cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

unable to get feed from anomali servers.. 12 hours

momith
Microsoft

‎Jul 22 2020 05:24 PM - edited ‎Jul 23 2020 12:41 AM

‎Jul 22 2020 05:24 PM - edited ‎Jul 23 2020 12:41 AM

unable to get feed from anomali servers.. 12 hours

hi there,

I have connected to 10 TAXII server Collections provided by Anomali Limo 12 hours back but I haven't received any TI feed from the servers. How long it takes to get the feeds? How to troubleshoot the issues?

Following screenshots are attached -

1. Current configuration of TAXII servers, last indicator received/Last Log Received status, and 

2. 'ThreatIntelligenceIndicator' sample query output (no results)

 

Cheers,

M

 

 
 

 

Preview file
165 KB
Preview file
162 KB
1,787 Views
0 Likes
2 Replies
Reply
2 Replies
Ofer_Shezaf

‎Jul 26 2020 11:50 PM

‎Jul 26 2020 11:50 PM

Re: unable to get feed from anomali servers.. 12 hours

@momith : first, for any potential malfunction issue, I suggest working with support.

 

Anyways, tagging @Jason Wescott who is our TI guru and may be able to help.

1 Like
Reply
JBUB_Accelerynt

‎Jul 27 2020 06:58 PM

‎Jul 27 2020 06:58 PM

Re: unable to get feed from anomali servers.. 12 hours

Hello @momith 

 

You might be having the same issue as many of is the thread I created

here https://techcommunity.microsoft.com/t5/azure-sentinel/tiindicators-not-showing-up-in-threatintellige...

 

I have also attached an image of my baseline and fluxes of TAXII IOCs  

Preview file
144 KB
1 Like
Reply