Configuration

Uploading a SSL Certificate File in the Fabric Storage

Private Storage

You can upload a SSL certificate file to a private storage in the Fabric storage using the PluginConfiguration-Upload API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/PluginConfiguration/StixTaxiiEnrichmentSource/upload

Method:

POST

Header:

FIELD

LABEL IN UI

DESCRIPTION

Content-Type

Content type of the certificate file. It must be Multipart/Form-data.

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

file_name

Object

File to be uploaded.

Mandatory

Success Response:

{
    "status": "Success",
    "message": "certificate.crt successfully uploaded in private storage."
}

Public Storage

You can upload a SSL certificate file to a public storage in the Fabric storage using the PluginConfiguration-UploadPublic API.

Endpoint URL:

https://api-server-host-name/configapi/PluginConfiguration/StixTaxiiEnrichmentSource/publicupload

Method:

POST

Header:

FIELD

LABEL IN UI

DESCRIPTION

Content-Type

Content type of the certificate file. It must be Multipart/Form-data.

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

file_name

Object

File to be uploaded.

Mandatory

Success Response:

{
    "status": "Success",
    "message": "certificate.crt successfully uploaded in public storage."
}

Listing the SSL Certificate File in the Fabric Storage

List Private Uploads

You can list the uploaded files to a private storage in the Fabric storage using the PluginConfiguration-ListPrivateUploads API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/PluginConfiguration/StixTaxiiEnrichmentSource/list

Method:

GET

Success Response:

[
    "certificate.crt",
    "privateKey.key"
]

List Public Uploads

You can list the uploaded files to a public storage in the Fabric storage using the PluginConfiguration-ListPublicUploads API.

Endpoint URL:

https://api-server-host-name/configapi/PluginConfiguration/StixTaxiiEnrichmentSource/list

Method:

GET

Success Response:

[
    "certificate.crt",
    "privateKey.key"
]

Configuring the STIX/TAXII Enrichment Source for STIX v1.0

You can configure the StixTaxii Enrichment Source in a Fabric-enabled LogPoint using the PluginConfiguration - Create API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/StixTaxiiEnrichmentSource

Method:

POST

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

st_enable_source

Enable Source

boolean

Parameter to enable or disable fetching of STIX data from a TAXII server.

Mandatory

discovery_url

Base URL

String

Location of the discovery service in the TAXII server.

Mandatory

begin

Fetch From

int

Parameter to fetch data from the last selected month, hour, or day.

Mandatory

begin_unit

Fetch From

String

Unit of the begin.

Mandatory

fetch_interval

Fetch Interval

int

An interval between the adjacent fetches.

Mandatory

fetch_interval_unit

Fetch Interval

String

Unit of the fetch interval.

Mandatory

stix_version

Version

String

STIX Version.

Mandatory

basic_auth_mode

Basic Authentication

JSON

Basic Authentication:

basic_auth_status: Parameter to enable or disable the basic authentication.
username: Username of the TAXII server.
password: Password of the TAXII server.

Mandatory

ssl_mode

SSL Authentication

JSON

SSL Authentication:

ssl_status: Parameter to enable or disable the SSL authentication.
key_pass: Password used to decrypt the SSL key.

Mandatory

file_location

String

Location of the file.

Mandatory

files

Files

JSON

SSL configuration of the TAXII server:

cert_file: SSL certificate.
cert_key: SSL key.

Mandatory

st_proxy

Proxy Configuration

JSON

Proxy configuration of the TAXII server:

status: Parameter to enable or disable the proxy server.
ip: IP of the proxy server.
port: Port of the proxy server.
protocol: HTTP or HTTPS protocol used by the proxy server.

Mandatory

Request Example:

{

    "data":{
        "st_enable_source": true,
        "discovery_url": "https://open.taxiistand.com/services/discovery",
        "fetch_interval": 2,
        "fetch_interval_unit": "Days",
        "begin":20,
        "begin_unit": "Days",
            "st_proxy": {
                        "status": false,
                        "ip": "127.0.0.1",
                        "protocol": "http",
                        "port": 22
                        },
            "ssl_mode":{
                        "ssl_status": false,
                        "key_pass": "12345"
                        },
        "file_location": "public",
        "files": {
                "cert_file": "client.crt",
                "cert_key": "client.key"
                 },
        "stix_version":"1",
            "basic_auth_mode": {
                                "username": "guest",
                                "basic_auth_status": false,
                                "password": "guest"
                                }

            }

}

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Configuring the STIX/TAXII Enrichment Source for STIX v2.0

You can configure the StixTaxii Enrichment Source in a Fabric-enabled LogPoint using the PluginConfiguration - Create API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/StixTaxiiEnrichmentSource

Method:

POST

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

st_enable_source

Enable Source

boolean

Parameter to enable or disable fetching of STIX data from a TAXII server.

