If you're running in production, you should set these securely.
However, if you just want to experiment, set the following values
These are all Django settings, defined in arango_taxii_server/settings.py
DJANGO_SECRET:insecure_django_secretDJANGO_DEBUG:TrueDJANGO_ALLOWED_HOSTS: BLANKDJANGO_CORS_ALLOW_ALL_ORIGINS:TrueDJANGO_CORS_ALLOWED_ORIGINS: LEAVE EMPTY
These are all Django settings, defined in arango_taxii_server/settings.py
POSTGRES_HOST:host.docker.internalPOSTGRES_PORT: BLANKPOSTGRES_DB:postgresPOSTGRES_USER:postgresPOSTGRES_PASSWORD:postgres
CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP:1
Note, this code will not install an ArangoDB instance.
If you're new to ArangoDB, you can install the community edition quickly by following the instructions here.
Arango TAXII Server uses stix2arango as a middleware component when creating objects (Add Object endpoint).
It is STRONGLY recommend you seed your ArangoDB database using stix2arango. If not, that is OK, but it is imperative you create Databases and Collection as follows;
- All databases should be suffixed with
_database, e.g (my_taxii_database) - All edge collections should be suffixed with
_edge_collection(e.g.my_taxii_edge_collection) - All vertex collections should be suffixed with
_vertex_collection(e.g.my_taxii_vertex_collection)
Arango TAXII Server expects 2 collections with the same name, one with the edge suffix and one with the vertex suffix (e.g. my_taxii_edge_collection and my_taxii_vertex_collection) to store objects correctly. For any request these ArangoDB Collections exposed to the user as a single TAXII collection called my_taxii, but under the hood both Collections are used.edge+vertex collection form a sig
In the stix2arango utilities you will find some quick start guides that will import some common knowledgebase data into Arango which is very useful in demonstrating how your Databases and Collections should be structured to work with Arango TAXII Server.
ARANGODB_HOST_URL:http://host.docker.internal:8529/- This is the Arango instance that will be used. A user must authenticate using their ArangoDB username/password in each request to the API.
These define the API schema generation
SERVER_BASE_URL:'http://127.0.0.1:8000/'SERVER_TITLE:'Arango TAXII Server'SERVER_DESCRIPTION:'https://github.com/muchdogesec/arango_taxii_server/'SERVER_MAX_CONTENT_LENGTH:10485760SERVER_EMAIL:'[email protected]'SERVER_SUPPORT:'https://community.dogesec.com/'
These define API pagination behaviour
MAX_PAGE_SIZE:50- This is the maximum number of results the API will ever return before pagination
DEFAULT_PAGE_SIZE:50- The default page size of result returned by the API
See tests/README.me