04-27-2018 06:15 AM
Hi guys
I’m’ just curious – SWIFT has offered recently for all members TAXII interface to poll IOCs via https://taxii.swift.com/taxii
Feed is not open for everybody – each member must request access to it individually, so it’s not easy to test it. Has anybody already tried it? My simple attempt to use “minemeld.ft.taxii.TaxiiClient” class to build own prototype failed.
After defining username, password, discovery URL, collection - >I can only see the error message in nodes list.
<urlopen error [Errno 0] _ssl.c:344: error:00000000:lib(0):func(0):reason(0)>
SWIFT suggest to use Cabby Python library
STIX version used is 1.2
Any ideas suggestions, experience?
Cheers
Slava
P.S. MineMeld is a great tool!
05-04-2018 01:27 AM
Hi Salva,
I haven't tested the SWIFT feed yet. If you are interested in working on this together, could you send me an email at lmori@paloaltonetworks.com or a message over the pan-community Slack team?
05-08-2018 09:11 PM
Hi Guy,
Any update?
I am interested in pulling data from SWIFT too.
05-14-2018 05:03 AM
Hi all
I'm playing now with Anomali STAXX Version 3.4 as TAXII client - hope to see this working first. I hope, this is the easy way to start with.
Right now it looks like SWIFT has not defined all required permissions for tools using "Discovery" logic
I have an open case with SWIFT, Case N: 11074471 - if you need the reference. Investigation is in progress.
I will come back to MineMeld as soon as I see STAXX working.
Vyacheslav
06-11-2018 11:56 PM
Hi Guys
Just a quick update from my side – feed still doesn’t work with basic Anomaly STAXX client configuration
SWIFT and Anomaly working with joined efforts to find a solution here.
As soon as I test it on our STAXX instance – we can continue with MineMeld configuration
Cheers
Vyacheslav
07-25-2018 01:12 AM
Hi guys,
Just a quick update from my side. Even though the news is rather frustrating:
It looks like SWIFT accept TAXII v2.0 only and both system struggle to support this protocol.
Does anybody know anything about TAXII v2.0 support in MineMeld?
Have a great, stable day
Slava
02-17-2021 08:24 AM
If it' relevant for anybody - I have jests tested:
- fresh Ubuntu 16 LTSB installation with all security patches
- Minemeld 0.9.70
- Downloaded new TAXII miner, following instructions from https://live.paloaltonetworks.com/t5/minemeld-discussions/fs-isac-new-stix-taxii-feeds/td-p/334068 (ver. 0.2a4 is fine)
All works fine as I can see 🙂
Good luck for everybody
Slava
Config of the SWIFT ISAC prototype:
age_out:
default: null
interval: 3600
sudden_death: false
attributes:
confidence: 100
share_level: red
collection: SWIFT-ISAC
discovery_service: https://taxii.swift.com/taxii/discovery
initial_interval: 365d
password: your_pass
username: api_user_your_account
verify_cert: true
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
