We wrote a TAXII server for using TAXII 1.1 & STIX 1.2/1.1.1 and STAXX doesn’t detect our published STIX.
I should point out that customers do work with the TAXII using the well known Python libraries. With that I feel it is important to support STAXX.
The TAXII is written using OpenTAXII.
Here’s a quick summary of what we’ve done, and what is the current status:
- We saw In the logs that “version 1.2” is not supported, as the requested binding from STAXX suggests.
- We have pushed a STIX 1.1.1 to our TAXII and tried again
- This time there was no error in the xlink log file. Simply stating that the XML received from the TAXII is probably empty
- We have taken STIX from another source (hailataxii), pushed to our TAXII and tried again - with same results.
What am I missing?
From xlink log:
[2018-08-03 22:27:30,313] [INFO ] STAXX: parse_stix: /opt/staxx/var/tmp/taxii_stix_temp_192.168.86.128:9000_test.report_20180803_222728_176343.xml, total number of entries:0, result_list size:0 [2018-08-03 22:27:30,313] [INFO ] Retrieved 0 IOCs in time range : 2018-08-03T07:26:15Z ~ 2018-08-03T08:26:15Z from site:[bv] feed:[test.report] [2018-08-03 22:27:32,512] [INFO ] STAXX: poll_stix successful: Output to /opt/staxx/var/tmp/taxii_stix_temp_192.168.86.128:9000_test._20180803_222730_345335.xml, start:2018-08-03T08:26:15Z, end:2018-08-03T09:26:15Z [2018-08-03 22:27:32,513] [WARNING] STAXX: It could be an empty package. Ignore
Using latest STAXX version (3.4)