Configuring TAXII/STIX Connector for FSIAC

search cancel

Configuring TAXII/STIX Connector for FSIAC

book

Article ID: 376766

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Example of a configuration file use for FSAIC connection using the TAXII/STIX connector.

Environment

Carbon Black EDR Server: All Versions
Carbon Black EDR TAXII/STIX Connector: 2.0 and higher

Resolution

Open /etc/cb/integrations/cbtaxii/cbtaxii.conf for edit.

Add this stanza into the configuration file, modifying the credentials and options as needed.

[fsaisac]
site=taxii.fsisac.com
discovery_path=/ctixapi/ctix2/taxii/
poll_path=/ctixapi/ctix2/collections/
collections=*
output_path=/usr/share/cb/integrations/cbtaxii/feeds/
icon_link=/usr/share/cb/integrations/cbtaxii/taxii-logov2.png
username=<fsisac username>
password=<fsisac password>
feeds_enable=true
start_date=2016-11-01 00:00:00
minutes_to_advance=1440

Additional Information

The configuration file uses [stanzas] to view each TAXII/STIX configuration, this can be named anything alphanumeric.
Setup and further configuration info can be found in the TAXII Connector for EDR guide

Feedback

thumb_up Yes

thumb_down No