https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-ES-Threat-Intelligence-TAXII-feed-not-Working-in-Splunk/m-p/486518#M8022 <P>Hey Guys,</P> <P>We are in a Splunk Cloud environment with ES, and we have added our own TAXII feed as well as some open source TAXII feeds and we can see that they start "polling" but we never see them download any collection sets or fail in the event logs so it doesn't appear to be working.</P> <P>Has anyone else configured this in Splunk Cloud and if so do you know if there is something else we need to enable for our TAXII feeds to work?</P> <P>Thanks!</P> Sun, 07 Jun 2020 16:24:47 GMT sheenay 2020-06-07T16:24:47Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-ES-Threat-Intelligence-TAXII-feed-not-Working-in-Splunk/m-p/486518#M8022 <P>Hey Guys,</P> <P>We are in a Splunk Cloud environment with ES, and we have added our own TAXII feed as well as some open source TAXII feeds and we can see that they start "polling" but we never see them download any collection sets or fail in the event logs so it doesn't appear to be working.</P> <P>Has anyone else configured this in Splunk Cloud and if so do you know if there is something else we need to enable for our TAXII feeds to work?</P> <P>Thanks!</P> Sun, 07 Jun 2020 16:24:47 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-ES-Threat-Intelligence-TAXII-feed-not-Working-in-Splunk/m-p/486518#M8022 sheenay 2020-06-07T16:24:47Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-ES-Threat-Intelligence-TAXII-feed-not-Working-in-Splunk/m-p/524584#M9383 <P>I'm currently facing the same issue, have you resolved this already? Would you mind sharing the solution if ever? Thanks.</P> Wed, 14 Oct 2020 11:02:30 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-ES-Threat-Intelligence-TAXII-feed-not-Working-in-Splunk/m-p/524584#M9383 dantimola 2020-10-14T11:02:30Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-ES-Threat-Intelligence-TAXII-feed-not-Working-in-Splunk/m-p/525410#M9392 <P>&nbsp;</P><P>Not a solution, but I noticed this while trying to integrate taxii feed from MITRE:</P><P>The&nbsp;<STRONG>taxii2client</STRONG>&nbsp;in Splunk ES tries to download by default with the latest taxii protocol version (v21?), and MITRE supported only&nbsp;<STRONG>v20</STRONG>.</P><P>Tried to download from a Python script using <STRONG>v20</STRONG>&nbsp;and worked.</P> Mon, 19 Oct 2020 16:04:23 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-ES-Threat-Intelligence-TAXII-feed-not-Working-in-Splunk/m-p/525410#M9392 Laszlo_K 2020-10-19T16:04:23Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-ES-Threat-Intelligence-TAXII-feed-not-Working-in-Splunk/m-p/573737#M10439 <P>Not intending to drag up an old topic, but I'm interested in knowing what "taxii2client" is referencing?</P><P>It's my understanding that the latest versions of Splunk ES do not natively support TAXII v2.</P><P>Is&nbsp;this in reference to a custom install of taxii2client from OASIS Open onto a Splunk ES instance, and somehow configuring it to work with feed ingestion to the Intelligence framework/collections?</P><P>I've recently been trying to identify the best supported solution for STIX 2.1 feeds, which require TAXII 2 communications, into Splunk ES, so I'm curious about the points made in this discussion and what options have been working.</P> Fri, 05 Nov 2021 03:53:12 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-ES-Threat-Intelligence-TAXII-feed-not-Working-in-Splunk/m-p/573737#M10439 Scentri 2021-11-05T03:53:12Z