cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1142
Views
15
Helpful
7
Replies

THREAT_FEEDS: Unable to fetch the observables (ESA C300V)

ITASupport
Level 1
Level 1

Hi,

I am receiving ETF error since last few weeks. Following is the warning message which i am receiving.

(The Warning message is:

 THREAT_FEEDS: Unable to fetch the observables from the source: otx.alienvault.com after 3 failed attempts. Reason for failure: Taxii Error: HTTP Error: status code 400 bad request)

Please help me to fix this. I am using otx.alienvault.com to get ETF updates. This was working fine but since 12th October above mentioned warning alert appears on daily basis. I tried every steps. check my configurations multiple times. every thing is fine.

Regards,

ITA Support

7 Replies 7

SriramV
Cisco Employee
Cisco Employee

you have to check with alienvault as this error from server.

you can try this out in your pc

docker run --rm=true eclecticiq/cabby:latest taxii-discovery --path https://otx.alienvault.com/taxii/discovery
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
2022-11-01 23:20:07,261 INFO: Sending Discovery_Request to https://otx.alienvault.com/taxii/discovery
2022-11-01 23:20:07,965 ERROR: HTTP Error: status code 400

Hi SriramV,

Thank you for above command. Ran command and I have also receive following message.

2022-11-03 10:23:05,893 INFO: Sending Discovery_Request to https://otx.alienvault.com/taxii/discovery
2022-11-03 10:23:07,429 ERROR: HTTP Error: status code 400

Steflstefan
Level 1
Level 1

There seems to be a problem with the OTX Alienvault service.
Look here: https://success.alienvault.com/s/topic/0TO0Z000000oRS1WAM/open-threat-exchange-otx

Grz

Hi Steflstefan,

I do check this url. People are facing this issue and ask Alienvault about resolution. But no one is replying.

anthony.jones
Level 1
Level 1

Has anyone removed this thread feed?   I am also getting the same error, and an email every hour about it being unable to fetch.   I am debating on removing it, is there any real benefit to having it?   Is there a different one thats comparable? 

Hasn't been any movement from AlientVault on this.. I removed mine.
There's a list of various free feeds in this comment chain. I haven't looked at any of them.
https://www.reddit.com/r/cybersecurity/comments/q38qvz/looking_for_free_stixtaxii_threat_intelligence/

Hey all,

Alienvault OTX came back online on Saturday.  I'm getting data from it now. 

Ken