=true RETURN n.name, n.PwdLastSet ORDER BY n.PwdLastSet ASC"
},
{
"final": true,
"query":
"MATCH n=shortestPath((a:User {name:{result}})-[r:MemberOf|AdminTo|HasSession|Contains|GpLink|Owns|DCSync|AllExtendedRights|ForceChangePassword|GenericAll|GenericWrite|WriteDacl|WriteOwner*1..]->(b:Computer)) RETURN n",
"startNode": "{}",
"allowCollapse": true
}
]
},
{
"name": "Shortest Paths to Domain Admins from SPN Users",
"queryList": [
{
"final": false,
"title": "Select a Domain Admin group...",
"query":
"MATCH (n:Group) WHERE n.name =~ {name} RETURN n.name ORDER BY n.name DESC",
"props": {
"name": "(?i).*DOMAIN ADMINS.*"
}
},
{
"final": true,
"query":
"MATCH (n:User),(m:Group {name:{result}}),p=shortestPath((n)-[r:MemberOf|AdminTo|HasSession|Contains|GpLink|Owns|DCSync|AllExtendedRights|ForceChangePassword|GenericAll|GenericWrite|WriteDacl|WriteOwner*1..]->(m)) WHERE n.HasSPN=true RETURN p",
"allowCollapse": true,
"endNode": "{}"
}
]
},
{
"name": "Find all owned Domain Admins",
"requireNodeSelect": false,
"query": "MATCH (n:Group) WHERE n.name =~ {name} WITH n MATCH p=(n)<-[r:MemberOf*1..]-(m) WHERE exists(m.owned) AND NONE (x IN nodes(p) WHERE exists(x.blacklist)) AND NONE (x in relationships(p) WHERE exists(x.blacklist)) RETURN nodes(p),relationships(p)",
"allowCollapse": false,
"props": {"name": "(?i).*DOMAIN ADMINS.*"}
},
{
"name": "Find Shortest Paths from owned node to Domain Admins",
"requireNodeSelect": true,
"nodeSelectQuery": {
"query":"MATCH (n:Group) WHERE n.name =~ {name} RETURN n.name",
"queryProps": {"name":"(?i).*DOMAIN ADMINS.*"},
"onFinish": "MATCH (n),(m:Group {name:{result}}),p=shortestPath((n)-[*1..12]->(m)) WHERE exists(n.owned) AND NONE (x IN nodes(p) WHERE exists(x.blacklist)) AND NONE (x in relationships(p) WHERE exists(x.blacklist)) RETURN p",
"start":"",
"end": "{}",
"allowCollapse": true,
"boxTitle": "Select domain to map..."
}
},
{
"name": "Show Wave",
"requireNodeSelect": true,
"nodeSelectQuery": {
"query":"MATCH (n) WHERE exists(n.wave) WITH DISTINCT n.wave as d RETURN toString(d) ORDER BY d",
"queryProps": {},
"onFinish": "OPTIONAL MATCH (n1:User {wave:toInt({result})}) WITH collect(distinct n1) as c1 OPTIONAL MATCH (n2:Computer {wave:toInt({result})}) WITH collect(distinct n2) + c1 as c2 OPTIONAL MATCH (n3:Group {wave:toInt({result})}) WITH c2, collect(distinct n3) + c2 as c3 UNWIND c2 as n UNWIND c3 as m MATCH (n)-[r]->(m) WHERE not(exists(n.blacklist)) AND not(exists(m.blacklist)) AND not(exists(r.blacklist)) RETURN n,r,m",
"start": "",
"end": "",
"allowCollapse": true,
"boxTitle": "Select wave..."
}
},
{
"name": "Highlight Delta for Wave",
"requireNodeSelect": true,
"nodeSelectQuery": {
"query":"MATCH (n) WHERE exists(n.wave) WITH DISTINCT n.wave as d RETURN toString(d) ORDER BY d",
"queryProps": {},
"onFinish": "MATCH (n)-[r]->(m) WHERE n.wave<=toInt({result}) AND not(exists(n.blacklist)) AND not(exists(m.blacklist)) AND not(exists(r.blacklist)) RETURN n,r,m",
"start": "",
"end": "",
"allowCollapse": true,
"boxTitle": "Select wave to show deltas..."
}
},
{
"name": "Find Clusters of Password Reuse",
"requireNodeSelect": false,
"query": "MATCH p=(n)-[r:SharesPasswordWith]->(m) WHERE not(exists(n.blacklist)) AND not(exists(m.blacklist)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Blacklisted Nodes",
"requireNodeSelect": false,
"query": "MATCH (n) WHERE exists(n.blacklist) RETURN n",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Blacklisted Relationships",
"requireNodeSelect": false,
"query": "MATCH (n)-[r]->(m) WHERE exists(r.blacklist) RETURN n,r,m",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Blacklist",
"requireNodeSelect": false,
"query": "OPTIONAL MATCH (n {blacklist:true}) WITH n OPTIONAL MATCH p=(()-[{blacklist:true}]->()) RETURN n,p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show owned Nodes",
"requireNodeSelect": false,
"query": "MATCH (n) WHERE exists(n.owned) RETURN n",
"allowCollapse": true,
"props": {}
},
{
"name": "Find Shortest Paths to DA Equivalency",
"requireNodeSelect": true,
"nodeSelectQuery": {
"query":"MATCH (n:Group) WHERE n.name =~ {name} RETURN n.name",
"queryProps": {"name":"(?i).*DOMAIN CONTROLLERS.*"},
"onFinish": "MATCH (n:User),(m:Group {name:{result}}),p=shortestPath((n)-[*1..]->(m)) RETURN p",
"start":"",
"end": "{}",
"allowCollapse": true,
"boxTitle": "Select domain to map..."
}
},
{
"name": "Find Shortest Paths to Domain Admins from Foreign User",
"requireNodeSelect": true,
"nodeSelectQuery": {
"query": "MATCH (n:Domain) RETURN n.name",
"queryProps":{},
"onFinish": "MATCH (n:User) WHERE NOT n.name ENDS WITH ('@' + {result}) WITH n MATCH (m:Group {name:('DOMAIN ADMINS@' + {result})}) WITH n,m MATCH p=shortestPath((n)-[*1..]->(m)) RETURN p",
"start": "{}",
"end": "",
"allowCollapse": true,
"boxTitle": "Select target domain..."
}
},
{
"name": "Show Connections over 22/tcp",
"requireNodeSelect": false,
"query": "MATCH p=((s:Computer)-[:Connected_22]->(d:Computer)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Connections over 80/tcp",
"requireNodeSelect": false,
"query": "MATCH p=((s:Computer)-[:Connected_80]->(d:Computer)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Connections over 135/tcp",
"requireNodeSelect": false,
"query": "MATCH p=((s:Computer)-[:Connected_135]->(d:Computer)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Connections over 139/tcp",
"requireNodeSelect": false,
"query": "MATCH p=((s:Computer)-[:Connected_139]->(d:Computer)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Connections over 389/tcp",
"requireNodeSelect": false,
"query": "MATCH p=((s:Computer)-[:Connected_389]->(d:Computer)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Connections over 443/tcp",
"requireNodeSelect": false,
"query": "MATCH p=((s:Computer)-[:Connected_443]->(d:Computer)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Connections over 445/tcp",
"requireNodeSelect": false,
"query": "MATCH p=((s:Computer)-[:Connected_445]->(d:Computer)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Connections over 1433/tcp",
"requireNodeSelect": false,
"query": "MATCH p=((s:Computer)-[:Connected_1433]->(d:Computer)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Connections over 1521/tcp",
"requireNodeSelect": false,
"query": "MATCH p=((s:Computer)-[:Connected_1521]->(d:Computer)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Connections over 3306/tcp",
"requireNodeSelect": false,
"query": "MATCH p=((s:Computer)-[:Connected_3306]->(d:Computer)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Connections over 3389/tcp",
"requireNodeSelect": false,
"query": "MATCH p=((s:Computer)-[:Connected_3389]->(d:Computer)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Connections over 5432/tcp",
"requireNodeSelect": false,
"query": "MATCH p=((s:Computer)-[:Connected_5432]->(d:Computer)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Database Connections",
"requireNodeSelect": false,
"query": "MATCH p=((s:Computer)-[:Connected_1433|Connected_1521|Connected_3306|Connected_5432]->(d:Computer)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Show Web App Connections",
