I’ve read a lot of your blog posts importing STIX data to ArangoDB using stix2arango.
I am just getting my head around the Arango query language, but I was wondering if there is anyway to run these queries outside of the ArangoDB UI via an API?
Hey @0101001001001 ,
Yes, there’s an API you can use to run the queries.
I’ll use the locations data in from this post
As an example to demonstrate…
The locations data is held in an database called blog_demo_database and in two collections
locations_edge_collection: STIX relationship objectslocations_vertex_collection: all other STIX objects
So a query might look like this
FOR doc IN locations_vertex_collection
FILTER doc.type == "location"
AND CONTAINS(doc.name, "United")
RETURN doc.name
[
"Tanzania, United Republic of",
"United States of America",
"United Arab Emirates",
"United States Minor Outlying Islands",
"United Kingdom of Great Britain and Northern Ireland"
]
To run this query via the API you need your ArangoDB credentials encoded as base64
curl -X POST \
-H "Authorization: Basic USER:PASS_BASE64_ENCODED" \
--data '{"query":"FOR doc IN locations_vertex_collection FILTER doc.type == \"location\" AND CONTAINS(doc.name, \"United\") RETURN doc.name"}' \
http://127.0.0.1:8529/_db/cti_database/_api/cursor
Which returns:
{"result":["Tanzania, United Republic of","United States of America","United Arab Emirates","United States Minor Outlying Islands","United Kingdom of Great Britain and Northern Ireland"],"hasMore":false,"cached":false,"extra":{"warnings":[],"stats":{"writesExecuted":0,"writesIgnored":0,"scannedFull":293,"scannedIndex":0,"cursorsCreated":0,"cursorsRearmed":0,"cacheHits":0,"cacheMisses":0,"filtered":288,"httpRequests":0,"executionTime":7.258330006152391e-4,"peakMemoryUsage":32768}},"error":false,"code":201}%
The data you want is inside the result object.