You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@metron.apache.org by Vladimir Shlyakhtin <Vl...@sstech.us> on 2017/03/28 11:53:01 UTC
Threat Feeds
Hi,
According to https://cwiki.apache.org/confluence/display/METRON/Threat+Intel Metron supports 2 Threat Feeds and 1 format
(Soltra and Hail A Taxii, Stix/Taxii format)
Has anything changed for today?
Also on this page I read that you recommend Soltra. May I ask why?
What you can say about other Threat Feeds? E.g. from this list: https://github.com/hslatman/awesome-threat-intelligence
Thank you
- Vladimir
Re: Threat Feeds
Posted by Kyle Richardson <ky...@gmail.com>.
Anomali provides a free STIX/TAXXI client called STAXX. They announced it
around the same time the announcements came out that Soltra was being sold
to NC4 and going commercial/fee-based. I don't believe it is open source
though; just free for use.
-Kyle
On Thu, Mar 30, 2017 at 7:52 AM, Vladimir Shlyakhtin <
Vladimir.Shlyakhtin@sstech.us> wrote:
> Thanks Simon for reply.
>
> Currently we are analyzing available open source solutions.
> For sure we will contribute if something new be implemented.
>
>
> - Vladimir
> ------------------------------
> *From:* Simon Elliston Ball [simon@simonellistonball.com]
> *Sent:* Tuesday, March 28, 2017 9:04 AM
> *To:* user@metron.incubator.apache.org
> *Subject:* Re: Threat Feeds
>
> Hi Vladimir,
>
> Metron supports and Stix/Taxii feed using the threat intel loaders. We
> usually put soltra, hailataxii or opentaxii in front of this loaded to act
> as an aggregator for multiple stix feeds, so you can really use anything.
>
> Soltra used to be our preferred choice, because it was slick, open, and
> usable. Now Soltra has gone commercial, we would still recommend it as a
> good option, but would also look at other open source alternatives.
>
> The list you include is an interesting survey of alternatives as well, it
> would be great to see more of these integrated into Metron, perhaps that
> would be a good community contribution. Are there any in particular your
> like, or would like to work on? I’d be very happy to help.
>
> Hope that helps.
>
> Simon
>
>
> On 28 Mar 2017, at 12:53, Vladimir Shlyakhtin <
> Vladimir.Shlyakhtin@sstech.us> wrote:
>
> Hi,
>
> According to https://cwiki.apache.org/confluence/display/METRON/
> Threat+Intel Metron supports 2 Threat Feeds and 1 format
> (Soltra and Hail A Taxii, Stix/Taxii format)
>
> Has anything changed for today?
>
> Also on this page I read that you recommend Soltra. May I ask why?
>
> What you can say about other Threat Feeds? E.g. from this list:
> https://github.com/hslatman/awesome-threat-intelligence
>
> Thank you
>
> - Vladimir
>
>
>
RE: Threat Feeds
Posted by Vladimir Shlyakhtin <Vl...@sstech.us>.
Thanks Simon for reply.
Currently we are analyzing available open source solutions.
For sure we will contribute if something new be implemented.
- Vladimir
________________________________
From: Simon Elliston Ball [simon@simonellistonball.com]
Sent: Tuesday, March 28, 2017 9:04 AM
To: user@metron.incubator.apache.org
Subject: Re: Threat Feeds
Hi Vladimir,
Metron supports and Stix/Taxii feed using the threat intel loaders. We usually put soltra, hailataxii or opentaxii in front of this loaded to act as an aggregator for multiple stix feeds, so you can really use anything.
Soltra used to be our preferred choice, because it was slick, open, and usable. Now Soltra has gone commercial, we would still recommend it as a good option, but would also look at other open source alternatives.
The list you include is an interesting survey of alternatives as well, it would be great to see more of these integrated into Metron, perhaps that would be a good community contribution. Are there any in particular your like, or would like to work on? I’d be very happy to help.
Hope that helps.
Simon
On 28 Mar 2017, at 12:53, Vladimir Shlyakhtin <Vl...@sstech.us>> wrote:
Hi,
According to https://cwiki.apache.org/confluence/display/METRON/Threat+Intel Metron supports 2 Threat Feeds and 1 format
(Soltra and Hail A Taxii, Stix/Taxii format)
Has anything changed for today?
Also on this page I read that you recommend Soltra. May I ask why?
What you can say about other Threat Feeds? E.g. from this list: https://github.com/hslatman/awesome-threat-intelligence
Thank you
- Vladimir
Re: Threat Feeds
Posted by Simon Elliston Ball <si...@simonellistonball.com>.
Hi Vladimir,
Metron supports and Stix/Taxii feed using the threat intel loaders. We usually put soltra, hailataxii or opentaxii in front of this loaded to act as an aggregator for multiple stix feeds, so you can really use anything.
Soltra used to be our preferred choice, because it was slick, open, and usable. Now Soltra has gone commercial, we would still recommend it as a good option, but would also look at other open source alternatives.
The list you include is an interesting survey of alternatives as well, it would be great to see more of these integrated into Metron, perhaps that would be a good community contribution. Are there any in particular your like, or would like to work on? I’d be very happy to help.
Hope that helps.
Simon
> On 28 Mar 2017, at 12:53, Vladimir Shlyakhtin <Vl...@sstech.us> wrote:
>
> Hi,
>
> According to https://cwiki.apache.org/confluence/display/METRON/Threat+Intel <https://cwiki.apache.org/confluence/display/METRON/Threat+Intel> Metron supports 2 Threat Feeds and 1 format
> (Soltra and Hail A Taxii, Stix/Taxii format)
>
> Has anything changed for today?
>
> Also on this page I read that you recommend Soltra. May I ask why?
>
> What you can say about other Threat Feeds? E.g. from this list: https://github.com/hslatman/awesome-threat-intelligence <https://github.com/hslatman/awesome-threat-intelligence>
>
> Thank you
>
> - Vladimir