Hosted EDR: How to Enable the STIX/TAXII Connector
search cancel

Hosted EDR: How to Enable the STIX/TAXII Connector

book

Article ID: 291080

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To enable the STIX/TAXII connector in a Hosted EDR instance for integration with XSOAR products (like FS-ISAC, hailataxii, and Anomali)

Environment

  • Hosted EDR: All Versions
  • STIX/TAXII connector
  • XSOAR integrations

Resolution

  1. Confirm that an unfiltered TCP path exists between the TAXII endpoint and the Hosted EDR instance.
    • The port to be used for communication should be open.
    • The firewall exceptions should be added appropriately.
  2. Open a Carbon Black support case.
  3. Information to be added to the case:
    • Host-name of the Hosted EDR instance
    • Port of the TAXII endpoint
    • "Discovery_Path" of the TAXII endpoint
    • Username and password to authenticate to the endpoint
    • (Optional) A self-signed certificate attached to the case
    • (Optional) CA-signed certificate with the CA chain of trust both attached to the case
    • (Optional) The "collection_management_path"
    • (Optional) The "poll_path"
    • (Optional) "Collections" for the TAXII endpoint
  4. Confirm that the TAXII connector is working appropriately after integration.

Additional Information

  • The "discovery_path" is typically provided by the TAXII service provider.  It is the path where the API discovers the different data sources.
Powered by Wolken Software