OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [cti-comment] Fwd: External Inquiry About [MITRE] Website Related (include URL)

ïItâs likely that the data on the server is older than 30days and so when he asks for the last 30days then it is correctly not returning anything.

This is expected behavior for a taxi if indeed my assumption about the age of the data is correct.

The alien vault client is probably not asking based on age but just pulling all records regardless of age.

You can confirm my hypothesis by looking at the time stamps of the mitre data returned to alien vault and look at the modified timestnap of each stix record. I suspect all time stamps are older than 30days from the time stamps you are requesting.

Allan

On Apr 16, 2021, at 1:04 PM, Paul Knight <paul.knight@oasis-open.org> wrote:

ï
Hi all,

I am forwarding this message to the CTI comment list on behalf of Phillip Ogle.
Apparently he is receiving unexpected results when attempting an operation with a STIX server at the following URI:
https://cti-taxii.mitre.org/taxii/

This appears to be a Mitre-operated server. 

If anyone on the comment list is able to assist Phillip, I'm sure he will appreciate it. His contact information is in the messages below.

Best regards,
Paul Knight, OASIS

*********************
Mitre stated you could address my question below concerning their TAXII server(s):


---------- Forwarded message ---------
From: Public Web Site Inquiries <inquiries@mitre.org>
Date: Thu, Apr 15, 2021 at 7:51 AM
Subject: RE: [EXT] External Inquiry About Website Related (include URL)
To: phillipogle@gmail.com <phillipogle@gmail.com>


Please contact OASIS, which manages this work:
https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=cti

-----Original Message-----
From: no-reply@prod.acquia-sites.com <no-reply@prod.acquia-sites.com>
Sent: Wednesday, April 14, 2021 11:34 PM
To: Public Web Site Inquiries <inquiries@mitre.org>
Subject: [EXT] External Inquiry About Website Related (include URL)

The following inquiry was received through www.mitre.org regarding Website Related (include URL)

Name: Phillip Ogle
Email: phillipogle@gmail.com
Category: Website Related (include URL)
Message: RE: https://cti-taxii.mitre.org/taxii/

I am trying to download STIXX data from the TAXII server.  When i poll the server it gives me a list (Enterprise ATT&CK, PRE_ATT&CK, Mobile ATT&CK, and ICS ATT&CK).  When I download the last 30 days, it does not pull down any data.
When I use another solution (AlienVault OTX) it pulls down 40K entries.  Is your Taxii server not supported anymore?

Thank you,
Phillip

--

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]