Hello all,
I have a STIX xml file that was provided to us from our country CERT. (It's TLP:AMBER so cannot share it), and I'm trying to use it as a feed.
When I try to import it I get the following error.
In the sa.log file I'm getting the following errors.
-----
2017-04-06 05:05:12,281 [qtp684874119-140641] ERROR com.rsa.smc.sa.live.stix.service.DefaultStixParser - STIX:Exception occured while trying to read the STIX xml stream.
java.lang.NullPointerException
at com.rsa.smc.sa.live.stix.service.DefaultStixParser.parseStixXmlAsCsv(DefaultStixParser.java:295)
at com.rsa.smc.sa.live.stix.util.StixXMLStreamProcessor.process(StixXMLStreamProcessor.java:43)
at com.rsa.smc.sa.live.stix.util.StixXMLStreamProcessor.process(StixXMLStreamProcessor.java:19)
at com.rsa.smc.sa.live.web.ui.feed.AdhocFeed.getCsvItems(AdhocFeed.java:44)
at com.rsa.smc.sa.live.web.ui.feed.Feed.getCsvItems(Feed.java:161)
......
......
-------
Has anyone had experience in importing STIX files that might have some insight on what to look for?
I suspect the file I've got isn't actually STIX properly formatted.
I ran the file through stix-validator.py v2.4.0 and the following output was returned.
[-] Performing xml schema validation on 2017-Intel-STIX.xml
================================================================================
[-] Results:2017-Intel-STIX.xml
[+] XML Schema: True
