Oasis STIX/TAXII2

oasis taxii connector this connector integrates oasis taxii2 with the swimlane turbine platform capabilities this connector supports the following capabilities add objects delete objects (taxii 2 1 only) get collections get collections by id get objects get object manifests object versions (taxii 2 1 only) get status server discovery asset setup the oasis taxii2 connector currently supports the following authentication methods http basic this asset requires an url , username , and password for the integration to work additionally, if the client side certificates are required for authentication, you may add them as a base64 encoded string if you are connecting to a taxii 2 1 server, set use taxii 2 1? to true client certificate auth this asset requires an url , client side certificate , and client side key for the integration to work you have to add them as base64 encoded strings if you are connecting to a taxii 2 1 server, set use taxii 2 1? to true tasks setup the following tasks have different actions for taxii 2 0 and taxii 2 1 get objects get object manifests server discovery use correct action suitable to the taxii server pagination in case playbook throws a playbook memory limit error while running actions, use available pagination parameters and filter parameters to limit the number of items in each response use limit and next parameters for taxii 2 1 actions to limit the number of objects per response for more information, click https //docs oasis open org/cti/taxii/v2 1/cs01/taxii v2 1 cs01 html# tvfy419udzxi use the range header for taxii 2 0 actions to specify which objects to be present in the response example a response to the request with header range items 10 25 will contain objects 10 through 25(inclusive) note this header follows 0 based indexing for more information, click http //docs oasis open org/cti/taxii/v2 0/cs01/taxii v2 0 cs01 html# tvfy419udzxi notes for more information on taxii 2 0, click http //docs oasis open org/cti/taxii/v2 0/cs01/taxii v2 0 cs01 html# toc496542711 for more information on taxii 2 1, click https //docs oasis open org/cti/taxii/v2 1/cs01/taxii v2 1 cs01 html# toc31107513 configurations asset authenticates using client certificate and key configuration parameters parameter description type required url root url for taxii2 server string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional client side cert base64 encoded client side certificate to taxii2 string required client side key base64 encoded client side key to taxii2 string required taxii 21 true, if url belongs to taxii2 1 server boolean required http basic authentication authenticates using username and password configuration parameters parameter description type required url root url for taxii2 server string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional username username string required password password string required client side cert base64 encoded client side certificate to taxii2 string optional client side key base64 encoded client side key to taxii2 string optional taxii 21 true, if url belongs to taxii2 1 server boolean required actions add objects add objects to a collection in taxii2 server endpoint url /collections/{{collection id}}/objects/ method post input argument name type required description path parameters collection id string required parameters for the add objects action payload object required a taxii envelope for taxii 2 1 or a taxii bundle for taxii 2 0 in json format headers object optional request headers headers content type string optional custom header for taxii 2 0 server, if the default application/vnd oasis stix+json; version=2 0 is not used input example {"path parameters" {"collection id" "string"},"payload" {},"headers" {"content type" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier status string status value request timestamp string output field request timestamp total count number count value success count number whether the operation was successful successes array whether the operation was successful successes id string unique identifier successes version string whether the operation was successful failure count number count value failures array output field failures failures id string unique identifier failures version string output field failures version failures message string response message pending count number count value pendings array output field pendings pendings id string unique identifier pendings version string output field pendings version output example {"status code" 202,"response headers" {"date" "thu, 13 jul 2023 16 38 54 gmt","content type" "application/taxii+json;version=2 1","content length" "800","connection" "close","allow" "get, head, options","content security policy" "img src https data blob ;","referrer policy" "same origin","server" "gunicorn","strict transport security" "max age=315360000; includesubdomains; preload","x content type options" "nosniff, nosniff","x frame options" "deny, deny","x krakend" "version undefined","x kra get collection by id get a collection by an id from taxii2 server endpoint url /collections/{{collection id}}/ method get input argument name type required description headers object optional http headers for the request path parameters collection id string required parameters for the get collection by id action input example {"headers" {},"path parameters" {"collection id" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier title string output field title description string output field description can read boolean output field can read can write boolean output field can write alias string output field alias media types array type of the resource output example {"status code" 200,"response headers" {"date" "thu, 13 jul 2023 16 38 54 gmt","content type" "application/taxii+json;version=2 1","content length" "264","connection" "keep alive","allow" "get, head, options","content security policy" "img src https data blob ;","referrer policy" "same origin","server" "gunicorn","strict transport security" "max age=315360000; includesubdomains; preload","x content type options" "nosniff, nosniff","x frame options" "deny, deny","x krakend" "version undefined"," get collections get collections from taxii2 server endpoint url /collections/ method get input argument name type required description headers object optional http headers for the request input example {"headers" {}} output parameter type description status code number http status code of the response reason string response reason phrase collections array output field collections collections id string unique identifier collections title string output field collections title collections description string output field collections description collections can read boolean output field collections can read collections can write boolean output field collections can write collections alias string output field collections alias collections media types array type of the resource output example {"status code" 200,"response headers" {"date" "thu, 13 jul 2023 16 11 41 gmt","content type" "application/taxii+json;version=2 1","content length" "1565","connection" "keep alive","allow" "get, head, options","content security policy" "img src https data blob ;","referrer policy" "same origin","server" "gunicorn","strict transport security" "max age=315360000; includesubdomains; preload","x content type options" "nosniff, nosniff","x frame options" "deny, deny","x krakend" "version undefined", get status get status information for a specific status id endpoint url /status/{{status id}}/ method get input argument name type required description headers object optional http headers for the request path parameters status id string required parameters for the get status action input example {"headers" {},"path parameters" {"status id" "active"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier status string status value request timestamp string output field request timestamp total count number count value success count number whether the operation was successful successes array whether the operation was successful successes id string unique identifier successes version string whether the operation was successful failure count number count value failures array output field failures failures id string unique identifier failures version string output field failures version failures message string response message pending count number count value pendings array output field pendings pendings id string unique identifier pendings version string output field pendings version output example {"status code" 202,"response headers" {"date" "thu, 13 jul 2023 16 38 54 gmt","content type" "application/taxii+json;version=2 1","content length" "800","connection" "close","allow" "get, head, options","content security policy" "img src https data blob ;","referrer policy" "same origin","server" "gunicorn","strict transport security" "max age=315360000; includesubdomains; preload","x content type options" "nosniff, nosniff","x frame options" "deny, deny","x krakend" "version undefined","x kra taxii 2 0 get object manifests get manifest information about the contents of a specific collection in a taxii 2 0 server endpoint url /collections/{{collection id}}/manifest/ method get input argument name type required description path parameters collection id string required parameters for the taxii 2 0 get object manifests action parameters added after string optional a timestamp that filters objects to only include those added to the channel or collection after the specified timestamp this parameter is not in any way related to dates or times in a stix object or any other cti object parameters match\[id] string optional the identifier of the object(s) that are being requested when searching for a stix object, this is a stix id more than one value can be specified values must be comma(,) seperated parameters match\[type] string optional the type of the object(s) that are being requested more than one value can be specified values must be comma(,) seperated parameters match\[version] string optional the version(s) of the object(s) that are being requested from either an object or manifest task more than one value can be specified values must be comma(,) seperated headers object optional headers headers range string optional objects range for pagination for example value items 10 29 , the response will contain objects 10 through 29 input example {"path parameters" {"collection id" "string"},"parameters" {"added after" "string","match\[id]" "string","match\[type]" "string","match\[version]" "string"},"headers" {"range" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 206,"response headers" {"date" "fri, 14 jul 2023 07 13 38 gmt","content type" "application/vnd oasis taxii+json; version=2 0","content length" "2429","connection" "keep alive","allow" "get, head, options","content range" "0 15/54707","content security policy" "img src https data blob ;","referrer policy" "same origin","server" "gunicorn","strict transport security" "max age=315360000; includesubdomains; preload","x content type options" "nosniff, nosniff","x frame options" "deny taxii 2 0 get objects get objects of a collection from a taxii 2 0 server endpoint url /collections/{{collection id}}/objects/ method get input argument name type required description path parameters collection id string required parameters for the taxii 2 0 get objects action parameters added after string optional a timestamp that filters objects to only include those added to the channel or collection after the specified timestamp this parameter is not in any way related to dates or times in a stix object or any other cti object parameters match\[id] string optional the identifier of the object(s) that are being requested when searching for a stix object, this is a stix id more than one value can be specified values must be comma(,) seperated parameters match\[type] string optional the type of the object(s) that are being requested more than one value can be specified values must be comma(,) seperated parameters match\[version] string optional the version(s) of the object(s) that are being requested from either an object or manifest task more than one value can be specified values must be comma(,) seperated headers object optional headers headers range string optional objects range for pagination for example value items 10 29 , the response will contain objects 10 through 29 input example {"path parameters" {"collection id" "string"},"parameters" {"added