This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ArcSight STIX/TAXII Client v2 is now available

The ArcSight STIX/TAXII Client v2 is now available.

This version includes two clients for STIX/TAXII v1.x and v2.x

arcsight-taxii-client is for v1.x

arcsight-taxii-client2 is for v2.x

arcsight-taxii-client2 will convert the STIX 2 patterns to indicators.

Download the ArcSight STIX/TAXII Client here

Read the Documentation here

 

A special thanks to  and  for testing the latest release.

  • 0

    Hi, I am getting the following error after installing the v2 client [ python version is 3.6.9 and pip3 version is # python3 -m pip --version
    pip 20.0.2 from /usr/local/lib/python3.6/dist-packages/pip (python 3.6)] [ I am using the Ubuntu on Windows subsystem for Linux for python 3.6 and Kali for WSL for python 2.7 ] :

    :~# arcsight-taxii-client -v
    Traceback (most recent call last):
    File "/usr/local/bin/arcsight-taxii-client", line 5, in <module>
    from arcsight_stix_taxii.client import main
    File "/usr/local/lib/python3.6/dist-packages/arcsight_stix_taxii/client.py", line 24, in <module>
    from arcsight_stix_taxii.clients import STIXClient, TaxiiClient
    File "/usr/local/lib/python3.6/dist-packages/arcsight_stix_taxii/clients/__init__.py", line 4, in <module>
    from arcsight_stix_taxii.clients.taxii_client2 import TaxiiClient2
    File "/usr/local/lib/python3.6/dist-packages/arcsight_stix_taxii/clients/taxii_client2.py", line 1, in <module>
    from taxii2client import Server, Collection, TAXIIServiceException
    ImportError: cannot import name 'TAXIIServiceException'

     

    I tried installing on a separate system with python 2.7 and am getting another error while installation itself :

     

    Running setup.py install for subprocess32 ... error
    ERROR: Command errored out with exit status 1:
    command: /usr/bin/python -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-wwEk50/subprocess32/setup.py'"'"'; __file__='"'"'/tmp/pip-install-wwEk50/subprocess32/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-9DYVDX/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/include/python2.7/subprocess32

     

     

  • 0 in reply to 
    I suggest you try the misp connector 7.14 instead which comes for free and easy to install and integrate with ESm
  • 0

    @Bart  

    Has the requirements file been updated ? I get the following error when trying to install.

    I have a standard OS install of python 3.6 and pip3,setuptools and wheel 

    When I try to install arcsight_stix_taxii.zip with pip3 I am getting the following error :

     

    THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
    cybox from   (from arcsight-stix-taxii==2.4.0):
    Expected sha256 19a588bcdce8f3a088f7d5edd3e8862c11b701bb3d64257b18f3092deb9c3b7a
    Got 9fbf8a78c27ee8ce4e5fcd9749cf99d0e2373347a6eff811c34979e539ddeeef

    lxml from   (from arcsight-stix-taxii==2.4.0):
    Expected sha256 ebec08091a22c2be870890913bdadd86fcd8e9f0f22bcb398abd3af914690c15
    Got f9b9551c542bc50510b56a5f3e95587965e28ec789959b359c8f8a82955145e9

    pytz from   (from arcsight-stix-taxii==2.4.0):
    Expected sha256 1c557d7d0e871de1f5ccd5833f60fb2550652da6be2693c1e02300743d21500d
    Got 383ae524c6094265647b46f76dfdc36ecd120478fb75449d8f61625b1eadc31b

     

  • 0 in reply to 

    did you ever get an answer on this? as I have the same error

     

    Traceback (most recent call last):
      File "/usr/local/bin/arcsight-taxii-client", line 11, in <module>
        load_entry_point('arcsight-stix-taxii==2.4.0', 'console_scripts', 'arcsight-taxii-client')()
      File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 476, in load_entry_point
        return get_distribution(dist).load_entry_point(group, name)
      File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 2700, in load_entry_point
        return ep.load()
      File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 2318, in load
        return self.resolve()
      File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 2324, in resolve
        module = __import__(self.module_name, fromlist=['__name__'], level=0)
      File "/usr/local/lib/python3.6/site-packages/arcsight_stix_taxii-2.4.0-py3.6.egg/arcsight_stix_taxii/client.py", line 24, in <module>
        from arcsight_stix_taxii.clients import STIXClient, TaxiiClient
      File "/usr/local/lib/python3.6/site-packages/arcsight_stix_taxii-2.4.0-py3.6.egg/arcsight_stix_taxii/clients/__init__.py", line 4, in <modul
        from arcsight_stix_taxii.clients.taxii_client2 import TaxiiClient2
      File "/usr/local/lib/python3.6/site-packages/arcsight_stix_taxii-2.4.0-py3.6.egg/arcsight_stix_taxii/clients/taxii_client2.py", line 1, in <
        from taxii2client import Server, Collection, TAXIIServiceException
    ImportError: cannot import name 'TAXIIServiceException'

     

    is this module actually missing? I removed it from client2.py and the client started successfully however it hangs on Discovery and there is no network traffic

  • 0

    Is there any changes to the STIX/TAXII integration for ArcSight?
    The client is no longer available in the Fos Wiki and the Marketplace L1 Threat Intelligence documentation page stop at Step 1