Another TAXII Query

Brass Contributor

Hello everyone!


We've set up a TAXII data source and TI with some success. I'm curious; how often does the TAXII connector reach out to Anomali (or any other provider) and refresh the data? Shouldn't this happen on a regular, periodic basis? I don't see any settings to configure how often to make the query and update the data.


I've gone through these two threads but didn't see the answer I'm looking for. Thanks:

4 Replies

Here's a visual representation. We set it up, it pulls data once, and then doesn't pull or try to update at all.



@JKatzmandu We have support tickets open with MS on the similar issue. I don't think it's a TAXII issue. It's a TI logging issue. We can generate new IOCs in the TiIndicators via the api, but they dont always show up in the logs. Something is not working for sure.

@JBUB_Accelerynt Do you have more information out of the support ticket? We are facing similar issues, I see the indicators on the Threat intelligence page but not in the Log. Also in the TAXII connector the Last Log Received is -- I think somithing is still not working as expected...



With a few of my customers things seem to be magically working on their own. At least some of the data has an "expiration date" as a field and it gets updates over time.