Skip to content

Latest commit

 

History

History
94 lines (85 loc) · 3.61 KB

README_2.0.md

File metadata and controls

94 lines (85 loc) · 3.61 KB

cti-taxii-server 2.0

Description

  • Based on python 3.9 and medallion 3.0.0
  • For testing the FDC's STIX feature.
  • Supporting STIX2.1
  • To test, please follow TAXII2.1

Usage

If you are running it locally, for example Windows 11 desktop, you can directly run this following command

docker container run -d -p 444:444 -p 443:443 olushuo/cti-taxii-server:2.0

Otherwise, you mostly may need to run

docker container run -d -p 444:444 -p 443:443  -v <your data file folder>:/data olushuo/cti-taxii-server:2.0
  • Taxii server is listening on port 444.
  • Use port 443 to check if the Nginx is running(please add proper certificate into web browser).
  • All the testing certificates are located at certs folder
  • The TAXII service's IP is configured in the default_data_ssl.json.
  • Since the nginx service is listening on both IPv4 and IPv6 address, the docker host need to enable IPv6 module.

configuration

docker container run -d -p 444:444 -p 443:443  -v <your config file folder>:/conf olushuo/cti-taxii-server:2.0

A sample configuration file is as below

{
    "backend": {
        "module_class": "MemoryBackend",
        "module": "medallion.backends.memory_backend",
        "filename": "/data/default_data.json"
    },
    "users": {
        "admin": "fortinet",
        "fdc": "fortinet",
        "user": "fortinet"
    },
    "taxii": {
        "max_page_size": 100
    }
}
  • We currently use an in-memory database for the testing environment.
  • For a production environment, please replace the in-memory database with MongoDB.
  • An in-memory database is good enough for testing, so please do not change the backend part unless you understand what you are doing.
  • Please change the users part if you would like to change the credentials.

Fake testing data

A sample data file ---> defalut_data_ssl.json

docker container run -d -p 444:444 -p 443:443  -v <your data file folder>:/data olushuo/cti-taxii-server:2.0
  • Please modify the /discovery part, configure the proper IP here.
  • Please keep "default_data.json" as the fake data file's name, otherwise please change the configuration file either. image

Test

Based on python 2.7

conda create -n taxii-test python=2.7
conda activate taxii-test
pip install --upgrade pip
pip install taxii2-client
pip install stix2
pip install pytest

A sample test file ---> test_ssl.py

To test all test cases:

pytest -vs test_ssl.py

To test a particular case:

pytest -vs test_ssl.py::test_report_incident

To virtualize the envelope, plase paste the envelope into cti-virtualizer In the particular case of 'text_report_incident', you are supposed to get interactable something like: image