Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

basic opentaxii 2.1 docker install and python post #205

Open
lcia-projects opened this issue Nov 5, 2021 · 4 comments
Open

basic opentaxii 2.1 docker install and python post #205

lcia-projects opened this issue Nov 5, 2021 · 4 comments
Labels

Comments

@lcia-projects
Copy link

lcia-projects commented Nov 5, 2021

hi, i'm trying to get a basic openTaxii server up.. and get a python script to insert data into that opentaxii server.

i've googled all i know to google.. i've checked the github issues for examples.. with no luck.. so here i am..

here is my basic docker-compose.yml

db:
  image: postgres:9.4
  environment:
    POSTGRES_USER: user
    POSTGRES_PASSWORD: password
    POSTGRES_DB: opentaxii

authdb:
  image: postgres:9.4
  environment:
    POSTGRES_USER: user1
    POSTGRES_PASSWORD: password1
    POSTGRES_DB: opentaxii1

opentaxii:
  image: eclecticiq/opentaxii
  environment:
    OPENTAXII_AUTH_SECRET: secret
    OPENTAXII_DOMAIN: 192.168.3.95:9000
    OPENTAXII_USER: user
    OPENTAXII_PASS: pass
    DATABASE_HOST: db
    DATABASE_NAME: opentaxii
    DATABASE_USER: user
    DATABASE_PASS: password
    AUTH_DATABASE_HOST: authdb
    AUTH_DATABASE_NAME: opentaxii1
    AUTH_DATABASE_USER: user1
    AUTH_DATABASE_PASS: password1
  volumes:
    - ./:/input:ro
  ports:
    - 9000:9000
  links:
    - db:db
    - authdb:authdb

opentaxii2:
  image: eclecticiq/opentaxii
  environment:
    OPENTAXII_AUTH_SECRET: secrettwo
    OPENTAXII_DOMAIN: 192.168.3.95
    OPENTAXII_USER: user1
    OPENTAXII_PASS: pass1
    DATABASE_HOST: authdb
    DATABASE_NAME: opentaxii1
    DATABASE_USER: user1
    DATABASE_PASS: password1
  volumes:
    - ./:/input:ro
  ports:
    - 9001:9000
  links:
    - authdb:authdb

here is my modified data-configuration.yml to allow for stix2.1

---

domain: 192.168.3.95:9000

services:
    - id: inbox
      type: inbox
      address: /services/inbox
      description: Inbox Service
      destination_collection_required: yes
      accept_all_content: yes
      authentication_required: yes
      supported_content:
        - urn:stix.mitre.org:json:2.1
      protocol_bindings:
        - urn:taxii.mitre.org:protocol:http:1.0

    - id: discovery
      type: discovery
      address: /services/discovery
      description: Discovery Service
      advertised_services:
        - inbox
        - discovery
        - collection_management
        - poll
      protocol_bindings:
        - urn:taxii.mitre.org:protocol:http:1.0

    - id: collection_management
      type: collection_management
      address: /services/collection-management
      description: Collection Management Service
      protocol_bindings:
        - urn:taxii.mitre.org:protocol:http:1.0

    - id: poll
      type: poll
      address: /services/poll
      description: Poll Service
      subscription_required: no
      max_result_count: 100
      max_result_size: 10
      authentication_required: yes
      protocol_bindings:
        - urn:taxii.mitre.org:protocol:http:1.0

collections:
  - name: cs2
    available: true
    accept_all_content: true
    supported_content:
      - urn:stix.mitre.org:json:2.1
    service_ids:
      - inbox
      - collection_management
      - poll

accounts:
  - username: community
    password: community123
    permissions:
      cs2: modify

and here is my basic python code trying to insert data into cs2 collection:

from pprint import pprint
import json

from cabby import create_client

client = create_client(
    '192.168.3.95',
    port=9000,
    use_https=False,
    discovery_path='/services/discovery'
)
print (client)
client.set_auth(username='community', password='community123')

services = client.discover_services()

binding="urn:stix.mitre.org:json:2.1"

#example from stix2.1 examples
test_stix21={
    "type": "bundle",
    "id": "bundle--2ac7882f-76a3-4a9b-97b3-811b3af1c7c0",
    "objects": [
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--9299f726-ce06-492e-8472-2b52ccb53191",
            "created_by_ref": "identity--39012926-a052-44c4-ae48-caaf4a10ee6e",
            "created": "2017-02-27T13:57:10.515Z",
            "modified": "2017-02-27T13:57:10.515Z",
            "name": "Malicious URL",
            "description": "This URL is potentially associated with malicious activity and is listed on several blacklist sites.",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[url:value = 'http://paypa1.banking.com']",
            "pattern_type": "stix",
            "valid_from": "2015-06-29T09:10:15.915Z"
        },
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--39012926-a052-44c4-ae48-caaf4a10ee6e",
            "created": "2017-02-24T15:50:10.564Z",
            "modified": "2017-02-24T15:50:10.564Z",
            "name": "Alpha Threat Analysis Org.",
            "roles": [
                "Cyber Security"
            ],
            "identity_class": "organization",
            "sectors": [
                "technology"
            ],
            "contact_information": "[email protected]"
        },
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--5206ba14-478f-4b0b-9a48-395f690c20a2",
            "created": "2017-02-26T17:55:10.442Z",
            "modified": "2017-02-26T17:55:10.442Z",
            "name": "Beta Cyber Intelligence Company",
            "roles": [
                "Cyber Security"
            ],
            "identity_class": "organization",
            "sectors": [
                "technology"
            ],
            "contact_information": "[email protected]"
        },
        {
            "type": "sighting",
            "spec_version": "2.1",
            "id": "sighting--8356e820-8080-4692-aa91-ecbe94006833",
            "created_by_ref": "identity--5206ba14-478f-4b0b-9a48-395f690c20a2",
            "created": "2017-02-28T19:37:11.213Z",
            "modified": "2017-02-28T19:37:11.213Z",
            "first_seen": "2017-02-27T21:37:11.213Z",
            "last_seen": "2017-02-27T21:37:11.214Z",
            "count": 1,
            "sighting_of_ref": "indicator--9299f726-ce06-492e-8472-2b52ccb53191",
            "where_sighted_refs": [
                "identity--5206ba14-478f-4b0b-9a48-395f690c20a2"
            ]
        }
    ]
}

test_stix21=json.dumps(test_stix21)
for service in services:
    print('Service type={s.type}, address={s.address}'
          .format(s=service))
    service_address=service.address
    s_type=service.type
    content_blocks = client.poll(collection_name=s_type)

print (":")
gservices=client.get_services()
for service in gservices:
    print('Service type={s.type}, address={s.address}'
          .format(s=service))
    
# print ("::")
collections=client.get_collections('http://192.168.3.95:9000/services/collection-management')

for collection_item in collections:
    print ("cname",collection_item.name)

# print(":::")
content_count=client.get_content_count('cs2')
print (content_count)

push_result=client.push(test_stix21, binding, collection_names=['cs2'],uri='/services/inbox')

print ("pr:",push_result)
print(":::")
content_count=client.get_content_count('cs2')
print (content_count)

i get no errors... but it doesnt insert into collection either..
any examples .. or tips would be greatly appreciated.

@lcia-projects
Copy link
Author

lcia-projects commented Nov 6, 2021

i think i got it.. i at least have stuff going in:

from pprint import pprint
import json

from cabby import create_client

client = create_client(
    '192.168.1.114',
    port=9000,
    use_https=False,
    discovery_path='/services/discovery'
)
print (client)
#client.set_auth(username='community', password='community123')
client.set_auth(username='admin', password='admin')

services = client.discover_services()

#test data
binding="urn:stix.mitre.org:json:2.1"

test_stix21={
    "type": "bundle",
    "id": "bundle--2ac7882f-76a3-4a9b-97b3-811b3af1c7c0",
    "objects": [
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--9299f726-ce06-492e-8472-2b52ccb53191",
            "created_by_ref": "identity--39012926-a052-44c4-ae48-caaf4a10ee6e",
            "created": "2017-02-27T13:57:10.515Z",
            "modified": "2017-02-27T13:57:10.515Z",
            "name": "Malicious URL",
            "description": "This URL is potentially associated with malicious activity and is listed on several blacklist sites.",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[url:value = 'http://paypa1.banking.com']",
            "pattern_type": "stix",
            "valid_from": "2015-06-29T09:10:15.915Z"
        },
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--39012926-a052-44c4-ae48-caaf4a10ee6e",
            "created": "2017-02-24T15:50:10.564Z",
            "modified": "2017-02-24T15:50:10.564Z",
            "name": "Alpha Threat Analysis Org.",
            "roles": [
                "Cyber Security"
            ],
            "identity_class": "organization",
            "sectors": [
                "technology"
            ],
            "contact_information": "[email protected]"
        },
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--5206ba14-478f-4b0b-9a48-395f690c20a2",
            "created": "2017-02-26T17:55:10.442Z",
            "modified": "2017-02-26T17:55:10.442Z",
            "name": "Beta Cyber Intelligence Company",
            "roles": [
                "Cyber Security"
            ],
            "identity_class": "organization",
            "sectors": [
                "technology"
            ],
            "contact_information": "[email protected]"
        },
        {
            "type": "sighting",
            "spec_version": "2.1",
            "id": "sighting--8356e820-8080-4692-aa91-ecbe94006833",
            "created_by_ref": "identity--5206ba14-478f-4b0b-9a48-395f690c20a2",
            "created": "2017-02-28T19:37:11.213Z",
            "modified": "2017-02-28T19:37:11.213Z",
            "first_seen": "2017-02-27T21:37:11.213Z",
            "last_seen": "2017-02-27T21:37:11.214Z",
            "count": 1,
            "sighting_of_ref": "indicator--9299f726-ce06-492e-8472-2b52ccb53191",
            "where_sighted_refs": [
                "identity--5206ba14-478f-4b0b-9a48-395f690c20a2"
            ]
        }
    ]
}
#####
test_stix21=json.dumps(test_stix21)

for service in services:
    print('Service type={s.type}, address={s.address}'
          .format(s=service))
    service_address=service.address
    s_type=service.type
    content_blocks = client.poll(collection_name=s_type)

print (":")
gservices=client.get_services()
for service in gservices:
    print('Service type={s.type}, address={s.address}'
          .format(s=service))

push_result=client.push(test_stix21, binding, collection_names=['cs2'],uri='/services/inbox')
content_count=client.get_content_count('cs2')
print (content_count)
print (push_result)
content_blocks = client.poll(collection_name='cs2')
print (content_blocks)
for item in content_blocks:
    print (item.content)```

@lcia-projects
Copy link
Author

alright.. question.. can you push a stix21 bundle into opentaxii?
if so.. how?

@arcsector
Copy link
Contributor

Hi there @lcia-projects - since OpenTAXII is content-agnostic as TAXII v1 as a protocol was meant to be, you should be able to do this however you'd like

@erwin-eiq
Copy link
Contributor

Hi @lcia-projects thank you for your interest in this project.

If I read you last example correctly you're already pushing a stix21 bundle into opentaxii. What's the response you're getting from that code and what's the response you expected?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants