cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
969
Views
15
Helpful
7
Replies

THREAT_FEEDS: Unable to fetch the observables (ESA C300V)

ITASupport
Level 1
Level 1

Hi,

I am receiving ETF error since last few weeks. Following is the warning message which i am receiving.

(The Warning message is:

 THREAT_FEEDS: Unable to fetch the observables from the source: otx.alienvault.com after 3 failed attempts. Reason for failure: Taxii Error: HTTP Error: status code 400 bad request)

Please help me to fix this. I am using otx.alienvault.com to get ETF updates. This was working fine but since 12th October above mentioned warning alert appears on daily basis. I tried every steps. check my configurations multiple times. every thing is fine.

Regards,

ITA Support

7 Replies 7

SriramV
Cisco Employee
Cisco Employee

you have to check with alienvault as this error from server.

you can try this out in your pc

docker run --rm=true eclecticiq/cabby:latest taxii-discovery --path https://otx.alienvault.com/taxii/discovery
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
2022-11-01 23:20:07,261 INFO: Sending Discovery_Request to https://otx.alienvault.com/taxii/discovery
2022-11-01 23:20:07,965 ERROR: HTTP Error: status code 400

Hi SriramV,

Thank you for above command. Ran command and I have also receive following message.

2022-11-03 10:23:05,893 INFO: Sending Discovery_Request to https://otx.alienvault.com/taxii/discovery
2022-11-03 10:23:07,429 ERROR: HTTP Error: status code 400

Steflstefan
Level 1
Level 1

There seems to be a problem with the OTX Alienvault service.
Look here: https://success.alienvault.com/s/topic/0TO0Z000000oRS1WAM/open-threat-exchange-otx

Grz

Hi Steflstefan,

I do check this url. People are facing this issue and ask Alienvault about resolution. But no one is replying.

anthony.jones
Level 1
Level 1

Has anyone removed this thread feed?   I am also getting the same error, and an email every hour about it being unable to fetch.   I am debating on removing it, is there any real benefit to having it?   Is there a different one thats comparable? 

Hasn't been any movement from AlientVault on this.. I removed mine.
There's a list of various free feeds in this comment chain. I haven't looked at any of them.
https://www.reddit.com/r/cybersecurity/comments/q38qvz/looking_for_free_stixtaxii_threat_intelligence/

Hey all,

Alienvault OTX came back online on Saturday.  I'm getting data from it now. 

Ken 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: