This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Announcing STIX/TAXII Support in the Activate Threat Intelligence Solution

When we met at Protect in September, you were pretty clear that adding STIX/TAXII support to the Activate Threat Intelligence package should be a priority. Today, we are happy to announce the first release of this support, enabling you to take advantage of the Activate Threat Intelligence use cases by integrating your STIX/TAXII server of choice.

Here are the highlights of the current release:

  • Configure the new Activate STIX/TAXII script to point to any STIX1.2/TAXII 1.1 compliant TAXII Server.   We tested with “hail a taxi”, Anomali Limo, and, AlienVault OTX.
  • The STIX/TAXII script populates the existing Activate Threat Intelligence Active Lists with all of the STIX Indicators in all the TAXII Collections at that server.
  • The Activate Threat Intelligence Use Cases work exactly as before, without any change.

Upcoming releases will focus on at least the following big items:

  • Extend support to more advanced objects in the STIX model; in particular Campaigns, Threat Actors, and TTPs. With the fuller STIX model inside ESM, we can give Analysts this richer context to work with when conducting alert triage. 
  • Enable bi-directional sharing of threat intelligence be allowing the push of STIX objects to the TAXII server.

As a community driven effort, we value your feedback and contributions to improve our STIX/TAXII support in ArcSight.

Start your exploration of the latest Activate Threat Intelligence solution here.

Labels:

Announcement
Parents
  • 0

    Can someone please provide the script for Anomali Limo, password is not being accepted by the phyton client.

     

    C:\arcsight-taxii-client limo.anomali.com /api/v1/taxii/taxii-discovery-service/ --auto --auth basic --username guest --password guest --poll Malware_Dom

    ain_List___Hotlist_F200 --begin 2018-05-01 --end 2018-07-08 --output E:\Logs

    usage: arcsight-taxii-client [-h] [--port PORT]

                                 [--discover | --collection | --poll POLL | --stix-file STIX_FILE]

                                 [--begin BEGIN] [--end END]

                                 [--today | --days DAYS | --hours HOURS]

                                 [--no-https] [--proxy PROXY] [--auth {basic}]

                                 [-u USERNAME] [-p] [--key-file KEY_FILE]

                                 [--cert-file CERT_FILE]

                                 [--itype ITYPE | --use-ttp USE_TTP]

                                 [--producer PRODUCER] [--score SCORE]

                                 [--confidence {low,medium,high}]

                                 [--tlp-color {white,green,amber,red}]

                                 [--group GROUP] [--relevance RELEVANCE]

                                 [--reference REFERENCE]

                                 [--reference_tlp {white,green,amber,red}]

                                 [--conf CONF] [--output OUTPUT] [--log LOG]

                                 [--auto] [--memory] [--us-cert] [--active-list]

                                 [--cifv2] [--create-config CREATE_CONFIG]

                                 [--silent | --debug] [-s {stixtaxii,cifv2}] [-v]

                                 [hostname] [path]

    arcsight-taxii-client: error: unrecognized arguments: guest

Reply
  • 0

    Can someone please provide the script for Anomali Limo, password is not being accepted by the phyton client.

     

    C:\arcsight-taxii-client limo.anomali.com /api/v1/taxii/taxii-discovery-service/ --auto --auth basic --username guest --password guest --poll Malware_Dom

    ain_List___Hotlist_F200 --begin 2018-05-01 --end 2018-07-08 --output E:\Logs

    usage: arcsight-taxii-client [-h] [--port PORT]

                                 [--discover | --collection | --poll POLL | --stix-file STIX_FILE]

                                 [--begin BEGIN] [--end END]

                                 [--today | --days DAYS | --hours HOURS]

                                 [--no-https] [--proxy PROXY] [--auth {basic}]

                                 [-u USERNAME] [-p] [--key-file KEY_FILE]

                                 [--cert-file CERT_FILE]

                                 [--itype ITYPE | --use-ttp USE_TTP]

                                 [--producer PRODUCER] [--score SCORE]

                                 [--confidence {low,medium,high}]

                                 [--tlp-color {white,green,amber,red}]

                                 [--group GROUP] [--relevance RELEVANCE]

                                 [--reference REFERENCE]

                                 [--reference_tlp {white,green,amber,red}]

                                 [--conf CONF] [--output OUTPUT] [--log LOG]

                                 [--auto] [--memory] [--us-cert] [--active-list]

                                 [--cifv2] [--create-config CREATE_CONFIG]

                                 [--silent | --debug] [-s {stixtaxii,cifv2}] [-v]

                                 [hostname] [path]

    arcsight-taxii-client: error: unrecognized arguments: guest

Children
No Data