[IntelMQ-users] Taxii collector bot

L. Aaron Kaplan aaron at lo-res.org
Tue Jan 11 00:49:59 CET 2022 

There is some attempt to try to bring in STIX.  I know, this is just a teaser so far... and I can't promise anything.
But at least I am aware of an attempt...

What I am wondering about is if adding STIX makes the processing still manageable. Like what would each bot need to look out for? In the internal data format as we have it now, things are quite simple and quite well defined: the IDF format clearly says which key-value pairs may exist. In STIX , things become a bit more complex.
Is anyone aware of how other systems solved this problem?

Thanks,
Aaron.


> On 10.01.2022, at 15:19, Joaquin Cabrera <joaquin.cabrera at cert.uy> wrote:
> 
> Hi Aaron!
> 
> That would be great! At the time we don't have a developer team, nor detailed knowledge about STIX format to help : (
> 
> We will use another tool in the mean time, thank you for your answer!
> 
> Regards,
> 
> Joaquín
> 
> El 5/1/22 a las 19:26, L. Aaron Kaplan escribió:
>> Hi Joaquin,
>> 
>> I think that's a really good idea. Note that STIX has more of a graph structure, so - at least currently - that would somehow have to be flattened and mapped to intelMQ's internal data format.
>> As far as I know there is no taxii collector (yet).
>> 
>> I would be interested in one as well.
>> 
>> Let me discuss with a few folks how/if this can be implemented.
>> 
>> Best,
>> Aaron.
>> 
>> 
>>> On 05.01.2022, at 21:05, Joaquin Cabrera <joaquin.cabrera at cert.uy> wrote:
>>> 
>>> Dear community,
>>> 
>>> I'm looking for a collector bot to retrieve data from a taxii server, but i couldn't find any.
>>> We are tying to use intelMQ as our main tool to collect all security feeds and one of them is a taxii feed.
>>> 
>>> Does anyone have this kind of scenario?
>>> 
>>> Best regards,
>>> 
>>> Joaquín Cabrera
>>> CERTuy - AGESIC
>>> 
>>> Torre Ejecutiva Anexo
>>> Liniers 1280 piso 1
>>> Tel: (+598) 2901 2929 Int. 8509
>>> (11.000) Montevideo – URUGUAY
>>> www.agesic.gub.uy
>>> 
>>> --
>>> List settings:
>>> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users
>>> IntelMQ Documentation: https://intelmq.readthedocs.io/
> 
> --
> Joaquín Cabrera
> CERTuy - AGESIC
> 
> Torre Ejecutiva Anexo
> Liniers 1280 piso 1
> Tel: (+598) 2901 2929 Int. 8509
> (11.000) Montevideo – URUGUAY
> www.agesic.gub.uy
> 
> --
> List settings:
> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users
> IntelMQ Documentation: https://intelmq.readthedocs.io/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20220111/2f3027f7/attachment.sig>

More information about the IntelMQ-users mailing list