Skip to content
This repository has been archived by the owner on Dec 7, 2023. It is now read-only.
/ sra-taxii2-server Public archive

TAXII 2.0 Server implemented in Node JS with MongoDB backend

License

MIT license
11 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SecurityRiskAdvisors/sra-taxii2-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

71 Commits
app/views
app/views
 
 
dev
dev
 
 
public
public
 
 
server
server
 
 
tests/api-integration
tests/api-integration
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cloudformation-setup.sh
cloudformation-setup.sh
 
 
docker-compose.yml
docker-compose.yml
 
 
index.js
index.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
setup-taxii-server.sh
setup-taxii-server.sh
 
 

Repository files navigation

sra-taxii2-server

Note: this is a project preview, not intended for production services yet.

Taxii2 server based on https://docs.google.com/document/d/1Jv9ICjUNZrOnwUXtenB1QcnBLO35RnjQcJLsa1mGSkI/pub#h.1fg89uogyma3

Uses Node.js with MongoDB backend.

Installation (Easy)

Requirements

  • Modern Linux installation (preferably Ubuntu, Mint, Debian, Manjaro, Arch, CentOS or something similar) with sudo permissions
  • Expects these installed packages:
    • docker
    • docker-compose
    • openssl
    • git

Download and run the installation script

wget https://raw.githubusercontent.com/SecurityRiskAdvisors/sra-taxii2-server/master/setup-taxii-server.sh 
sudo ./setup-taxii-server.sh
cd <installation_directory>/sra-taxii2-server
sudo docker-compose -p dev up

Make Self-signed SSL Work

  • Chrome Settings > Manage certificates > Authorities > add /opt/taxii/taxiiRootCA.pem
  • edit /etc/hosts add "127.0.0.1 sra-taxii2-server" and "127.0.0.1 sra-taxii2-manager-server"

Usage

Default username: [email protected]

Default pw: admin

Use Postman or a taxii2 client to talk to taxii endpoints like https://localhost:3003/taxii

For Postman, you'll need to turn off SSL cert verification or make your host trust the CA cert.

Endpoints support filtering like https://localhost:3003/apiroot1/collections/9ee8a9b3-da1b-45d1-9cf6-8141f7039f82/objects?added_after=2018-05-08T21:07:34.514Z

The server also supports HTTP requests to taxii endpoints and will render them differently for browser viewing.

The manager server API supports some CRUD operations for accounts and collections, but it's currently incomplete.

Beyond the POST operation, new directories in /opt/taxii/sharedimport will create taxii collections with the title as the dir name if they dont exist. Pasting valid STIX2 json bundles in these directories will trigger a background job that inserts the data into the collection.

Installation (Hard/Dev)

Linux Docker Host

Run the following commands on your Linux Host

Make a directory to house taxii server and manager:

mkdir taxii2
cd taxii2

Clone taxii 2 server into its own subdirectory:

(Make sure you're in the taxii2 directory you created above)

mkdir sra-taxii2-server
cd sra-taxii2-server
git clone https://github.com/SecurityRiskAdvisors/sra-taxii2-server.git .
cd ..

Clone taxii 2 manager server into its own subdirectory:

(Make sure you're in the taxii2 directory you created above)

mkdir sra-taxii2-manager
cd sra-taxii2-manager
mkdir server
cd server
git clone https://github.com/SecurityRiskAdvisors/sra-taxii2-manager-server.git .
cd ..

Clone taxii 2 server queue into its own subdirectory:

(Make sure you're in the taxii2 directory you created above)

sudo mkdir –p /opt/taxii/filetemp
mkdir sra-taxii2-server-queue
cd sra-taxii2-server-queue
git clone https://github.com/SecurityRiskAdvisors/sra-taxii2-server-queue.git .
cd ..

Create self-signed certificates for dev/testing:

Note: Uses self-signed certs and a local cert authority, not a good idea to use this stuff in prod.

sudo mkdir –p /opt/taxii/certs
cd /opt/taxii/certs

Follow the guide here: https://engineering.circle.com/https-authorized-certs-with-node-js-315e548354a2 and put all your certs in /opt/taxii/certs. sra-taxii2-server expects taxii-server-key.pem and taxii-server-crt.pem. sra-taxii2-manager-server expects taxii-manager-key.pem and taxii-manager-crt.pem

Build .env files or pass ENV vars into services

See the bash setup script for the env files created, build them in appropriate directories.

Start the TAXII server

(you may not need sudo depending on how you set your docker perms)

cd <location_to_your_taxii2_dir>/taxii2/sra-taxii2-server
sudo docker-compose up

Features

Full Taxii 2.0 spec minus complete error-handling related to content types and other scenarios.

The POST side to add STIX 2 objects to a collection (and status to check on the progress of imports) is handled by a deferred job queue at https://github.com/SecurityRiskAdvisors/sra-taxii2-server-queue. The queue functionality is roughed-in and was done this way to support larger STIX bundle uploads from other REST operations in the future. The queue streams in files and processes them piecemeal rather than blocking to accept and parse a huge upload in memory.

Notes/Design Decisions

Designed to be a full implementation of the spec with a separate manager application for easier integration into other projects or standalone use. This server is reliant on the sra-taxii2-manager-server and sra-taxii2-server-queue project.

Tests

Note: Tests are integration only and expect some defaults for now.

sudo docker exec -it sra-taxii2-server /bin/bash 
npm test

About

TAXII 2.0 Server implemented in Node JS with MongoDB backend

Topics

stix taxii taxii-server threat-intelligence taxii2 stix2

Resources

Readme

License

MIT license

Security policy

Security policy
Activity
Custom properties

Stars

11 stars

Watchers

8 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages