cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Threat intelligence TAXII

mujju016
Copper Contributor

‎Feb 13 2023 01:35 AM - edited ‎Feb 13 2023 01:40 AM

‎Feb 13 2023 01:35 AM - edited ‎Feb 13 2023 01:40 AM

Threat intelligence TAXII

I am trying to add the Threat intelligence - TAXII connector in Sentinel. Upon entering the asked details such as mentioned below:

Friendly Name: TAXIIFeeds

APIhttps://limo.anomali.com/api/v1/taxii2/feeds/

Collection ID: 107 (tried by entering 135, 136 as well)

Username: guest

Password: guest

 

Selected Import Indicator as All Available(tried other options as well) and Polling Frequency as Once a day (tried other options as well). 

 

Post entering the above mentioned details, when I click Add,  I am getting error as "TAXII connector already exists with the same API root URL and Collection ID or inputs are not valid."

 

It seems the API https://limo.anomali.com/api/v1/taxii2/feeds/ is no more valid. When I try to open, it throws an error as "This site can’t be reached". Also, this URL (https://www.anomali.com/resources/limo)  it says the API URL is changed.

 

Not sure where the issue is. Can someone help on this please. 

 

Best regards.

2,869 Views
0 Likes
6 Replies
Reply
6 Replies
mikhailf

‎Feb 13 2023 03:05 AM

‎Feb 13 2023 03:05 AM

Re: Threat intelligence TAXII

Hello @mujju016,

 

It seems that Limo has reached the end of the road.

Limo - Free Intel Feed by Anomali - Learn More

Are you trying to use the free version of Limo? 

0 Likes
Reply
mujju016

‎Feb 13 2023 03:13 AM

‎Feb 13 2023 03:13 AM

Re: Threat intelligence TAXII

I am using the same as per mentioned by Microsoft.

Is there any other way for this? please guide.
0 Likes
Reply
mikhailf

‎Feb 13 2023 03:53 AM

‎Feb 13 2023 03:53 AM

Re: Threat intelligence TAXII

Where do you see that Limo was mentioned by Microsoft?
This service stopped providing free indicators. I think because of that you have an issue.
0 Likes
Reply
mujju016

‎Feb 13 2023 04:56 AM

‎Feb 13 2023 04:56 AM

Re: Threat intelligence TAXII

I saw a YouTube video from the Microsoft Security channel. the link is : https://www.youtube.com/watch?v=3nCDOJ9D2Q8

aside, can you pls share your insights on how to integrate the Threat intelligence - TAXII into Azure Sentinel ?

This would be of great help!
0 Likes
Reply
mikhailf

‎Feb 13 2023 10:14 AM - edited ‎Feb 13 2023 10:17 AM

‎Feb 13 2023 10:14 AM - edited ‎Feb 13 2023 10:17 AM

Re: Threat intelligence TAXII

@mujju016 

 

There are also 2 options to ingest TI from Alien Vault:

1. Using Logic App:

Ingesting Alien Vault OTX Threat Indicators into Azure Sentinel - Microsoft Community Hub

Azure-Sentinel/Playbooks/Get-AlienVault_OTX at master · Azure/Azure-Sentinel · GitHub

2. Using TAXII:

You need to create an account on Alien Vault, generate an API key, and then connect Alien Vault TAXI.

0 Likes
Reply