Sk 1

COVID-19-Analysis/db_scripts/queries/age_distribution.gsql

@@ -9,9 +9,9 @@ CREATE QUERY age_distribution() FOR GRAPH MyGraph SYNTAX V2 {
   MapAccum<int, int> @@age_map;
 	start = {Patient.*};
 
-	start = select s from start:s
-	        where s.state != "deceased"
-	        accum @@age_map += ((year(now()) - s.birth_year) -> 1);
+	start = SELECT s FROM start:s
+	        WHERE s.state != "deceased"
+	        ACCUM @@age_map += ((year(now()) - s.birth_year) -> 1);
 
-	print @@age_map;
+	PRINT @@age_map;
 }

COVID-19-Analysis/db_scripts/queries/edge_crawl.gsql

@@ -1,4 +1,4 @@
-CREATE QUERY edge_crawl()FOR GRAPH MyGraph SYNTAX V2 { 
+CREATE QUERY edge_crawl() FOR GRAPH MyGraph SYNTAX V2 { 
   /**************************************
 	* S1 = Grabbing all Patients that a Patient Infected
 	* S2 = Grabbing all Patients belonging to a well known Case

COVID-19-Analysis/db_scripts/queries/infection_subgraph.gsql

@@ -15,31 +15,31 @@ CREATE QUERY infection_subgraph(vertex<Patient> p) FOR GRAPH MyGraph SYNTAX V2 {
 	ENDTIME = p.released_date;
 
 	infected (ANY) = {p};
-	infected = select s from infected:s
-	           accum s.@visited = true;
+	infected = SELECT s FROM infected:s
+	           ACCUM s.@visited = TRUE;
 
-	while infected.size() > 0 limit 100 do
-	  places = select t from infected:s-(PATIENT_TRAVELED:e)-TravelEvent:t
-	           where (t.visited_date >= STARTTIME and 
-							      t.visited_date <= ENDTIME and 
+	WHILE infected.size() > 0 LIMIT 100 DO
+	  places = SELECT t FROM infected:s-(PATIENT_TRAVELED:e)-TravelEvent:t
+	           WHERE (t.visited_date >= STARTTIME AND 
+							      t.visited_date <= ENDTIME AND 
 							      t.outdegree("PATIENT_TRAVELED") > 1)
-	             and t.@visited == false
-	           accum t.@visited = true,
+	             AND t.@visited == FALSE
+	           ACCUM t.@visited = TRUE,
 	                 @@edge_set += e; 
 
-	  same_place = select t from places:s-(PATIENT_TRAVELED:e)-Patient:t
-	              where t.@visited == false 
-	              accum t.@visited = true,
+	  same_place = SELECT t FROM places:s-(PATIENT_TRAVELED:e)-Patient:t
+	              WHERE t.@visited == FALSE 
+	              ACCUM t.@visited = TRUE,
 	                    @@edge_set += e; 
 
-	  people = select t from infected:s-(reverse_INFECTED_BY>:e)-:t
-	           where (STARTTIME <= t.symptom_onset_date and ENDTIME >= t.symptom_onset_date)
-	             and t.@visited == false
-	           accum t.@visited = true,
+	  people = SELECT t FROM infected:s-(reverse_INFECTED_BY>:e)-:t
+	           WHERE (STARTTIME <= t.symptom_onset_date AND ENDTIME >= t.symptom_onset_date)
+	             AND t.@visited == FALSE
+	           ACCUM t.@visited = TRUE,
 	                 @@edge_set += e;
 
 	  infected = same_place UNION people;
-	end;
+	END;
 
-	print @@edge_set;
+	PRINT @@edge_set;
 }

COVID-19-Analysis/db_scripts/queries/most_direct_infections.gsql

@@ -8,10 +8,10 @@ CREATE QUERY most_direct_infections() FOR GRAPH MyGraph SYNTAX V2 {
 	start (ANY) = {Patient.*};
 
