Outgoing feed - TAXII 2.1 push

EclecticIQ Platform 2.9 adds introductory support for the STIX 2.1 content type and the TAXII 2.1 transport types.

This article describes how to configure outgoing feeds for a particular feed source. To see how to configure outgoing feeds in general, see Configure outgoing feeds general options.


Transport type

TAXII 2.1 push

Content type

STIX 2.1

Published data

For more information on STIX 2.1 support, see STIX 2.1 documentation.


  • A remote TAXII 2.1 server.

  • Network access between the platform and the TAXII 2.1 server.

  • A collection to write to on the TAXII 2.1 server.

  • A user with write access to that collection.

  • Username and password for that user.

Configure the outgoing feed

  1. Create or edit an outgoing feed.

  2. Under Transport and content, fill out these fields:

    Required fields are marked with an asterisk (*).



    Transport type*

    Select TAXII 2.1 push from the drop-down menu.

    Content type*

    Select STIX 2.1 from the drop-down menu.


    Select one or more existing datasets from the drop-down menu.

    Update strategy*

    Select an update strategy.

    Supported update strategies:

    • APPEND


    Auto Discovery*

    (Optional) To list all collections available for your credentials:

    1. Enter your Username and Password for the remote TAXII 2.1 server in the fields below.

    2. Enter the discovery endpoint for your remote TAXII 2.1 server.

      For example: https://taxii.example.com/taxii2/

    API Root URL*

    Enter the API root URL for the collection you want this outgoing feed to push data to.

    For example: https://taxii.example.com/example-api-root-name/

    Collection ID*

    Enter the identifier for the collection that you want this outgoing feed to push data to.

    This can be a UUID or an alias. For example:

    • f81d4fae-7dec-11d0-a765-00a0c91e6bf6

    • or critical-high-value-indicators

    For more information, see the TAXII 2.1 specifications


    Enter your user name for the remote TAXII 2.1 server.


    Enter your password for the remote TAXII 2.1 server.

    TLS verification

    Selected by default.

  3. Store your changes by selecting Save.

TAXII 2.1 server

Unlike for TAXII 1.x where the platform provides built-in services that you can configure, the platform does not provide a built-in TAXII 2.1 server.

You can run a test TAXII 2.1 server using Medallion, the OASIS TC reference implementation.