For details on cookie usage on our site, read our Privacy Policy
Prototype for FS-ISAC
- LIVEcommunity
- Discussions
- General Topics
- Prototype for FS-ISAC
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Prototype for FS-ISAC
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-02-2017 05:56 AM
I understand that Soltra is part of the existing 3rd party intelligence feed, just wondering has anyone created a prototype from FS-ISAC? THe portal address is https://portal.fsisac.com/
Understand from FS-ISAC, they uses Soltra as part of their intel too, is FS-ISAC intelligence pool as subset of Soltra?
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-06-2017 12:49 AM
Hi @c_cong,
from FS-ISAC you should retrieve the following data:
- URL of the TAXII discovery service
- name of the feed
- client certificate for authentication
On MineMeld:
- click on CONFIG and then on the hamburger icon to list the Prototypes
- click on hailataxii.guest_Abuse_ch and click on NEW
- modify the name of the new prototype
- under config copy & paste the following and change the feed name and the URL with the values you get from FS-ISAC:
age_out:
default: last_seen+30d
sudden_death: false
attributes:
confidence: 30
share_level: red
collection: <feedname>
discovery_service: <fs-isac discovery service>
source_name: fs-isac.<feedname>
client_cert_required: true
- press OK and then create a new node from the new prototype
- COMMIT
- after the engine has started, go in NODES click on the new NODE and upload the client certificate
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-29-2017 03:30 AM
Hi @lmori
I need to connect with FS-ISAC but I found some issue. below:
remark: I received certificate from FS-ISAC.
CLIENT CERTIFICATE: CERTIFICATE -> cert.pem & PRIVATE KEY -> cert.key
I am not sure that I upload file type correctly.
Could you recommend me?
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-02-2017 01:27 AM
Hi @iThreatHunt,
could you open the two files with a text editor and check the contents ?
You should see an header like this for the certificate (public key):
-----BEGIN CERTIFICATE-----
...
Did you upload the Server CA ?
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-02-2017 10:30 PM
Hi @lmori
taxii.py (from minemeld.core) : I upload follow this code (.pem & .crt)
Node Confiuguration : success
But this node cannot retrieve data from FS-ISAC. Whrere is application log for investigate?
- Minemeld automatic updates required for future Azure Public IP changes and additions in General Topics
- Prototype and Miner for IPv6 Lists in General Topics
- EDL for Specific Azure IPs/Tags Using Minemeld in General Topics
- Getting the SpeedTest.net servers with MineMeld in General Topics
- COMMIT FAILED: Unknown node class in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
