Minemeld TAXII ISAC

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Minemeld TAXII ISAC

L0 Member

Hi all,

 

I have the way to get feeds from ISAC with a TAXII prototype and I want to share with you all. Proabably it can help someone.

 

Firstly it's necessary to import the minemeld-taxii-ng extension on system>extensions and install extension from git, and activate it,

 

https://github.com/PaloAltoNetworks/minemeld-taxii-ng.git

 

Then, clone the taxiing.phishtank prototype and add your user account (collection, discover_service, user and password) with no verify cert param,

 

age_out:
default: last_seen+30d
sudden_death: false
collection: XXXX-ISAC
discovery_service: https://taxii.XXXX.com/taxii/discovery
password: --------------------
username: ----------
verify_cert: false

 

The result,

 isac_example.JPG

 

I hope you find it interesting!

 

Regards,

1 REPLY 1

L2 Linker

Thank you.   I had imported the extension but didn't realize that "taxiing.phishtank" was the prototype name I should use.    Now that you mention it, I see it in taxiing/prototypes/taxiing.yml,  but it would be helpful to mention it in the GitHub readme too.

  • 6090 Views
  • 1 replies
  • 3 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!