Hi! Been testing the product for a couple of weeks, and I really am impressed, but while the TAXII/STIX miners work well from HailATAXII, I'm trying to feed output from my aggregator into a TAXII output to push to other tools down the line that can ingest the indicators and match them up from what comes out of our internal malware analysis. (Shows if we have to dig deeper or we have a known bad junk file to up the counter upon.)
However, in looking through the NGINX output, I can't find the discovery service or the feeds. Save me from being run over by a TAXII! :)
I developed a simple POstman collection for exactly this purpose: https://gist.github.com/jtschichold/65ee13d29038f78e220d75e6668eeea1
Could you check it ?
I did check it out, and while it is working, it's only after disabling ssl checking in Postman that I get the output I'm expecting.
Hence my next problem. Because I'm specifying https: in my URL, my taxii ingest to my secondary product is attempting to validate ssl, and has no way of overriding from default.
any way you can create a certificate for MineMeld that can be validated by the TAXII client product ?
If you can do that you can easily install it on the MineMeld instance.
I built the TAXII output node using prototype stdlib.taxiiDataFeed . Node has 4 indicators. I did test POST taxii-recovery service using script from github :
I can only guess the response is ok ( 200 OK) (screenshot attached).
How can I get the indicators from this node using TAXII ?
yes, using the postman TAXII library is a good way to test the TAXII feeds:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!