Oasis STIX/TAXII2

oasis taxii connector this connector integrates oasis taxii2 with the swimlane turbine platform capabilities this connector supports the following capabilities add objects delete objects (taxii 2 1 only) get collections get collections by id get objects get object manifests object versions (taxii 2 1 only) get status server discovery asset setup the oasis taxii2 connector currently supports the following authentication methods http basic this asset requires an url , username , and password for the integration to work additionally, if the client side certificates are required for authentication, you may add them as a base64 encoded string if you are connecting to a taxii 2 1 server, set use taxii 2 1? to true client certificate auth this asset requires an url , client side certificate , and client side key for the integration to work you have to add them as base64 encoded strings if you are connecting to a taxii 2 1 server, set use taxii 2 1? to true tasks setup the following tasks have different actions for taxii 2 0 and taxii 2 1 get objects get object manifests server discovery use correct action suitable to the taxii server pagination in case playbook throws a playbook memory limit error while running actions, use available pagination parameters and filter parameters to limit the number of items in each response use limit and next parameters for taxii 2 1 actions to limit the number of objects per response for more information, click here https //docs oasis open org/cti/taxii/v2 1/cs01/taxii v2 1 cs01 html# tvfy419udzxi use the range header for taxii 2 0 actions to specify which objects to be present in the response example a response to the request with header range items 10 25 will contain objects 10 through 25(inclusive) note this header follows 0 based indexing for more information, click here http //docs oasis open org/cti/taxii/v2 0/cs01/taxii v2 0 cs01 html# tvfy419udzxi configurations asset authenticates using client certificate and key configuration parameters parameter description type required url root url for taxii2 server string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional client side cert base64 encoded client side certificate to taxii2 string required client side key base64 encoded client side key to taxii2 string required taxii 21 true, if url belongs to taxii2 1 server boolean required http basic authentication authenticates using username and password configuration parameters parameter description type required url root url for taxii2 server string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional username username string required password password string required client side cert base64 encoded client side certificate to taxii2 string optional client side key base64 encoded client side key to taxii2 string optional taxii 21 true, if url belongs to taxii2 1 server boolean required actions add objects add objects to a collection in taxii2 server endpoint url /collections/{{collection id}}/objects/ method post input argument name type required description collection id string required unique identifier payload object required a taxii envelope for taxii 2 1 or a taxii bundle for taxii 2 0 in json format headers object optional request headers content type string optional custom header for taxii 2 0 server, if the default application/vnd oasis stix+json; version=2 0 is not used output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier status string status value request timestamp string output field request timestamp total count number count value success count number whether the operation was successful successes array whether the operation was successful id string unique identifier version string output field version failure count number count value failures array output field failures id string unique identifier version string output field version message string response message pending count number count value pendings array output field pendings id string unique identifier version string output field version example \[ { "status code" 202, "response headers" { "date" "thu, 13 jul 2023 16 38 54 gmt", "content type" "application/taxii+json;version=2 1", "content length" "800", "connection" "close", "allow" "get, head, options", "content security policy" "img src https data blob ;", "referrer policy" "same origin", "server" "gunicorn", "strict transport security" "max age=315360000; includesubdomains; preload", "x content type options" "nosniff, nosniff", "x frame options" "deny, deny", "x krakend" "version undefined", "x krakend completed" "false", "x xss protection" "1; mode=block" }, "reason" "ok", "json body" { "id" "2d086da7 4bdc 4f91 900e d77486753710", "status" "pending", "request timestamp" "2016 11 02t12 34 34 12345z", "total count" 4, "success count" 1, "successes" \[], "failure count" 1, "failures" \[], "pending count" 2, "pendings" \[] } } ] get collection by id get a collection by an id from taxii2 server endpoint url /collections/{{collection id}}/ method get input argument name type required description headers object optional http headers for the request collection id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier title string output field title description string output field description can read boolean output field can read can write