SWIFT ISAC TAXII Feed

Reply
L1 Bithead

SWIFT ISAC TAXII Feed

Hi guys

 

 

I’m’ just curious – SWIFT has offered recently for all members TAXII interface to poll IOCs via  https://taxii.swift.com/taxii

Feed is not open for everybody – each member must request access to it individually, so it’s not easy to test it. Has anybody already tried it? My simple attempt to use “minemeld.ft.taxii.TaxiiClient” class to build own prototype failed.

 

After defining username, password, discovery URL, collection - >I can only see the error message in nodes list.

<urlopen error [Errno 0] _ssl.c:344: error:00000000:lib(0):func(0):reason(0)>

 

SWIFT suggest to use Cabby Python library

STIX version used is 1.2

Any ideas suggestions, experience?

 

Cheers

Slava

 

P.S. MineMeld is a great tool!

L7 Applicator

Re: SWIFT ISAC TAXII Feed

Hi Salva,

I haven't tested the SWIFT feed yet. If you are interested in working on this together, could you send me an email at lmori@paloaltonetworks.com or a message over the pan-community Slack team? 

L3 Networker

Re: SWIFT ISAC TAXII Feed

Hi Guy,

 

Any update?

 

I am interested in pulling data from SWIFT too.

 

 

L1 Bithead

Re: SWIFT ISAC TAXII Feed

Hi all

 

I'm playing now with Anomali STAXX Version 3.4 as TAXII client - hope to see this working first. I hope, this is the easy way to start with.

 

Right now it looks like SWIFT has not defined all required permissions for tools using "Discovery" logic

I have an open case with SWIFT, Case N: 11074471 - if you need the reference. Investigation is in progress.

 

I will come back to MineMeld as soon as I see STAXX working.

 

 

Vyacheslav

 

L1 Bithead

Re: SWIFT ISAC TAXII Feed

Hi Guys

 

Just a quick update from my side – feed still doesn’t work with basic Anomaly STAXX client configuration

SWIFT and Anomaly working with joined efforts to find a solution here.

As soon as I test it on our STAXX instance – we can continue with MineMeld configuration

Cheers

Vyacheslav

L1 Bithead

Re: SWIFT ISAC TAXII Feed

Hi guys,

 

Just a quick update from my side. Even though the news is rather frustrating:

  • Anomali STAXX 3.4 still can’t get the feed. 
  • Minemeld report error: “SWIFT-ISAC does not support TAXII 1.1 messages binding (DATA_FEED)”

 

It looks like SWIFT accept TAXII v2.0 only and both system struggle to support this protocol.

Does anybody know anything about TAXII v2.0 support in MineMeld?

 

Have a great, stable day

Slava

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!