Hey @0101001001001 ,
Yes, there’s an API you can use to run the queries.
I’ll use the locations data in from this post
As an example to demonstrate…
The locations data is held in an database called blog_demo_database and in two collections
locations_edge_collection: STIX relationship objectslocations_vertex_collection: all other STIX objects
So a query might look like this
FOR doc IN locations_vertex_collection
FILTER doc.type == "location"
AND CONTAINS(doc.name, "United")
RETURN doc.name
[
"Tanzania, United Republic of",
"United States of America",
"United Arab Emirates",
"United States Minor Outlying Islands",
"United Kingdom of Great Britain and Northern Ireland"
]
To run this query via the API you need your ArangoDB credentials encoded as base64
curl -X POST \
-H "Authorization: Basic USER:PASS_BASE64_ENCODED" \
--data '{"query":"FOR doc IN locations_vertex_collection FILTER doc.type == \"location\" AND CONTAINS(doc.name, \"United\") RETURN doc.name"}' \
http://127.0.0.1:8529/_db/cti_database/_api/cursor
Which returns:
{"result":["Tanzania, United Republic of","United States of America","United Arab Emirates","United States Minor Outlying Islands","United Kingdom of Great Britain and Northern Ireland"],"hasMore":false,"cached":false,"extra":{"warnings":[],"stats":{"writesExecuted":0,"writesIgnored":0,"scannedFull":293,"scannedIndex":0,"cursorsCreated":0,"cursorsRearmed":0,"cacheHits":0,"cacheMisses":0,"filtered":288,"httpRequests":0,"executionTime":7.258330006152391e-4,"peakMemoryUsage":32768}},"error":false,"code":201}%
The data you want is inside the result object.
All that being said, we built the CTI Butler API to make these types of queries easier – might be worth checking out 