after" "string","match\[id]" "string","match\[type]" "string","match\[version]" "string"},"headers" {"range" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase type string type of the resource id string unique identifier spec version string output field spec version objects array output field objects output example {"status code" 206,"response headers" {"date" "thu, 13 jul 2023 18 30 05 gmt","content type" "application/vnd oasis taxii+json; version=2 0","content length" "12946","connection" "keep alive","allow" "get, post, head, options","content range" "90 110/54704","content security policy" "img src https data blob ;","referrer policy" "same origin","server" "gunicorn","strict transport security" "max age=315360000; includesubdomains; preload","vary" "accept","x content type options" "nosniff, nosniff taxii 2 0 server discovery discover server for taxii 2 0 endpoint url /taxii/ method get input argument name type required description headers object optional http headers for the request input example {"headers" {}} output parameter type description status code number http status code of the response reason string response reason phrase title string output field title description string output field description contact string output field contact default string output field default api roots array output field api roots output example {"status code" 200,"response headers" {"date" "thu, 13 jul 2023 16 04 25 gmt","content type" "application/vnd oasis taxii+json; version=2 0","content length" "298","connection" "keep alive","allow" "get, head, options","content security policy" "img src https data blob ;","referrer policy" "same origin","server" "gunicorn","strict transport security" "max age=315360000; includesubdomains; preload","x content type options" "nosniff, nosniff","x frame options" "deny, deny","x krakend" "version u taxii 2 1 delete objects delete objects from a collection in taxii 2 1 server endpoint url /collections/{{collection id}}/objects/{{object id}}/ method delete input argument name type required description headers object optional http headers for the request path parameters collection id string required parameters for the taxii 2 1 delete objects action path parameters object id string required parameters for the taxii 2 1 delete objects action parameters match\[spec version] string optional the specification version(s) of the stix object that are being requested more than one value can be specified values must be comma(,) seperated parameters match\[version] string optional the version(s) of the object(s) that are being requested from either an object or manifest task more than one value can be specified values must be comma(,) seperated input example {"headers" {},"path parameters" {"collection id" "string","object id" "string"},"parameters" {"match\[spec version]" "string","match\[version]" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "thu, 13 jul 2023 16 38 54 gmt","content type" "application/taxii+json;version=2 1","content length" "264","connection" "keep alive","allow" "get, head, options","content security policy" "img src https data blob ;","referrer policy" "same origin","server" "gunicorn","strict transport security" "max age=315360000; includesubdomains; preload","x content type options" "nosniff, nosniff","x frame options" "deny, deny","x krakend" "version undefined"," taxii 2 1 get object manifests get manifest information about the contents of a specific collection in a taxii 2 1 server endpoint url /collections/{{collection id}}/manifest/ method get input argument name type required description headers object optional http headers for the request path parameters collection id string required parameters for the taxii 2 1 get object manifests action parameters added after string optional a single timestamp that filters objects to only include those objects added after the specified timestamp the added after parameter is not in any way related to dates or times in a stix object or any other cti object parameters limit number optional a single integer value that indicates the maximum number of objects that are received in a single response parameters next string optional next page number parameters match\[id] string optional the identifier of the object(s) that are being requested when searching for a stix object, this is a stix id more than one value can be specified values must be comma(,) seperated parameters match\[spec version] string optional the specification version(s) of the stix object that are being requested more than one value can be specified values must be comma(,) seperated parameters match\[type] string optional the type of the object(s) that are being requested more than one value can be specified values must be comma(,) seperated parameters match\[version] string optional the version(s) of the object(s) that are being requested from either an object or manifest task more than one value can be specified values must be comma(,) seperated input example {"headers" {},"path parameters" {"collection id" "string"},"parameters" {"added after" "string","limit" 123,"next" "string","match\[id]" "string","match\[spec version]" "string","match\[type]" "string","match\[version]" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 206,"response headers" {"date" "fri, 14 jul 2023 07 01 29 gmt","content type" "application/taxii+json;version=2 1","content length" "810","connection" "keep alive","allow" "get, head, options","content security policy" "img src https data blob ;","referrer policy" "same origin","server" "gunicorn","strict transport security" "max age=315360000; includesubdomains; preload","x content type options" "nosniff, nosniff","x frame options" "deny, deny","x krakend" "version undefined"," taxii 2 1 get object versions get a list of object versions from a collection endpoint url /collections/{{collection id}}/objects/{{object id}}/versions/ method get input argument name type required description headers object optional http headers for the request path parameters collection id string required parameters for the taxii 2 1 get object versions action path parameters object id string required parameters for the taxii 2 1 get object versions action parameters added after string optional a single timestamp