I’m’ just curious – SWIFT has offered recently for all members TAXII interface to poll IOCs via https://taxii.swift.com/taxii
Feed is not open for everybody – each member must request access to it individually, so it’s not easy to test it. Has anybody already tried it? My simple attempt to use “minemeld.ft.taxii.TaxiiClient” class to build own prototype failed.
After defining username, password, discovery URL, collection - >I can only see the error message in nodes list.
<urlopen error [Errno 0] _ssl.c:344: error:00000000:lib(0):func(0):reason(0)>
SWIFT suggest to use Cabby Python library
STIX version used is 1.2
Any ideas suggestions, experience?
P.S. MineMeld is a great tool!
I haven't tested the SWIFT feed yet. If you are interested in working on this together, could you send me an email at firstname.lastname@example.org or a message over the pan-community Slack team?
I'm playing now with Anomali STAXX Version 3.4 as TAXII client - hope to see this working first. I hope, this is the easy way to start with.
Right now it looks like SWIFT has not defined all required permissions for tools using "Discovery" logic
I have an open case with SWIFT, Case N: 11074471 - if you need the reference. Investigation is in progress.
I will come back to MineMeld as soon as I see STAXX working.
Just a quick update from my side – feed still doesn’t work with basic Anomaly STAXX client configuration
SWIFT and Anomaly working with joined efforts to find a solution here.
As soon as I test it on our STAXX instance – we can continue with MineMeld configuration
Just a quick update from my side. Even though the news is rather frustrating:
It looks like SWIFT accept TAXII v2.0 only and both system struggle to support this protocol.
Does anybody know anything about TAXII v2.0 support in MineMeld?
Have a great, stable day
If it' relevant for anybody - I have jests tested:
- fresh Ubuntu 16 LTSB installation with all security patches
- Minemeld 0.9.70
- Downloaded new TAXII miner, following instructions from https://live.paloaltonetworks.com/t5/minemeld-discussions/fs-isac-new-stix-taxii-feeds/td-p/334068 (ver. 0.2a4 is fine)
All works fine as I can see
Good luck for everybody
Config of the SWIFT ISAC prototype:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!