unable to get feed from anomali servers.. 12 hours

%3CLINGO-SUB%20id%3D%22lingo-sub-1539936%22%20slang%3D%22en-US%22%3Eunable%20to%20get%20feed%20from%20anomali%20servers..%2012%20hours%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1539936%22%20slang%3D%22en-US%22%3E%3CP%3Ehi%20there%2C%3C%2FP%3E%0A%3CP%3EI%20have%20connected%20to%2010%26nbsp%3B%3CSPAN%3ETAXII%20server%20Collections%20provided%20by%20Anomali%20Limo%2012%20hours%20back%20but%20I%3C%2FSPAN%3E%26nbsp%3Bhaven't%20received%20any%20TI%20feed%20from%20the%20servers.%20How%20long%20it%20takes%20to%20get%20the%20feeds%3F%20How%20to%20troubleshoot%20the%20issues%3F%3C%2FP%3E%0A%3CP%3EFollowing%20screenshots%20are%20attached%20-%3C%2FP%3E%0A%3CP%3E1.%20Current%20configuration%20of%20TAXII%20servers%2C%20last%20indicator%20received%2FLast%20Log%20Received%20status%2C%20and%26nbsp%3B%3C%2FP%3E%0A%3CP%3E2.%20'ThreatIntelligenceIndicator'%20sample%20query%20output%20(no%20results)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECheers%2C%3C%2FP%3E%0A%3CP%3EM%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%20id%3D%22tinyMceEditormomith_0%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditormomith_1%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1547144%22%20slang%3D%22en-US%22%3ERe%3A%20unable%20to%20get%20feed%20from%20anomali%20servers..%2012%20hours%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1547144%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F736065%22%20target%3D%22_blank%22%3E%40momith%3C%2FA%3E%26nbsp%3B%3A%20first%2C%20for%20any%20potential%20malfunction%20issue%2C%20I%20suggest%20working%20with%20support.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnyways%2C%20tagging%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F118392%22%20target%3D%22_blank%22%3E%40Jason%20Wescott%3C%2FA%3E%26nbsp%3Bwho%20is%20our%20TI%20guru%20and%20may%20be%20able%20to%20help.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1549163%22%20slang%3D%22en-US%22%3ERe%3A%20unable%20to%20get%20feed%20from%20anomali%20servers..%2012%20hours%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1549163%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F736065%22%20target%3D%22_blank%22%3E%40momith%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20might%20be%20having%20the%20same%20issue%20as%20many%20of%20is%20the%20thread%20I%20created%3C%2FP%3E%3CP%3Ehere%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Ftiindicators-not-showing-up-in-threatintelligenceindicator-logs%2Fm-p%2F1538560%2Fhighlight%2Ffalse%23M2075%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Ftiindicators-not-showing-up-in-threatintelligenceindicator-logs%2Fm-p%2F1538560%2Fhighlight%2Ffalse%23M2075%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20also%20attached%20an%20image%20of%20my%20baseline%20and%20fluxes%20of%20TAXII%20IOCs%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

hi there,

I have connected to 10 TAXII server Collections provided by Anomali Limo 12 hours back but I haven't received any TI feed from the servers. How long it takes to get the feeds? How to troubleshoot the issues?

Following screenshots are attached -

1. Current configuration of TAXII servers, last indicator received/Last Log Received status, and 

2. 'ThreatIntelligenceIndicator' sample query output (no results)

 

Cheers,

M

 

 
 

 

2 Replies

@momith : first, for any potential malfunction issue, I suggest working with support.

 

Anyways, tagging @Jason Wescott who is our TI guru and may be able to help.

Hello @momith 

 

You might be having the same issue as many of is the thread I created

here https://techcommunity.microsoft.com/t5/azure-sentinel/tiindicators-not-showing-up-in-threatintellige...

 

I have also attached an image of my baseline and fluxes of TAXII IOCs