How to use Persistence API to query pushed messages?

eclecticiq / OpenTAXII

TAXII server implementation in Python from EclecticIQ

BSD 3-Clause "New" or "Revised" License

189 stars 89 forks source link

How to use Persistence API to query pushed messages? #178

Closed wizardous23 closed 3 years ago

wizardous23 commented 3 years ago

Hello, I've been able to push a STIX object message to my collection. I just wanted to ask where the messages are stored after a push (taxii-push command) and how can they be queried?

arcsector commented 3 years ago

Hi Wizardous, The best way to see how to do this is to read the documentation. Other than that, you can use the cabby command taxii-pull to query the object. You can also directly query the SQL backend by grabbing the content_blocks table.

wizardous23 commented 3 years ago

Hi Wizardous, The best way to see how to do this is to read the documentation. Other than that, you can use the cabby command taxii-pull to query the object. You can also directly query the SQL backend by grabbing the content_blocks table.

The content_blocks table seems to be in JSON if I am not wrong? Are there any helper functions that would help query this data based on the created_at tag?

arcsector commented 3 years ago

Again, please read the documentation for cabby; look for the begin and end arguments