### Manual Configuration Setup Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/configuration.md Steps to manually set up environment variables, copy a template configuration file, edit it, and start the server using npm. ```bash # 1. Set environment export TAXII_ENV=dev # 2. Create config file cp config/template.env config/${TAXII_ENV}.env # 3. Edit configuration nano config/${TAXII_ENV}.env # 4. Start server npm run build npm run start ``` -------------------------------- ### Docker Configuration Setup Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/configuration.md Example command to run the TAXII server container using Docker, passing necessary environment variables. ```bash docker run \ -e TAXII_ENV=prod \ -e APP_PORT=8000 \ -e MONGO_URI=mongodb://mongo:27017/taxii \ -e WORKBENCH_REST_API_URL=http://workbench:3000 \ ghcr.io/mitre-attack/attack-workbench-taxii-server:latest ``` -------------------------------- ### MongoDB Connection Examples Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/configuration.md Provides examples for connecting to MongoDB, including local instances, instances with credentials, and MongoDB Atlas. ```env # Local MongoDB MONGO_URI=mongodb://localhost:27017/taxii # MongoDB with credentials MONGO_URI=mongodb://user:password@mongo.example.com:27017/taxii # MongoDB Atlas MONGO_URI=mongodb+srv://user:password@cluster.mongodb.net/taxii ``` -------------------------------- ### Hydration Configuration Example Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/configuration.md Enables synchronization of Workbench data when the server starts. Hydration also runs on a scheduled job every 30 minutes. ```env HYDRATE_ON_BOOT=true ``` -------------------------------- ### Build and Start Production Server Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/README.md Builds the application for production and starts the server. This is used for running the server in production mode with Swagger enabled. ```shell npm run build npm run start ``` -------------------------------- ### Install Dependencies Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/README.md Installs all project dependencies using npm. The ATT&CK Workbench TAXII Server manages its dependencies internally. ```shell npm install ``` -------------------------------- ### Get All Versions of an Object Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/VersionService.md Example of how to fetch all versions of a STIX object and log the count and individual versions. ```typescript // Get all versions of an object const versions = await versionService.findObjectVersions( 'bacf402e-b767-45bc-ae06-f0620d38ff15', 'attack-pattern--0a65c83a-e0b3-445b-8d12-df1a54e99a48' ); console.log(`Object has ${versions.versions.length} versions`); versions.versions.forEach((version) => { console.log(`- ${version}`); // e.g., "2021-04-15T19:39:45.000Z" }); ``` -------------------------------- ### Application Server Configuration Example Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/configuration.md Sets the server bind address, HTTP port, and HTTPS port. ```env APP_ADDRESS=0.0.0.0 APP_PORT=8000 APP_PORT_HTTPS=8443 ``` -------------------------------- ### Start Development Server with Hot-Reload Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/README.md Starts the server in development mode with hot-reloading enabled, allowing for automatic server restarts upon file changes. ```shell npm run start:dev ``` -------------------------------- ### Run Server with Development Configuration Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/README.md Sets the development environment variable and builds/starts the server. Ensure Node.js and npm are installed. ```bash export TAXII_ENV=dev npm run build && npm run start ``` -------------------------------- ### Pull Docker Image Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/README.md Pulls the latest Docker image for the ATT&CK Workbench TAXII server from the GitHub Container Registry. This is the simplest way to get started. ```shell docker pull ghcr.io/mitre-attack/attack-workbench-taxii-server:latest ``` -------------------------------- ### Example Request for Object Versions Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/endpoints.md This example demonstrates how to use curl to request the versions of a STIX object. The response contains an array of ISO 8601 formatted timestamps. ```bash curl 'http://localhost:8000/api/v21/collections/bacf402e-b767-45bc-ae06-f0620d38ff15/objects/attack-pattern--0a65c83a-e0b3-445b-8d12-df1a54e99a48/versions/' ``` -------------------------------- ### API Root Configuration Example Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/configuration.md Configures the URL path prefix, display title, and description for API endpoints. ```env API_ROOT_PATH=/api/v21 API_ROOT_TITLE=MITRE ATT&CK TAXII 2.1 API_ROOT_DESCRIPTION=This API Root contains TAXII 2.1 REST API endpoints that serve MITRE ATT&CK STIX 2.1 data ``` -------------------------------- ### Example HTTP 401 Unauthorized Response Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/errors.md Shows an example error response for a 401 Unauthorized status, indicating missing or invalid authentication credentials. ```json { "title": "Unauthorized", "description": "Valid authentication credentials are required