TruStar IT-ISAC prototype?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

TruStar IT-ISAC prototype?

L3 Networker

Hi,

 

I was wondering if any has been working on a Prototype to integrate IT-ISAC feed from TruStar (https://info.trustar.co/it-isac).

 

As far as I now, this is a traditional TAXII server, not aware if they have an API too. I'll try to get more detailed information on how exactly works in the meantime.

 

EDIT:

 

They seem to support both: STIX TAXII

https://support.trustar.co/article/4m9gheuiye-stix-taxii

 

And also: TruSTAR API:

https://support.trustar.co/article/9u4paxdtdj-api

 

 

Any orientation idea on how to handle this o nthe best way?

8 REPLIES 8

L3 Networker

Not sure if it's a MineMeld problem, but to me it looks  so: I created the prototype and the node, and the response I get is that "collection-indicator-IP" is not a data feed:

 

image.png

 

Here is how the prototype is creeated:

image.png

 

 

And this is to proof that in fact, the "collection-indicator-ip" is correct:

 

root@serverhostname:/opt/minemeld/engine/current/bin$ python discovery_client.py -u http://ec2-54-196-128-53.compute-1.amazonaws.com:9000/services/discovery --username MYUSERNAME --pass MYPASSOWRD

 

                Request:

                Message Type: Discovery_Request
                Message ID: 4203895577307978170

                Response:

                Message Type: Discovery_Response
                Message ID: 55451668084176614; In Response To: 4203895577307978170
                  === Service Instance ===
                    Service Type: POLL
                    Service Version: urn:taxii.mitre.org:services:1.1
                    Protocol Binding: urn:taxii.mitre.org:protocol:http:1.0
                    Service Address: http://ec2-54-196-128-53.compute-1.amazonaws.com:9000/services/poll
                    Message Binding: urn:taxii.mitre.org:message:xml:1.0
                    Message Binding: urn:taxii.mitre.org:message:xml:1.1
                    Available: True
                    Message: Trustar indicator Poll Service description
                  === Service Instance ===
                    Service Type: DISCOVERY
                    Service Version: urn:taxii.mitre.org:services:1.1
                    Protocol Binding: urn:taxii.mitre.org:protocol:http:1.0
                    Service Address: http://ec2-54-196-128-53.compute-1.amazonaws.com:9000/services/discovery
                    Message Binding: urn:taxii.mitre.org:message:xml:1.0
                    Message Binding: urn:taxii.mitre.org:message:xml:1.1
                    Available: True
                    Message: Trustar Discovery Service description
                  === Service Instance ===
                    Service Type: COLLECTION_MANAGEMENT
                    Service Version: urn:taxii.mitre.org:services:1.1
                    Protocol Binding: urn:taxii.mitre.org:protocol:http:1.0
                    Service Address: http://ec2-54-196-128-53.compute-1.amazonaws.com:9000/services/collection-management
                    Message Binding: urn:taxii.mitre.org:message:xml:1.0
                    Message Binding: urn:taxii.mitre.org:message:xml:1.1
                    Available: True
                    Message: Trustar Collection Management Service description

Here you can see the collection name I was trying to get:

 

python   poll_client.py   -u http://ec2-54-196-128-53.compute-1.amazonaws.com:9000/services/poll   --collection collection-indicator-IP   --username   MYUSERNAME   --pass   MYPASSOWRD
                Request:

                Message Type: Poll_Request
                Message ID: 7865602248409736023
                  Collection Name: collection-indicator-IP
                  Excl. Begin TS Label: None
                  Incl. End TS Label: None
                  === Poll_Parameters ===
                    Response type: FULL

                Response:

                Message Type: Poll_Response
                Message ID: 8841819107543743118; In Response To: 7865602248409736023
                  Collection Name: collection-indicator-IP
                  More: False
                  Result ID: None
                  Result Part Num: 1
                  === Record Count ===
                    Record Count: 0
                  === Content Block ===
                    Content Binding: urn:stix.mitre.org:xml:1.1>IP
                    Content length: 44553
                    (Content not printed for brevity)
                    Timestamp Label: 2018-03-13 16:33:34.962403+00:00
                    Message: None
                    Padding: None

                File created: collection-indicator-IP_STIX11_t2018_03_13T16_33_34_962403_00_00.xml

 

Am I doing something wrong? What do you think?

