{"id":27976489,"url":"https://github.com/misp/misp-taxii-server","last_synced_at":"2025-05-08T01:27:19.553Z","repository":{"id":13292808,"uuid":"74113304","full_name":"MISP/MISP-Taxii-Server","owner":"MISP","description":"An OpenTAXII Configuration for MISP","archived":false,"fork":false,"pushed_at":"2022-09-29T08:46:06.000Z","size":164,"stargazers_count":79,"open_issues_count":21,"forks_count":30,"subscribers_count":17,"default_branch":"master","last_synced_at":"2024-03-26T04:54:09.590Z","etag":null,"topics":["information-exchange","information-sharing","misp","stix","taxii-hooks","taxii-server"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MISP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-11-18T09:07:24.000Z","updated_at":"2024-01-03T14:14:18.000Z","dependencies_parsed_at":"2023-01-11T20:18:14.018Z","dependency_job_id":null,"html_url":"https://github.com/MISP/MISP-Taxii-Server","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MISP%2FMISP-Taxii-Server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MISP%2FMISP-Taxii-Server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MISP%2FMISP-Taxii-Server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MISP%2FMISP-Taxii-Server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MISP","download_url":"https://codeload.github.com/MISP/MISP-Taxii-Server/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252980630,"owners_count":21835276,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["information-exchange","information-sharing","misp","stix","taxii-hooks","taxii-server"],"created_at":"2025-05-08T01:27:19.060Z","updated_at":"2025-05-08T01:27:19.545Z","avatar_url":"https://github.com/MISP.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MISP Taxii Server\n\n![Build Status ](https://travis-ci.org/MISP/MISP-Taxii-Server.svg?branch=master)\n[![Code Health](https://landscape.io/github/MISP/MISP-Taxii-Server/master/landscape.svg?style=flat)](https://landscape.io/github/MISP/MISP-Taxii-Server/master)\n\nA set of configuration files to use with EclecticIQ's OpenTAXII implementation,\nalong with a callback for when data is sent to the TAXII Server's inbox.\n\n## Installation\n\n\n### Manual install\n\n```bash\ngit clone https://github.com/MISP/MISP-Taxii-Server\ncd MISP-Taxii-Server\n\napt-get install libmysqlclient-dev # for mysql_config\npip3 install -r REQUIREMENTS.txt\n```\n\nYou'll then need to set up your TAXII database. As you're using MISP, you'll likely\nalready have a MySQL environment running. \n\n```bash\nmysql -u [database user] -p\n# Enter Database password\nmysql\u003e create database taxiiauth;\nmysql\u003e create database taxiipersist;\nmysql\u003e grant all on taxiiauth.* to 'taxii'@'%' identified by 'some_password';\nmysql\u003e grant all on taxiipersist.* to 'taxii'@'%' identified by 'some_password';\nmysql\u003e exit;\n```\n\nNow configure your TAXII server\n\n```bash\ncp config/config.default.yaml config/config.yaml\n```\n\nNow, with that data, copy `config/config.default.yaml` over to `config/config.yaml` and open it. Edit the `db_connection` parameters to match your environment. Change `auth_api -\u003e parameters -\u003e secret` whilst you're here as well.\n\nDo not forget to set your MISP server's URL and API key at the bottom.\n\nIf you wish, you can edit the taxii service definitions and collections in \n`config/data-configuration.yaml`; full documentation on how this is set up is available at [OpenTaxii's docs](https://opentaxii.readthedocs.io/en/stable/configuration.html).\n\nNow it's time to create all your SQL tables. Luckily OpenTaxii comes with commands for this.\n\nYou're going to want to export your configuration file to a variable as well.\n```bash\n# An example of this config is in the config directory\nexport OPENTAXII_CONFIG=/path/to/config.yaml\nexport PYTHONPATH=.\n\nopentaxii-sync-data config/data-configuration.yaml\n```\n\nOpenTaxii is now ready to roll, we've just gotta do one more thing.\n\nIn the repository root directory, run \n```bash\nsudo python3 setup.py install\n```\n\nThis will install the TAXII hooks to run when we have new data.\n\nNow we should be ready to go!\n\n```bash\nopentaxii-run-dev\n```\n\nThis should tell you that there is now a server running on `localhost:9000` (maybe a different port if you changed it). If there are no errors, you're good!\n\nIf you want to test everything is working, run\n```bash\ntaxii-push --path http://localhost:9000/services/inbox -f tests/test.xml \\\n           --dest my_collection --username admin --password admin\n```\n\nObviously replace anything that differs in your system. \n\nThe client should say \"Content Block Pushed Successfully\" if all went well.\n\nNow you have a TAXII server hooked up to MISP, you're able to send STIX files to the inbox and have them uploaded directly to MISP. So that's nice \u003c3\n\nThere is also an experimental feature to push MISP events to the TAXII server when they're published - that's in `scripts/push_published_to_taxii.py`. It seems to work, but may occasionally re-upload duplicate events to MISP.