Mandatory

discovery_url

Base URL

String

Location of the discovery service in the TAXII server.

Mandatory

begin

Fetch From

int

Parameter to fetch data from the last selected month, hour, or day.

Mandatory

begin_unit

Fetch From

String

Unit of the begin.

Mandatory

fetch_interval

Fetch Interval

int

An interval between the adjacent fetches.

Mandatory

fetch_interval_unit

Fetch Interval

String

Unit of the fetch interval.

Mandatory

stix_version

Version

String

STIX Version.

Mandatory

basic_auth_mode

Basic Authentication

JSON

Basic Authentication:

basic_auth_status: Parameter to enable or disable the basic authentication.
username: Username of the TAXII server.
password: Password of the TAXII server.

Mandatory

ssl_mode

SSL Authentication

JSON

SSL Authentication:

ssl_status: Parameter to enable or disable the SSL authentication.
key_pass: Password used to decrypt the SSL key.

Mandatory

file_location

String

Location of the file.

Mandatory

files

Files

JSON

SSL configuration of the TAXII server:

cert_file: SSL certificate.
cert_key: SSL key.

Mandatory

st_proxy

Proxy Configuration

JSON

Proxy configuration of the TAXII server:

status: Parameter to enable or disable the proxy server.
ip: IP of the proxy server.
port: Port of the proxy server.
protocol: HTTP or HTTPS protocol used by the proxy server.

Mandatory

Request Example:

{

    "data":{
        "st_enable_source": true,
        "discovery_url": "https://open.taxiistand.com/services/discovery",
        "fetch_interval": 2,
        "fetch_interval_unit": "Days",
        "begin":20,
        "begin_unit": "Days",
            "st_proxy": {
                        "status": false,
                        "ip": "127.0.0.1",
                        "protocol": "http",
                        "port": 22
                        },
            "ssl_mode":{
                        "ssl_status": false,
                        "key_pass": "12345"
                        },
        "file_location": "public",
        "files": {
                "cert_file": "client.crt",
                "cert_key": "client.key"
                 },
        "stix_version":"2",
            "basic_auth_mode": {
                                "username": "guest",
                                "basic_auth_status": false,
                                "password": "guest"
                                }

            }

}

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

General Information

You can get an overview of the fetched information from STIX/TAXII using the PluginConfiguration-List API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/Ti_general

Method:

GET

Success Response:

[
    {
        "services": {
            "stix_taxii": {
                "last_successful_fetch": 0,
                "name": "Stix Taxii",
                "error": null,
                "fetch_status": "Completed",
                "no_of_entries": 0,
                "last_fetch_attempt": 1569403863
            },
        },
        "no_of_entries": 0,
        "type": "ti_general",
        "tid": "",
        "id": "5c81f48e10959135395cabea"
    }
]

Listing all the StixTaxii Enrichment Source Configurations

You can list the StixTaxii configurations using the PluginConfiguration - List API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/Ti_stixtaxii

Method:

GET

Success Response:

[
    {
        "st_proxy": {
            "status": true,
            "ip": "127.0.0.1",
            "protocol": "http",
            "port": 22
        },
        "begin": 1,
        "ssl_mode": {
            "key_pass": "pass1",
            "ssl_status": True
        },
        "cert_file": "certificate.crt",
        "cert_key": "privateKey.key",
        "id": "5d8b2a522be2374b84949c82",
        "basic_auth_mode": {
            "username": "user1",
            "basic_auth_status": true,
            "password": "psw1"
        },
        "stix_version":"2",
        "fetch_interval": 1,
        "st_enable_source_confirmed": false,
        "tid": "",
        "discovery_url": "http://taxiiserver.com/taxii-discovery-service",
        "fetch_interval_unit": "Hours",
        "st_enable_source": true
    }
]

Editing the STIX/TAXII Enrichment Source Configuration

You can edit a StixTaxii configuration in a Fabric-enabled LogPoint using the PluginConfiguration - Edit API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/StixTaxiiEnrichmentSource/{id}

Method:

PUT

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

st_enable_source

Enable Source

boolean

Parameter to enable or disable fetching of STIX data from a TAXII server.

