TAXII
Version: 2.0.0
TAXII is an application layer protocol for the communication of cyber threat information in a simple and scalable manner. This specification defines the TAXII RESTful API and its resources along with the requirements for TAXII Client and Server implementations.
Connect TAXII with Logichub
- Navigate to Automations > Integrations.
- Search for TAXII.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Server URL: Server URL to access Power BI.
- Username: Username to access Power BI.
- Password: Password to access Power BI.
- API Version: Select Api Version to access Power BI.
- After you've entered all the details, click Connect.
List Collections
List collections from TAXII API
Input Field
Choose a connection that you have previously created.
Output
JSON containing the following items:
{
"collections": [
{
"id": "3asdfcc9-8d9e-4f06-a995-basdfafd91",
"title": "automated-high-asdf",
"description": "Groups packages containing Indicators with High Confidence Score and TLP values GREEN, and WHITE",
"can_read": true,
"can_write": false,
"media_types": [
"application/taxii+json;version=2.1"
]
},
{
"id": "1asdf8a8-53cc-41c6-861b-easdf6cfce3",
"title": "automated-high-asdf",
"description": "Groups packages containing Indicators with High Confidence Score and TLP values RED, AMBER, GREEN, and WHITE",
"can_read": true,
"can_write": false,
"media_types": [
"application/taxii+json;version=2.1"
]
}
],
"error": null,
"has_error": false
}
Get Collection
Get collection by collection Id.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Collection ID | Jinja-templated text containing the Collection Id | Required |
Output
JSON containing the following items:
{
"can_write": false,
"description": "Groups packages containing Indicators with High Confidence Score and TLP values GREEN, and WHITE",
"has_error": false,
"id": "3easdf9-8d9e-4f06-a995-b1asdffd91",
"error": null,
"media_types": [
"application/taxii+json;version=2.1"
],
"title": "automated-high-impact",
"can_read": true
}
List Objects
List objects by collection Id
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Collection ID | Jinja-templated text containing the Collection | Required |
| Filters | Jinja-templated text containing the filter. Example 'match[id]=123f12&match[type]=indicator' | Optional |
Output
JSON containing the following items:
{
"objects": [
{
"id": "indicator--2asdf7b-c8bb-407c-b815-e6basdfec35",
"pattern": "[file:hashes.MD5 = '0c473dcabasdf4fedfed7717b']",
"confidence": 85,
"lang": "en",
"type": "indicator",
"created": "2020-05-19T09:33:13.743Z",
"modified": "2020-05-19T09:33:13.743Z",
"name": "Linked Hashes: 0c473dcabasdasdf4fedfed7717b",
"valid_from": "2020-05-19T09:33:11.794725Z",
"pattern_type": "stix",
"object_marking_refs": [
"marking-definition--3asdffce-860f-48ae-8e50-ebasdfe41da"
],
"labels": [
"tactic:label"
],
"indicator_types": [
"anomalous-activity"
],
"pattern_version": "2.1",
"spec_version": "2.1"
},
{
"id": "marking-definition--f8asdf6-486f-44da-b317-01asdf0b82",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:label",
"definition": {
"tlp": "amber"
},
"type": "marking-definition",
"spec_version": "2.1"
}
],
"more": false,
"error": null,
"has_error": false
}
Server Discovery
Get server discovery
Input Field
Choose a connection that you have previously created.
Output
JSON containing the following items:
{
"description": "abc Exchange TAXII 2.1 server contains 1 API Root",
"api_roots": [
"https://taxii.abc.com/ctixapi/ctix21/"
],
"contact": "Please contact abc.",
"has_error": false,
"error": null,
"default": "https://taxii.abc.com/ctixapi/ctix21/",
"title": "abc Exchange TAXII 2.1 Server"
}
Get API Root Information
Get API root information
Input Field
Choose a connection that you have previously created.
Output
JSON containing the following items:
{
"description": "TAXII 2.1 service for abc user",
"versions": [
"application/taxii+json;version=2.1"
],
"has_error": false,
"error": null,
"title": "abc TAXII 2.1 API Root",
"max_content_length": 10000000
}
Release Notes
v2.0.0- Updated architecture to support IO via filesystemv1.0.2- Added 5 actions :Get Collections,Get A Collection,Get Objects,Server DiscoveryandGet API Root Information.
Updated about 1 year ago