- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-30-2018 09:10 AM
Hi all,
I have the way to get feeds from ISAC with a TAXII prototype and I want to share with you all. Proabably it can help someone.
Firstly it's necessary to import the minemeld-taxii-ng extension on system>extensions and install extension from git, and activate it,
https://github.com/PaloAltoNetworks/minemeld-taxii-ng.git
Then, clone the taxiing.phishtank prototype and add your user account (collection, discover_service, user and password) with no verify cert param,
age_out:
default: last_seen+30d
sudden_death: false
collection: XXXX-ISAC
discovery_service: https://taxii.XXXX.com/taxii/discovery
password: --------------------
username: ----------
verify_cert: false
The result,
I hope you find it interesting!
Regards,
12-25-2018 02:53 PM
Thank you. I had imported the extension but didn't realize that "taxiing.phishtank" was the prototype name I should use. Now that you mention it, I see it in taxiing/prototypes/taxiing.yml, but it would be helpful to mention it in the GitHub readme too.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!