StixTaxii
StixTaxii is a threat intelligence source that fetches Cyber Threat Intelligence (CTI) data written in STIX format from a TAXII server. You can enrich incoming logs of Logpoint with this fetched data by using the Threat Intelligence process command.
StixTaxii supports STIX/TAXII versions 1.0, 2.0 and 2.1.
Threat Intelligence 6.4.0 or later
Package Details
Stix/Taxii Components:
- Enrichment Souce
- StixTaxiiEnrichmentSource
Enhancement
The following columns are added to the threat intelligence table:|
Column |
Issue ID |
Reference ID |
|---|---|---|
| Confidence: indicates reliability, helping prioritize high-confidence threats for quicker action while reducing false positives. | PLUG-15625 |
- |
| Score: indicates the severity of a threat, aiding in the prioritization of responses based on potential impact. |
- |
|
| Tag: facilitates threat categorization, allowing for better organization, filtering, and retrieval of relevant threat data during investigations. |
- |
Bug Fixes
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
The StixTaxii proxy failed to function without manually updating its configuration file from https://<IP> to http://<IP>. |
PLUG-8498 |
63074 |
|
The URL field value was incorrectly parsed as h://tt instead of the original url value. |
PLUG-11762 |
82003 |
Past Releases
StixTaxii v6.2.1
Release version: 6.2.1
Release Date: November 29th, 2024
Supported On: Logpoint v6.12.2 and later
Download: StixTaxii_6.2.1.pak
SHA256: 3cf2d6df1643266a082ee8564a871c52041f0ea3edef44c7017a23a26fde2f26
Documentation:
StixTaxii for Director Console API
StixTaxi for Director Console UI
Bug Fix
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
For TAXII v1.0, the STIX_Header was mandatory, resulting in logs not being fetched if the field was empty. |
PLUG-13106 |
85242, 85349 |
|
For TAXII v2.X, StixTaxii failed to parse log data with JSON objects containing “type“: “ipv4-addr“, resulting in them not being fetched. |
PLUG-11963 |
83617 |
StixTaxii v6.2.0
Release version: 6.2.0
Release Date: March 3rd, 2024
Supported On: Logpoint v6.12.2 and later
Download: StixTaxii_6.2.0.pak
SHA256: 90e554c3fa4ceb59d11042ca7f2d9598d026357bd083fea6ac128d8c7f0ed9bb
Documentation:
StixTaxii Guide for Director Console API
StixTaxii Guide for Director Console UI
Enhancement
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| You can now enable pagination to fetch data in a paginated manner, allowing for easier navigation and management of large datasets. For details on enabling, go to settings. |
PLUG-11194 |
- |
StixTaxii v6.1.0
Release version: 6.1.0
Release Date: July 12, 2023
Supported On: Logpoint v6.12.2 and later
Download: StixTaxii_6.1.0.pak
SHA256: 4ff949ae88aaad87f61e7b51cd24a69499db6306f372739fa4e7dce74964bcf3
Documentation:
StixTaxii Guide for Director Console API
StixTaxii Guide for Director Console UI
Enhancement
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| StixTaxii now supports STIX/TAXII v2.1. |
PLUG-10245 |
- |
StixTaxii v6.0.0
Release version: 6.0.0
Release Date: November 19, 2021
Supported On: Logpoint v6.12.2 and later
Download: StixTaxii_6.0.0.pak
SHA256: 121788461e5c876a11cc483cfcca2525997827e5dbeb07deb3d93b05e928003c
Documentation:
StixTaxii Guide for Director Console API
StixTaxii Guide for Director Console UI
Enhancement
The application has been updated to comply with LogPoint v6.12.2.
Support
If you have any questions or require assistance, create a support ticket.
Comments
Article is closed for comments.