OpenTAXII STIX2 compatibility

[thanujarc]

Is it possible to use OpenTAXII with STIX 2 ?

[traut]

@thanujarc of course! TAXII1.* protocol is content agnostic, so you can use OpenTAXII with any content (STIX1.*, STIX2, PDF, text files, etc)

[gmellini]

Great to know that STIX2 is suppoted in OpenTAXII.
@traut do we need to adjust the current configuration to support STIX2 content??
Follow my actual configuration

---

services:
    - id: inbox
      type: inbox
      address: /services/inbox
      description: Inbox Service
      destination_collection_required: yes
      accept_all_content: no
      authentication_required: yes
      supported_content:
        - urn:stix.mitre.org:xml:1.1.1
        - urn:stix.mitre.org:xml:1.2
      protocol_bindings:
        - urn:taxii.mitre.org:protocol:https:1.0
        - urn:taxii.mitre.org:protocol:http:1.0

    - id: discovery
      type: discovery
      address: /services/discovery
      description: Discovery Service
      advertised_services:
        - inbox
        - discovery
        - collection_management
        - poll
      protocol_bindings:
        - urn:taxii.mitre.org:protocol:https:1.0
        - urn:taxii.mitre.org:protocol:http:1.0

    - id: collection_management
      type: collection_management
      address: /services/collection-management
      description: Collection Management Service
      protocol_bindings:
        - urn:taxii.mitre.org:protocol:https:1.0

    - id: poll
      type: poll
      address: /services/poll
      description: Poll Service
      subscription_required: no
      max_result_count: 100
      max_result_size: 10
      authentication_required: yes
      protocol_bindings:
        - urn:taxii.mitre.org:protocol:https:1.0
        - urn:taxii.mitre.org:protocol:http:1.0

collections:
  - name: cs
    available: true
    accept_all_content: false
    supported_content:
      - urn:stix.mitre.org:xml:1.1.1
      - urn:stix.mitre.org:xml:1.2
    service_ids:
      - inbox
      - collection_management
      - poll

[traut]

@gmellini you need to adjust supported_content property. Since urns there are quire arbitrary, you can invent one for stix2, for example urn:stix.mitre.org:json:2.1

[gmellini]

Tks for the hint, got STIX2 push/poll working with this OpenTAXII config

---

domain: 127.0.0.1:9000

services:
    - id: inbox
      type: inbox
      address: /services/inbox
      description: Inbox Service
      destination_collection_required: yes
      accept_all_content: yes
      authentication_required: yes
      supported_content:
        - urn:stix.mitre.org:json:2.1
      protocol_bindings:
        - urn:taxii.mitre.org:protocol:http:1.0

    - id: discovery
      type: discovery
      address: /services/discovery
      description: Discovery Service
      advertised_services:
        - inbox
        - discovery
        - collection_management
        - poll
      protocol_bindings:
        - urn:taxii.mitre.org:protocol:http:1.0

    - id: collection_management
      type: collection_management
      address: /services/collection-management
      description: Collection Management Service
      protocol_bindings:
        - urn:taxii.mitre.org:protocol:http:1.0

    - id: poll
      type: poll
      address: /services/poll
      description: Poll Service
      subscription_required: no
      max_result_count: 100
      max_result_size: 10
      authentication_required: yes
      protocol_bindings:
        - urn:taxii.mitre.org:protocol:http:1.0

collections:
  - name: cs2
    available: true
    accept_all_content: true
    supported_content:
      - urn:stix.mitre.org:json:2.1
    service_ids:
      - inbox
      - collection_management
      - poll

accounts:
  - username: community
    password: xxx
    permissions:
      cs2: modify

Please note that I have to set accept_all_content: yes or won't work.
Now I can push and pull STIX2 files with usual taxii-push and taxii-poll

Tks 👍

[thanujarc]

Thanks!