boolean output field can write alias string output field alias media types array type of the resource example \[ { "status code" 200, "response headers" { "date" "thu, 13 jul 2023 16 38 54 gmt", "content type" "application/taxii+json;version=2 1", "content length" "264", "connection" "keep alive", "allow" "get, head, options", "content security policy" "img src https data blob ;", "referrer policy" "same origin", "server" "gunicorn", "strict transport security" "max age=315360000; includesubdomains; preload", "x content type options" "nosniff, nosniff", "x frame options" "deny, deny", "x krakend" "version undefined", "x krakend completed" "false", "x xss protection" "1; mode=block" }, "reason" "ok", "json body" { "id" "5774acbd fce2 43b3 952d 9ff12280a740", "title" "xyz white", "description" "tlp\ white osint/leaks/breaches \n top 10 cve iocs", "can read" true, "can write" false, "alias" "collection1", "media types" \[] } } ] get collections get collections from taxii2 server endpoint url /collections/ method get input argument name type required description headers object optional http headers for the request output parameter type description status code number http status code of the response reason string response reason phrase collections array output field collections id string unique identifier title string output field title description string output field description can read boolean output field can read can write boolean output field can write alias string output field alias media types array type of the resource example \[ { "status code" 200, "response headers" { "date" "thu, 13 jul 2023 16 11 41 gmt", "content type" "application/taxii+json;version=2 1", "content length" "1565", "connection" "keep alive", "allow" "get, head, options", "content security policy" "img src https data blob ;", "referrer policy" "same origin", "server" "gunicorn", "strict transport security" "max age=315360000; includesubdomains; preload", "x content type options" "nosniff, nosniff", "x frame options" "deny, deny", "x krakend" "version undefined", "x krakend completed" "false", "x taxii date added first" "2022 02 09t14 16 38 546000z", "x taxii date added last" "2022 02 09t14 16 38 556000z" }, "reason" "ok", "json body" { "collections" \[] } } ] get status get status information for a specific status id endpoint url /status/{{status id}}/ method get input argument name type required description headers object optional http headers for the request status id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier status string status value request timestamp string output field request timestamp total count number count value success count number whether the operation was successful successes array whether the operation was successful id string unique identifier version string output field version failure count number count value failures array output field failures id string unique identifier version string output field version message string response message pending count number count value pendings array output field pendings id string unique identifier version string output field version example \[ { "status code" 202, "response headers" { "date" "thu, 13 jul 2023 16 38 54 gmt", "content type" "application/taxii+json;version=2 1", "content length" "800", "connection" "close", "allow" "get, head, options", "content security policy" "img src https data blob ;", "referrer policy" "same origin", "server" "gunicorn", "strict transport security" "max age=315360000; includesubdomains; preload", "x content type options" "nosniff, nosniff", "x frame options" "deny, deny", "x krakend" "version undefined", "x krakend completed" "false", "x xss protection" "1; mode=block" }, "reason" "ok", "json body" { "id" "2d086da7 4bdc 4f91 900e d77486753710", "status" "pending", "request timestamp" "2016 11 02t12 34 34 12345z", "total count" 4, "success count" 1, "successes" \[], "failure count" 1, "failures" \[], "pending count" 2, "pendings" \[] } } ] taxii 2 0 get object manifests get manifest information about the contents of a specific collection in a taxii 2 0 server endpoint url /collections/{{collection id}}/manifest/ method get input argument name type required description collection id string required unique identifier added after string optional a timestamp that filters objects to only include those added to the channel or collection after the specified timestamp this parameter is not in any way related to dates or times in a stix object or any other cti object match\[id] string optional the identifier of the object(s) that are being requested when searching for a stix object, this is a stix id more than one value can be specified values must be comma(,) seperated match\[type] string optional the type of the object(s) that are being requested more than one value can be specified values must be comma(,) seperated match\[version] string optional the version(s) of the object(s) that are being requested from either an object or manifest task more than one value can be specified values must be comma(,) seperated headers object optional headers range string optional objects range for pagination for example value items 10 29 , the response will contain objects 10 through 29 output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 206, "response headers" { "date" "fri, 