{"id":19883650,"url":"https://github.com/muchdogesec/stix2arango","last_synced_at":"2026-01-26T12:23:47.768Z","repository":{"id":242938696,"uuid":"809749788","full_name":"muchdogesec/stix2arango","owner":"muchdogesec","description":"stix2arango is a command line tool that takes a group of STIX 2.1 objects in a bundle and inserts them into ArangoDB. It can also handle updates to existing objects in ArangoDB imported in a bundle.","archived":false,"fork":false,"pushed_at":"2026-01-21T09:34:38.000Z","size":15994,"stargazers_count":10,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-01-21T21:21:56.416Z","etag":null,"topics":["arangodb","stix2"],"latest_commit_sha":null,"homepage":"https://pypi.org/project/stix2arango/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/muchdogesec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-06-03T11:31:18.000Z","updated_at":"2026-01-21T09:34:25.000Z","dependencies_parsed_at":"2024-06-16T19:05:11.455Z","dependency_job_id":"ccdd82d5-c621-4ab5-af17-f57cac5d921a","html_url":"https://github.com/muchdogesec/stix2arango","commit_stats":null,"previous_names":["muchdogesec/stix2arango"],"tags_count":73,"template":false,"template_full_name":null,"purl":"pkg:github/muchdogesec/stix2arango","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muchdogesec%2Fstix2arango","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muchdogesec%2Fstix2arango/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muchdogesec%2Fstix2arango/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muchdogesec%2Fstix2arango/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/muchdogesec","download_url":"https://codeload.github.com/muchdogesec/stix2arango/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muchdogesec%2Fstix2arango/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28778289,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-26T11:46:04.308Z","status":"ssl_error","status_checked_at":"2026-01-26T11:46:02.664Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arangodb","stix2"],"created_at":"2024-11-12T17:21:48.663Z","updated_at":"2026-01-26T12:23:47.763Z","avatar_url":"https://github.com/muchdogesec.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# stix2arango\n\n[![codecov](https://codecov.io/gh/muchdogesec/stix2arango/graph/badge.svg?token=YI0CEBBHHL)](https://codecov.io/gh/muchdogesec/stix2arango)\n\n## Overview\n\n![](docs/stix2arango.png)\n\nstix2arango is a command line tool that takes a group of STIX 2.1 objects in a bundle and inserts them into ArangoDB. It can also handle updates to existing objects in ArangoDB imported in a bundle.\n\n1. STIX 2.1 bundle entered\n2. User chooses database/collection names (stix2arango creates as needed)\n3. stix2arango inserts objects (or updates them) and then generates any relationships between them\n\n## tl;dr\n\n[![stix2arango](https://img.youtube.com/vi/zn6KCj2O5CY/0.jpg)](https://www.youtube.com/watch?v=zn6KCj2O5CY)\n\n[Watch the demo](https://www.youtube.com/watch?v=zn6KCj2O5CY).\n\n## Usage\n\n### Install the script\n\n```shell\n# clone the latest code\ngit clone https://github.com/muchdogesec/stix2arango\n# create a venv\ncd stix2arango\npython3 -m venv stix2arango-venv\nsource stix2arango-venv/bin/activate\n# install requirements\npip3 install .\n````\n\nNote, the installation assumes ArangoDB is already installed locally.\n\n[You can install ArangoDB here](https://arangodb.com/download/). stix2arango is compatible with both the Enterprise and Community versions.\n\n### Configuration options\n\nstix2arango has various settings that are defined in an `.env` file.\n\nTo create a template for the file:\n\n```shell\ncp .env.example .env\n```\n\nTo see more information about how to set the variables, and what they do, read the `.env.markdown` file.\n\n### Run\n\n```shell\npython3 stix2arango.py \\\n\t--file PATH/TO/STIX.json \\\n\t--database NAME \\\n\t--collection NAME \\\n\t--stix2arango_note SOMETHING \\\n\t--ignore_embedded_relationships BOOLEAN\n```\n\nWhere;\n\n* `--file` (required): is the path to the valid STIX 2.1 bundle .json file\n* `--database` (required): is the name of the Arango database the objects should be stored in. \n* `--create_db` (default `true`): If database does not exist, stix2arango will create it. You can set to `false` to stop this behaviour (and avoid the risk of incorrect DBs being created). Generally setting to `false` is a good idea if you know the databases exist. This setting will only work if the Arango user being used to authenticate has permissions to create new databases.\n* `--collection` (required): is the name of the Arango collection in the database specified the objects should be stored in. If the collection does not exist, stix2arango will create it\n* `--stix2arango_note` (optional): Will be stored under the `_stix2arango_note` custom attribute in ArangoDB. Useful as can be used in AQL. `a-z` characters only. Max 24 chars.\n* `--ignore_embedded_relationships` (optional, boolean):  if `true` passed, this will stop ANY embedded relationships from being generated. This applies for all object types (SDO, SCO, SRO, SMO). If you want to target certain object types see `ignore_embedded_relationships_sro` and `ignore_embedded_relationships_sro` flags. ` Default is `false`\n* `--ignore_embedded_relationships_sro` (optional, boolean): if `true` passed, will stop any embedded relationships from being generated from SRO objects (`type` = `relationship`). Default is `false`\n* `--ignore_embedded_relationships_smo` (optional, boolean): if `true` passed, will stop any embedded relationships from being generated from SMO objects (`type` = `marking-defirnition`, `extension-definition`, `language-content`). Default is `false`\n* `--include_embedded_relationships_attributes` (optional, stix `_ref` or `_refs` attribute): if you only want to create embedded relationships from certain keys (attributes) in a STIX object you can pass a list of attributes here. e.g. `object_refs created_by_ref` . In this example, embedded relationships to all objects listed in `object_refs` and objects in `created_by_ref` will be created between source (the objects that house these attibutes) and destinations (the objects listed as values for these attributes)\n* `--is_large_file` (pass flag): Use this mode when the bundle is very large (\u003e100mb), this will chunk the input into multiple files before loading into memory.\n\nFor example, [using the MITRE ATT\u0026CK Enterprise bundle](https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json);\n\n```shell\npython3 stix2arango.py \\\n\t--file cti_knowledge_base_store/mitre-attack-enterprise/enterprise-attack-15_1.json \\\n\t--database stix2arango_demo \\\n\t--collection demo_1 \\\n\t--stix2arango_note v15.1 \\\n\t--ignore_embedded_relationships true \\\n\t--is_large_file\n```\n\nIf you want to include embedded relationships as edges in the ArangoDB collection, you would run;\n\n```shell\npython3 stix2arango.py \\\n\t--file cti_knowledge_base_store/mitre-attack-enterprise/enterprise-attack-15_1.json \\\n\t--database stix2arango_demo \\\n\t--collection demo_2 \\\n\t--stix2arango_note v15.1 \\\n\t--ignore_embedded_relationships false \\\n\t--is_large_file\n```\n\nIf you want to include embedded relationships for `created_by_ref` and `object_marking_refs` attibutes collection, you would run;\n\n```shell\npython3 stix2arango.py \\\n\t--file cti_knowledge_base_store/mitre-attack-enterprise/enterprise-attack-15_1.json \\\n\t--database stix2arango_demo \\\n\t--collection demo_2 \\\n\t--stix2arango_note v15.1 \\\n\t--include_embedded_relationships_attributes object_refs created_by_ref \\\n\t--is_large_file\n```\n\n#### A note on embedded relationships\n\nstix2arango can handle all embedded references to other STIX objects under `_ref` and `_refs` properties in a STIX object when `--ignore_embedded_relationships` is set to false.\n\ne.g.\n\n```json\n        {\n            \"type\": \"x-mitre-tactic\",\n            \"spec_version\": \"2.1\",\n            \"id\": \"x-mitre-tactic--b977ad29-eb0c-5f09-bb2f-6d3f23e2a175\",\n            \"created_by_ref\": \"identity--8700e156-6ce9-5090-8589-f9d0aef7bdb7\",\n```\n\nFor the above object a STIX SRO would be generated by stix2arango with `source_ref=x-mitre-tactic--b977ad29-eb0c-5f09-bb2f-6d3f23e2a175`, `target_ref=identity--8700e156-6ce9-5090-8589-f9d0aef7bdb7` and `relationship_type=created-by`.\n\n## Quickstart\n\nWe store a lot of STIX data from popular knowledgebases on Cloudflare R2.\n\nThis is a useful resource to quickly populate STIX data using stix2arango if you want to see what it can do.\n\nTo populate this data for yourself, check out `utilities/README.md` for import scripts.\n\n## Useful supporting tools\n\n* To generate STIX 2.1 Objects: [stix2 Python Lib](https://stix2.readthedocs.io/en/latest/)\n* The STIX 2.1 specification: [STIX 2.1 docs](https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html)\n* [ArangoDB docs](https://docs.arangodb.com/3.11/about-arangodb/)\n\n## Support\n\n[Minimal support provided via the DOGESEC community](https://community.dogesec.com/).\n\n## License\n\n[Apache 2.0](/LICENSE).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmuchdogesec%2Fstix2arango","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmuchdogesec%2Fstix2arango","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmuchdogesec%2Fstix2arango/lists"}