that filters objects to only include those objects added after the specified timestamp the added after parameter is not in any way related to dates or times in a stix object or any other cti object parameters limit number optional a single integer value that indicates the maximum number of objects that are received in a single response parameters next string optional next page number parameters match\[spec version] string optional the specification version(s) of the stix object that are being requested more than one value can be specified values must be comma(,) seperated input example {"headers" {},"path parameters" {"collection id" "string","object id" "string"},"parameters" {"added after" "string","limit" 123,"next" "string","match\[spec version]" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase spec version string output field spec version objects array output field objects output example {"status code" 200,"response headers" {"date" "fri, 14 jul 2023 06 52 28 gmt","content type" "application/taxii+json;version=2 1","content length" "268","connection" "keep alive","allow" "get, head, options","content security policy" "img src https data blob ;","referrer policy" "same origin","server" "gunicorn","strict transport security" "max age=315360000; includesubdomains; preload","x content type options" "nosniff, nosniff","x frame options" "deny, deny","x krakend" "version undefined"," taxii 2 1 get objects get objects of a collection from a taxii 2 1 server endpoint url /collections/{{collection id}}/objects/ method get input argument name type required description headers object optional http headers for the request path parameters collection id string required parameters for the taxii 2 1 get objects action parameters added after string optional a single timestamp that filters objects to only include those objects added after the specified timestamp the added after parameter is not in any way related to dates or times in a stix object or any other cti object parameters limit number optional a single integer value that indicates the maximum number of objects that are received in a single response parameters next string optional next page number parameters match\[id] string optional the identifier of the object(s) that are being requested when searching for a stix object, this is a stix id more than one value can be specified values must be comma(,) seperated parameters match\[spec version] string optional the specification version(s) of the stix object that are being requested more than one value can be specified values must be comma(,) seperated parameters match\[type] string optional the type of the object(s) that are being requested more than one value can be specified values must be comma(,) seperated parameters match\[version] string optional the version(s) of the object(s) that are being requested from either an object or manifest task more than one value can be specified values must be comma(,) seperated input example {"headers" {},"path parameters" {"collection id" "string"},"parameters" {"added after" "string","limit" 123,"next" "string","match\[id]" "string","match\[spec version]" "string","match\[type]" "string","match\[version]" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase objects array output field objects more boolean output field more next string output field next output example {"status code" 206,"response headers" {"date" "thu, 13 jul 2023 17 27 40 gmt","content type" "application/taxii+json;version=2 1","content length" "4170","connection" "keep alive","allow" "get, post, head, options","content security policy" "img src https data blob ;","referrer policy" "same origin","server" "gunicorn","strict transport security" "max age=315360000; includesubdomains; preload","vary" "accept","x content type options" "nosniff, nosniff","x frame options" "deny, deny","x krakend taxii 2 1 server discovery discover server for taxii 2 1 endpoint url /taxii2/ method get input argument name type required description headers object optional http headers for the request input example {"headers" {}} output parameter type description status code number http status code of the response reason string response reason phrase title string output field title description string output field description contact string output field contact default string output field default api roots array output field api roots output example {"status code" 200,"response headers" {"date" "thu, 13 jul 2023 15 49 09 gmt","content type" "application/taxii+json;version=2 1","content length" "300","connection" "keep alive","allow" "get, head, options","content security policy" "img src https data blob ;","referrer policy" "same origin","server" "gunicorn","strict transport security" "max age=315360000; includesubdomains; preload","x content type options" "nosniff, nosniff","x frame options" "deny, deny","x krakend" "version undefined"," response headers header description example allow http response header allow get, post, head, options connection http response header connection close content length the length of the response body in bytes 264 content range http response header content range 0 15/54707 content security policy http response header content security policy img src https data blob ; content type the media type of the resource application/vnd oasis taxii+json; version=2 0 date the date and time at which the message was originated thu, 13 jul 2023 16 11 41 gmt referrer policy http response header referrer policy same origin server information about the software used by the origin server gunicorn strict transport security http response header strict transport security max age=315360000; includesubdomains; preload vary http response header vary accept x content type options http response header x content type options nosniff, nosniff x frame options http response header x frame options deny, deny x krakend http response header x krakend version undefined x krakend completed http response header x krakend completed false x taxii date added first http response header x taxii date added first 2022 02 09t14 16 38 546000z x taxii date added last http response header x taxii date added last 2021 03 03t14 21 41 446000z x xss protection http response header x xss protection 1; mode=block