I was just trying to use Alien Vault as TAXII server but has observed that settings are not verified.Īlso tried by choosing autnehtication and provided API key as user name and password field blank as suggested by Alienvault guide. Upon metadata creation, users can leverage the STIX based threat intelligence during subsequent investigations.įor additional details about Security Analytics STIX support, see Security Analytics STIX. ![]() Upon specifying the feed, the user can map the information to metadata.Īfter importing and/or configuration is complete, SA will begin to create meta during data capture time. After specifying the STIX feed type, a user can choose to do a one-time 'Adhoc' import from disk or a 'Recurring' feed from a specified URL location. Once meta data is created, a user can leverage the information during threat detection and/or during the threat investigation workflows.Īs mentioned, importing a STIX feed is similar to importing a Live Custom Feed (See Live Custom Feed Configuration). Similar to the existing ability in Security Analytics to import custom CSV based threat intelligence feeds, a user will be able to map the intelligence imported from a STIX feed to the creation of meta data during packet and/or log capture time by the SA decoders. Specifically, a user will be able to import threat indicators such as IP addresses, file hashes, and URLs. Initial support for the STIX format will be focused on threat indicators through STIX 'Observables' and 'Indicators'. With the release of Security Analytics 10.6.1, RSA will begin providing some initial basic support for the STIX threat intelligence file format. ![]() ![]() (For additional information about STIX, see Structured Threat Information eXpression). With the emergence of STIX, Structured Threat Information eXpression, threat intelligence providers, application vendors, and users could begin to share and leverage threat intelligence by speaking a common language. With the rapid growth in the number threat intelligence providers and services, the need and focus for threat intelligence format standards and protocols became inevitable.
0 Comments
Leave a Reply. |