![]() ![]() stix_objects for both the fromCollections (Collections that contain the start vertices of the relation) and toCollections (Collections that contain the end vertices of the relation).stix_relationships as the Edge Definition (edge definition define a relation of the graph).Using these two collections I will also need a Graph, stix_graph: An edge describes the connection between two documents using the internal attributes: _from and _to. Edges are special documents used for connecting other documents into a graph. An Edge Collection stix_relationships to store the SROs and embedded relationships (e.g.Document Collections are used to store vertex documents. A Document Collection stix_objects to store the SDOs and SCOs.Storing STIX 2.1 Objectsįirstly, I need to create two Collections In this post, I will show you how to get started storing and retrieving STIX 2.1 Objects using ArangoDB.įor this tutorial, I will be heavily using the the ArangoDB Web UI to demonstrate the concepts. The team at Sekoia went through a similar process and have done a great job detailing their decision to use ArangoDB to store STIX Objects too. ArangoDB is a native multi-model database system supporting three data models: key/value, documents and graphs. In building Signal Corps products (which are all built around the STIX 2.1 specification), I reviewed various relational databases, document-oriented databases, graph databases and hybrid graph/document databases. When it comes to storing and retrieving STIX 2.1 data in an easy and efficient manner there are number of considerations when selecting a database to use. Similarly the flexibility to model relationships and connect STIX Objects can make for a complex graph of information. Being a defined standard means I cannot be too creative (to ensure maximum downstream compatibility). ![]() However, both these factors bring downsides. Not only does it offer a lot of options to model data, it is also a widely used standard. In this post I will show you how Signals Corps products use ArangoDB to store STIX 2.1 Objects.Īs I demonstrated in our STIX 2.1 tutorial, STIX is a very comprehensive way to represent cyber threat intelligence. Please view the post on for the full interactive viewing experience. If you are reading this blog post via a 3rd party source it is very likely that many parts of it will not render correctly.
0 Comments
Leave a Reply. |