14 jul 2023 07 13 38 gmt", "content type" "application/vnd oasis taxii+json; version=2 0", "content length" "2429", "connection" "keep alive", "allow" "get, head, options", "content range" "0 15/54707", "content security policy" "img src https data blob ;", "referrer policy" "same origin", "server" "gunicorn", "strict transport security" "max age=315360000; includesubdomains; preload", "x content type options" "nosniff, nosniff", "x frame options" "deny, deny", "x krakend" "version undefined", "x krakend completed" "false", "x taxii date added first" "2021 03 03t14 21 38 784000z" }, "reason" "partial content", "json body" \[ { "id" "identity 0e88da99 6139 4e3c b4f4 0758c22c5d8d", "added date" "2021 03 03t14 21 38 784000z", "media type" \[ "application/vnd oasis stix+json; version=2 0" ] }, { "id" "indicator 1b31d605 3c11 4754 830f 06bfe8921c16", "added date" "2021 03 03t14 21 39 084000z", "media type" \[ "application/vnd oasis stix+json; version=2 0" ] }, { "id" "indicator 6b2bc919 0fa0 43f7 a951 dc84bdc60a3b", "added date" "2021 03 03t14 21 39 316000z", "media type" \[ "application/vnd oasis stix+json; version=2 0" ] } ] } ] taxii 2 0 get objects get objects of a collection from a taxii 2 0 server endpoint url /collections/{{collection id}}/objects/ method get input argument name type required description collection id string required unique identifier added after string optional a timestamp that filters objects to only include those added to the channel or collection after the specified timestamp this parameter is not in any way related to dates or times in a stix object or any other cti object match\[id] string optional the identifier of the object(s) that are being requested when searching for a stix object, this is a stix id more than one value can be specified values must be comma(,) seperated match\[type] string optional the type of the object(s) that are being requested more than one value can be specified values must be comma(,) seperated match\[version] string optional the version(s) of the object(s) that are being requested from either an object or manifest task more than one value can be specified values must be comma(,) seperated headers object optional headers range string optional objects range for pagination for example value items 10 29 , the response will contain objects 10 through 29 output parameter type description status code number http status code of the response reason string response reason phrase type string type of the resource id string unique identifier spec version string output field spec version objects array output field objects example \[ { "status code" 206, "response headers" { "date" "thu, 13 jul 2023 18 30 05 gmt", "content type" "application/vnd oasis taxii+json; version=2 0", "content length" "12946", "connection" "keep alive", "allow" "get, post, head, options", "content range" "90 110/54704", "content security policy" "img src https data blob ;", "referrer policy" "same origin", "server" "gunicorn", "strict transport security" "max age=315360000; includesubdomains; preload", "vary" "accept", "x content type options" "nosniff, nosniff", "x frame options" "deny, deny", "x krakend" "version undefined", "x krakend completed" "false" }, "reason" "partial content", "json body" { "type" "bundle", "id" "bundle 2d5a67b5 9ce5 4f69 b827 544311ac932f", "spec version" "2 0" } } ] taxii 2 0 server discovery discover server for taxii 2 0 endpoint url /taxii/ method get input argument name type required description headers object optional http headers for the request output parameter type description status code number http status code of the response reason string response reason phrase title string output field title description string output field description contact string output field contact default string output field default api roots array output field api roots example \[ { "status code" 200, "response headers" { "date" "thu, 13 jul 2023 16 04 25 gmt", "content type" "application/vnd oasis taxii+json; version=2 0", "content length" "298", "connection" "keep alive", "allow" "get, head, options", "content security policy" "img src https data blob ;", "referrer policy" "same origin", "server" "gunicorn", "strict transport security" "max age=315360000; includesubdomains; preload", "x content type options" "nosniff, nosniff", "x frame options" "deny, deny", "x krakend" "version undefined", "x krakend completed" "false", "x xss protection" "1; mode=block" }, "reason" "ok", "json body" { "title" "ctix xyz exchange taxii 2 0 server", "description" "ctix xyz exchange taxii 2 0 server contains 1 api root", "contact" "please contact ctix xyz ", "default" "https //xyz cyware com/ctixapi/ctix2/", "api roots" \[] } } ] taxii 2 1 delete objects delete objects from a collection in taxii 2 1 server endpoint url /collections/{{collection id}}/objects/{{object id}}/ method delete input argument name type required description headers object optional http headers for the request collection id string required unique identifier object id string required unique identifier match\[spec version] string optional the specification version(s) of the stix object that are being requested more than one value can be specified values must be comma(,) seperated match\[version] string optional the version(s) of the