You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/04/20 19:19:25 UTC

[jira] [Commented] (METRON-114) Automate Deployment of Opentaxii

    [ https://issues.apache.org/jira/browse/METRON-114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15250299#comment-15250299 ] 

ASF GitHub Bot commented on METRON-114:
---------------------------------------

GitHub user nickwallen opened a pull request:

    https://github.com/apache/incubator-metron/pull/84

    METRON-114 Created Ansible role to automate deployment of OpenTAXII services

    Created an Ansible role that performs automated deployment and setup of OpenTAXII services.  This role has not been integrated into any of the deployments; Amazon or Vagrant.  The integration will occur once all work related to the "pcap ingest refresh" is complete.
    
    Other things to keep in mind...
    
    - Python 2.7 is needed to support OpenTAXII, but CentOS 6 comes with Python 2.6.  The `centos-release-scl` repository is used to install Python 2.7 without impacting the existing Python 2.6.
    - OpenTAXII is installed in a virtual environment to maintain isolation.
    
    ---
    
    # OpenTAXII
    
    Installs [OpenTAXII](https://github.com/EclecticIQ/OpenTAXII) as a deamon that can be launched via a SysV service script.  The complementary client implementation, [Cabby](https://github.com/EclecticIQ/cabby) is also installed.
    
    OpenTAXII is a robust Python implementation of TAXII Services that delivers a rich feature set and friendly pythonic API.  [TAXII](https://stixproject.github.io/) (Trusted Automated eXchange of Indicator Information) is a collection of specifications defining a set of services and message exchanges used for sharing cyber threat intelligence information between parties.
    
    ## Usage
    
    ### Service
    
    A standard SysV script has been installed to manage OpenTAXII.  The following functions are available.
    
    - `start` Start the opentaxii service
    - `stop` Stop the opentaxii service
    - `restart` Restart the opentaxii service
    - `status` Current status of the opentaxii service
    - `setup` Creates a set of collections and services to mirror the threat data made available at [Hail a TAXII](http://hailataxii.com/).  Running this will destroy all existing data.
    
    ### Troubleshooting
    
    Should you need to explore the installation, here are instructions on doing so.
    
    OpenTAXII is installed in a virtual environment.  Before exploring the environment run the following commands to perform the necessary setup.  The specific paths may change depending on your Ansible settings.
    
    ```
    export LD_LIBRARY_PATH=/opt/rh/python27/root/usr/lib64
    cd /usr/local/opentaxii
    . opentaxii-venv/bin/activate
    ```
    
    Explore the available collections.
    
    ```
    taxii-collections --path http://hailataxii.com/taxii-data
    taxii-collections --path http://localhost:9000/services/hailataxii/collection
    ```
    
    Read data from a collection.
    
    ```
    taxii-poll --host hailataxii.com --discovery taxii-data -c guest.phishtank_com
    taxii-poll --host localhost:9000 --discovery services/hailataxii/collection -c hailataxii-phishtank
    ```
    
    Discover available services.
    
    ```
    taxii-discovery --discovery http://hailataxii.com/taxii-data
    taxii-discovery --discovery http://localhost:9000/services/hailataxii/discovery
    ```
    
    Fetch data from a remote service and mirror it locally.
    
    ```
    taxii-proxy --poll-path http://hailataxii.com/taxii-data \
                         --poll-collection guest.phishtank_com \
                         --inbox-path http://localhost:9000/services/inbox \
                         --inbox-collection hailataxii-phishtank \
                         --begin 2016-04-17 \
                         --binding urn:stix.mitre.org:xml:1.1.1 \
                         --inbox-username guest --inbox-password guest
    ```


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/nickwallen/incubator-metron METRON-114

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-metron/pull/84.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #84
    
----
commit 656a5972da224a89e2e28790a8330ff5c4c32a3c
Author: Nick Allen <ni...@nickallen.org>
Date:   2016-04-19T19:45:09Z

    METRON-114 Created Ansible role to perform automated deployment of OpenTAXII services.

----


> Automate Deployment of Opentaxii
> --------------------------------
>
>                 Key: METRON-114
>                 URL: https://issues.apache.org/jira/browse/METRON-114
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Nick Allen
>
> OpenTAXII is a robust Python implementation of TAXII Services that delivers a rich feature set and friendly pythonic API.  [TAXII](https://stixproject.github.io/) (Trusted Automated eXchange of Indicator Information) is a collection of specifications defining a set of services and message exchanges used for sharing cyber threat intelligence information between parties.
> OpenTAXII will be used as an aggregator of threat intel data that can then be ingested by Apache Metron.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)