Taxii connector failing to pull feeds for OpenCTI
Article ID: 291961
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Feeds fail to pull from OpenCTI feed
- Feeds can be seen on OpenCTI by navigating to desired path, but taxii logs show a different path.
- Ex. <server>/taxii2/root/collections is the correct path, however, logs show query to <server>/root/collections
- Message in taxii integration logs
-
DEBUG - connectionpool - Starting new HTTP connection (1): <server>:8080 DEBUG - connectionpool - http://<server>:8080 "GET /root/collections/ HTTP/1.1" 200 None DEBUG - bridge - Feed report retrieval completed (Errored).
-
Environment
- EDR Sever: All Supported Versions
- CB Taxii Connector: 2.0
- Taxii 2.1
- OpenCTI
Cause
OpenCTI api_root value is set to a different value
Resolution
- Update the api_root to the correct path
- Ex. api_root=/taxii2/root/
Feedback
Yes
No
Powered by