 	//while Start.size() > 0 do
-	start = select s from start:s-(reverse_INFECTED_BY>:e)-Patient:t
-	        accum s.@num_direct_infections += 1
-	        order by s.outdegree("reverse_INFECTED_BY") desc
-	        limit 1;
+	start = SELECT s FROM start:s-(reverse_INFECTED_BY>:e)-Patient:t
+	        ACCUM s.@num_direct_infections += 1
+	        ORDER BY s.outdegree("reverse_INFECTED_BY") DESC
+	        LIMIT 1;
 
-	print start as Answer;
+	PRINT start AS Answer;
 }

COVID-19-Analysis/db_scripts/queries/use_map.gsql

@@ -7,9 +7,9 @@ CREATE QUERY use_map(/* Parameters here */) FOR GRAPH MyGraph SYNTAX v2{
 	//OrAccum @visted;
   C1 = {City.*};
 	S1 = SELECT v1 FROM C1:v1-(TRAVEL_EVENT_IN:e1)-TravelEvent:v2-(PATIENT_TRAVELED:e2)-Patient:v3
-	               //WHERE v3.@visted == false
+	               //WHERE v3.@visted == FALSE
 	               ACCUM @@patients_by_city_map += (v1.city -> v3.patient_id);
-	               //POST-ACCUM v3.@visted = true;
+	               //POST-ACCUM v3.@visted = TRUE;
 
-  PRINT @@patients_by_city_map As Patient_Count_In_City; 
+  PRINT @@patients_by_city_map AS Patient_Count_In_City; 
 }

Customer-360-Attribution-and-Engagement-Graph/db_scripts/queries/similar_contacts.gsql

@@ -32,25 +32,26 @@ CREATE QUERY similar_contacts(VERTEX<Contact> source_customer,
         FROM A:s -(is_connected_to>:e)- CampaignMember:t;
     PRINT campaign_members_set.size();
 
-    // From campaign_members_set, traverse 'is_part_of' edges to Campaigns, for all 
-    // desired campaign_types (e.g. Webinar, Website Direct, Demo Signup/Trial)
+    /* From campaign_members_set, traverse 'is_part_of' edges to Campaigns, for all 
+       desired campaign_types (e.g. Webinar, Website Direct, Demo Signup/Trial) */
     campaign_set =
         SELECT t
         FROM campaign_members_set:s -(is_part_of>:e)- Campaign:t
         WHERE campaign_types.size() == 0 OR (t.Campaign_Type IN campaign_types);
     PRINT campaign_set.size();
 
-    // From campaign_set, traverse reverse_is_part_of edges back to all
-    // CampaignMembers
+    /* From campaign_set, traverse reverse_is_part_of edges back to all
+       CampaignMembers */
     rev_campaign_members_set =
         SELECT t
         FROM campaign_set:s -(reverse_is_part_of>:e)- CampaignMember:t;
     PRINT rev_campaign_members_set.size();
 
-    // From CampaignMemberSet, traverse 'reverse_is_connected_to' edges back to
-    // Contacts, (set B). For each Contact in set B, accumulate the intersection
-    // size of the shared Campaigns, and ompute its Jaccard Similarity score as
-    // intersection_size / (size_A + size_B - intersection_size)
+    /* From CampaignMemberSet, traverse 'reverse_is_connected_to' edges back to
+       Contacts, (set B). For each Contact in set B, accumulate the intersection
+       size of the shared Campaigns, and ompute its Jaccard Similarity score as
+       intersection_size / (size_A + size_B - intersection_size) 
+    */
     B = SELECT t
         FROM rev_campaign_members_set:s -(reverse_is_connected_to>:e)- Contact:t
         WHERE t != source_customer

Customer-360-Attribution-and-Engagement-Graph/db_scripts/queries/similar_customers.gsql

@@ -38,8 +38,8 @@ CREATE QUERY similar_customers(VERTEX<Contact> source_customer,
         campaign_members_set = SELECT t
             FROM A:s -(is_connected_to:e)-> CampaignMember:t;
 
-        // From CampaignMember s, traverse 'is_part_of' edges to Campaign s, for all 
-        // desired campaign_type_set (eg. Webinar, Website Direct, Demo Signup/Trial)
+        /* From CampaignMember s, traverse 'is_part_of' edges to Campaign s, for all 
+           desired campaign_type_set (eg. Webinar, Website Direct, Demo Signup/Trial) */
         campaign_set = SELECT t
             FROM campaign_members_set -(is_part_of:e)-> Campaign:t
             WHERE campaign_type_set.size() == 0 OR (t.Campaign_Type in campaign_type_set);
@@ -48,11 +48,11 @@ CREATE QUERY similar_customers(VERTEX<Contact> source_customer,
         campaign_members_set = SELECT t
             FROM campaign_set:s -(reverse_is_part_of:e)-> CampaignMember:t;
 
-        // From CampaignMember s, traverse 'reverse_is_connected_to' edges back to Contacts (B set)
-        // For each Contact in B set, accumulate the intersection size of the shared Campaigns, and 
-        //   compute it's Jaccard Similarity score as
-        //     Jaccard similarity = intersection_size / size of the Union of (A set + B set)
-        //                        = intersection_size / (size_A + size_B - intersection_size)
+        /*  From CampaignMember s, traverse 'reverse_is_connected_to' edges back to Contacts (B set)
+            For each Contact in B set, accumulate the intersection size of the shared Campaigns, and 
+            compute it's Jaccard Similarity score as
+            Jaccard similarity = intersection_size / size of the Union of (A set + B set)
+                               = intersection_size / (size_A + size_B - intersection_size) */
         B = SELECT t
             FROM campaign_members_set:s -(reverse_is_connected_to:e)-> Contact:t
             WHERE t != source_customer

Cybersecurity-Threat-Detection-IT/db_scripts/queries/alert_source_tracking.gsql

@@ -14,40 +14,40 @@ CREATE QUERY alert_source_tracking(int days=7, int k=3) FOR GRAPH MyGraph SYNTAX
 
 	start = {@@alert_type_set};
 
-	file_corrupted_alerts = select alert from start-(Alert_Has_Type:e)-:alert
-	                        accum alert.@path_list += e;
+	file_corrupted_alerts = SELECT alert FROM start-(Alert_Has_Type:e)-:alert
+	                        ACCUM alert.@path_list += e;
 
-	service = select serv from file_corrupted_alerts:alert-(Service_Alert:e)-:serv
-	          accum serv.@alert_date += alert.Alert_Date, serv.@path_list += alert.@path_list, serv.@path_list += e;
+	service = SELECT serv FROM file_corrupted_alerts:alert-(Service_Alert:e)-:serv
+	          ACCUM serv.@alert_date += alert.Alert_Date, serv.@path_list += alert.@path_list, serv.@path_list += e;
 
-	read_events = select event from service:s-(From_Service:e)-:event
+	read_events = SELECT event FROM service:s-(From_Service:e)-:event
 	              // the read date is within one day before the alert
-	              where datetime_diff(s.@alert_date,event.Start_Date) between 0 and 3600*24*days
-	              and event.Event_Type == "read"
-	              accum event.@path_list += s.@path_list, event.@path_list += e;
+	              WHERE datetime_diff(s.@alert_date,event.Start_Date) BETWEEN 0 AND 3600*24*days
+	              AND event.Event_Type == "read"
+	              ACCUM event.@path_list += s.@path_list, event.@path_list += e;
 
-	resource = select res from read_events:s-(Read_From_Resource:e)-:res
+	resource = SELECT res FROM read_events:s-(Read_From_Resource:e)-:res
 	            // keep the most recent read date of the resource
-	            accum res.@read_date += s.Start_Date, res.@path_list += s.@path_list, res.@path_list += e; 
+	            ACCUM res.@read_date += s.Start_Date, res.@path_list += s.@path_list, res.@path_list += e; 
 
