This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L1-Threat Intelligence - Indicators and Warnings

This is the official forum for discussing the basic ArcSight Activate L1-Threat Intelligence - Indicators and Warnings package, as described in the Activate Wiki.

Version 1.1.0.0 TI: (L1-Threat_Intelligence_-_Indicators_and_Warnings_1.1.0.0.arb)

Modified Resources:

/All Rules/ArcSight Activate/Solutions/Threat Intelligence/Indicators and Warnings/Populate Suspicious Address List

--
Prentice S. Hayes
Principal Product Manager | Cybersecurity Enterprise, Security Analytics
OpenText Cybersecurity

LinkedIn: https://www.linkedin.com/in/prenticeshayes/ 

Website: https://www.opentext.com/

Parents
  • 0

    Hi Community,

    I've install a STIX/TAXII server and tried polling for 1 specific collection. It's currently still running and it has been more than 1 hour now.

    1. Has anyone tried using a Stix/Taxii polling? How long does it usually take to finish one collection?
    2. Is there a minimum specs requirement for the server? Does this affect the performance of the polling?

    Thanks! :) 

     

  • 0 in reply to 

    Actually it depends on the data. which collection are you trying to download? It was working normal when I was using it.

     

  • 0 in reply to 

    Hi Mr. Eugene,

    Thank you for the answer,

    The poll is now finish. It took around 4.5 hours.

    I used the HAILATAXII.COM site and polled the Abuse_ch collection.

     

    Thank.

Reply Children
  • 0 in reply to 

    If you don't specify a begin date, it pulls all the data. If the data is big, it takes long time to complete. I used the following command and it was completed in seconds.

    arcsight-taxii-client hailataxii.com /taxii-discovery-service --no-https --auto --auth basic --username guest --poll guest.Abuse_ch --today --output /tmp/ --debug

    Instead of --today option you can use "--days 7". it pulls data from last 7 days.