All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Anyone use SPLICE app to import TAXII feeds from Soltra Edge?

jeffy_a
New Member
‎02-04-2015 05:31 PM

Having some trouble getting the IOC - TAXII feed input configured to poll our Soltra Edge repository. Has anyone gotten this working yet? Authentication is fine/tested, it connects to the right port, etc, even finds the default feed, but when trying to download the feed I get this error:

-0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SA-Splice/bin/taxii.py" something went wrong with TAXII polling: StartTag: invalid element name, line 2789, column 2

I'm not really sure where to go from here, but if anyone could point me in the right direction, or where to look, that would be great. Thanks,

Jeff

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

cleroux_splunk
Splunk Employee
Splunk Employee
‎02-13-2015 06:54 AM

This error is related to improper IOCs carried over TAXII. This is not a SPLICE issue.
The bug is either in the TAXII server or the TAXII feed that let invalid messages be carried over TAXII/XML.

SPLICE v1.3.4 will provides a way to identify problematic IOCs.

Technical details can be found here: https://github.com/TAXIIProject/libtaxii/issues/170

View solution in original post

Reply
Solved! Jump to solution
Solution

cleroux_splunk
Splunk Employee
Splunk Employee
‎02-13-2015 06:54 AM

This error is related to improper IOCs carried over TAXII. This is not a SPLICE issue.
The bug is either in the TAXII server or the TAXII feed that let invalid messages be carried over TAXII/XML.

SPLICE v1.3.4 will provides a way to identify problematic IOCs.

Technical details can be found here: https://github.com/TAXIIProject/libtaxii/issues/170

Reply
Solved! Jump to solution

jeffy_a
New Member
‎02-13-2015 08:11 AM

Thanks for your help with this Cedric, I'll be passing along the analysis and comments to the folks at Soltra. All the best,

Jeff

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...