STIX and TAXII support

Reply
Highlighted
L2 Linker

STIX and TAXII support

Hi all,

 

Anyone used minemeld with STIX and TAXII?  While we pretty familure with STIX/TAXII - only just booted minemeld for the first time.

 

Cheers,

 

Scotty

Tags (3)
L7 Applicator

Re: STIX and TAXII support

Hi Scotty,

yes, there are some MineMeld instances out there retrieving indicators via STIX/TAXII, from TIPs mainly.

There are a couple of prototypes for hailataxii feeds in the prototype library you can check as examples.

Let me know if you need some help in setting up the TAXII Miner.

L2 Linker

Re: STIX and TAXII support

Thanks for the quick response lmori.

 

I'll have a look at setting up a miner and see how i get on.

 

We do require both username/password as well as a client certificate for our taxii server - any idea if that is supported?

 

Cheers!

 

Scotty

L7 Applicator

Re: STIX and TAXII support

Hi Scotty,

usernamd and password are supported, client certificate not yet. Is it mandatory for your TAXII server ?

 

Thanks,

luigi

L2 Linker

Re: STIX and TAXII support

It is required yeah.

 

Is this all python under the covers?  In which case if its using the python taxii libs its supported - so might be an easy fix.

 

If its something else im happy to take a look.

 

Scotty

L7 Applicator

Re: STIX and TAXII support

Hi Scotty,

under the cover is mostly python, and yes the lib already supports it. It is just that the option is not exposed via config and it is easy an easy fix.

I have created an ER to track this, minemeld-core ER#13

L2 Linker

Re: STIX and TAXII support

Wow that was quick! 

 

Should i still have a look or just wait for the ER?  (no idea what your backlog/process is like).

 

Cheers,

 

Scotty

L7 Applicator

Re: STIX and TAXII support

Hi Scotty,

exposing the option via prototype is easy, it will be a bit more complex exposing the option via the WebUI.

If you are ok in logging in to the VM to upload the cert, this will land in the next minor release. Otherwise, if you need the WebUI immiediately, you will have to wait a bit more.

 

But if you want to look at the code yourself, you are welcome :-) Just check the code in /opt/minemeld/engine/current/lib/python2.7/site-packages/minemeld/ft/taxii.py

 

When MineMeld will be made Open Source this will be way easier :-)

L2 Linker

Re: STIX and TAXII support

Thanks so much mate - and sorry for the delay in response.

 

I'll configure a new miner off the halitaxii prototype and let you know how i go.

 

If i create a new prototype - is that local - or does it get pushed back up somwhere for others to see?

L7 Applicator

Re: STIX and TAXII support

Hi Scotty,

1) nothing is shared automatically by MineMeld

2) if you create a new prototype using the NEW button, it will be saved locally in a separate directory. This way it won't be overridden at the next update.

 

Please, let me know if you need more details about the TAXII prototype.

 

Luigi

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!