Context Hub STIX Tab
In the STIX tab, you can create and configure Structured Threat Information eXpression (STIX) data source for Context Hub. Navigate to 
The STIX tab of the Context Hub service allows you to create one or more STIX, REST URLs, or TAXII data sources and edit them whenever required. When STIX is configured, Context Hub service automatically considers it as a data source.
What do you want to do?
| Role | I want to ... | Show me how |
|---|---|---|
| Administrator | Configure STIX Data Source for Context Hub* | Configure STIX as a Data Source |
| Administrator/ Analyst | View Contextual Information in Respond View |
See the NetWitness Respond User Guide. |
*You can complete this task here (that is in the Context Hub Lists Tab).
Related Topics
Quick Look
The following example illustrates how to add STIX to Context Hub service.
The STIX tab consists of add, delete and edit data sources options.
| 1 | Name that identifies the added STIX source. |
| 2 | Type of data source - REST server, STIX or TAXII server. |
| 3 | The path of the source from which the STIX files are obtained. |
| 4 | Additional details related to the data source being added. |
| 5 | Description of the data source. |
| 6 | Date when the data source was created. |
|
7 |
Click |
Toolbar
The following table describes the toolbar actions.
| Feature | Description |
|---|---|
 |
Add a new data source such as File, REST Server, or TAXII Server. For more information, see Configure STIX as a Data Source . |
 |
Delete the selected data source. |
 |
Edit the selected data source. |
The following table describes the all the data source server configuration options.
| Field | Description |
|---|---|
| Common Configuration Options | |
| Enabled | Select this checkbox to enable the configuration. |
| Name | Provide a name to the data source you want to add. |
| Description | Description of the data source. |
| Cancel | Click to revert the data source addition. |
|
Validate |
Click to verify the URL path to the Server. |
| Save | Click to save the configuration and add the required server as a data source. |
| REST Server Configuration Options | |
| URL | URL of the REST server. |
|
Username (Optional) |
Provide the username of the REST server if it needs to be authenticated. |
| Password (Optional) | Provide the password of REST server if it needs to be authenticated. |
|
Trust All Certificates |
Select this checkbox to trust all certificates. |
| Certificate File | Click browse to navigate to the location of the certificate file. |
| TAXII Server Configuration Options | |
| TAXII Version 2.X | Select this checkbox to consider only indicators formatted in the STIX 2.0 and 2.1 standards. This option is enabled by default. |
| Accept Header |
Select the relevant HTTP Media types that the TAXII Server can accept in response from the drop-down list. |
| URL | URL of the TAXII server. |
|
Username (Optional) |
Provide the username of TAXII server if it needs to be authenticated. |
| Password (Optional) | Provide the password of REST server if it needs to be authenticated. |
| Client Certificate | Browse to upload a pkcs12 format client certificate available on your local system. |
|
Certificate Password |
Enter the password to the certificate, if it is password-protected. |
| UserProxy | Select this checkbox to enable proxy. |
|
Trust All Certificates |
Select this checkbox to trust all certificates. |
| Certificate File | Browse and select the certificate file. |
|
TAXII Collections |
Select the TAXII Collection name from the drop-down to automatically download the collection. |
 |
Click to manually retrieve the list of available TAXII Servers, if the collections are not downloaded automatically. |
| STIX File Configuration Options | |
| File | Browse and select the STIX file in either .xml or .json file. |
Next steps
After completing the configuration, you can view the contextual data in the Context Summary Panel of the Respond view or Investigate view. For instructions, Navigate to Context Summary Panel and View Additional Context topic in the Investigate User Guide.