to access this resource", "http_status": "401", "error_id": "550e8400-e29b-41d4-a716-446655440001" } ``` -------------------------------- ### TaxiiServiceNotImplementedException Example Response Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/errors.md Example JSON response for a 501 Not Implemented error, used when a requested endpoint or functionality is not supported by the server. ```json { "title": "'Add Objects' is not implemented", "description": "This TAXII 2.1 implementation does not support the Add Objects (5.5) endpoint. If coupled with Workbench however, objects can be added via the ATT&CK Workbench Front End and/or REST API.", "http_status": "501", "error_id": "550e8400-e29b-41d4-a716-446655440008", "external_details": "https://docs.oasis-open.org/cti/taxii/v2.1/csprd02/taxii-v2.1-csprd02.html#_Toc16526040" } ``` -------------------------------- ### Content and Request Configuration Example Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/configuration.md Sets the maximum POST request body size and the contact email for the server administrator. ```env MAX_CONTENT_LENGTH=1000 CONTACT_EMAIL=admin@example.com ``` -------------------------------- ### Example STIX Object Response Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/docs/USAGE.md This is an example JSON response when requesting a specific STIX object. It contains details about the object, its metadata, and references. ```json { "more": false, "objects": [ { "id": "attack-pattern--ad255bfe-a9e6-4b52-a258-8d3462abe842", "modified": "2021-04-29T14:49:39.188Z", "created": "2017-05-31T21:30:18.931Z", "type": "attack-pattern", "spec_version": "2.1", "name": "Data Obfuscation", "description": "Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols. ", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_attack_spec_version": "2.1.0", "x_mitre_detection": "Analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used. (Citation: University of Birmingham C2)", "x_mitre_domains": [ "enterprise-attack" ], "x_mitre_is_subtechnique": false, "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Linux", "macOS", "Windows" ], "x_mitre_version": "1.1", "x_mitre_data_sources": [ "Network Traffic: Network Traffic Content" ], "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1001", "external_id": "T1001" }, { "source_name": "University of Birmingham C2", "description": "Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.", "url": "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ] } ] } ``` -------------------------------- ### Workbench Integration Configuration Example Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/configuration.md Sets the base URL for the ATT&CK Workbench REST API and the base64-encoded authentication header. ```env WORKBENCH_REST_API_URL=http://workbench.example.com WORKBENCH_AUTH_HEADER=dGF4aWktc2VydmVyOnNlY3JldC1zcXVpcnJlbA== ``` -------------------------------- ### Example HTTP 403 Forbidden Response Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/errors.md An example error response for a 403 Forbidden status, used when a user lacks the necessary permissions for an operation. ```json { "title": "Forbidden", "description": "You do not have permission to perform this operation", "http_status": "403", "error_id": "550e8400-e29b-41d4-a716-446655440002" } ``` -------------------------------- ### Clone Repository and Navigate Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/README.md Clones the ATT&CK Workbench TAXII server repository from GitHub and navigates into the project directory. This is the first step for manual installation. ```shell git clone git@github.com:mitre-attack/attack-workbench-taxii-server.git cd attack-workbench-taxii-server ``` -------------------------------- ### Development Environment Configuration Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/configuration.md Example configuration file for the development environment, specifying application address, port, API details, database connection, and logging settings. ```env APP_ADDRESS=0.0.0.0 APP_PORT=8000 TAXII_ENV=dev API_ROOT_PATH=/api/v21 API_ROOT_TITLE=ATT&CK Workbench TAXII (Development) CORS_ENABLED=true MONGO_URI=mongodb://localhost:27017/taxii WORKBENCH_REST_API_URL=http://localhost:3000 HTTPS_ENABLED=false LOG_LEVEL=debug LOG_TO_FILE=false HYDRATE_ON_BOOT=true ``` -------------------------------- ### Production Environment Configuration Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/configuration.md Example configuration file for the production environment, including HTTPS settings, API details, security parameters, and logging configurations. ```env APP_ADDRESS=0.0.0.0 APP_PORT=8000 APP_PORT_HTTPS=8443 TAXII_ENV=prod API_ROOT_PATH=/api/v21 API_ROOT_TITLE=MITRE ATT&CK TAXII 2.1 API_ROOT_DESCRIPTION=Official MITRE ATT&CK TAXII 2.1 Server CONTACT_EMAIL=admin@mitre.org CORS_ENABLED=false MAX_CONTENT_LENGTH=1000 MONGO_URI=mongodb+srv://user:pass@cluster.mongodb.net/taxii WORKBENCH_REST_API_URL=https://workbench.mitre.org HTTPS_ENABLED=true SSL_PRIVATE_KEY_BASE64_ENCODED= SSL_PUBLIC_KEY_BASE64_ENCODED= LOG_LEVEL=warn LOG_TO_FILE=true LOG_TO_SENTRY_DSN=https://key@sentry.io/project HYDRATE_ON_BOOT=false ``` -------------------------------- ### TaxiiServiceUnavailableException Example Response Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/errors.md