-	write_events = select event from resource:s-(Output_To_Resource:e)-:event
+	write_events = SELECT event FROM resource:s-(Output_To_Resource:e)-:event
 	               // the write date is within one day before the read
-	               where datetime_diff(s.@read_date,event.Start_Date) between 0 and 3600*24*days
-	                 and event.Event_Type == "write"
-	               accum event.@path_list += s.@path_list, event.@path_list += e;
+	               WHERE datetime_diff(s.@read_date,event.Start_Date) BETWEEN 0 AND 3600*24*days
+	                 AND event.Event_Type == "write"
+	               ACCUM event.@path_list += s.@path_list, event.@path_list += e;
 
 	// get the users who behaved the file writing operation
-	users = select user from write_events:s-(User_Event:e)-:user
-	          accum user.@count += 1, user.@path_list += s.@path_list, user.@path_list += e;
+	users = SELECT user FROM write_events:s-(User_Event:e)-:user
+	          ACCUM user.@count += 1, user.@path_list += s.@path_list, user.@path_list += e;
 
-	login_events = select event from users:s-(User_Event:e)-:event
+	login_events = SELECT event FROM users:s-(User_Event:e)-:event
 	               where event.Event_Type == "login"
-	               accum event.@count += s.@count, event.@path_list += s.@path_list, event.@path_list += e;
+	               ACCUM event.@count += s.@count, event.@path_list += s.@path_list, event.@path_list += e;
 
-	login_IP = select ip from login_events:s-(Has_IP:e)-:ip
-	           accum ip.@count += s.@count, ip.@path_list += s.@path_list, ip.@path_list += e
-	           order by ip.@count desc
-	           limit k;
+	login_IP = SELECT ip FROM login_events:s-(Has_IP:e)-:ip
+	           ACCUM ip.@count += s.@count, ip.@path_list += s.@path_list, ip.@path_list += e
+	           ORDER BY ip.@count DESC
+	           LIMIT k;
 
-	print login_IP [login_IP.@count, login_IP.@path_list];
+	PRINT login_IP [login_IP.@count, login_IP.@path_list];
 }

Cybersecurity-Threat-Detection-IT/db_scripts/queries/firewall_bypass_detection.gsql

@@ -9,25 +9,25 @@ CREATE QUERY firewall_bypass_detection(/* Parameters here */) FOR GRAPH MyGraph
 
   	resources = {Resource.*};
 
-	resources = select res from resources:res 
-	            where res.Firewall_Required == true;
+	resources = SELECT res FROM resources:res 
+	            WHERE res.Firewall_Required == TRUE;
 
-	events = select event from resources-(Read_From_Resource)-:event
-	         where event.Event_Type == "read";
+	events = SELECT event FROM resources-(Read_From_Resource)-:event
+	         WHERE event.Event_Type == "read";
 
-  	IP_userID = select t from events:s-((Has_IP|User_Event):e)-:t
-	            accum t.@read_time += s.Start_Date;
+  	IP_userID = SELECT t FROM events:s-((Has_IP|User_Event):e)-:t
+	            ACCUM t.@read_time += s.Start_Date;
 
-	IP_userID_firewall = select s from IP_userID:s-((Has_IP|User_Event):e)-:event
-	                     where event.Event_Type == "firewall"
-	                     accum s.@firewall_time += event.Start_Date;
+	IP_userID_firewall = SELECT s FROM IP_userID:s-((Has_IP|User_Event):e)-:event
+	                     WHERE event.Event_Type == "firewall"
+	                     ACCUM s.@firewall_time += event.Start_Date;
 
-	IP_userID_no_firewall = IP_userID minus IP_userID_firewall;
+	IP_userID_no_firewall = IP_userID MINUS IP_userID_firewall;
 
-	print IP_userID_no_firewall;
+	PRINT IP_userID_no_firewall;
 
-	IP_userID_bypass_firewall = select s from IP_userID_firewall:s
-	                            where s.@read_time.size() > s.@firewall_time.size();
+	IP_userID_bypass_firewall = SELECT s FROM IP_userID_firewall:s
+	                            WHERE s.@read_time.size() > s.@firewall_time.size();
 
-	print IP_userID_bypass_firewall;
+	PRINT IP_userID_bypass_firewall;
 }

Cybersecurity-Threat-Detection-IT/db_scripts/queries/flooding_detection.gsql

@@ -1,51 +1,51 @@
 CREATE QUERY flooding_detection(/* Parameters here */) FOR GRAPH MyGraph { 
 
-  // this query detects the addresses that flooded one service with large number of requests.
-  // and possibly the ip addresses have logged in to many accounts 
-  // [IP] -> [login event] -> [user id] -> [request event] -> [service]
+  /* this query detects the addresses that flooded one service with large number of requests.
+     and possibly the ip addresses have logged in to many accounts 
+     [IP] -> [login event] -> [user id] -> [request event] -> [service] */
 
-  TypeDef tuple<vertex entity, vertex service, int cnt, float mean, float std> result_tuple;
+  TYPEDEF TUPLE<vertex entity, vertex service, int cnt, float mean, float std> result_tuple;
   AvgAccum @mean;
   SumAccum<float> @std;
   MapAccum<vertex, SumAccum<int>> @count_map;
   ListAccum<result_tuple> @@result_list;
 
   IPs = {IP.*};
 
-  login_events = select event from IPs-(Has_IP)-:event
-                 where event.Event_Type == "login"
-                 accum event.@count_map += (IPs->1);
+  login_events = SELECT event FROM IPs-(Has_IP)-:event
+                 WHERE event.Event_Type == "login"
+                 ACCUM event.@count_map += (IPs->1);
 
-  users = select user from login_events-(User_Event)-:user
-          accum user.@count_map += login_events.@count_map;
+  users = SELECT user FROM login_events-(User_Event)-:user
+          ACCUM user.@count_map += login_events.@count_map;
 
-  events = select event from users-(User_Event:e)-:event
+  events = SELECT event FROM users-(User_Event:e)-:event
            where event.Event_Type == "request"
-           accum event.@count_map += users.@count_map;
+           ACCUM event.@count_map += users.@count_map;
 
-  services = select s from events-(To_Service)-:s
-             accum s.@count_map += events.@count_map
-             post-accum
-               case when s.@count_map.size() > 1 then
+  services = SELECT s FROM events-(To_Service)-:s
+             ACCUM s.@count_map += events.@count_map
+             POST-ACCUM
+               CASE WHEN s.@count_map.size() > 1 THEN
                  // calculate the mean
-                 foreach (user,cnt) in s.@count_map do
+                 FOREACH (user,cnt) in s.@count_map DO
                    s.@mean += cnt
-                 end,
+                 END,
                  // calculate the standard deviation
-                 foreach (user,cnt) in s.@count_map do
+                 FOREACH (user,cnt) in s.@count_map DO
                    s.@std += pow(cnt - s.@mean, 2)
-                 end,
+                 END,
                  s.@std = sqrt(s.@std/(s.@count_map.size()-1)),
-                 case when s.@std != 0 then
+                 CASE WHEN s.@std != 0 THEN
                    // calculate the out lier
-                   foreach (user,cnt) in s.@count_map do
-                     case when cnt-s.@mean > 3*s.@std then
+                   FOREACH (user,cnt) IN s.@count_map DO
+                     CASE WHEN cnt-s.@mean > 3*s.@std THEN
                        @@result_list += result_tuple(user,s,cnt,s.@mean,s.@std)
-                     end
-                   end
-                 end
-               end;
+                     END
+                   END
+                 END
+               END;
 
-  print @@result_list;
-  print services;
+  PRINT @@result_list;
+  PRINT services;
 }