TAXII V2
App Vendor: TAXII
Connector Category: Data Enrichment and Threat Intelligence
App Version in Orchestrate: 1.1.0
API Version: 1.0.0
About App
The TAXII 2.x app allows security teams to integrate with the TAXII 2.x enterprise application to discover, collect, poll and push data from/to a TAXII 2.x server. Security analysts can use this app to ensure a secure, consistent, and automated exchange of the STIX data (cyber threat information). The cyber threat information is grouped (structured) and available as Data Collections that can be exchanged using TAXII.
The TAXII 2.x app is configured with the Orchestrate application to perform the following actions:
Action | Description |
|---|---|
Poll Single Collection | This action requests information from a TAXII server. |
Get Collections | This action retrieves all the available collections from the TAXII server. |
Poll Collections | This action requests information about all the available data collections from the TAXII server from a particular date.. |
Inbox Request | This action submits an inbox request to push information to a TAXII server. |
Configuration Parameters
The following configuration parameters are required for the TAXII 2.x app to communicate with the TAXII 2.x enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
TAXII Base URL | Enter the entire TAXII base URL along with the discovery URL. Example: "https://baseurl.com/taxii2/discovery/" | Text | Required | Discovery URL is used by a TAXII client to discover available TAXII services. |
TAXII Username | Enter the TAXII username. Example: sampleusername | Text | Required | |
TAXII Password | Enter the TAXII password. | Password | Required |
Action: Poll Single Collection
This action requests information from a TAXII server using the TAXII URL.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Collection URL | Enter the TAXII 2 collection URL to poll. Example: "https://testURL.com/api/collections/1234-5678-9876-7376" | Text | Required | |
Date after to Poll From | Enter the date from which the data must be polled from the TAXII server. Format: yyyy-mm-dd format Example: "2020-02-12" | Text | Optional |
Example Request
[
{
"date_after": "2002-12-12",
"collection_url": "https://test.cyware.com/ctixapi/collections/87a9-f293-4680-aa02-d543a/"
}
]Action: Get Collections
This action retrieves all the available collections from the TAXII server.
Action Input Parameters
This action does not require any input parameters.
Action: Poll Collections
This action polls to request information about all the available data collections from the TAXII server from a particular date.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Date to Poll From | Enter the date from which the data must be polled from the TAXII server. Format: yyyy-mm-dd format Example: "2020-02-12" | Text | Required |
Example Request
[
{
"date_after": "2010-12-12",
}
]Action: Inbox request
This action submits an inbox request to push information to a TAXII server.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
STIX object | Enter the STIX data in JSON format to push to the TAXII server. | Text | Required |
Example Request
[
{
"stix_bundle":"{\"objects\": [{\"id\": \"a9e5-3bd2-41bb-b543-05341\", \"lang\": \"en\",\"name\": \"CTIX\",\"type\": \"identity\", \"spec_version\": \"2.1\",\"created\": \"2021-06-02T05:58:46.325759Z\"}]"
}
]