Go to file
Hannah Ward 0c20984a54
Squashed commit of the following:
commit 3389560fe9
Author: Hannah Ward <Hannah.ward9001@gmail.com>
Date:   Sat Nov 19 15:38:11 2016 +0000

    Removed unicode things

commit 060f94f565
Author: Hannah Ward <Hannah.ward9001@gmail.com>
Date:   Fri Nov 18 16:10:28 2016 +0000

    Apparently output goes to stderr?

commit b41109dd9e
Author: Hannah Ward <Hannah.ward9001@gmail.com>
Date:   Fri Nov 18 16:01:39 2016 +0000

    127 not localhost?

commit 77c45273b0
Author: Hannah Ward <Hannah.ward9001@gmail.com>
Date:   Fri Nov 18 15:54:12 2016 +0000

    Allow server time to start up

commit ee06ff0765
Author: Hannah Ward <Hannah.ward9001@gmail.com>
Date:   Fri Nov 18 15:48:38 2016 +0000

    sudo sudo

commit 9f0f31c023
Author: Hannah Ward <Hannah.ward9001@gmail.com>
Date:   Fri Nov 18 15:47:45 2016 +0000

    Move sql install to before_install

commit 51b49dc176
Author: Hannah Ward <Hannah.ward9001@gmail.com>
Date:   Fri Nov 18 15:46:02 2016 +0000

    Fixed a typo

commit 2b90620b4c
Author: Hannah Ward <Hannah.ward9001@gmail.com>
Date:   Fri Nov 18 15:45:10 2016 +0000

    Mysql pls

commit 7f4e2b9f62
Author: Hannah Ward <Hannah.ward9001@gmail.com>
Date:   Fri Nov 18 15:42:32 2016 +0000

    Switch to trusty travis

commit 64e39b7983
Author: Hannah Ward <Hannah.ward9001@gmail.com>
Date:   Fri Nov 18 15:35:31 2016 +0000

    Switch to trusty travis

commit 4468564860
Author: Hannah Ward <Hannah.ward9001@gmail.com>
Date:   Fri Nov 18 15:30:30 2016 +0000

    Stop being a tard

commit 0a9f534fa7
Author: Hannah Ward <Hannah.ward9001@gmail.com>
Date:   Fri Nov 18 15:28:04 2016 +0000

    Check mysql version

commit 887a6d82a7
Author: Hannah Ward <Hannah.ward9001@gmail.com>
Date:   Fri Nov 18 15:17:26 2016 +0000

    Print a bit of debug info
2016-11-19 15:42:54 +00:00
OpenTAXII@03526996a1
misp_taxii_hooks
tests Squashed commit of the following: 2016-11-19 15:42:54 +00:00
.gitignore
.gitmodules
.travis.yml Squashed commit of the following: 2016-11-19 15:42:54 +00:00
LICENSE
README.md
collections.yaml
config.yaml
services.yaml
setup.py

README.md

MISP Taxii Server

A set of configuration files to use with EclecticIQ's OpenTAXII implementation, along with a callback for when data is sent to the TAXII Server's inbox.

Installation

Download the repository with

git clone --recursive https://github.com/FloatingGhost/MISP-Taxii-Server

This will also download the OpenTAXII Server, which you should install with

cd OpenTAXII
sudo python3 setup.py install

You'll then need to set up your TAXII database. As you're using MISP, you'll likely already have a MySQL environment running.

Run the following commands to create your databases

mysql -u [database user] -p
# Enter Database password

mysql> create database taxiiauth;

mysql> create database taxiipersist;

mysql> grant all on taxiiauth.* to 'taxii'@'%' identified by 'some_password';

mysql> grant all on taxiipersist.* to 'taxii'@'%' identified by 'some_password';

mysql> exit;

Now, with that data edit config.yaml, and edit the db_connection parameters to match your environment. Change auth_api -> parameters -> secret whilst you're here as well.

If you wish, you can edit the taxii service definitions in services.yaml, or the collections to be created in collections.yaml; full documentation on how this is set up is available at OpenTaxii's docs.

Now it's time to create all your SQL tables. Luckily OpenTaxii comes with commands for this.

You're going to want to export your configuration file to a variable as well.

export OPENTAXII_CONFIG=/path/to/config.yaml

opentaxii-create-services -c services.yaml
opentaxii-create-collections -c collections.yaml

# Create a user account
# Set the username and password to whatever you want
opentaxii-create-account -u root -p root

OpenTaxii is now ready to roll, we've just gotta do one or two more things.

Edit misp_taxii_hooks/hooks.py and add your MISP server's URL and API key.

Then, in the repository root directory, run

sudo python3 setup.py install

This will install the TAXII hooks to run when we have new data.

Now we should be ready to go!

opentaxii-run-dev

This should tell you that there is now a server running on localhost:9000 (maybe a different port if you changed it). If there are no errors, you're good!

If you want to test everything is working, run

taxii-push --path http://localhost:9000/services/inbox -f stix_sample.xml \
           --dest collection --username root --password root

Obviously replace anything that differs in your system.

The client should say "Content Block Pushed Succesfully" if all went well.

Now you have a TAXII server hooked up to MISP, you're able to send STIX files to the inbox and have them uploaded directly to MISP. So that's nice <3

Planned features

  • Duplicate Detection
  • Possible sync misp -> Taxii