MS-ISAC TAXII Feeds

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

MS-ISAC TAXII Feeds

L1 Bithead

Is anyone successfully consuming TAXII feeds from MS-ISAC, specifically, their feeds from taxii-pilot.cisecurity.org? The miner shows success and there are log entries for indicators, but there are no indicators in the counters or graphs.

2021-06-24 08_21_01-Clipboard.png

2021-06-24 08_22_31-Clipboard.png

2021-06-24 08_21_59-Clipboard.png

   

8 REPLIES 8

L1 Bithead

I'm working on this now also, let me know if you find success. I'll let you know if I figure out.

L1 Bithead

I'm seeing the same issue you are. I've also stood up anomali staxx and am seeing something similar there. It sees the feeds but no observables. 

ycgmis_0-1626799914563.png

 

L0 Member

I am running into the same issue mentioned above with minemeld and staxx. Did either of you find a resolution?

Nope. Minemeld seems to be pretty much dead at this point so there's no point for us in spending time to get it working.

I reached out to CISA for support. I explained that I was seeing the same issue on two different systems. They pretty much told me I was on my own. The problem I really have is trying to get a straight answer on the intelligence sources. DHS maintains a list, CISA maintains a list and MSISAC now maintains a list. I could never get a straight answer if these are all the same or if there is any overlap. Right now I get DHS and MSISAC. I've given up on CISA's list. MSISACs hosted list is the same as what they send out weekly in spreadsheet form.

Ycgmis, how did you get MS-ISAC observables in Anomali STAXX? I am having the same issue you posted about in July where everything looks to be configured correctly but the poll never returns any observables.

 

kvbyal_0-1634833999589.png

 

I didn't, these are acutally coming from CISA not MSISAC. The MSISAC hosted intel is just a URL to a text file. The CISA list just gives me the lists with no data. Automated Indicator Sharing | CISA

 

I have looked and am unable to find the text feed from MSISAC. I can only find the STIX and TAXII feeds. Can you provide a link to the text file option? Thanks!

  • 4829 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!