"requireNodeSelect": false,
"query": "MATCH p=((s:Computer)-[:Connected_80|Connected_443]->(d:Computer)) RETURN p",
"allowCollapse": true,
"props": {}
},
{
"name": "Find Top 10 RDP Servers",
"requireNodeSelect": false,
"query": "MATCH (n:Computer)-[r:Connected_3389]->(m:Computer) WHERE NOT m.name STARTS WITH 'ANONYMOUS LOGON' AND NOT m.name='' WITH m, count(r) as rel_count order by rel_count desc LIMIT 10 MATCH (n)-[r:Connected_3389]->(m) RETURN n,r,m",
"allowCollapse": true,
"props": {}
},
{
"name": "Find Top 10 SSH Servers",
"requireNodeSelect": false,
"query": "MATCH (n:Computer)-[r:Connected_22]->(m:Computer) WHERE NOT m.name STARTS WITH 'ANONYMOUS LOGON' AND NOT m.name='' WITH m, count(r) as rel_count order by rel_count desc LIMIT 10 MATCH (n)-[r:Connected_22]->(m) RETURN n,r,m",
"allowCollapse": true,
"props": {}
},
{
"name": "Find Top 10 Web Apps with most Connections",
"requireNodeSelect": false,
"query": "MATCH (n:Computer)-[r:Connected_80|Connected_443]->(m:Computer) WHERE NOT m.name STARTS WITH 'ANONYMOUS LOGON' AND NOT m.name='' WITH m, count(r) as rel_count order by rel_count desc LIMIT 10 MATCH (n)-[r:Connected_80|Connected_443]->(m) RETURN n,r,m",
"allowCollapse": true,
"props": {}
},
{
"name": "List Computers where DOMAIN USERS are Local Admin",
"queryList": [
{
"final": true,
"query":
"MATCH p=(m:Group)-[r:AdminTo]->(n:Computer) WHERE m.name STARTS WITH 'DOMAIN USERS' RETURN p",
"allowCollapse": true
}
]
},
{
"name": "Shortest Path from DOMAIN USERS to High Value Targets",
"queryList": [
{
"final": true,
"query":
"MATCH (g:Group),(n {highvalue:true}),p=shortestPath((g)-[r*1..]->(n)) WHERE g.name STARTS WITH 'DOMAIN USERS' return p",
"allowCollapse": true
}
]
},
{
"name": "ALL Path from DOMAIN USERS to High Value Targets",
"queryList": [
{
"final": true,
"query":
"MATCH (g:Group) WHERE g.name STARTS WITH 'DOMAIN USERS' MATCH (n {highvalue:true}),p=shortestPath((g)-[r*1..]->(n)) return p",
"allowCollapse": true
}
]
},
{
"name": "Find Workstations where DOMAIN USERS can RDP To",
"queryList": [
{
"final": true,
"query":
"match p=(g:Group)-[:CanRDP]->(c:Computer) where g.name STARTS WITH 'DOMAIN USERS' AND NOT c.operatingsystem CONTAINS 'Server' return p",
"allowCollapse": true
}
]
},
{
"name": "Find Servers where DOMAIN USERS can RDP To",
"queryList": [
{
"final": true,
"query":
"match p=(g:Group)-[:CanRDP]->(c:Computer) where g.name STARTS WITH 'DOMAIN USERS' AND c.operatingsystem CONTAINS 'Server' return p",
"allowCollapse": true
}
]
},
{
"name": "Find all other Rights DOMAIN USERS shouldn’t have",
"queryList": [
{
"final": true,
"query":
"MATCH p=(m:Group)-[r:Owns|:WriteDacl|:GenericAll|:WriteOwner|:ExecuteDCOM|:GenericWrite|:AllowedToDelegate|:ForceChangePassword]->(n:Computer) WHERE m.name STARTS WITH 'DOMAIN USERS' RETURN p",
"allowCollapse": true
}
]
},
{
"name": "Kerberoastable Accounts member of High Value Group",
"queryList": [
{
"final": true,
"query":
"MATCH (n:User)-[r:MemberOf]->(g:Group) WHERE g.highvalue=true AND n.hasspn=true RETURN n, g, r",
"allowCollapse": true
}
]
},
{
"name": "List all Kerberoastable Accounts",
"queryList": [
{
"final": true,
"query":
"MATCH (n:User)WHERE n.hasspn=true RETURN n",
"allowCollapse": true
}
]
},
{
"name": "Top Ten Users with Most Sessions",
"queryList": [
{
"final": true,
"query":
"MATCH (n:User),(m:Computer), (n)<-[r:HasSession]-(m) WHERE NOT n.name STARTS WITH 'ANONYMOUS LOGON' AND NOT n.name='' WITH n, count(r) as rel_count order by rel_count desc LIMIT 10 MATCH p=(m)-[r:HasSession]->(n) RETURN p",
"allowCollapse": true
}
]
},
{
"name": "Top Ten Computers with Most Admins",
"queryList": [
{
"final": true,
"query":
"MATCH (n:User),(m:Computer), (n)-[r:AdminTo]->(m) WHERE NOT n.name STARTS WITH 'ANONYMOUS LOGON' AND NOT n.name='' WITH m, count(r) as rel_count order by rel_count desc LIMIT 10 MATCH p=(m)<-[r:AdminTo]-(n) RETURN p",
"allowCollapse": true
}
]
}, {
"name": "Top Ten Computers with Most Sessions",
"queryList": [
{
"final": true,
"query":
"MATCH (n:User),(m:Computer), (n)<-[r:HasSession]-(m) WHERE NOT n.name STARTS WITH 'ANONYMOUS LOGON' AND NOT n.name='' WITH m, count(r) as rel_count order by rel_count desc LIMIT 10 MATCH p=(m)-[r:HasSession]->(n) RETURN n,r,m",
"allowCollapse": true
}
]
},
{
"name": "Top Ten Users with Most Local Admin Rights",
"queryList": [
{
"final": true,
"query":
"MATCH (n:User),(m:Computer), (n)-[r:AdminTo]->(m) WHERE NOT n.name STARTS WITH 'ANONYMOUS LOGON' AND NOT n.name='' WITH n, count(r) as rel_count order by rel_count desc LIMIT 10 MATCH p=(m)<-[r:AdminTo]-(n) RETURN p",
"allowCollapse": true
}
]
},
{
"name": "All Shortest Path - Owned to HighValue",
"queryList": [
{
"final": true,
"query":
"MATCH p=allShortestPaths((O {owned: True})-[r:{}*1..]->(H {highvalue: True})) RETURN p",
"props": {},
"allowCollapse": true
}
]
},
{
"name": "All Shortest Path - Owned to HighValue - Exclude Blacklist",
"queryList": [
{
"final": true,
"query":
"MATCH p=allShortestPaths((O {owned: True})-[r:{}*1..]->(H {highvalue: True})) WHERE NONE(x IN NODES(p) WHERE x:Blacklist) RETURN p",
"props": {},
"allowCollapse": true
}
]
},
{
"name": "Owned - View All",
"queryList": [
{
"final": true,
"query":
"MATCH (x {owned: True}) RETURN x",
"props": {},
"allowCollapse": true
}
]
},
{
"name": "Owned - Clear All",
"queryList": [
{
"final": true,
"query":
"MATCH (x {owned: True}) SET x.owned=False",
"props": {},
"allowCollapse": true
}
]
},
{
"name": "HighValue - View All",
"queryList": [
{
"final": true,
"query":
"MATCH (x {highvalue: True}) RETURN x",
"props": {},
"allowCollapse": true
}
]
},
{
"name": "HighValue - Clear All",
"queryList": [
{
"final": true,
"query":
"MATCH (x {highvalue: True}) SET x.highvalue=False",
"props": {},
"allowCollapse": true
}
]
},
{
"name": "Blacklist - View All",
"queryList": [
{
"final": true,
"query":
"MATCH (x:Blacklist) RETURN x",
"props": {},
"allowCollapse": true
}
]
},
{
"name": "Blacklist - Add User",
"queryList": [
{
"final": false,
"query":
"MATCH (x:User) RETURN x.name ORDER BY x.name",
"props": {},
"allowCollapse": true
},
{
"final": true,
"query": "MATCH (x:User) WHERE x.name={result} SET x:Blacklist",
"props": {},
"allowCollapse": true
}
]
},
{
"name": "Blacklist - Add Group",
"queryList": [
{
"final": false,
"query":
"MATCH (x:Group) RETURN x.name ORDER BY x.name",
"props": {},
"allowCollapse": true
},
{
"final": true,
"query": "MATCH (x:Group) WHERE x.name={result} SET x:Blacklist",
"props": {},
"allowCollapse": true
}
]
},
{
"name": "Blacklist - Add Computer",
"queryList": [
{
"final": false,
"query":
"MATCH (x:Computer) RETURN x.name ORDER BY x.name",
"props": {},
"allowCollapse": true
},
{
"final": true,
"query": "MATCH (x:Computer) WHERE x.name={result} SET x:Blacklist",
"props": {},
"allowCollapse": true
}
]
},
{
"name": "Blacklist - Remove User",
"queryList": [
{
"final": false,
"query":
"MATCH (x:User:Blacklist) RETURN x.name ORDER BY x.name",
"props": {},
"allowCollapse": true
},
{
"final": true,
"query": "MATCH (x:User) WHERE x.name={result} REMOVE x:Blacklist",
"props": {},
"allowCollapse": true
}
]
},
{
"name": "Blacklist - Remove Group",
"queryList": [
{
"final": false,
"query":
"MATCH (x:Group:Blacklist) RETURN x.name ORDER BY x.name",
"props": {},
"allowCollapse": true
},
{
"final": true,
"query": "MATCH (x:Group) WHERE x.name={result} REMOVE x:Blacklist",
"props": {},
"allowCollapse": true
}
]
},
{
"name": "Blacklist - Remove Computer",
"queryList": [
{
"final": false,
"query":
"MATCH (x:Computer:Blacklist) RETURN x.name ORDER BY x.name",
"props": {},
"allowCollapse": true
},
{
"final": true,
"query": "MATCH (x:Computer) WHERE x.name={result} REMOVE x:Blacklist",
"props": {},
"allowCollapse": true
}
]
},
{
"name": "Blacklist - Clear All",
"queryList": [
{
"final": true,
"query":
"MATCH (x:Blacklist) REMOVE x:Blacklist",
"props": {},
"allowCollapse": true
}
]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment