Anyone used minemeld with STIX and TAXII? While we pretty familure with STIX/TAXII - only just booted minemeld for the first time.
yes, there are some MineMeld instances out there retrieving indicators via STIX/TAXII, from TIPs mainly.
There are a couple of prototypes for hailataxii feeds in the prototype library you can check as examples.
Let me know if you need some help in setting up the TAXII Miner.
Thanks for the quick response lmori.
I'll have a look at setting up a miner and see how i get on.
We do require both username/password as well as a client certificate for our taxii server - any idea if that is supported?
It is required yeah.
Is this all python under the covers? In which case if its using the python taxii libs its supported - so might be an easy fix.
If its something else im happy to take a look.
under the cover is mostly python, and yes the lib already supports it. It is just that the option is not exposed via config and it is easy an easy fix.
I have created an ER to track this, minemeld-core ER#13
exposing the option via prototype is easy, it will be a bit more complex exposing the option via the WebUI.
If you are ok in logging in to the VM to upload the cert, this will land in the next minor release. Otherwise, if you need the WebUI immiediately, you will have to wait a bit more.
But if you want to look at the code yourself, you are welcome :-) Just check the code in /opt/minemeld/engine/current/lib/python2.7/site-packages/minemeld/ft/taxii.py
When MineMeld will be made Open Source this will be way easier :-)
Thanks so much mate - and sorry for the delay in response.
I'll configure a new miner off the halitaxii prototype and let you know how i go.
If i create a new prototype - is that local - or does it get pushed back up somwhere for others to see?
1) nothing is shared automatically by MineMeld
2) if you create a new prototype using the NEW button, it will be saved locally in a separate directory. This way it won't be overridden at the next update.
Please, let me know if you need more details about the TAXII prototype.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!