Version:

Configuration

Configuring the STIX/TAXII Enrichment Source in Director Console

  1. Click Configure from the left navigation bar.

  2. Click Plugins.

  3. Select the STIX/TAXII Enrichment Source from the Select Plugin Type drop-down.

  4. Select LogPoint machines to configure the STIX/TAXII enrichment source. You can select multiple machines of different pools.

    Note

    • You cannot select a subscriber LogPoint to configure the STIX/TAXII enrichment source. The subscriber LogPoint receives these configurations from its provider LogPoint.

    • You can use Refresh List to sync the data between LogPoint and Director Fabric.

  5. Click Next.

    _images/stixtaxii-dc_configuration_select_machines.png

    Selecting LogPoint Machines

  6. Select the Enable Source option to fetch STIX data from a TAXII server.

  7. Enter the Discovery URL, which is the location of the discovery service in the TAXII server.

  8. Select a STIX Version.

    8.1. If you select the 1.X version:

    8.1.1. Enter the Fetch From. The application fetches data from the selected hour or day.

    8.1.2. Select the Fetch From Unit option in hours, months, or days.

    8.1.3. Enter the Fetch Interval.

    8.1.4. Select the Fetch Interval Unit option in either hours or days.

    Enabling STIX

    Selecting STIX 1.X Version

    8.2. If you select the 2.0 version,

    8.2.1. Enter the Fetch Interval.

    8.2.2. Select the Fetch Interval Unit option in either hours or days.

    Enabling STIX

    Selecting STIX 2.0 Version

  9. Select the Enable Basic Authentication option if your TAXII server uses basic authentication.

  10. In the User Credentials section, enter your Username and Password of the TAXII server.

    _images/stixtaxii-dc_configuration_configuring_stixtaxii2.png

    Continued Configuring STIX/TAXII Enrichment Source

  11. Select the Enable SSL Authentication option if your TAXII server uses SSL authentication.

  12. In the SSL Configuration section:

    12.1. Enter the Key Password, which is the password used to decrypt the SSL key.

    12.2. Upload the SSL certificate in the Certification File.

    12.3. Upload the SSL key in the Certificate Key.

    _images/stixtaxii-dc_configuration_configuring_stixtaxii3.png

    Continued Configuring STIX/TAXII Enrichment Source

  13. Select the Enable Proxy option to connect the TAXII server via a proxy server.

  14. In the Proxy Configuration section:

    14.1. Enter the IP address and the Port number of the proxy server.

    14.2. Select Http or Https protocol as required.

  15. Click Next.

    _images/stixtaxii-dc_configuration_configuring_stixtaxii4.png

    Continued Configuring STIX/TAXII Enrichment Source

  16. Review your changes. You can go Back to make any changes if necessary.

  17. Click Finish.

  18. Click OK.

    _images/stixtaxii-dc_configuration_confirming_changes.png

    Confirming the Changes

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support