• The Sankey graph visualizes data using three node types: Threat, Affected Workload, and MITRE Tactics. It is generated via the API:
  ndr/campaign/sankey-diagram/{campaignuuid}/{max_nodes}
  where max_nodes defines the maximum number of nodes per type (range: 2-30).

{
    "nodes": [ <list of nodes> ],
    "links": [ <list of links> ],
}
Where "nodes" are the actual nodes that are displayed on the graph and the links array has the links between the nodes. 
Each node includes metadata like:

{
    node_type: "Threat | Workload | Mitre Tactics",
    num_events: "Number of events associated with the node. Required if "other" field is not true.",
    other: "If set to true, this node represents the aggregates of other nodes (to honor the max_number_nodes API query parameter).",
    num_aggregated_nodes: "This field is present only for the aggregated node (for which the other field is set to true). It represents the            number of nodes being aggregated."
    threat_uuid: "Threat unique identifier. Required if "other" field is not true",
    mitre_tactic_uuid: "Affected workload unique identifier. Required if "other" field is not true.",
    affected_compute_uuid: "MITRE tactic unique identifier. Required if "other" field is not true."
}

• The Sankey graph groups nodes into a special "Other" category when the number of nodes exceeds a certain limit. These "Other" nodes are aggregated representations and do not include the unique identifiers typically required for linking nodes in the graph.
• Because of this, the front-end is unable to correctly render the connections between nodes, which causes the graph (and in some cases the entire UI section) to fail and display a blank screen.

• There is no resolution or workaround for this issue as of now.
• This issue does not affect the functionality of the platform or the features.