 

Try changing your discovery_service to https://taxii.trustar.co/services/discovery

Hi jt1025, thanks for the response.

 

Already did that, and I was facing another issue (with certificate):

 

I cloned the existent Prototype called "hailataxii.collection-indicator-IP" and adapt it:

 

 

age_out:
    default: last_seen+30d
    sudden_death: false
attributes:
    confidence: 30
    share_level: green
collection: collection-indicator-IP
discovery_service: https://taxii.trustar.co/services/discovery
password: [MY_PASSWORD]
source_name: trustar.auth.itisac
username: [MY_USERNAME]

 

 

Once created and commited, it asks for "Server CA":

mm1.png

 

I download the PEM:

openssl s_client -showcerts -connect taxii.trustar.co:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >mycertfile.pem

And add it to the Node. And it shows a "certificate verify falied" error:

 

mm6.png

 

This is the content of the certificate I uploaded:

 

# cat mycertfile.pem

-----BEGIN CERTIFICATE-----
MIIEfjCCA2agAwIBAgIQAd5Scml3lPKsQBUC/I64cTANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xNzA3MTMwMDAwMDBaFw0xODA4MTMx
MjAwMDBaMBUxEzARBgNVBAMTCnRydXN0YXIuY28wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDd4HxS79H76zw61qpcZghrnARQ6ASTXVvmnAemVzzznpGZ
VUOShRjknBXhhjJPQ9DlJlN9lN2co0cIAhCP5UL/ny+QrE1lgqefg93PahwjR0tn
AZalmXLqjwS6nkiw4tDhjM5ePfAoIhX/Z2IRmQ5pFOQPbD+fgJF3JHxmHb8S2XGE
6BHTGU1ayN19VB0TskkM3rNQ+BYK1i+ehBE61UaLj3AUs5PUqG/0HEDw90ngd1WF
t+NDezQdukamYFN+sGtB4WFS2xPX0e4g5ddRVoSVecN11Q+7KjHZMpt+VQ5kF07x
s8aj0+4QSUysHNdsHZZY1KD5PrHC1C9qLJaUWIBnAgMBAAGjggGXMIIBkzAfBgNV
HSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUmuTVKlqdhGHN
veZcV36WQGMFmQowSwYDVR0RBEQwQoIKdHJ1c3Rhci5jb4IOd3d3LnRydXN0YXIu
Y2+CDCoudHJ1c3Rhci5jb4IWc3RhZ2luZy5hcGkudHJ1c3Rhci5jbzAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0
MDIwMKAuoCyGKmh0dHA6Ly9jcmwuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFi
LmNybDATBgNVHSAEDDAKMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYB
BQUHMAGGIWh0dHA6Ly9vY3NwLnNjYTFiLmFtYXpvbnRydXN0LmNvbTA2BggrBgEF
BQcwAoYqaHR0cDovL2NydC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3J0
MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAEBTYJ00exP2r9fT9ozb
fpJ+k5fWkADnWZgdMuFB5rS0Zkk76hnHNoJGeYi/fG1JZ6X65w+5MVxt8ZJJkCwz
k/zN7waO1fMjAHzDC1KExzpxfCNzE2gA3dP0CekR08yM6BG4Rma7pYpHqNR2Cc23
ngpCD8EY2lWLxu/iGx8jI1GlGJZVJlLSSBfjcOm+NTeXcYpEiPnZNbFlR2Q8ilNH
pQQZNZ4WwVLehXg9B2ea9n2OuTGwZ0jj+gadLAqNjhzJInYG+m4C6I9V2arMAFzx
Jc11M8eXZfCit35MfGXquJKWXkzQxh66IycLYBHhNvhq/SoKe0SffGjbBEpsb0/j
zmc=
-----END CERTIFICATE-----

 

Any ideas?

