Good Morning All,
I am trying to configure our minemeld system to use the new FS-ISAC STIX/TAXII feed but its giving me issues. Has anyone successfully configured Minemeld to pull information from FS-ISAC recently? I added a sample of the config settings that I am using and a screenshot of the error message.
discovery_service: <fs-isac discovery service>
<urlopen error [SSL: TLSV1_ALERT_INTERNAL_ERROR] TLSV1 ALERT INTERNAL ERROR (_SSL.C:726)>
I have improved the minemeld-taxii-ng extension to improve compatibility with FS-ISAC feeds. You can do this to configure your MineMeld for FS-ISAC:
Activate the extension
We are trying to integrate FS-ISAC threat feeds into Minemeld instance. In the 4th Step,you mentioned to restart the API. I did the same and got Bad Gateway error. I thought of logging out and logging in back again to see if that resolves the issue. However, after logging out of the instance, it is not allowing me to login back again. I am still getting Bad Gateway error. Requesting your quick help here as we have critical data in Minemeld and it is not working.
I think the problem is that you are running a pretty old version of MineMeld (0.9.52.post1) and I didn't set the right constraint in the extension.
I would go ahead and uninstall minemeld-taxii-ng using my instructions above.
After upgrading your MineMeld version to a recent one, you will be able to use the extension.
While Trying to uninstall minemeld_taxii_ng, I got the below error.
ubuntu@ip-addresss:/opt/minemeld/engine/current/bin$ pip uninstall minemeld_taxii_ng
Cannot uninstall requirement minemeld-taxii-ng, not installed
Storing debug log for failure in /home/ubuntu/.pip/pip.log
Requesting your help to resolve the error
@lmori , there seems to be a possible UI bug with this extension. Sometimes the NODE SETTINGS are not displayed in Chrome and this makes configuring the Username and Password fields impossible. Safari and FF do not seem to have the issue.
minemeld-taxii-ng: 0.2a4 but also in earlier releases
I need help configuring this. We signed up and the doc they gave us has a Discovery Service, Collection Service, and Poll Serivce URL for TAXII 1.1, 2.0 and 2.1.
Which version do we use? When you say collection: <feedname> what do you put there, the collection service url beginning with https ? Or do you have to pick one of the TAXII1.x collection names (there are 11, 3 are not applicable though legacy,test,na).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!