06-02-2017 05:56 AM
I understand that Soltra is part of the existing 3rd party intelligence feed, just wondering has anyone created a prototype from FS-ISAC? THe portal address is https://portal.fsisac.com/
Understand from FS-ISAC, they uses Soltra as part of their intel too, is FS-ISAC intelligence pool as subset of Soltra?
06-06-2017 12:49 AM
Hi @c_cong,
from FS-ISAC you should retrieve the following data:
- URL of the TAXII discovery service
- name of the feed
- client certificate for authentication
On MineMeld:
- click on CONFIG and then on the hamburger icon to list the Prototypes
- click on hailataxii.guest_Abuse_ch and click on NEW
- modify the name of the new prototype
- under config copy & paste the following and change the feed name and the URL with the values you get from FS-ISAC:
age_out: default: last_seen+30d sudden_death: false attributes: confidence: 30 share_level: red collection: <feedname> discovery_service: <fs-isac discovery service> source_name: fs-isac.<feedname> client_cert_required: true
- press OK and then create a new node from the new prototype
- COMMIT
- after the engine has started, go in NODES click on the new NODE and upload the client certificate
06-29-2017 03:30 AM
Hi @lmori
I need to connect with FS-ISAC but I found some issue. below:
remark: I received certificate from FS-ISAC.
CLIENT CERTIFICATE: CERTIFICATE -> cert.pem & PRIVATE KEY -> cert.key
I am not sure that I upload file type correctly.
Could you recommend me?
07-02-2017 01:27 AM
Hi @iThreatHunt,
could you open the two files with a text editor and check the contents ?
You should see an header like this for the certificate (public key):
-----BEGIN CERTIFICATE-----
...
Did you upload the Server CA ?
07-02-2017 10:30 PM
Hi @lmori
taxii.py (from minemeld.core) : I upload follow this code (.pem & .crt)
Node Confiuguration : success
But this node cannot retrieve data from FS-ISAC. Whrere is application log for investigate?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!