\n\n## Automated TAXII -\u003e MISP Sync\n\nIf you want, there is the ability to synchronise between a remote TAXII server and the local MISP server.\n\n```bash\n$ install-remote-server.sh\n\n[MISP-TAXII-SERVER]\nPOLLING SERVER INSTALLATION\nFRIENDLY SERVER NAME:\n\u003c Add a unique server name here, can be anything \u003e\n```\n\nThis will then install 2 files to `~/.misptaxii`, one for a local server and one for the remote servers.\nEdit these files as needed. Run `install-remote-server.sh` once for each remote server you want to add.\n\nYou'll probably want to put the sync script on a crontab,\n\nFirst, run\n\n```bash\necho `which python3` `which run-taxii-poll.py`\n```\n\nto get the path of your script, copy it. Then \n\n```bash\ncrontab -e\n```\n\nThis will open your crontab. Paste in\n\n```cron\n0 */6 * * * \u003cthe output of that echo command you just ran\u003e\n```\n\nThis will run the polling script every 6 hours to keep things all synced up.\n\n## Troubleshooting\n\n### Data truncated for column...\n\n```python \nWarning: (1265, \"Data truncated for column 'original_message' at row 1\")\n\nWarning: (1265, \"Data truncated for column 'content' at row 1\")\n```\n\nIf you encounter the error above, this means you tried to push a STIX file bigger than 65,535 bytes. To fix it run the following commands.\n```bash\nmysql -u [database user] -p\n# Enter Database password\n\nmysql\u003e use taxiipersist;\nmysql\u003e alter table `inbox_messages` modify `original_message` LONGTEXT;\nmysql\u003e alter table `content_blocks` modify `content` LONGTEXT;\nmysql\u003e exit;\n```\n\n### Specified key was too long\n\n```python \nWarning: (1071, 'Specified key was too long; max key length is 767 bytes')\n```\n\nIf you encounter the error above, try the following after creating the databases as per [this issue](https://github.com/MISP/MISP-Taxii-Server/issues/3#issuecomment-291875813):\n\n```SQL\nALTER DATABASE taxiipersist CHARACTER SET latin1 COLLATE latin1_general_ci;\nALTER DATABASE taxiiauth CHARACTER SET latin1 COLLATE latin1_general_ci;\n```\n\n### Nothing appears in MISP\n\nTake note of the user you did `export OPENTAXII_CONFIG=/path/to/config.yaml` with. If you `sudo`, this env will be lost. Use `sudo -E` to preserve env instead.\n\n### InsecureRequestWarning\n\nPyMISP complains about missing certificate verification. Under the misp-options in  `config.yaml` do not simply set `verifySSL = False`. You can provide the CA bundle, a concatenation of all certificates in the chain, as `verifySSL = /path/to/ca_bundle`. Alternatively, you can `export REQUESTS_CA_BUNDLE=/path/to/ca_bundle`.\n\n## Verifying the database\n\nTo verify that the `opentaxii-sync-data` worked, check the tables of database `taxiipersist`:\n\n```\nMariaDB [taxiipersist]\u003e show tables;\n+-----------------------------+\n| Tables_in_taxiipersist      |\n+-----------------------------+\n| collection_to_content_block |\n| content_blocks              |\n| data_collections            |\n| inbox_messages              |\n| result_sets                 |\n| service_to_collection       |\n| services                    |\n| subscriptions               |\n+-----------------------------+\n```\n\nTo verify whether the account-creation worked, check database `taxiiauth`:\n```\nMariaDB [taxiiauth]\u003e select * from accounts;\n+----+----------+-----------------------------------------------------------------------------------------------+\n| id | username | password_hash                                                                                 |\n+----+----------+-----------------------------------------------------------------------------------------------+\n|  1 | ltaxii   | pbkdf2:sha256:50000$99999999$1111111111111111111111111111111111111111111111111111111111111111 |\n+----+----------+-----------------------------------------------------------------------------------------------+\n```\n\n### Ambigious Polling Service\n\nIn the case that the server you want to poll has multiple `POLL` services,\nrun\n\n```bash\ntaxii-discovery \\\n  --host \u003cHOST TO POLL\u003e\n  --port \u003cPOLLING PORT\u003e\n  --discovery \u003cDISCOVERY PATH, sometimes /taxii-discovery-service, may vary\u003e\n```\n\nIt'll show you the services available on the server. You'll *probably*\nsee two POLL services, for different version of TAXII (message binding)\n\nFind the one relevent to you, copy its `Service Address`,\nand modify `~/.misptaxii/remote-servers.yml` to resemble\n\n```yaml\n- name: \"my server\"\n  taxii_version: \"1.1\"\n  ...\n  uri: \u003cSERVICE ADDRESS\u003e\n```\n\nnow try polling again\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmisp%2Fmisp-taxii-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmisp%2Fmisp-taxii-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmisp%2Fmisp-taxii-server/lists"}