https://community.splunk.com/t5/Getting-Data-In/Adding-new-threat-list-feed-into-splunk/m-p/470042#M99646 <P>The problem was with libtaxii 1.1.111, which i changed to 1.1.114. in the path :<BR /> /etc/apps/SA-ThreatIntelligence/contrib</P> <P>Problem fixed. </P> Mon, 18 Nov 2019 09:28:21 GMT astatrial 2019-11-18T09:28:21Z https://community.splunk.com/t5/Getting-Data-In/Adding-new-threat-list-feed-into-splunk/m-p/470041#M99645 <P>Hello all, <BR /> I am having issues with adding AlienVault OTX as a intelligence feed into splunk. <BR /> At first, when i didn't configured the threat list as a taxii, it managed to download the threat list as a csv file. <BR /> But now, i need to configure it as a taxii for parsing matters and it just stuck on that unhelpful message "TAXII feed polling starting". </P> <P>My feed configurations are : </P> <P>Type *<BR /> taxii</P> <P>Description *<BR /> Alien Vault OTX feed</P> <P>URL *<BR /> <A href="https://otx.alienvault.com/taxii/discovery" target="_blank">https://otx.alienvault.com/taxii/discovery</A></P> <P>Weight *<BR /> 1</P> <P>Interval<BR /> 43200</P> <P>POST arguments<BR /> taxii_username="" taxii_password="poo"</P> <P>Maximum age<BR /> -30d</P> <P>I am really frustrated and would really appreciate anyone's help. </P> <P>Thanks</P> Wed, 30 Sep 2020 02:02:15 GMT https://community.splunk.com/t5/Getting-Data-In/Adding-new-threat-list-feed-into-splunk/m-p/470041#M99645 astatrial 2020-09-30T02:02:15Z https://community.splunk.com/t5/Getting-Data-In/Adding-new-threat-list-feed-into-splunk/m-p/470042#M99646 <P>The problem was with libtaxii 1.1.111, which i changed to 1.1.114. in the path :<BR /> /etc/apps/SA-ThreatIntelligence/contrib</P> <P>Problem fixed. </P> Mon, 18 Nov 2019 09:28:21 GMT https://community.splunk.com/t5/Getting-Data-In/Adding-new-threat-list-feed-into-splunk/m-p/470042#M99646 astatrial 2019-11-18T09:28:21Z https://community.splunk.com/t5/Getting-Data-In/Adding-new-threat-list-feed-into-splunk/m-p/527437#M99647 <P>Could you please give little bit more detail.&nbsp;</P><P>&nbsp;</P><P>Under&nbsp;<SPAN>contrib directory I see many directories. One of these directories is&nbsp;<SPAN class="aui-icon aui-icon-small aui-iconfont-folder-filled">Directory libtaxii. Do you&nbsp; mean to change this directory completely ? Is there any trusted source to get the&nbsp;&nbsp;&nbsp;libtaxii 1.1.114&nbsp; ?</SPAN></SPAN></P> Sun, 01 Nov 2020 07:28:06 GMT https://community.splunk.com/t5/Getting-Data-In/Adding-new-threat-list-feed-into-splunk/m-p/527437#M99647 infosec2012074 2020-11-01T07:28:06Z https://community.splunk.com/t5/Getting-Data-In/Adding-new-threat-list-feed-into-splunk/m-p/555036#M99648 <P>could you elaborate a bit please</P> Wed, 09 Jun 2021 07:10:58 GMT https://community.splunk.com/t5/Getting-Data-In/Adding-new-threat-list-feed-into-splunk/m-p/555036#M99648 alexeyglukhov 2021-06-09T07:10:58Z https://community.splunk.com/t5/Getting-Data-In/Adding-new-threat-list-feed-into-splunk/m-p/558506#M99649 <P>I assume that was about this python library update</P><P><A href="https://github.com/TAXIIProject/libtaxii" target="_blank" rel="noopener">https://github.com/TAXIIProject/libtaxii</A>&nbsp;</P> Wed, 07 Jul 2021 06:49:43 GMT https://community.splunk.com/t5/Getting-Data-In/Adding-new-threat-list-feed-into-splunk/m-p/558506#M99649 alexeyglukhov 2021-07-07T06:49:43Z https://community.splunk.com/t5/Getting-Data-In/Adding-new-threat-list-feed-into-splunk/m-p/558517#M99650 <P>Thx for posting!!</P> Thu, 08 Jul 2021 17:34:23 GMT https://community.splunk.com/t5/Getting-Data-In/Adding-new-threat-list-feed-into-splunk/m-p/558517#M99650 HowardGrace 2021-07-08T17:34:23Z