Example JSON response for a 503 Service Unavailable error, indicating that the server is temporarily unable to handle the request due to issues like an unreachable discovery service or database connection. ```json { "title": "Not Implemented", "description": "The 'Get Status' endpoint is not implemented.", "http_status": "503", "error_id": "550e8400-e29b-41d4-a716-446655440009" } ``` -------------------------------- ### Hydrate Database on Boot Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/docs/SETUP.md Configuration example for the TAXII Collector to hydrate the database immediately upon initialization by setting the TAXII_HYDRATE_ON_BOOT environment variable to true. ```shell export TAXII_HYDRATE_ON_BOOT=true ``` -------------------------------- ### Example Manifest Response Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/docs/USAGE.md This JSON response provides manifest information for a collection, detailing each object's ID, date added, version, and media type. ```json { "more": false, "objects": [ { "id": "attack-pattern--ad255bfe-a9e6-4b52-a258-8d3462abe842", "date_added": "Wed May 31 2017 21:30:18 GMT+0000 (Coordinated Universal Time)", "version": "2021-04-29T14:49:39.188Z", "media_type": "application/stix+taxii;version=2.1" } ... ] } ``` -------------------------------- ### CORS Configuration Example Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/configuration.md Enables Cross-Origin Resource Sharing (CORS) on all endpoints. Set to 'true' or 'false' as a string; the service converts to boolean. ```env CORS_ENABLED=true ``` -------------------------------- ### Example HTTP 404 Not Found Response (Pagination) Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/errors.md Shows a 404 Not Found error response related to invalid URL query parameters used for pagination. ```json { "title": "Invalid URL Query Parameters", "description": "The server was unable to process a page where 'next' equals 100 and 'limit' equals 50", "http_status": "404", "error_id": "550e8400-e29b-41d4-a716-446655440005" } ``` -------------------------------- ### Example HTTP 404 Not Found Response (Object) Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/errors.md Illustrates a 404 Not Found error response when a requested object within a collection cannot be located. ```json { "title": "Envelope Not Found", "description": "Could not locate object in collection bacf402e-b767-45bc-ae06-f0620d38ff15 with id: attack-pattern--missing", "http_status": "404", "error_id": "550e8400-e29b-41d4-a716-446655440004" } ``` -------------------------------- ### Example Object Versions Response Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/docs/USAGE.md This JSON response shows the available versions for a specific STIX object, listed as ISO 8601 timestamps. ```json { "more": false, "versions": [ "2022-04-25T14:00:00.188Z", "2023-08-17T19:51:14.195Z" ] } ``` -------------------------------- ### Example HTTP 404 Not Found Response (Collection) Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/errors.md Demonstrates a 404 Not Found error response when a specified TAXII collection ID does not exist. ```json { "title": "No TAXII Collection Found", "description": "No TAXII collection with the ID 4c936680-22bc-4e68-8037-ca7670493eef was found.", "http_status": "404", "error_id": "550e8400-e29b-41d4-a716-446655440003" } ``` -------------------------------- ### Get API Root Information Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/src/taxii/README.md Provides general information about a specific API Root. ```APIDOC ## GET /{api-root}/ ### Description This Endpoint provides general information about an API Root. ### Method GET ### Endpoint /{api-root}/ #### Path Parameters - **api-root** (string) - Required - The identifier for the API Root. ``` -------------------------------- ### Discover Server Information Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/DiscoveryService.md Retrieves server discovery information, including available API roots. This method maps to the GET /taxii2/ endpoint. ```typescript const discovery = discoveryService.discover(); console.log(`Server: ${discovery.title}`); console.log(`Contact: ${discovery.contact}`); console.log(`Description: ${discovery.description}`); console.log(`Default API Root: ${discovery.default}`); console.log(`Available API Roots:`, discovery.apiRoots); ``` -------------------------------- ### Get An Object Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/src/taxii/README.md Gets an object from a Collection by its `id`. ```APIDOC ## GET /{api-root}/collections/{id}/objects/{id}/ ### Description This Endpoint gets an object from a Collection by its `id`. ### Method GET ### Endpoint /{api-root}/collections/{id}/objects/{id}/ #### Path Parameters - **api-root** (string) - Required - The identifier for the API Root. - **id** (string) - Required - The identifier for the Collection. - **id** (string) - Required - The identifier for the object. ``` -------------------------------- ### Example: Fetching and Inspecting Manifest Records Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/ManifestService.md Demonstrates how to retrieve the first 100 manifest records for a collection and then inspect their details. It also shows how to handle pagination by