basic opentaxii 2.1 docker install and python post
lcia-projects opened this issue · 4 comments
lcia-projects commented
hi, i'm trying to get a basic openTaxii server up.. and get a python script to insert data into that opentaxii server.
i've googled all i know to google.. i've checked the github issues for examples.. with no luck.. so here i am..
here is my basic docker-compose.yml
db:
image: postgres:9.4
environment:
POSTGRES_USER: user
POSTGRES_PASSWORD: password
POSTGRES_DB: opentaxii
authdb:
image: postgres:9.4
environment:
POSTGRES_USER: user1
POSTGRES_PASSWORD: password1
POSTGRES_DB: opentaxii1
opentaxii:
image: eclecticiq/opentaxii
environment:
OPENTAXII_AUTH_SECRET: secret
OPENTAXII_DOMAIN: 192.168.3.95:9000
OPENTAXII_USER: user
OPENTAXII_PASS: pass
DATABASE_HOST: db
DATABASE_NAME: opentaxii
DATABASE_USER: user
DATABASE_PASS: password
AUTH_DATABASE_HOST: authdb
AUTH_DATABASE_NAME: opentaxii1
AUTH_DATABASE_USER: user1
AUTH_DATABASE_PASS: password1
volumes:
- ./:/input:ro
ports:
- 9000:9000
links:
- db:db
- authdb:authdb
opentaxii2:
image: eclecticiq/opentaxii
environment:
OPENTAXII_AUTH_SECRET: secrettwo
OPENTAXII_DOMAIN: 192.168.3.95
OPENTAXII_USER: user1
OPENTAXII_PASS: pass1
DATABASE_HOST: authdb
DATABASE_NAME: opentaxii1
DATABASE_USER: user1
DATABASE_PASS: password1
volumes:
- ./:/input:ro
ports:
- 9001:9000
links:
- authdb:authdb
here is my modified data-configuration.yml to allow for stix2.1
---
domain: 192.168.3.95:9000
services:
- id: inbox
type: inbox
address: /services/inbox
description: Inbox Service
destination_collection_required: yes
accept_all_content: yes
authentication_required: yes
supported_content:
- urn:stix.mitre.org:json:2.1
protocol_bindings:
- urn:taxii.mitre.org:protocol:http:1.0
- id: discovery
type: discovery
address: /services/discovery
description: Discovery Service
advertised_services:
- inbox
- discovery
- collection_management
- poll
protocol_bindings:
- urn:taxii.mitre.org:protocol:http:1.0
- id: collection_management
type: collection_management
address: /services/collection-management
description: Collection Management Service
protocol_bindings:
- urn:taxii.mitre.org:protocol:http:1.0
- id: poll
type: poll
address: /services/poll
description: Poll Service
subscription_required: no
max_result_count: 100
max_result_size: 10
authentication_required: yes
protocol_bindings:
- urn:taxii.mitre.org:protocol:http:1.0
collections:
- name: cs2
available: true
accept_all_content: true
supported_content:
- urn:stix.mitre.org:json:2.1
service_ids:
- inbox
- collection_management
- poll
accounts:
- username: community
password: community123
permissions:
cs2: modify
and here is my basic python code trying to insert data into cs2 collection:
from pprint import pprint
import json
from cabby import create_client
client = create_client(
'192.168.3.95',
port=9000,
use_https=False,
discovery_path='/services/discovery'
)
print (client)
client.set_auth(username='community', password='community123')
services = client.discover_services()
binding="urn:stix.mitre.org:json:2.1"
#example from stix2.1 examples
test_stix21={
"type": "bundle",
"id": "bundle--2ac7882f-76a3-4a9b-97b3-811b3af1c7c0",
"objects": [
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9299f726-ce06-492e-8472-2b52ccb53191",
"created_by_ref": "identity--39012926-a052-44c4-ae48-caaf4a10ee6e",
"created": "2017-02-27T13:57:10.515Z",
"modified": "2017-02-27T13:57:10.515Z",
"name": "Malicious URL",
"description": "This URL is potentially associated with malicious activity and is listed on several blacklist sites.",
"indicator_types": [
"malicious-activity"
],
"pattern": "[url:value = 'http://paypa1.banking.com']",
"pattern_type": "stix",
"valid_from": "2015-06-29T09:10:15.915Z"
},
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--39012926-a052-44c4-ae48-caaf4a10ee6e",
"created": "2017-02-24T15:50:10.564Z",
"modified": "2017-02-24T15:50:10.564Z",
"name": "Alpha Threat Analysis Org.",
"roles": [
"Cyber Security"
],
"identity_class": "organization",
"sectors": [
"technology"
],
"contact_information": "info@alpha.org"
},
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5206ba14-478f-4b0b-9a48-395f690c20a2",
"created": "2017-02-26T17:55:10.442Z",
"modified": "2017-02-26T17:55:10.442Z",
"name": "Beta Cyber Intelligence Company",
"roles": [
"Cyber Security"
],
"identity_class": "organization",
"sectors": [
"technology"
],
"contact_information": "info@beta.com"
},
{
"type": "sighting",
"spec_version": "2.1",
"id": "sighting--8356e820-8080-4692-aa91-ecbe94006833",
"created_by_ref": "identity--5206ba14-478f-4b0b-9a48-395f690c20a2",
"created": "2017-02-28T19:37:11.213Z",
"modified": "2017-02-28T19:37:11.213Z",
"first_seen": "2017-02-27T21:37:11.213Z",
"last_seen": "2017-02-27T21:37:11.214Z",
"count": 1,
"sighting_of_ref": "indicator--9299f726-ce06-492e-8472-2b52ccb53191",
"where_sighted_refs": [
"identity--5206ba14-478f-4b0b-9a48-395f690c20a2"
]
}
]
}
test_stix21=json.dumps(test_stix21)
for service in services:
print('Service type={s.type}, address={s.address}'
.format(s=service))
service_address=service.address
s_type=service.type
content_blocks = client.poll(collection_name=s_type)
print (":")
gservices=client.get_services()
for service in gservices:
print('Service type={s.type}, address={s.address}'
.format(s=service))
# print ("::")
collections=client.get_collections('http://192.168.3.95:9000/services/collection-management')
for collection_item in collections:
print ("cname",collection_item.name)
# print(":::")
content_count=client.get_content_count('cs2')
print (content_count)
push_result=client.push(test_stix21, binding, collection_names=['cs2'],uri='/services/inbox')
print ("pr:",push_result)
print(":::")
content_count=client.get_content_count('cs2')
print (content_count)
i get no errors... but it doesnt insert into collection either..
