filter by type="indicator" is not working with taxii filters #112
Comments
|
The TAXII client isn't responsible for filtering. It just passes your query parameters on to the server. The TAXII server is responsible for finding objects which match your criteria, and returning them. Which TAXII server are you using? |
|
I am using ibm servers, free tier account. One year data fetch with added_after parameter is also getting timed out with this client, is the server responsible for this as well? Can you please suggest efficient way to fetch data for an year? Previous taxii1 server has start and end time specification which can be used for fetching chunks of data, any similar implementation with this client? Also can you please suggest any working free taxii2 servers which can be used for my development? |
|
Hi @generic2715 it might be better to open a support ticket with XForce Exchange on this issue. |
Hi Team,
I am using get_objects on taxii2 server feeds with type as taxii filter. I am not getting expected output
Like
bundle = collection.get_objects(added_after=dt, type="indicator")
/usr/lib/python3.6/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
/usr/lib/python3.6/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
{'type': 'identity', 'id': 'identity--9bdc509a-cfff-42e8-a133-71bb5dc6d3a8', 'created': '2020-08-11T14:30:00.000Z', 'modified': '2020-08-24T20:03:00.000Z', 'name': 'IBM X-Force', 'identity_class': 'organization'}
{'type': 'report', 'id': 'report--6593c0c2-012d-4c77-2c22-50b5bdc7b8e0', 'name': 'verified phishing urls', 'created': '2020-10-13T12:59:12.607Z', 'modified': '2023-03-06T20:29:57.635Z', 'published': '2023-03-06T20:29:57.635Z', 'object_refs': ['x-xfe-collection--6593c0c2-012d-4c77-2c22-50b5bdc7b8e0', 'identity--9bdc509a-cfff-42e8-a133-71bb5dc6d3a8'], 'labels': ['phishing', 'threat-report'], 'description': '# Phishing\n\nVarious phishing urls\n\n# Overview\n\nGive a succinct overview of the threat involved\n\n# Protection\n\nDo not click, do not browse urls reported here'}
Here I am getting both identity and report even when filtered on indicator. Can you please help here.
The text was updated successfully, but these errors were encountered: