NetIQ Sentinel: STIX/TAXII data ingestion

Be able to take in STIX/TAXII data by automate-able means and map fields to such as MD5 to a MD5 field in sentinel. With the current feeds model, you typically import data to a single field type such as IP and then use a watch list in a correlation rule. By using the definitions you should be able to more intelligently import data.

by: cameron s. | over a year ago | Integrations

I think the other key item here is not just another event feed. But STIX/TAXII is the primary standard for interfacing the external threat services such as Webroot.

by: Ted E. | over a year ago
This has been accepted into our backlog for completion

by: Ted E. | over a year ago
Sentinel 8.1 was just released. One feature that was added was the ability to easily add threat reputation feeds into it. It is not specifically STIX/TAXII, but more open. There were many reasons that we did it this way, but this allows integration with many different types of feeds as well as being able to prioritize the information that the different feeds are providing, in the event of a conflict with another feed.

by: Ted Ernst | over a year ago
official response

Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.

5

STIX/TAXII data ingestion

Comments