Sentinel Taxii connector polling old data from Taxii server collection

Occasional Visitor

Hi Team,


Sentinel Taxii connector is polling the old IOC (Nov, 2021) from Taxii server collection in my environment.

I have confirmed from Taxii server end , there is no change in status of particular IOC since Nov, 2021.

However on TI blade in sentinel its showing creation date from Nov, 2021 and modification date sept, 2022 . Adding SS for reference.

Now I am wondering :

1.  How Taxii client (sentinel) is polling the incremental changes (New IOC added to collection) [Based on which parameter]? Is is creation time or any other unique parameter.?

2. To which parameter its mapping the "Modified" date field?




0 Replies