If you're running in production, you should set these securely.
However, if you just want to experiment, set the following values
These are all Django settings, defined in obstracts/settings.py
DJANGO_SECRET:insecure_django_secretDJANGO_DEBUG:TrueDJANGO_ALLOWED_HOSTS: BLANKDJANGO_CORS_ALLOW_ALL_ORIGINS:TrueDJANGO_CORS_ALLOWED_ORIGINS: LEAVE EMPTY
These are all Django settings, defined in obstracts/settings.py
POSTGRES_HOST:pgdbPOSTGRES_PORT: BLANKPOSTGRES_DB:postgresPOSTGRES_USER:postgresPOSTGRES_PASSWORD:postgres
CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP:1
These define how the API behaves.
MAX_PAGE_SIZE:50- This is the maximum number of results the API will ever return before pagination
DEFAULT_PAGE_SIZE:50- The default page size of result returned by the API
Note, this code will not install an ArangoDB instance.
If you're new to ArangoDB, you can install the community edition quickly by following the instructions here.
The script will automatically create a database called obstracts_database when the container is spun up (if it does not exist).
For each blog added, two new collections will be created in the format
<FEED_NAME>_<FEED_ID>-<COLLECTION_TYPE>_collection
e.g.
-
graham_cluley_9288374-0298740-94875-vertex_collection -
graham_cluley_9288374-0298740-94875-edge_collection -
ARANGODB_HOST_URL:'http://host.docker.internal:8529'- If you are running ArangoDB locally, be sure to set
ARANGODB_HOST_URL='http://host.docker.internal:8529'in the.envfile otherwise you will run into networking errors.
- If you are running ArangoDB locally, be sure to set
-
ARANGODB_USERNAME:root- Change this if neeed
-
ARANGODB_PASSWORD: USE PASSWORD OF ARANGODB_USERNAME
Obstracts requires history4feed to download and store blog posts.
HISTORY4FEED_URL:'http://host.docker.internal:8002/'- If you are running history4feed locally, be sure to set
'http://host.docker.internal:8002/'in the.envfile otherwise you will run into networking errors.
- If you are running history4feed locally, be sure to set
INPUT_TOKEN_LIMIT:15000- (REQUIRED IF USING AI MODES) Ensure the input/output token count meets requirements and is supported by the model selected. Will not allow files with more than tokens specified to be processed
TEMPERATURE:0.0- The temperature value ranges from 0 to 2, with lower values indicating greater determinism and higher values indicating more randomness in responses.
OPENAI_API_KEY: YOUR_API_KEY- (REQUIRED IF USING OPENAI MODELS IN AI MODES) get it from https://platform.openai.com/api-keys
ANTHROPIC_API_KEY: YOUR_API_KEY- (REQUIRED IF USING ANTHROPIC MODELS IN AI MODES) get it from https://console.anthropic.com/settings/keys
GOOGLE_API_KEY:- (REQUIRED IF USING GOOGLE GEMINI MODELS IN AI MODES) get it from the Google Cloud Platform (making sure the Gemini API is enabled for the project)
BIN_LIST_API_KEY: BLANK- for enriching credit card extractions needed for extracting credit card information. You get an API key here https://rapidapi.com/trade-expanding-llc-trade-expanding-llc-default/api/bin-ip-checker
Obstracts requires ctibutler to lookup ATT&CK, CAPEC, CWE, ATLAS, and locations
CTIBUTLER_BASE_URL:'http://api.ctibutler.com'(recommended)- If you are running CTI Butler locally, be sure to set
'http://host.docker.internal:8006/api/'in the.envfile otherwise you will run into networking errors.
- If you are running CTI Butler locally, be sure to set
CTIBUTLER_API_KEY:- If using
'http://api.ctibutler.com', get your API key here. Can be left blank if running locally.
- If using
Obstracts requires vulmatch to lookup CVEs and CPEs
VULMATCH_BASE_URL:'http://api.vulmatch.com'(recommended)- If you are running Vulmatch locally, be sure to set
'http://host.docker.internal:8005/api/'in the.envfile otherwise you will run into networking errors.
- If you are running Vulmatch locally, be sure to set
VULMATCH_API_KEY:- If using
'http://api.vulmatch.com', get your API key here. Can be left blank if running locally.
- If using
GOOGLE_VISION_API_KEY: YOUR_API_KEY
You can choose to store static assets on Cloudflare on R2. Default is local.
USE_S3_STORAGE:0- Set to
1to enable
- Set to
R2_ENDPOINT_URL: BLANK- Will be something like
https://ID.r2.cloudflarestorage.com
- Will be something like
R2_BUCKET_NAME: BLANK- The bucket name you want to use.
R2_ACCESS_KEY: BLANK- generated when creating an R2 API token. Make sure has read+write to R2_
BUCKET_NAMEspecified
- generated when creating an R2 API token. Make sure has read+write to R2_
R2_SECRET_KEY: BLANK- generated when creating an R2 API token
R2_CUSTOM_DOMAIN: BLANK- this value is optional when using R2, but if you don't set your bucket to public, your images will hit 403s as they will hit the raw endpoint (e.g. https://ID.r2.cloudflarestorage.com/BUCKET/IMAGE/PATH.jpg) which will be inaccessible. The easiest way to do this is to enable R2.dev subdomain for the bucket. Looks like
pub-ID.r2.dev. Do not include thehttps://part
- this value is optional when using R2, but if you don't set your bucket to public, your images will hit 403s as they will hit the raw endpoint (e.g. https://ID.r2.cloudflarestorage.com/BUCKET/IMAGE/PATH.jpg) which will be inaccessible. The easiest way to do this is to enable R2.dev subdomain for the bucket. Looks like
SRO_OBJECTS_ONLY_LATEST:False- Due to the way stix2arango works, SCOs with same ID (and also relationships connecting them to other object) will be aged out . This doesn't work in Stixify because we create the same SCO for many reports, but only one is ever
_is_latest=truedue to S2A versioning logic. This value should always be set tofalseto ensure all relationships to SCOs are shown via the API. You can read more about this in this issue
- Due to the way stix2arango works, SCOs with same ID (and also relationships connecting them to other object) will be aged out . This doesn't work in Stixify because we create the same SCO for many reports, but only one is ever