any examples .. or tips would be greatly appreciated.
lcia-projects commented
i think i got it.. i at least have stuff going in:
from pprint import pprint
import json
from cabby import create_client
client = create_client(
'192.168.1.114',
port=9000,
use_https=False,
discovery_path='/services/discovery'
)
print (client)
#client.set_auth(username='community', password='community123')
client.set_auth(username='admin', password='admin')
services = client.discover_services()
#test data
binding="urn:stix.mitre.org:json:2.1"
test_stix21={
"type": "bundle",
"id": "bundle--2ac7882f-76a3-4a9b-97b3-811b3af1c7c0",
"objects": [
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9299f726-ce06-492e-8472-2b52ccb53191",
"created_by_ref": "identity--39012926-a052-44c4-ae48-caaf4a10ee6e",
"created": "2017-02-27T13:57:10.515Z",
"modified": "2017-02-27T13:57:10.515Z",
"name": "Malicious URL",
"description": "This URL is potentially associated with malicious activity and is listed on several blacklist sites.",
"indicator_types": [
"malicious-activity"
],
"pattern": "[url:value = 'http://paypa1.banking.com']",
"pattern_type": "stix",
"valid_from": "2015-06-29T09:10:15.915Z"
},
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--39012926-a052-44c4-ae48-caaf4a10ee6e",
"created": "2017-02-24T15:50:10.564Z",
"modified": "2017-02-24T15:50:10.564Z",
"name": "Alpha Threat Analysis Org.",
"roles": [
"Cyber Security"
],
"identity_class": "organization",
"sectors": [
"technology"
],
"contact_information": "info@alpha.org"
},
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5206ba14-478f-4b0b-9a48-395f690c20a2",
"created": "2017-02-26T17:55:10.442Z",
"modified": "2017-02-26T17:55:10.442Z",
"name": "Beta Cyber Intelligence Company",
"roles": [
"Cyber Security"
],
"identity_class": "organization",
"sectors": [
"technology"
],
"contact_information": "info@beta.com"
},
{
"type": "sighting",
"spec_version": "2.1",
"id": "sighting--8356e820-8080-4692-aa91-ecbe94006833",
"created_by_ref": "identity--5206ba14-478f-4b0b-9a48-395f690c20a2",
"created": "2017-02-28T19:37:11.213Z",
"modified": "2017-02-28T19:37:11.213Z",
"first_seen": "2017-02-27T21:37:11.213Z",
"last_seen": "2017-02-27T21:37:11.214Z",
"count": 1,
"sighting_of_ref": "indicator--9299f726-ce06-492e-8472-2b52ccb53191",
"where_sighted_refs": [
"identity--5206ba14-478f-4b0b-9a48-395f690c20a2"
]
}
]
}
#####
test_stix21=json.dumps(test_stix21)
for service in services:
print('Service type={s.type}, address={s.address}'
.format(s=service))
service_address=service.address
s_type=service.type
content_blocks = client.poll(collection_name=s_type)
print (":")
gservices=client.get_services()
for service in gservices:
print('Service type={s.type}, address={s.address}'
.format(s=service))
push_result=client.push(test_stix21, binding, collection_names=['cs2'],uri='/services/inbox')
content_count=client.get_content_count('cs2')
print (content_count)
print (push_result)
content_blocks = client.poll(collection_name='cs2')
print (content_blocks)
for item in content_blocks:
print (item.content)```
lcia-projects commented
alright.. question.. can you push a stix21 bundle into opentaxii?
if so.. how?
arcsector commented
Hi there @lcia-projects - since OpenTAXII is content-agnostic as TAXII v1 as a protocol was meant to be, you should be able to do this however you'd like
erwin-eiq commented
Hi @lcia-projects thank you for your interest in this project.
If I read you last example correctly you're already pushing a stix21 bundle into opentaxii. What's the response you're getting from that code and what's the response you expected?