Forum Discussion

cursor500's avatar
cursor500
Copper Contributor
May 08, 2020

TAXII Data Connector - Provider requires a whitelisted IP

Good day,

Just getting started with Sentinel, playing around a bit within a fairly constrained budget. But so far it's been going pretty good.

I'm looking at integrating some threat intelligence from our security partners. One in particular is hosting a TAXII feed, and they require a whitelisted IP in their system to connect. From what I can see, there's no way for me to determine the IP(s) being used when Sentinel connects via TAXII. This partner has mentioned they may be able to tail the logs to find out which IP I'm using, but I'm not sure how effective that will be, considering Sentinel lives in the cloud and I won't know one day to the next where the traffic will be coming from.

Is there a way to reliably determine the source IP(s) for the TAXII connection?

 

Thanks!

Resources