Skip to content

TAXII Server 2.1

Jump to bottom
stmtstk edited this page Jan 26, 2021 · 4 revisions

TAXII Server 2.1

Starting with Version 1.1, S-TIP supports TAXII 2.1 server functionality. This section describes how to configure the TAXII 2.1 server functionality.

1. Port

S-TIP uses port 8443 as TAXII 2.1 Server (Based on REST API). A user can get TAXII 2.1 Discovery response from the below URL.

https://<your_stip_domain>:8443/taxii2/

S-TIP also uses port 8444 as TAXII 2.1 Server Console (Based on Web Application).

https://<your_stip_domain>:8444/discovery/

The users who have an admin role allow setting TAXII 2.1 Server Configurations.

2. Collections Setting

Below is the collections setting URL.

https://<your_stip_domain>:8444/collections/

You can see a table of collection settings.

Collection Setting Table

You can modify/delete a collection that already exists. You can also create a new collection.

When you click Modify or Create Collection, the below dialog appears.

Collection Setting Dailog 1

Collection Setting Dailog 2

Fill fileds as your setting.

Field Overview
ID Collection ID. This value must be a UUID format. S-TIP creates a unique UUID by the Generate UUID button.
Title Title of this collection. This value is required.
Description Description of this collection.
Alias Alias of collection ID. A TAXII client can use this name instead of ID
Can Read If you would like to use this collection as a reading feed, check it.
Choose Community (Can Read) A TAXII client can get STIX 2.x objects which belong to checked communities from this collection. You can specify multiple communities.
Can Write If you would like to use this collection as write feed, check it.
Choose Community (Can Write) When a TAXII client publishes STIX objects to this collection, S-TIP saves them into the checked community. You can only specify ONE community.

After you fill the fields, click Save changes.

3. API Root Setting

Below is the API Roots setting URL.

https://<your_stip_domain>:8444/api_roots/

You can see a table of API Roots settings.

API Roots Setting Table

You can modify/delete a API Root that already exists. You can also create a new API Root.

When you click Modify or Create API Root, the below dialog appears.

API Root Setting Dailog 1

API Root Setting Dailog 2

Fill fileds as your setting.

Field Overview
API Root The name of API Root. This value is used as a part of the URL. This value must be unique in the same S-TIP instance.
Title Title of this API Root. This value is required.
Description Description of this API Root.
Max Content Length If a TAXII client post contents whose size is over this value, S-TIP return an error response.
Choose Collections Check the collections which this API Root handles. You can specify multiple collections.
Choose Users Check the users which you would like to allow to access this API Root.

After you fill the fields, click Save changes.

4. Discovery Setting

Below is the Discovery setting URL.

https://<your_stip_domain>:8444/discovery/

You can see a table of a discovery setting.

Discovery Setting Table

When you click Modify, the below dialog appears.

Discovery Setting Dailog

Fill fileds as your setting.

Field Overview
Title The title of this TAXII 2.1 Server. This value is required.
Description The description of this TAXII 2.1 Server.
Contact The Contact Information.
Default Choose a default API Root. If you would not like to set a default API Root, set the checkbox.

After you fill the fields, click Save changes.

5. Client Setting

TAXII Client must set an Authorization value in HTTP Request Header. The ID of the Authorization must be the account of the S-TIP instance. The Password of the Authorization must be the REST API key of the S-TIP instance. The API key is available from a profile page of S-TIP RS.

TAXII Client must also set application/taxii+json;version=2.1 in Accept of HTTP Request Header.

6. Support Functions

  • GET /taxii2/
  • GET /{api-root}/
  • GET /{api-root}/status/{status-id}/
  • GET /{api-root}/collections/
  • GET /{api-root}/collections/{id}/
  • GET /{api-root}/collections/{id}/
  • GET /{api-root}/collections/{id}/manifest/
  • GET /{api-root}/collections/{id}/objects/
  • GET /{api-root}/collections/{id}/objects/{object-id}/
  • GET /{api-root}/collections/{id}/objects/{object-id}/versions/
  • POST /{api-root}/collections/{id}/objects/
  • DELETE /{api-root}/collections/{id}/objects/{object-id}/
  • Filtering by added_after
  • Filtering by match[type]
  • Filtering by match[id]
  • Filtering by match[spec_version]
  • Filtering by match[vesrion]
  • Pagination (S-TIP returns 10 STIX objects when a TAXII Client does not set a limit value)
  • Authenticate by a client's certificate
  • Post objects by TAXII 2.0 manner
Clone this wiki locally