fetching the next page. ```typescript // Get first 100 manifest records const manifest = await manifestService.getManifestsByCollection( 'bacf402e-b767-45bc-ae06-f0620d38ff15', undefined, 100 ); console.log(`Retrieved ${manifest.objects.length} manifest records`); // Inspect manifest records manifest.objects.forEach((record) => { console.log(`ID: ${record.id}`); console.log(`Version: ${record.modified}`); console.log(`Media Types: ${record.media_types.join(', ')}`); }); // Handle pagination if (manifest.more) { const nextPage = await manifestService.getManifestsByCollection( 'bacf402e-b767-45bc-ae06-f0620d38ff15', undefined, 100, 1 ); } ``` -------------------------------- ### HTTP Error Response Flow Example Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/errors.md Illustrates the flow from a client request to an exception being raised and then transformed into a TAXII 2.1-compliant error response by the exception filter. ```typescript // Request: GET /api/v21/collections/invalid-uuid/ // Exception raised in CollectionService: throw new TaxiiNotFoundException({ title: 'No TAXII Collection Found', description: `No TAXII collection with the ID invalid-uuid was found.` }); // Exception filter catches and responds: // HTTP 404 with response body: { "title": "No TAXII Collection Found", "description": "No TAXII collection with the ID invalid-uuid was found.", "http_status": "404", "error_id": "550e8400-e29b-41d4-a716-446655440010", "external_details": "https://docs.oasis-open.org/cti/taxii/v2.1/os/taxii-v2.1-os.html" } ``` -------------------------------- ### Build and Run Docker Image from Source Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/README.md Builds a Docker image from source and creates/starts a container instance using a provided shell script. Requires setting environment variables for configuration. ```shell export TAXII_ENV=prod | dev | local export TAXII_APP_PORT=8000 ./run.sh ``` -------------------------------- ### Get API Root Information Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/docs/USAGE.md Retrieve information about a specific API root, including its supported TAXII version and maximum content length. The Accept header is required. ```bash curl --request GET \ --url https://attack-taxii.mitre.org/api/v21/ \ --header 'Accept: application/taxii+json;version=2.1' ``` -------------------------------- ### HTTPS/SSL Configuration Example Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/configuration.md Enables HTTPS and provides base64-encoded SSL private key and public certificate. Falls back to loading from files if environment variables are not set. ```env HTTPS_ENABLED=true SSL_PRIVATE_KEY_BASE64_ENCODED=LS0tLS1CRUdJTi... SSL_PUBLIC_KEY_BASE64_ENCODED=LS0tLS1CRUdJTi... ``` -------------------------------- ### Get Collection Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/docs/USAGE.md Retrieves detailed information about a specific collection, identified by its unique ID. This allows users to get metadata for a particular dataset. ```APIDOC ## GET //collections// ### Description Returns information about a specific collection. ### Method GET ### Endpoint //collections// ### Parameters #### Path Parameters - **collection-id** (string) - Required - The unique identifier of the collection. ### Response #### Success Response (200) - **id** (string) - The unique identifier of the collection. - **title** (string) - The title of the collection. - **description** (string) - A description of the collection. - **canRead** (boolean) - Indicates if the collection can be read. - **canWrite** (boolean) - Indicates if the collection can be written to. - **mediaTypes** (array) - An array of supported media types for the collection. ### Response Example ```json { "id": "x-mitre-collection--1f5f1533-f617-4ca8-9ab4-6a02367fa019", "title": "Enterprise ATT&CK", "description": "ATT&CK for Enterprise provides a knowledge base of real-world adversary behavior targeting traditional enterprise networks. ATT&CK for Enterprise covers the following platforms: Windows, macOS, Linux, PRE, Office 365, Google Workspace, IaaS, Network, and Containers.", "canRead": true, "canWrite": false, "mediaTypes": [ "application/taxii+json;version=2.1", "application/taxii+json" ] } ``` ``` -------------------------------- ### Get Object by Object ID Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/EnvelopeService.md Retrieves a specific STIX object by its ID from a given collection. This endpoint is exposed via HTTP GET. ```APIDOC ## GET /{api-root}/collections/{collectionId}/objects/{objectId} ### Description Retrieves a specific STIX object by its ID from a specified collection. This endpoint relies on the ObjectService to fetch the raw STIX object. ### Method GET ### Endpoint `/{api-root}/collections/{collectionId}/objects/{objectId}` ### Parameters #### Path Parameters - **api-root** (string) - Required - The root path for the API. - **collectionId** (string) - Required - The ID of the collection containing the object. - **objectId** (string) - Required - The ID of the STIX object to retrieve. ### Response #### Success Response (200) - **object** (object) - The requested STIX object. (Specific schema for the STIX object is not detailed in the source text.) ``` -------------------------------- ### Pagination Example: Initial Request Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/endpoints.md To paginate results, include a 'limit' query parameter in the initial request. If more results exist, the response will include 'more: true' and a 'next' cursor. ```HTTP GET /collections/{id}/objects/?limit=50 ``` -------------------------------- ### Get Objects by Collection ID Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/EnvelopeService.md Retrieves STIX objects from a specific collection using filtering and pagination. This endpoint is exposed via HTTP GET. ```APIDOC ## GET /{api-root}/collections/{collectionId}/objects/ ### Description Retrieves STIX objects from a specific collection. This endpoint utilizes the ObjectService for retrieval, FilterService for applying filters, and PaginationService for handling pagination. ### Method GET ### Endpoint `/{api-root}/collections/{collectionId}/objects/` ### Parameters #### Path Parameters - **api-root** (string) - Required - The root path for the API. - **collectionId** (string) - Required - The ID of the collection from which to retrieve objects. #### Query Parameters (Details for query parameters related to filtering and pagination are not explicitly provided in the source text but are implied by the use of FilterService and PaginationService.) ### Response #### Success Response (200) - **objects** (array) - A list of STIX objects matching the criteria. (Specific schema for STIX objects is not detailed in the source text.) ``` -------------------------------- ### Get First 50 Objects from Collection Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/EnvelopeService.md Retrieves the first 50 objects from a specified TAXII collection. Use this to get the initial page of results. ```typescript const envelope = await envelopeService.findByCollectionId( 'bacf402e-b767-45bc-ae06-f0620d38ff15', undefined, 50 ); console.log(`Retrieved ${envelope.objects.length} objects`); if (envelope.more) { console.log(`More results available, next page: ${envelope.next}`); } ``` -------------------------------- ### GET {api-root}/collections/{collectionId}/objects/ Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/endpoints.md Retrieve STIX objects from a collection. Supports the same query parameters as the Get Object Manifests endpoint for filtering and pagination. ```APIDOC ## GET {api-root}/collections/{collectionId}/objects/ ### Description Retrieve STIX objects from a collection. Supports the same query parameters as the Get Object Manifests endpoint for filtering and pagination. ### Method GET ### Endpoint {api-root}/collections/{collectionId}/objects/ ### Parameters #### Path Parameters - **collectionId** (string) - Required - UUID of the collection #### Query Parameters - **added_after** (string) - Optional - ISO 8601 timestamp; only include objects created after this - **limit** (number) - Optional - Maximum records per page (enables pagination) - **next** (number) - Optional - Page index (0-based) to retrieve - **match[id]** (string) - Optional - STIX ID to match (repeatable for multiple IDs) - **match[type]** (string) - Optional - Object type to match (repeatable) - **match[version]** (string) - Optional - Version to match: timestamp, 'first', 'last', or 'all' (repeatable) - **match[spec_version]** (string) - Optional - STIX spec version: '2.0' or '2.1' (repeatable) ### Response #### Success Response (200) - **objects** (array) - Array of STIX 2.0 or 2.1 objects. - **more** (boolean) - true if more pages exist - **next** (string) - Page index for next page #### Response Example ```json { "objects": [ { "type": "malware", "id": "malware--123abc", "created": "2021-01-01T00:00:00.000Z", "modified": "2021-04-15T19:39:45.000Z", "name": "Poison Ivy" } ], "more": true, "next": "1" } ``` ### Errors - 404 Not Found — Collection does not exist - 406 Not Acceptable — Invalid content negotiation ``` -------------------------------- ### Get Manifests by Collection Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/ManifestService.md Retrieves manifest records for objects in a specified collection, with optional filtering and pagination. This method is exposed via an HTTP GET endpoint. ```APIDOC ## GET /collections/{collectionId}/manifest/ ### Description Retrieves manifest records (metadata) for STIX objects within a specified TAXII collection. Supports filtering by creation date, pagination, and custom match criteria. ### Method GET ### Endpoint `/{api-root}/collections/{collectionId}/manifest/` ### Parameters #### Path Parameters - **collectionId** (string) - Required - UUID of the TAXII collection. #### Query Parameters - **addedAfter** (string) - Optional - ISO 8601 timestamp; only objects created after this date. - **limit** (number) - Optional - Maximum number of manifest records per page. - **next** (number) - Optional - Page index (0-based) for pagination. - **match** (MatchDto) - Optional - Filter criteria (id, type, version, spec_version). ### Request Example ``` GET /{api-root}/collections/bacf402e-b767-45bc-ae06-f0620d38ff15/manifest/?limit=100 ``` ### Response #### Success Response (200) - **objects** (Array) - Array of manifest record objects. - **more** (boolean) - Indicates if more pages of results are available. - **next** (number) - The page index for the next page of results, if `more` is true. #### Response Example ```json { "objects": [ { "id": "a1b2c3d4-e5f6-7890-1234-567890abcdef", "modified": "2023-10-27T10:00:00Z", "media_types": ["application/vnd.oasis.stix+json; version=2.1"] } ], "more": true, "next": 1 } ``` ``` -------------------------------- ### TaxiiNotAcceptableException Example Response Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/errors.md Example JSON response for a 406 Not Acceptable error, typically triggered by unsupported content types or failed media type negotiation. ```json { "title": "Not Acceptable", "description": "The requested content type 'application/json' is not supported. Use 'application/taxii+json;version=2.1'", "http_status": "406", "error_id": "550e8400-e29b-41d4-a716-446655440006" } ``` -------------------------------- ### Environment Variable Configuration Format Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/TaxiiConfigService.md Illustrates the standard dotenv format for configuration files, including comments, simple key-value pairs, numeric values, boolean values, and values with spaces. ```env # Comments start with # VARIABLE_NAME=value NUMERIC_VALUE=1000 BOOLEAN_VALUE=true MULTI_WORD_VALUE=some value with spaces ``` -------------------------------- ### Filtering and Pagination Example Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/README.md Demonstrates how to retrieve objects from a collection with filtering and pagination parameters. Supports filtering by ID, type, version, STIX version, and creation date. Pagination is handled using 'limit' and 'next' parameters. ```APIDOC ## GET /collections/{id}/objects/ ### Description Retrieves objects from a specified collection with support for filtering and pagination. ### Method GET ### Endpoint /collections/{id}/objects/ ### Parameters #### Query Parameters - **limit** (integer) - Optional - The maximum number of objects to return per page. - **next** (integer) - Optional - The index of the next page to retrieve. Defaults to 0 for the first page. - **id** (string) - Optional - Filter by STIX object ID. - **type** (string) - Optional - Filter by object type (e.g., malware, attack-pattern). - **version** (string) - Optional - Filter by specific version timestamp or keywords (first, last, all). - **spec_version** (string) - Optional - Filter by STIX version (2.0 or 2.1). - **added_after** (string) - Optional - Filter by creation date threshold (ISO 8601 format). ### Response #### Success Response (200) - **objects** (array) - A list of STIX objects. - **more** (boolean) - Indicates if more pages of results are available. - **next** (string) - The index for the next page of results. #### Response Example ```json { "objects": [ ... ], "more": true, "next": "1" } ``` ``` -------------------------------- ### TaxiiInternalServerErrorException Example Response Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/errors.md Example JSON response for a 500 Internal Server Error, indicating an unexpected server-side issue such as a database connection failure or unhandled exception. ```json { "title": "Internal Server Error", "description": "An unexpected error occurred while processing your request", "http_status": "500", "error_id": "550e8400-e29b-41d4-a716-446655440007", "details": { "name": "MongooseError", "message": "Connection refused" } } ``` -------------------------------- ### GET {api-root}/collections/{collectionId}/objects/{objectId} Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/endpoints.md Retrieve all or specific versions of a STIX object from a collection. Supports the same query parameters as the Get Object Manifests endpoint for filtering and pagination. ```APIDOC ## GET {api-root}/collections/{collectionId}/objects/{objectId} ### Description Retrieve all or specific versions of a STIX object from a collection. Supports the same query parameters as the Get Object Manifests endpoint for filtering and pagination. ### Method GET ### Endpoint {api-root}/collections/{collectionId}/objects/{objectId} ### Parameters #### Path Parameters - **collectionId** (string) - Required - UUID of the collection - **objectId** (string) - Required - STIX ID of the object (without version) #### Query Parameters - **added_after** (string) - Optional - ISO 8601 timestamp; only include objects created after this - **limit** (number) - Optional - Maximum records per page (enables pagination) - **next** (number) - Optional - Page index (0-based) to retrieve - **match[id]** (string) - Optional - STIX ID to match (repeatable for multiple IDs) - **match[type]** (string) - Optional - Object type to match (repeatable) - **match[version]** (string) - Optional - Version to match: timestamp, 'first', 'last', or 'all' (repeatable) - **match[spec_version]** (string) - Optional - STIX spec version: '2.0' or '2.1' (repeatable) ### Response #### Success Response (200) - **objects** (array) - One or more versions of the object. - **more** (boolean) - true if more pages exist - **next** (string) - Page index for next page #### Response Example ```bash # Get latest version curl 'http://localhost:8000/api/v21/collections/bacf402e-b767-45bc-ae06-f0620d38ff15/objects/attack-pattern--0a65c83a-e0b3-445b-8d12-df1a54e99a48' # Get all versions curl 