06-02-2017 05:56 AM
I understand that Soltra is part of the existing 3rd party intelligence feed, just wondering has anyone created a prototype from FS-ISAC? THe portal address is https://portal.fsisac.com/
Understand from FS-ISAC, they uses Soltra as part of their intel too, is FS-ISAC intelligence pool as subset of Soltra?
06-06-2017 12:49 AM
from FS-ISAC you should retrieve the following data:
- URL of the TAXII discovery service
- name of the feed
- client certificate for authentication
- click on CONFIG and then on the hamburger icon to list the Prototypes
- click on hailataxii.guest_Abuse_ch and click on NEW
- modify the name of the new prototype
- under config copy & paste the following and change the feed name and the URL with the values you get from FS-ISAC:
age_out: default: last_seen+30d sudden_death: false attributes: confidence: 30 share_level: red collection: <feedname> discovery_service: <fs-isac discovery service> source_name: fs-isac.<feedname> client_cert_required: true
- press OK and then create a new node from the new prototype
- after the engine has started, go in NODES click on the new NODE and upload the client certificate
06-29-2017 03:30 AM
I need to connect with FS-ISAC but I found some issue. below:
remark: I received certificate from FS-ISAC.
CLIENT CERTIFICATE: CERTIFICATE -> cert.pem & PRIVATE KEY -> cert.key
I am not sure that I upload file type correctly.
Could you recommend me?
07-02-2017 01:27 AM
could you open the two files with a text editor and check the contents ?
You should see an header like this for the certificate (public key):
Did you upload the Server CA ?
07-02-2017 10:30 PM
taxii.py (from minemeld.core) : I upload follow this code (.pem & .crt)
Node Confiuguration : success
But this node cannot retrieve data from FS-ISAC. Whrere is application log for investigate?
07-03-2017 12:06 AM
you can check the logs downloading minemeld-engine.log from System > Dashboard > Engine > Logs.
Could you check on the FS-ISAC WebUI what is the time of the last indicator in the feed you are polling ? By default the Miner the first time it polls the source it polls the last day worth of indicators, if you want to go further back in time you should configure the initial_interval parameter in the prototype:
08-03-2017 03:27 AM
I have one similar problem synchronizing local minemeld with fsisac cyber repository.
...."collection fsisac not found" appears when minemeld try to polling isac.