Doesn't detect STIX from my TAXII server


#1

Hello,

We wrote a TAXII server for using TAXII 1.1 & STIX 1.2/1.1.1 and STAXX doesn’t detect our published STIX.
I should point out that customers do work with the TAXII using the well known Python libraries. With that I feel it is important to support STAXX.

The TAXII is written using OpenTAXII.
Here’s a quick summary of what we’ve done, and what is the current status:

  • We saw In the logs that “version 1.2” is not supported, as the requested binding from STAXX suggests.
  • We have pushed a STIX 1.1.1 to our TAXII and tried again
  • This time there was no error in the xlink log file. Simply stating that the XML received from the TAXII is probably empty
  • We have taken STIX from another source (hailataxii), pushed to our TAXII and tried again - with same results.

What am I missing?

From xlink log:

[2018-08-03 22:27:30,313] [INFO ] STAXX: parse_stix: /opt/staxx/var/tmp/taxii_stix_temp_192.168.86.128:9000_test.report_20180803_222728_176343.xml, total number of entries:0, result_list size:0
[2018-08-03 22:27:30,313] [INFO ] Retrieved 0 IOCs in time range : 2018-08-03T07:26:15Z ~ 2018-08-03T08:26:15Z from site:[bv] feed:[test.report]
[2018-08-03 22:27:32,512] [INFO ] STAXX: poll_stix successful: Output to /opt/staxx/var/tmp/taxii_stix_temp_192.168.86.128:9000_test._20180803_222730_345335.xml, start:2018-08-03T08:26:15Z, end:2018-08-03T09:26:15Z
[2018-08-03 22:27:32,513] [WARNING] STAXX: It could be an empty package. Ignore

Using latest STAXX version (3.4)

THANK YOU!


#2

+1
does not work for us aswell


#3

+1

Facing exact same issue. STAXX works with feeds from OTX and Limo, but fails to fetch feeds from our TAXII server (opentaxii). We get the same warning about “Empty package”.