03-20-2017 12:29 AM
Hi,
Does Cisco ESA solution has support for STIX/TAXII API ?
04-04-2017 02:14 PM
Hi,
This is an item that is on the roadmap for the Cisco Email Security products. Your account team can arrange for a roadmap presentation by a member of the Product Mangement or TME team for those products.
Raymond
01-15-2019 07:58 AM
Looks like it's coming in version 12 as an integrated feature, woot.
01-23-2019 04:56 AM
This support is coming with ESA Version 12, planed ETA in Q1/2019
02-01-2019 04:32 AM
This is available now in 12.0 (LD). I've done some basic testing and it works!
02-01-2019 04:44 AM
Excellent. I've been weighing some feeds in anticipation.
02-01-2019 04:52 AM
02-07-2019 05:34 AM
I'm in initial vetting on them, but you're welcome to take a look as well:
https://otx.alienvault.com/taxii/discovery
https://open.taxiistand.com/services/discovery
https://limo.anomali.com/api/v1/taxii/taxii-discovery-service/
02-08-2019 05:27 AM
As I can see, there is a feature key needed on the Ironport in order to use this. Is it expensive?
02-08-2019 05:33 AM
Hi, I tested it with evaluation licenses so I'm not sure but I believe there's no extra charge to consume threat feeds. Getting your hands on commercial external threat intelligence feeds is not included off course.
From the release notes:
If you are using the Classic licensing mode and you do not have an External Threat Feeds feature key, you must contact the Cisco Global Licensing Operations (GLO) team to obtain the feature key as follows:
1.Send an email to the GLO team (licensing@cisco.com) with the message subject as “Request for External Threat Feeds Feature Key”, and provide your Product Authorization Key (PAK) file and Purchase Order (PO) details in the email.
2.The GLO team provisions the feature key manually, and sends you an email with the license key to install on your appliance.
Note: If you switch to the Smart Licensing mode on your appliance, you are automatically provided with an External Threat Feeds feature key.
02-08-2019 05:59 AM
02-18-2019 03:27 AM
Hello Charella,
Could you please let us know, what is the recommended deployment
Usually we get a list of IOC, so we can have our server and add required IOC !
If you know more about that server, specs, required operating system, required software to define IOC, a complete guide for it, please share.
04-02-2019 04:48 AM
charella,
Have you entered those hailataxii values into CTR setup? I've tried those, and variations, and am consistently getting an error. This is as guest/guest or anonymous (no user); with or without a trailing slash on the polling path; etc. Use HTTPS is No (port 80).
A failure was encountered for the source 'HailATaxii-domain'. Reason for failure A poll for the source HailATaxii-domain was not initiated because the details of the source could not be fetched.
10-29-2019 10:32 AM
I'm having difficulty getting the hailataxii open source feed configured. I have followed the instructions from the website and even tried to use the configuration from the YouTube video. However our test machine won't accept the polling path and the email address for hailataxii is not found by O365. Is anyone still using hailataxii?
Are there any other open source polling paths available that don't require a taxii client to be configured?
10-29-2019 11:37 AM
Try the following config :
Source: HailATaxii_7days
Hostname : hailataxii.com
Polling Path : /taxii-discovery-service
Collection name : guest.dataForLast_7daysOnly
Polling Interval : 1 hours
use HTTPS : no, port 80
I hope that will get you started.
-Marc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide