STIX/TAXII feed not working for otx.alienvault.com
cancel
Showing results for 
Search instead for 
Did you mean: 

STIX/TAXII feed not working for otx.alienvault.com

L2 Linker

Hello,

 

I tried to create a STIX/TAXII miner for otx.alienvault.com. I used the default MineMeld taxii client for this(minemeld.ft.taxii.TaxiiClient) and the new client minemeld-taxii-ng(taxiing.Miner).

 

The first client does returns the error ' module object has no attribute 'sslwrap''.
The second returns a 406 client error, which leads me to assume that something is off the accept header.

When trying another server like hailataxii.com the second client(ng) works fine. The first client does not give a SSL error but does not load IOC's.

 

In all cases, when I use cabby it works.

 

So my questions are:

  1. Why does the first Taxii client not work and why the sslwrap error?
  2. Why does the second client return a 406?
  3. Since cabby works pretty well: can it be turned into a node? It would remove the need for a custom STIX client.
  4. Why does the new Taxii client(ng) not use libtaxii anymore? Cabby uses that as well.

Hope you can help me.

 

Best regards,

 

Folmer

10 REPLIES 10

Didnt work. I have messaged the vendor at this point seeing that the FSISAC feed works well. It appears the issue is with this OTX feed, the IOCs are coming in, they go to the aggregator to the output from there is where the issue lies.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!