'http://localhost:8000/api/v21/collections/bacf402e-b767-45bc-ae06-f0620d38ff15/objects/attack-pattern--0a65c83a-e0b3-445b-8d12-df1a54e99a48?match[version]=all' ``` ### Errors - 404 Not Found — Collection or object does not exist - 406 Not Acceptable — Invalid content negotiation ``` -------------------------------- ### Get Objects Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/src/taxii/README.md Retrieves objects from a Collection. ```APIDOC ## GET /{api-root}/collections/{id}/objects/ ### Description This Endpoint retrieves objects from a Collection. ### Method GET ### Endpoint /{api-root}/collections/{id}/objects/ #### Path Parameters - **api-root** (string) - Required - The identifier for the API Root. - **id** (string) - Required - The identifier for the Collection. ``` -------------------------------- ### Constructor for VersionService Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/VersionService.md Initializes the VersionService with necessary dependencies like logger, object service, and pagination service. ```typescript constructor( logger: TaxiiLoggerService, objectService: ObjectService, paginationService: PaginationService ): VersionService ``` -------------------------------- ### Get A Collection Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/src/taxii/README.md Provides general information about a specific Collection. ```APIDOC ## GET /{api-root}/collections/{id}/ ### Description This Endpoint provides general information about a Collection. ### Method GET ### Endpoint /{api-root}/collections/{id}/ #### Path Parameters - **api-root** (string) - Required - The identifier for the API Root. - **id** (string) - Required - The identifier for the Collection. ``` -------------------------------- ### createAppConnectOptions Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/TaxiiConfigService.md Creates configuration options for the entire application, combining database and STIX repository options. This is called during application bootstrap. ```APIDOC ## createAppConnectOptions() ### Description Creates configuration options for the entire application, combining database and STIX repository options. ### Method `TaxiiConfigService.createAppConnectOptions()` ### Returns ```typescript { databaseConnectOptions: DatabaseConnectOptions; stixConnectOptions: StixConnectOptions; } ``` ``` -------------------------------- ### Get Object Manifests Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/src/taxii/README.md Retrieves a manifest (metadata) about the objects in a Collection. ```APIDOC ## GET /{api-root}/collections/{id}/manifest/ ### Description This Endpoint retrieves a manifest (metadata) about the objects in a Collection. ### Method GET ### Endpoint /{api-root}/collections/{id}/manifest/ #### Path Parameters - **api-root** (string) - Required - The identifier for the API Root. - **id** (string) - Required - The identifier for the Collection. ``` -------------------------------- ### Create Application Connection Options Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/TaxiiConfigService.md Generates combined database and STIX repository connection options for the application. This is typically called during application initialization. ```typescript createAppConnectOptions(): AppConnectOptions ``` -------------------------------- ### Get Object Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/docs/USAGE.md Retrieves a specific STIX object from a collection using its ID. ```APIDOC ## GET //collections//objects// ### Description Returns a specific STIX object. ### Method GET ### Endpoint `//collections//objects//` ### Parameters #### Path Parameters - **collection-id** (string) - Required - The ID of the collection. - **object-id** (string) - Required - The ID of the STIX object to retrieve. ### Response #### Success Response (200) - **objects** (array) - An array containing the requested STIX object. ### Response Example ```json { "more": false, "objects": [ { "id": "attack-pattern--ad255bfe-a9e6-4b52-a258-8d3462abe842", "modified": "2021-04-29T14:49:39.188Z", "created": "2017-05-31T21:30:18.931Z", "type": "attack-pattern", "spec_version": "2.1", "name": "Data Obfuscation", "description": "Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols. ", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "command-and-control" } ], "x_mitre_attack_spec_version": "2.1.0", "x_mitre_detection": "Analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used. (Citation: University of Birmingham C2)", "x_mitre_domains": [ "enterprise-attack" ], "x_mitre_is_subtechnique": false, "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Linux", "macOS", "Windows" ], "x_mitre_version": "1.1", "x_mitre_data_sources": [ "Network Traffic: Network Traffic Content" ], "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/techniques/T1001", "external_id": "T1001" }, { "source_name": "University of Birmingham C2", "description": "Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.", "url": "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ] } ] } ``` ``` -------------------------------- ### Running Unit and End-to-End Tests Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/README.md Provides commands for executing different types of tests within the project. This includes running unit tests, generating coverage reports, and executing end-to-end tests. ```bash npm run test # Unit tests