We have an issue reported by quite some of our customers trying to poll our IOC feed. We expose our IOCs in STIX 1.2 format and they are accessible via TAXII poll. This works fine with a number of clients, but it seems that our customers using Anomali STAXX are polling empty collections.
We have tested it ourselves with STAXX 3.4.0, build 566. Indeed, no IOC’s are ingested, while the discovery URL works fine (i.e. no collection issue, a file is polled.
In The xlink.log, we can see:
[Waringn] STAXX: It could be an empty package Igone
[Info] “STAXX: poll_stix successful: Output to …”
[Info] retrieved 0 IOCs…
Then: “total list of entries: 0”
Could you please advise what might go wrong? It’s quite hard to debug, the file that is polled is not persisted on the system. But we know from a fact that the file other clients poll is not empty.
Since a large part of the Community seems to be using your solution, we would like to identify the root cause and provide a workaround / solution.
Many thanks in advance.