Outgoing feed - TAXII 2.1 poll

Note

This article describes how to configure outgoing feeds for a particular feed source. To see how to configure outgoing feeds in general, see Create and configure outgoing feeds.

	Specifications
Transport type	TAXII 2.1 poll
Content type	STIX 2.1
Published data	For more information on STIX 2.1 support, see STIX compatibility

Overview

This outgoing feed packs entities from a given list of datasets into STIX 2.1 objects and distributes them through a TAXII 2.1 collection.

These objects can then be retrieved from the IC from https://{ic_url}/taxii2/collections/{collection_id}/ or with a TAXII 2.1 client.

Note

How to get the Collection ID?

1. Select an existing outgoing feed

2. Go to Created Packages

3. If no feed content is listed, run the outgoing feed.

4. Locate the Collection ID value, after the API Root URL.

Configure the outgoing feed

Tip

This feed depends on the bundled Opentaxii server.

To change TAXII 2 service defaults, see Configure Opentaxii server.

1. Create or edit an outgoing feed.

2. Under Transport and content, fill out these fields:

   Note

   Required fields are marked with an asterisk (*).

   Field	Description
   Transport type*	Select TAXII 2.1 poll from the drop-down menu.
   Content type*	Select STIX 2.1 from the drop-down menu.
   Datasets*	Select one or more existing datasets from the drop-down menu.
   Update strategy*	Select an update strategy. Supported update strategies: APPEND REPLACE
   TLS verification	Selected by default.
   Processing > Observable and Enrichment Observable types > Observable types	If your selected dataset(s) include indicator entities that do not have a STIX 2.1-compatible test mechanism defined, you must include observable types here. See Known issues below for more information.

3. Store your changes by selecting Save.

Known issues

See STIX 2.1 Known Issues.