How can I validate that my TAXII output miner is working?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How can I validate that my TAXII output miner is working?

L0 Member

Hi!  Been testing the product for a couple of weeks, and I really am impressed, but while the TAXII/STIX miners work well from HailATAXII, I'm trying to feed output from my aggregator into a TAXII output to push to other tools down the line that can ingest the indicators and match them up from what comes out of our internal malware analysis.  (Shows if we have to dig deeper or we have a known bad junk file to up the counter upon.)

 

However, in looking through the NGINX output, I can't find the discovery service or the feeds.  Save me from being run over by a TAXII!  🙂

6 REPLIES 6

L7 Applicator

Hi @twisterdavemd,

I developed a simple POstman collection for exactly this purpose: https://gist.github.com/jtschichold/65ee13d29038f78e220d75e6668eeea1

 

Could you check it ?

I did check it out, and while it is working, it's only after disabling ssl checking in Postman that I get the output I'm expecting.

 

Hence my next problem.  Because I'm specifying https: in my URL, my taxii ingest to my secondary product is attempting to validate ssl, and has no way of overriding from default.

Hi @twisterdavemd,

any way you can create a certificate for MineMeld that can be validated by the TAXII client product ?

If you can do that you can easily install it on the MineMeld instance.

Hi Imori,

I built the TAXII output node using prototype stdlib.taxiiDataFeed .  Node has 4 indicators. I did test POST taxii-recovery service using script from github :   

 https://gist.github.com/jtschichold/65ee13d29038f78e220d75e6668eeea1 

I can only guess the response is ok ( 200 OK) (screenshot attached). 

How can I get the indicators from this node using TAXII ?

Best Regards,

An

 

Hi @Nupagazy,

yes, using the postman TAXII library is a good way to test the TAXII feeds:

https://gist.github.com/jtschichold/65ee13d29038f78e220d75e6668eeea1

  • 7378 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!