npm run test:cov # Coverage report npm run test:e2e # End-to-end tests ``` -------------------------------- ### Get Object Versions Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/src/taxii/README.md Retrieves a list of one or more versions of an object in a Collection. ```APIDOC ## GET /{api-root}/collections/{id}/objects/{id}/versions/ ### Description This Endpoint retrieves a list of one or more versions of an object in a Collection. ### Method GET ### Endpoint /{api-root}/collections/{id}/objects/{id}/versions/ #### Path Parameters - **api-root** (string) - Required - The identifier for the API Root. - **id** (string) - Required - The identifier for the Collection. - **id** (string) - Required - The identifier for the object. ``` -------------------------------- ### Workbench REST API Basic Auth Configuration Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/docs/SETUP.md Example JSON configuration for enabling Basic Auth with API keys on the Workbench REST API. This allows the TAXII server to authenticate. ```json5 // rest-api-service-config.json { "serviceAuthn": { "basicApikey": { "enable": true, "serviceAccounts": [ { "name": "taxii-server", "apikey": "secret-squirrel", "serviceRole": "read-only" } ] } } } ``` -------------------------------- ### Get Collections Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/src/taxii/README.md Provides information about the Collections hosted under a specific API Root. ```APIDOC ## GET /{api-root}/collections/ ### Description This Endpoint provides information about the Collections hosted under this API Root. ### Method GET ### Endpoint /{api-root}/collections/ #### Path Parameters - **api-root** (string) - Required - The identifier for the API Root. ``` -------------------------------- ### Get API Root Description Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/TaxiiConfigService.md Retrieves a long-form description of the API root. ```typescript get API_ROOT_DESCRIPTION(): string ``` -------------------------------- ### TAXII Server Request Logging Example Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/docs/SETUP.md Demonstrates how the custom logger correlates log output to a specific user request using a unique request ID. This is useful for tracing request flow through the system. ```Nest [Nest] 1 - 06/08/2022, 2:15:28 PM LOG [SetRequestIdMiddleware] New request: [a48bab11-e950-5e4f-9b9d-dcd9372ac3dd] GET /taxii2/ - application/taxii+json;version=2.1 insomnia/2022.3.0 ::ffff:172.17.0.1 [Nest] 1 - 06/08/2022, 2:15:28 PM DEBUG [RootController] [a48bab11-e950-5e4f-9b9d-dcd9372ac3dd] Received a discovery request [Nest] 1 - 06/08/2022, 2:15:28 PM LOG [ResLoggerMiddleware] Outgoing response: [a48bab11-e950-5e4f-9b9d-dcd9372ac3dd] 200 GET /taxii2/ 214 - insomnia/2022.3.0 ::ffff:172.17.0.1 ``` -------------------------------- ### Configure HTTP Logging Endpoint Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/configuration.md Set the host, port, and path for a centralized HTTP logging endpoint. ```env LOG_TO_HTTP_HOST=logging.example.com LOG_TO_HTTP_PORT=8080 LOG_TO_HTTP_PATH=/logs ``` -------------------------------- ### Get HTTPS Enabled Status Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/TaxiiConfigService.md Checks if the HTTPS server is enabled. Defaults to false. ```typescript get HTTPS_ENABLED(): boolean ``` -------------------------------- ### Get MongoDB URI Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/TaxiiConfigService.md Retrieves the MongoDB connection string. Defaults to 'mongodb://localhost:27017/taxii'. ```typescript get MONGO_URI(): string ``` -------------------------------- ### Get HTTPS Port Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/TaxiiConfigService.md Retrieves the HTTPS port number for the server. Defaults to 8443. ```typescript get APP_PORT_HTTPS(): number ``` -------------------------------- ### Pagination Example: Next Page Request Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/endpoints.md To retrieve subsequent pages of results, use the 'next' cursor provided in the previous response along with the 'limit' parameter. Increment the 'next' value for each subsequent page. ```HTTP GET /collections/{id}/objects/?limit=50&next=1 ``` -------------------------------- ### Get HTTP Port Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/TaxiiConfigService.md Retrieves the HTTP port number for the server. Defaults to 8000. ```typescript get APP_PORT(): number ``` -------------------------------- ### Get Contact Email Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/TaxiiConfigService.md Retrieves the contact email for the server administrator. Defaults to 'no-reply@your-company.tld'. ```typescript get CONTACT_EMAIL(): string ``` -------------------------------- ### Handle Pagination for Version Histories Source: https://github.com/mitre-attack/attack-workbench-taxii-server/blob/main/_autodocs/api-reference/VersionService.md Demonstrates how to fetch subsequent pages of object versions when 'more' is true, specifying limit and next page index. ```typescript // Handle pagination for large version histories if (versions.more) { const nextPage = await versionService.findObjectVersions( 'bacf402e-b767-45bc-ae06-f0620d38ff15', 'attack-pattern--0a65c83a-e0b3-445b-8d12-df1a54e99a48', undefined, 50, 1 ); } ```