Splunk Enterprise Security

Configure FS-ISAC TAXXI Feeds in Splunk ES


I am working on configuring the TAXXI Feeds. My Post argument is as below:

collection="curated-ragw" earliest="-7d" key=$user:redacted,realm:redacted$

However, it is not working. The below error shows up:

TaxiiHandlerException: Exception when polling TAXII feed: Message Type: Status_Message Message ID: 8492898524872483651; In Response To: 0 Status Type: BAD_MESSAGE Message: The access to CTIX has been blocked because incorrect credentials were provided. Please contact Support team.

I have checked the username and password added in the credential management is correct. 

Can someone help me with how to configure this? I can only access UI to configure these feeds.

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!


Or Learn More in Our Blog >>