 

 

Hi @MarcelST,

 

looks like you've imported the TruStar certificate (Subject: CN=trustar.co) instead of the one from the CA that issued it (Amazon)

 

Previously I already tried to import the full chain of certificates with the same result.

 

Now just tried to generate and import a .PEM file with each one of the following 4 certificates, didn't work, same error:

 

---
Certificate chain
 0 s:/CN=trustar.co
   i:/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
-----BEGIN CERTIFICATE-----
MIIEfjCCA2agAwIBAgIQAd5Scml3lPKsQBUC/I64cTANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xNzA3MTMwMDAwMDBaFw0xODA4MTMx
MjAwMDBaMBUxEzARBgNVBAMTCnRydXN0YXIuY28wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDd4HxS79H76zw61qpcZghrnARQ6ASTXVvmnAemVzzznpGZ
VUOShRjknBXhhjJPQ9DlJlN9lN2co0cIAhCP5UL/ny+QrE1lgqefg93PahwjR0tn
AZalmXLqjwS6nkiw4tDhjM5ePfAoIhX/Z2IRmQ5pFOQPbD+fgJF3JHxmHb8S2XGE
6BHTGU1ayN19VB0TskkM3rNQ+BYK1i+ehBE61UaLj3AUs5PUqG/0HEDw90ngd1WF
t+NDezQdukamYFN+sGtB4WFS2xPX0e4g5ddRVoSVecN11Q+7KjHZMpt+VQ5kF07x
s8aj0+4QSUysHNdsHZZY1KD5PrHC1C9qLJaUWIBnAgMBAAGjggGXMIIBkzAfBgNV
HSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUmuTVKlqdhGHN
veZcV36WQGMFmQowSwYDVR0RBEQwQoIKdHJ1c3Rhci5jb4IOd3d3LnRydXN0YXIu
Y2+CDCoudHJ1c3Rhci5jb4IWc3RhZ2luZy5hcGkudHJ1c3Rhci5jbzAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0
MDIwMKAuoCyGKmh0dHA6Ly9jcmwuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFi
LmNybDATBgNVHSAEDDAKMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYB
BQUHMAGGIWh0dHA6Ly9vY3NwLnNjYTFiLmFtYXpvbnRydXN0LmNvbTA2BggrBgEF
BQcwAoYqaHR0cDovL2NydC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3J0
MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAEBTYJ00exP2r9fT9ozb
fpJ+k5fWkADnWZgdMuFB5rS0Zkk76hnHNoJGeYi/fG1JZ6X65w+5MVxt8ZJJkCwz
k/zN7waO1fMjAHzDC1KExzpxfCNzE2gA3dP0CekR08yM6BG4Rma7pYpHqNR2Cc23
ngpCD8EY2lWLxu/iGx8jI1GlGJZVJlLSSBfjcOm+NTeXcYpEiPnZNbFlR2Q8ilNH
pQQZNZ4WwVLehXg9B2ea9n2OuTGwZ0jj+gadLAqNjhzJInYG+m4C6I9V2arMAFzx
Jc11M8eXZfCit35MfGXquJKWXkzQxh66IycLYBHhNvhq/SoKe0SffGjbBEpsb0/j
zmc=
-----END CERTIFICATE-----
 1 s:/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
   i:/C=US/O=Amazon/CN=Amazon Root CA 1
-----BEGIN CERTIFICATE-----
MIIESTCCAzGgAwIBAgITBn+UV4WH6Kx33rJTMlu8mYtWDTANBgkqhkiG9w0BAQsF
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
b24gUm9vdCBDQSAxMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjEL
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENB
IDFCMQ8wDQYDVQQDEwZBbWF6b24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDCThZn3c68asg3Wuw6MLAd5tES6BIoSMzoKcG5blPVo+sDORrMd4f2AbnZ
cMzPa43j4wNxhplty6aUKk4T1qe9BOwKFjwK6zmxxLVYo7bHViXsPlJ6qOMpFge5
blDP+18x+B26A0piiQOuPkfyDyeR4xQghfj66Yo19V+emU3nazfvpFA+ROz6WoVm
B5x+F2pV8xeKNR7u6azDdU5YVX1TawprmxRC1+WsAYmz6qP+z8ArDITC2FMVy2fw
0IjKOtEXc/VfmtTFch5+AfGYMGMqqvJ6LcXiAhqG5TI+Dr0RtM88k+8XUBCeQ8IG
KuANaL7TiItKZYxK1MMuTJtV9IblAgMBAAGjggE7MIIBNzASBgNVHRMBAf8ECDAG
AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUWaRmBlKge5WSPKOUByeW
dFv5PdAwHwYDVR0jBBgwFoAUhBjMhTTsvAyUlC4IWZzHshBOCggwewYIKwYBBQUH
AQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5yb290Y2ExLmFtYXpvbnRy
dXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDovL2NydC5yb290Y2ExLmFtYXpvbnRy
dXN0LmNvbS9yb290Y2ExLmNlcjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3Js
LnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jvb3RjYTEuY3JsMBMGA1UdIAQMMAow
CAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IBAQCFkr41u3nPo4FCHOTjY3NTOVI1
59Gt/a6ZiqyJEi+752+a1U5y6iAwYfmXss2lJwJFqMp2PphKg5625kXg8kP2CN5t
6G7bMQcT8C8xDZNtYTd7WPD8UZiRKAJPBXa30/AbwuZe0GaFEQ8ugcYQgSn+IGBI
8/LwhBNTZTUVEWuCUUBVV18YtbAiPq3yXqMB48Oz+ctBWuZSkbvkNodPLamkB2g1
upRyzQ7qDn1X8nn8N8V7YJ6y68AtkHcNSRAnpTitxBKjtKPISLMVCx7i4hncxHZS
yLyKQXhw2W2Xs0qLeC1etA+jTGDK4UfLeC0SF7FSi8o5LL21L8IzApar2pR/
-----END CERTIFICATE-----
 2 s:/C=US/O=Amazon/CN=Amazon Root CA 1
   i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgITBn+USionzfP6wq4rAfkI7rnExjANBgkqhkiG9w0BAQsF
ADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNj
b3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4x
OzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1
dGhvcml0eSAtIEcyMB4XDTE1MDUyNTEyMDAwMFoXDTM3MTIzMTAxMDAwMFowOTEL
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
jgSubJrIqg0CAwEAAaOCATEwggEtMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
BAQDAgGGMB0GA1UdDgQWBBSEGMyFNOy8DJSULghZnMeyEE4KCDAfBgNVHSMEGDAW
gBScXwDfqgHXMCs4iKK4bUqc8hGRgzB4BggrBgEFBQcBAQRsMGowLgYIKwYBBQUH
MAGGImh0dHA6Ly9vY3NwLnJvb3RnMi5hbWF6b250cnVzdC5jb20wOAYIKwYBBQUH
MAKGLGh0dHA6Ly9jcnQucm9vdGcyLmFtYXpvbnRydXN0LmNvbS9yb290ZzIuY2Vy
MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwucm9vdGcyLmFtYXpvbnRydXN0
LmNvbS9yb290ZzIuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsF
AAOCAQEAYjdCXLwQtT6LLOkMm2xF4gcAevnFWAu5CIw+7bMlPLVvUOTNNWqnkzSW
MiGpSESrnO09tKpzbeR/FoCJbM8oAxiDR3mjEH4wW6w7sGDgd9QIpuEdfF7Au/ma
eyKdpwAJfqxGF4PcnCZXmTA5YpaP7dreqsXMGz7KQ2hsVxa81Q4gLv7/wmpdLqBK
bRRYh5TmOTFffHPLkIhqhBGWJ6bt2YFGpn6jcgAKUj6DiAdjd4lpFw85hdKrCEVN
0FE6/V1dN2RMfjCyVSRCnTawXZwXgWHxyvkQAiSr6w10kY17RSlQOYiypok1JR4U
akcjMS9cmvqtmg5iUaQqqcT5NJ0hGA==
-----END CERTIFICATE-----
 3 s:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2
