TAXII or STIX contextual data

jtrevaskis — Tue, 21 May 2019 04:22:10 GMT

Hello

I've succcessfuly been using Minemeld for some time now and I'm looking to further implement it

We currently have TAXII output working to our SIEM, however it just outputs basic data

<stix:Indicators>
<stix:Indicator id="minemeld:indicator-fec078bf-881f-4c89-96d1-7138468b2954" timestamp="2019-05-20T22:10:27.149987+00:00" xsi:type="indicator:IndicatorType">
<indicator:Title>IPv4: x.x.x.x-x.x.x.x0</indicator:Title>
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">IP Watchlist</indicator:Type>
<indicator:Description>IPv4 indicator from mhn_hc</indicator:Description>
<indicator:Observable id="minemeld:observable-d13e4a30-2b57-4299-b7c8-2f7eef59fc75">
<cybox:Title>IPv4: x.x.x.x</cybox:Title>
<cybox:Object id="minemeld:Address-3f43d4be-098c-43db-ba67-41b44b41d146">
<cybox:Properties xsi:type="AddressObj:AddressObjectType" category="ipv4-addr">
<AddressObj:Address_Value>x.x.x.x</AddressObj:Address_Value>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Confidence timestamp="2019-05-20T22:10:27.150074+00:00">
<stixCommon:Value xsi:type="stixVocabs:HighMediumLowVocab-1.0">High</stixCommon:Value>
</indicator:Confidence>
</stix:Indicator>
</stix:Indicators>

However in the Minemeld taxi data feed logs I see all of this great contextual information that I send into Minemeld from various sources.

How can I get all this or some of this additional contextual information that sits in the VALUE field to appear in my STIX object?

This will give me many more possibilities on how I can use this data within the SIEM

Thanks

Re: TAXII or STIX contextual data

jtrevaskis — Fri, 31 May 2019 03:46:55 GMT

Is anyone able to assist me with how I might proceed on this?

topic Re: TAXII or STIX contextual data in General Topics

TAXII or STIX contextual data

Re: TAXII or STIX contextual data