Mandatory

discovery_url

Base URL

String

Location of the discovery service in the TAXII server.

Mandatory

begin

Fetch From

int

Parameter to fetch data from the last selected month, hour, or day.

Mandatory

begin_unit

Fetch From

String

Unit of the begin.

Mandatory

fetch_interval

Fetch Interval

int

An interval between the adjacent fetches.

Mandatory

fetch_interval_unit

Fetch Interval

String

Unit of the fetch interval.

Mandatory

stix_version

Version

String

STIX Version.

Mandatory

basic_auth_mode

Basic Authentication

JSON

Basic Authentication:

basic_auth_status: Parameter to enable or disable the basic authentication.
username: Username of the TAXII server.
password: Password of the TAXII server.

Mandatory

ssl_mode

SSL Authentication

JSON

SSL Authentication:

ssl_status: Parameter to enable or disable the SSL authentication.
key_pass: Password used to decrypt the SSL key.

Mandatory

file_location

String

Location of the file.

Mandatory

files

Files

JSON

SSL configuration of the TAXII server:

cert_file: SSL certificate.
cert_key: SSL key.

Mandatory

st_proxy

Proxy Configuration

JSON

Proxy configuration of the TAXII server:

status: Parameter to enable or disable the proxy server.
ip: IP of the proxy server.
port: Port of the proxy server.
protocol: HTTP or HTTPS used by the proxy server.

Mandatory

id

String

Existing StixTaxii Enrichment Source ID . Obtain the value of the ID using the StixTaxiiEnrichmentSource - List API.

Mandatory

Request Example:

{

    "data":{
        "st_enable_source": true,
        "discovery_url": "https://open.taxiistand.com/services/discovery",
        "fetch_interval": 2,
        "fetch_interval_unit": "Days",
        "begin":20,
        "begin_unit": "Days",
            "st_proxy": {
                        "status": false,
                        "ip": "127.0.0.1",
                        "protocol": "http",
                        "port": 22
                        },
            "ssl_mode":{
                        "ssl_status": false,
                        "key_pass": "12345"
                        },
        "file_location": "public",
        "files": {
                "cert_file": "client.crt",
                "cert_key": "client.key"
                 },
        "stix_version":"2",
            "basic_auth_mode": {
                                "username": "guest",
                                "basic_auth_status": false,
                                "password": "guest"
                                }

            }

}

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Deleting the STIX/TAXII Enrichment Source Configuration

You can delete a StixTaxii configuration in a Fabric-enabled LogPoint using the PluginConfiguration - Trash API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/StixTaxiiEnrichmentSource/{id}

Method:

Delete

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

id

String

Existing StixTaxiiEnrichmentSource id . Obtain the value of the ID using the StixTaxiiEnrichmentSource - List API

Mandatory

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Deleting the SSL Certificate File in the Fabric Storage

Trash Private Uploads

You can delete the uploaded certificate files in a private storage in the Fabric storage using the PluginConfiguration-TrashPrivateUploads API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/PluginConfiguration/StixTaxiiEnrichmentSource/{file_name}

Method:

DELETE

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

file_name

String

File to be deleted.

Mandatory

Success Response:

{
    "status": "Success",
    "message": "certificate.crt successfully deleted."
}

Trash Public Uploads

You can delete the certificate uploaded files in a public storage in the Fabric storage using the PluginConfiguration-TrashPublicUploads API.

Endpoint URL:

https://api-server-host-name/configapi/PluginConfiguration/StixTaxiiEnrichmentSource/{file_name}

Method:

DELETE

Header:

FIELD

LABEL IN UI

DESCRIPTION

Content-Type

Content type of the certificate file. It must be Multipart/Form-data.

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

file_name

String

File to be deleted.

Mandatory

Success Response:

{
    "status": "Success",
    "message": "certificate.crt successfully deleted."
}

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support