Arango TAXII Server is a production ready implementation of a TAXII 2.1 Server designed to work with ArangoDB.
# clone the latest code
git clone https://github.com/muchdogesec/arango_taxii_server
cd arango_taxii_server
# fetch submodules
git submodule update --init --recursive
You will need to create an .env
file as follows;
cp .env.example .env
You will then need to specify details of your ArangoDB server.
You can also set the TAXII Server information in this file.
Note, this script will not install an ArangoDB instance.
If you're new to ArangoDB, you can install the community edition quickly by following the instructions here.
sudo docker-compose build
sudo docker-compose up
The webserver (Django) should now be running on: http://127.0.0.1:8000/
You can access the Swagger UI for the API in a browser at: http://127.0.0.1:8000/api/schema/swagger-ui/
It is STRONGLY recommend you seed your ArangoDB database using stix2arango. If not, that is OK, but it is imperative you create Databases and Collection as follows;
_database
, e.g (my_taxii_database
)_edge_collection
(e.g. my_taxii_edge_collection
)_vertex_collection
(e.g. my_taxii_vertex_collection
)We try and keep this repo in sync with the remote cve2stix / cpe2stix repos used as Git submodules when changes happen.
Sometimes this is not always the case (either because we've forgot, or there are breaking changes).
If it's the case we've forgotten, you can update the Git Submodules in this repo as follows:
cd stix2arango
git checkout main
git pull
The following information should hopefully help you to determine if this TAXII implementation is right for you.
This code is only designed to work with ArangoDB. That includes all versions of ArangoDB, including the free community edition.
Authentication is managed by ArangoDB.
Under the _system
database, admin users can add or remove other users from the system.
Each user has a username and password.
These values are used to authenticate against the API, using basic auth in the header of each request;
Authorization: Basic <credentials>
Users can also be assigned permissions on a database and Collection level.
A user can be assigned read/write or read permissions to a Collection.
ArangoDB has the following structure
├── database
│ ├── document collection
│ ├── document collection N
│ ├── edge collection
│ └── edge collection N
├── database N
│ ├── document collection
│ ├── document collection N
│ ├── edge collection
│ └── edge collection N
├── ...
An ArangoDB database has the following attributes;
name
(required)identifier
(autogenerated)An ArangoDB collection has the following attributes;
name
(required)type
(required): either document or edgeidentifier
(autogenerated)TAXII has the following structure
├── api-root
│ ├── collection
│ │ └── stix objects
│ └── collection
│ └── stix objects
├── api-root
│ ├── collection
│ │ └── stix objects
│ └── collection
│ └── stix objects
├── ...
A TAXII root has the following attributes;
title
(required)description
(optional)versions
(required)max_content_length
(required)A TAXII collection has the following attributes:
id
(required)title
(required)description
(optional)alias
(optional)can_read
(required)can_write
(required)media_types
(optional)In Arango TAXII Server; ArangoDB Databases map to TAXII API Roots as follow...
TAXII attribute -> ArangoDB attribute
taxii.api-root.title
-> arango.database.name
taxii.api-root.versions
-> not inherited from arango (always application/taxii+json;version=2.1
as this is what Arango TAXII Server supports)taxii.api-root.max_content_length
-> not inherited from arango (set in the conf file but determined at the webserver level based on maximum size it can support for responses, thus will be the same value for all API Roots)In Arango TAXII server; ArangoDB Collections map to TAXII Collections as follow...
TAXII attribute -> ArangoDB attribute
taxii.collection.id
-> arango.collection.identifier
taxii.collection.title
-> arango.collection.name (without type -- see stix2arango coupling)
taxii.collection.alias
-> arango.collection.name (without type -- see stix2arango coupling)
taxii.collection.can_read
-> not inherited from arango (this is dynamic, is boolean depending if authorised user can read collection. In reality should always be TRUE
as users should not be shown any collections they cannot read)taxii.collection.can_write
-> not inherited from arango (this is dynamic, is boolean depending if authorised user can write to collection)taxii.collection.media_types
-> not inherited from arango (always application/stix+json;version=2.1
because we only ever store STIX 2.1 objects)Arango TAXII Server uses stix2arango as a middleware component when creating objects (Add Object endpoint).
The two important things to be aware of about this coupling is that
my_taxii_edge_collection
and my_taxii_vertex_collection
) to store objects correctly.my_taxii
, but under the hood both Collections are used.We realise not everyone will want to use ArangoDB. Here are some other open-source TAXII server options you could consider;
If you are a paying DOGESEC customer, please contact our support team.
For everyone else, minimal support provided via the DOGESEC community.