Skip to content

AlienVault-OTX/OTX-Apps-TAXII

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits

.gitignore

.gitignore

 
 

OTXv2.py

OTXv2.py

 
 

README.md

README.md

 
 

StixExport.py

StixExport.py

 
 

config.cfg

config.cfg

 
 

otx-taxii.py

otx-taxii.py

 
 

requirements.txt

requirements.txt

 
 

taxii_client.py

taxii_client.py

 
 

Repository files navigation

OTX-Apps-TAXII

Alienvault OTX TAXII connector

Set your Alienvault OTX API key and TAXII server in config.cfg.

This script can then be used to download pulses from OTX, and import them into your Taxii compliant client.

Run with:

  • python2.7 otx-taxii.py first_run

the first time, then:

  • python2.7 otx-taxii.py check_new

for updates.

Setting up Config.cfg

For example a Taxii server using HTTPS might look like:

[taxii]
server_ip=https://192.168.1.187
  • You need to include https:// - whether its a hostname or an IP address

What is the difference between discovery_path and uri?

[taxii]
discovery_path=/taxii-discovery-service/
uri=/taxii-data

  • In most cases discovery_path and uri can be used interchangeablely - as the post_request captured is independent of the destination.

    {Example: Soltra Edge Taxii Server}

    However there are some cases where it does matter:

{Example: DHS AIS Taxii inbox'ing(push)}

  • When it does matter, you will need to look at the TAXII Server's collection_info to find the path needed.

About

Alienvault OTX TAXII connector

Resources

Readme
Activity
Custom properties

Stars

51 stars

Watchers

19 watching

Forks

29 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages