STIX TAXII to ArcSight

Document created by kissotdragon on Apr 26, 2016Last modified by kissotdragon on Apr 27, 2016
Version 4Show Document
  • View in full screen mode

I modified a script I found online to connect to a TAXII discovery service, parse the STIX data, and send it to ArcSight via CEF Syslog.

 

Examples:

  • stdout:
    • python stix_ArcSight.py --verbose -x 'soltra01' --taxii_endpoint '/taxii-discovery-service' -c system.Default --taxiiport=80 --taxii_username=soltraAnalyst1 --taxii_password='password' --taxii_start_time='2016-04-25 00:00:00' --taxii_end_time='2016-04-25 23:59:59'
  • File:
    • python stix_ArcSight.py --outfile -x 'soltra01' --taxii_endpoint '/taxii-discovery-service' -c system.Default --taxiiport=80 --taxii_username=soltraAnalyst1 --taxii_password='password' --taxii_start_time='2016-04-25 00:00:00' --taxii_end_time='2016-04-25 23:59:59'
  • ArcSight:
    • python stix_ArcSight.py --arcsight --verbose -x 'soltra01' --taxii_endpoint '/taxii-discovery-service' -c system.Default --taxiiport=80 --taxii_username=soltraAnalyst1 --taxii_password='password' --taxii_start_time='2016-04-25 00:00:00' --taxii_end_time='2016-04-25 23:59:59'

 

Script can be downloaded from github:

 

GitHub - kissotdragon/stix_ArcSight: A STIX/TAXII client that grabs STIX data from a TAXII discovery service, parses out…

1 person found this helpful

Attachments

Outcomes