This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Usable TAXII servers other than Soltra

EricNooden2
Beginner
Beginner

‎2017-10-12 03:21 PM

Looking at the documentation in RSA LINK for getting FS-ISAC feeds into SA it uses the Soltra taxii server.  This is not free.  I had been told at one time that you could install a taxii server on the SA Head, since it does not require that much space, but I cannot find any reference to that setup.  I do see that there is OpenTaxii but I do not see any mention of it in the RSA documentation.  Had anyone else put the FS-ISAC feeds into SA and how did you go about doing it?

0 Likes
2 REPLIES 2

EricPartington
Employee
Employee

‎2017-10-12 03:36 PM

I have used Anomali STAXX in my lab as the bridge between the TAXII servers and the NW platform.. allows me to filter and consolidate among many TAXII servers/sources

 

https://community.rsa.com/docs/DOC-79041

 

Here is how I completed the integration from STAXX to NW

https://community.rsa.com/community/products/netwitness/blog/2017/08/31/anomali-staxx-integration

 

the issue with STAXX being free is that it cannot be used as a TAXII server to another client, so you need a script to pull out the indicators and create a CSV that is imported as a custom feed.  The paid version may not have that limitation, also have not looked too far into MISP but that might be another alternative for consolidation of feeds.

0 Likes

EricPartington
Employee
Employee

‎2018-01-06 08:06 PM

NW 11.0 now supports STIX and TAXII natively

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.