object(s) that are being requested from either an object or manifest task more than one value can be specified values must be comma(,) seperated output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "thu, 13 jul 2023 16 38 54 gmt", "content type" "application/taxii+json;version=2 1", "content length" "264", "connection" "keep alive", "allow" "get, head, options", "content security policy" "img src https data blob ;", "referrer policy" "same origin", "server" "gunicorn", "strict transport security" "max age=315360000; includesubdomains; preload", "x content type options" "nosniff, nosniff", "x frame options" "deny, deny", "x krakend" "version undefined", "x krakend completed" "false", "x xss protection" "1; mode=block" }, "reason" "ok" } ] taxii 2 1 get object manifests get manifest information about the contents of a specific collection in a taxii 2 1 server endpoint url /collections/{{collection id}}/manifest/ method get input argument name type required description headers object optional http headers for the request collection id string required unique identifier added after string optional a single timestamp that filters objects to only include those objects added after the specified timestamp the added after parameter is not in any way related to dates or times in a stix object or any other cti object limit number optional a single integer value that indicates the maximum number of objects that are received in a single response next string optional next page number match\[id] string optional the identifier of the object(s) that are being requested when searching for a stix object, this is a stix id more than one value can be specified values must be comma(,) seperated match\[spec version] string optional the specification version(s) of the stix object that are being requested more than one value can be specified values must be comma(,) seperated match\[type] string optional the type of the object(s) that are being requested more than one value can be specified values must be comma(,) seperated match\[version] string optional the version(s) of the object(s) that are being requested from either an object or manifest task more than one value can be specified values must be comma(,) seperated output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 206, "response headers" { "date" "fri, 14 jul 2023 07 01 29 gmt", "content type" "application/taxii+json;version=2 1", "content length" "810", "connection" "keep alive", "allow" "get, head, options", "content security policy" "img src https data blob ;", "referrer policy" "same origin", "server" "gunicorn", "strict transport security" "max age=315360000; includesubdomains; preload", "x content type options" "nosniff, nosniff", "x frame options" "deny, deny", "x krakend" "version undefined", "x krakend completed" "false", "x taxii date added first" "2021 03 03t14 21 40 528000z", "x taxii date added last" "2021 03 03t14 21 41 446000z" }, "reason" "partial content", "json body" \[ { "id" "identity 0e88da99 6139 4e3c b4f4 0758c22c5d8d", "added date" "2021 03 03t14 21 40 528000z", "media type" \[ "application/vnd oasis stix+json; version=2 0" ] }, { "id" "indicator 1b31d605 3c11 4754 830f 06bfe8921c16", "added date" "2021 03 03t14 21 40 840000z", "media type" \[ "application/vnd oasis stix+json; version=2 0" ] }, { "id" "indicator 6b2bc919 0fa0 43f7 a951 dc84bdc60a3b", "added date" "2021 03 03t14 21 41 091000z", "media type" \[ "application/vnd oasis stix+json; version=2 0" ] } ] } ] taxii 2 1 get object versions get a list of object versions from a collection endpoint url /collections/{{collection id}}/objects/{{object id}}/versions/ method get input argument name type required description headers object optional http headers for the request collection id string required unique identifier object id string required unique identifier added after string optional a single timestamp that filters objects to only include those objects added after the specified timestamp the added after parameter is not in any way related to dates or times in a stix object or any other cti object limit number optional a single integer value that indicates the maximum number of objects that are received in a single response next string optional next page number match\[spec version] string optional the specification version(s) of the stix object that are being requested more than one value can be specified values must be comma(,) seperated output parameter type description status code number http status code of the response reason string response reason phrase spec version string output field spec version objects array output field objects example \[ { "status code" 200, "response headers" { "date" "fri, 14 jul 2023 06 52 28 gmt", "content type" "application/taxii+json;version=2 1", "content length" "268", "connection" "keep alive", "allow" "get, head, options", "content security policy" "img src https data blob ;", "referrer policy" "same origin", "server" "gunicorn", "strict transport security" "max age=315360000; includesubdomains; preload", "x content type options" "nosniff, nosniff", "x frame options" "deny, deny", "x krakend" "version undefined", "x krakend completed" "false", "x xss protection" "1; mode=block" }, "reason" "ok", "json body" { "spec version" "2 1" } } ] taxii 2 1 get objects get objects of a collection from a taxii 2 1 server endpoint url /collections/{{collection id}}/objects/ method get input argument name type required description headers object optional http headers for the request collection id string required unique identifier added after string optional a single timestamp that filters objects to only include those objects added after the specified timestamp the added after parameter is not in any way related to dates or times in a stix object or any other cti object limit number optional a single integer value that indicates the maximum number of objects that are received in a single response next string optional next page number match\[id] string optional the identifier of the object(s) that are being requested when searching for a stix object, this is a stix id more than one value can be specified values must be comma(,) seperated match\[spec version] string optional the specification version(s) of the stix object that are being requested more than one value can be specified values must be comma(,) seperated match\[type] string optional the type of the object(s) that are being requested more than one value can be specified values must be comma(,) seperated match\[version] string optional the version(s) of the object(s) that are being requested from either an object or manifest task more than one value can be specified values must be comma(,) seperated output parameter type description status code number http status code of the response reason string response reason phrase objects array output field objects more boolean output field more next string output field next example \[ { "status code" 206, "response headers" { "date" "thu, 13 jul 2023 17 27 40 gmt", "content type" "application/taxii+json;version=2 1", "content length" "4170", "connection" "keep alive", "allow" "get, post, head, options", "content security policy" "img src https data blob ;", "referrer policy" "same origin", "server" "gunicorn", "strict transport security" "max age=315360000; includesubdomains; preload", "vary" "accept", "x content type options" "nosniff, nosniff", "x frame options" "deny, deny", "x krakend" "version undefined", "x krakend completed" "false", "x taxii date added first" "2021 03 03t14 21 40 528000z" }, "reason" "partial content", "json body" { "objects" \[], "more" true, "next" "2" } } ] taxii 2 1 server discovery discover server for taxii 2 1 endpoint url /taxii2/ method get input argument name type required description headers object optional http headers for the request output parameter type description status code number http status code of the response reason string response reason phrase title string output field title description string output field description contact string output field contact default string output field default api roots array output field api roots example \[ { "status code" 200, "response headers" { "date" "thu, 13 jul 2023 15 49 09 gmt", "content type" "application/taxii+json;version=2 1", "content length" "300", "connection" "keep alive", "allow" "get, head, options", "content security policy" "img src https data blob ;", "referrer policy" "same origin", "server" "gunicorn", "strict transport security" "max age=315360000; includesubdomains; preload", "x content type options" "nosniff, nosniff", "x frame options" "deny, deny", "x krakend" "version undefined", "x krakend completed" "false", "x xss protection" "1; mode=block" }, "reason" "ok", "json body" { "title" "ctix xyz exchange taxii 2 1 server", "description" "ctix xyz exchange taxii 2 1 server contains 1 api root", "contact" "please contact ctix xyz ", "default" "https //xyz cyware com/ctixapi/ctix21/", "api roots" \[] } } ] response headers header description example allow http response header allow get, post, head, options connection http response header connection close content length the length of the response body in bytes 268 content range http response header content range 0 15/54707 content security policy http response header content security policy img src https data blob ; content type the media type of the resource application/taxii+json;version=2 1 date the date and time at which the message was originated thu, 13 jul 2023 16 11 41 gmt referrer policy http response header referrer policy same origin server information about the software used by the origin server gunicorn strict transport security http response header strict transport security max age=315360000; includesubdomains; preload vary http response header vary accept x content type options http response header x content type options nosniff, nosniff x frame options http response header x frame options deny, deny x krakend http response header x krakend version undefined x krakend completed http response header x krakend completed false x taxii date added first http response header x taxii date added first 2021 04 14t13 09 59 353000z x taxii date added last http response header x taxii date added last 2022 02 09t14 16 38 556000z x xss protection http response header x xss protection 1; mode=block notes for more information on taxii 2 0, click here http //docs oasis open org/cti/taxii/v2 0/cs01/taxii v2 0 cs01 html# toc496542711 for more information on taxii 2 1, click here https //docs oasis open org/cti/taxii/v2 1/cs01/taxii v2 1 cs01 html# toc31107513