Running your first query

In this guide, we will introduce you to the Overmind interface, and provide you with the information you need to run your first query.

Table of Contents:

  • Explore
  • Basic use
  • Method
  • Query
  • Type
  • Scope
  • Link depth
  • Example http query


  • Once you have logged in you will be dropped into explore. From here you can chose to run either a new query or run one of our pre-populated ones. Overmind has a source called stdlib which allows you to run query's without entering any source credentials returning publicly available information.

  • The top bar provides access to the main functions of the Overmind platform. This is where you can input your method, query, type ect.

Basic Use

Overmind discovers system states using the State Description Protocol. This allows users to easily create software that discovers system state, for example:

  • Source containers for running with srcman.
  • Agents for discovering local state on servers and other devices.

State Description Protocol is designed to allow for the serialisation of the description of the current state of a computer system for the purposes of auditing, monitoring etc. It is deliberately simplistic and is designed to transmit the details of things that we don't know the importance of. For this reason it doesn't contain dedicated ways of describing files, packages etc. Since it doesn't presume to know what it is describing, other than the fact that it is "state".

Item requests

Are made up of 5 different components:

1. Method


This takes a single unique query and should only return a single item. If an item matching the parameter passed doesn't exist the server should fail


This takes no query (or ignores it) and should return all items that it can find


This takes a non-unique query which is designed to be used as a Search search term. It should return some number of items (or zero) which match the query

by any string. Intended to be used by autocomplete in the GUI and therefore places extra weight on prefixes however will also perform free-text and fuzzy matching too

2. Query

What query should be passed to that method. Can be made up of

3. Type

The type of item to search for. Can be


to query all users


to query globally

4. Scope

The scope within which the item is unique. Item uniqueness is determined by the combination of type and uniqueAttribute value. However it is possible for the same item to exist in many scopes. There is not formal definition for what a scope should be other than the fact that it should be somewhat descriptive and should ensure item uniqueness

5. Link depth

How deeply to link items. A value of 0 will mean that items are not linked. To resolve linked items "infinitely" simply set this to a high number, with the highest being 4,294,967,295. While this isn't truly infinite, chances are that it is effectively the same, think six degrees of separation etc. The scope for which we are requesting.

To query all scopes use the the wildcard '*'.

Example: http GET query

In this example we have used the built-in stdlib source to run a get query on the domain Lets take a look at the results:

You can see in the graph that we have one result based on our query. From here we can start discovering related types/ resources. A easy way to do this is by double clicking the node.

You can see by double clicking we have increased our link depth and revealed related types (certificates, network sockets, dns etc)

Clicking on a node on the graph will provide some more information. Including type/ scope and attributes which contains some type specefic meta data which will help you to understand the context of the type.

Explore a example: Security Groups

Start by querying a security group ID.

Next double click the security group to expand the link depth and discover related resources and use the generated meta-data to understand without prior context.

From the graph above we can see that making any modifications to this security group will impact various other linked security groups and resources. This means we need to be careful to ensure that any changes will not have any unintended impact.


You are able to easily spot any dependent security groups by seeing if they have any links between them and another security group.

Unused security groups

After modifying

By bookmarking the query, it means you can easily return to it and see if any changes have occurred. Wherever this be new security groups added/ removed or if any unused ones have appeared.

And you can do all this without any additional subscription cost.