TAXII/STIX Feeds

TAXII/STIX are industry standard protocols and formats to exchange threat Intelligence information between machines, IDSTower support importing IOCs published in TAXII/STIX format both version 2.0 and 2.1 of the standard.

To add a TAXII feed to IDSTower:

  1. Navigate to Settings->Feeds Tab->Add New Feed.

  2. Set the Feed Name and Feed url.

  3. Under type select “STIX/TAXII 2.0/2.1”.

  4. Under authentication, select the appropriate authentication that the feed uses.

  5. Click on “Verify Connection”, in this step IDSTower will verify that both the URL and the authentication credentials provided are valid.

  6. Update the feed import settings if needed, then click on “Add Feed”.

  7. The feed is now added and the IOCs will be imported periodically to IDSTower and send to Suricata hosts, you can trigger the feed download immediately by clicking on “Update” on the feed section.

In the following video, you can see the steps to add Unit42 TAXII server feed to IDSTower:

../_images/add_TAXII_STIX_feed_to_Suricata.gif