08-16-2016 12:58 PM
I have tried minemeld with few miners and output to the inbounfeedhc i.e. PAN EBL/DBL. It is worked as expected. I would like to push the data to SIEM so that i can perform log analysis based on the indicators. How can i use taxii? I have configured ET.compromisedIP and Dshield miners to send data to new aggregator with output to stllib.feedHCGreen and stdlib.taxiiDataFeed based nodes. I can get data in PAN DBL using stdlib.feedHCGreen output node. What configuration will be needed so that I can configure our SIEM to use taxii based feed? For the taxii based node, I can see current indicators as 1080.
01-07-2018 01:45 AM
01-07-2018 03:53 AM
MineMeld with the fixed TAXII Miner will be soon available on AutoFocus.
About STAXX integration, do you have somes logs from STAXX you could share to troubleshoot the issue?
01-27-2018 07:32 PM
Log from staxx can be found here
02-02-2018 09:35 AM - edited 02-02-2018 09:36 AM
STAXX still couldn't retrieve feed from MM. The error was shown on STAXX as below;
03-02-2018 08:11 AM
the fix for the TAXII MIner is now available on MM for AutoFocus. Which version of AF/MM are you running on?
03-30-2018 06:14 AM
07-17-2018 10:16 AM
Hi @Sly_Cooper and @lmori
I'm trying to configure a output for FS-ISAC miner, and one of previous topic was mentioned about create a aggregator for Taxii feeds using a prototype stdlib.aggregatorIPv4Generic as model . Is it possible to share a aggregator config for example ?
Also, are you guys using the stdlib.taxiiDataFeed for output or is it a custom output node ?
Thanks a lot!
05-06-2021 03:33 AM
I used taxiing.exampleDataFeed as my prototype in MM. The stdlib.taxiiDataFeed may work too, I didn't try it.
Then, in Splunk ES, I was able to set up a threat intelligence feed with the following:
At least in my experience, URL can be an IP address, even if you use HTTPS in the URL. This is handy if you want to share over the internet but don't want to publish a DNS record for "mythreatintelplatform.abc.xyz".
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!