   i:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
-----BEGIN CERTIFICATE-----
MIIEdTCCA12gAwIBAgIJAKcOSkw0grd/MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVTMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIw
MAYDVQQLEylTdGFyZmllbGQgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTAeFw0wOTA5MDIwMDAwMDBaFw0zNDA2MjgxNzM5MTZaMIGYMQswCQYDVQQGEwJV
UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UE
ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE7MDkGA1UEAxMyU3RhcmZp
ZWxkIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVDDrEKvlO4vW+GZdfjohTsR8/
y8+fIBNtKTrID30892t2OGPZNmCom15cAICyL1l/9of5JUOG52kbUpqQ4XHj2C0N
Tm/2yEnZtvMaVq4rtnQU68/7JuMauh2WLmo7WJSJR1b/JaCTcFOD2oR0FMNnngRo
Ot+OQFodSk7PQ5E751bWAHDLUu57fa4657wx+UX2wmDPE1kCK4DMNEffud6QZW0C
zyyRpqbn3oUYSXxmTqM6bam17jQuug0DuDPfR+uxa40l2ZvOgdFFRjKWcIfeAg5J
Q4W2bHO7ZOphQazJ1FTfhy/HIrImzJ9ZVGif/L4qL8RVHHVAYBeFAlU5i38FAgMB
AAGjgfAwge0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0O
BBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMB8GA1UdIwQYMBaAFL9ft9HO3R+G9FtV
rNzXEMIOqYjnME8GCCsGAQUFBwEBBEMwQTAcBggrBgEFBQcwAYYQaHR0cDovL28u
c3MyLnVzLzAhBggrBgEFBQcwAoYVaHR0cDovL3guc3MyLnVzL3guY2VyMCYGA1Ud
HwQfMB0wG6AZoBeGFWh0dHA6Ly9zLnNzMi51cy9yLmNybDARBgNVHSAECjAIMAYG
BFUdIAAwDQYJKoZIhvcNAQELBQADggEBACMd44pXyn3pF3lM8R5V/cxTbj5HD9/G
VfKyBDbtgB9TxF00KGu+x1X8Z+rLP3+QsjPNG1gQggL4+C/1E2DUBc7xgQjB3ad1
l08YuW3e95ORCLp+QCztweq7dp4zBncdDQh/U90bZKuCJ/Fp1U1ervShw3WnWEQt
8jxwmKy6abaVd38PMV4s/KCHOkdp8Hlf9BRUpJVeEXgSYCfOn8J3/yNTd126/+pZ
59vPr5KW7ySaNRB6nJHGDn2Z9j8Z3/VyVOEVqQdZe4O/Ui5GjLIAZHYcSNPYeehu
VsyuLAOQ1xk4meTKCRlb/weWsKh/NEnfVqn3sF/tM+2MR7cwA130A4w=
-----END CERTIFICATE-----

 

I have tried some other things like importing the certificate directly to the server, running out of ideas.

 

Not sure if you're still struggling with this but I was able to get it working using the minemeld-taxii-ng update detailed here"
https://live.paloaltonetworks.com/t5/MineMeld-Discussions/Minemeld-TAXII-ISAC/m-p/215968#M2210

Taxii.JPG

Thanks for noticing @Xavi_Gil solution. Anyway, I was able to solve it some weeks ago after reporting to TruStar some issues they had with they (very new and not tested?) platform.

 

Their service was initially defined as HTTPS, but after running the discovery they were using HTTP links instead of HTTPS, which was causing a timeout when trying to retrieve collections. After they solved this, all started working properly.

@MarcelST  Can you please share your latest miner config?

  • 8529 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!