TAXII Client

Updated 2 weeks ago by TruSTAR

TruSTAR's TAXII Client offers users a convenient method to ingest intelligence from other TAXII services into enclaves into the TruSTAR Platform. This enables users to normalize intelligence from STIX-TAXII supported tools and leverage high-fidelity Indicators within workflow tools.

  • Source Type: Premium Intel
  • Update Type: Feed-based
  • Update Frequency: 15 minutes
  • Time to Install: 10 minutes

Data Types

The integration pulls all Observables supported by TruSTAR.


  • Supported Versions
    • TAXII V1.2
    • STIX V1.2
    • TruSTAR API v1.3
    • TruSTAR Python SDK v0.3.23
  • TAXII Client may be GUI-based or CLI
  • API Username
  • API Password
  • PEM file containing private key and certificate
    • Certificate path: path to cert 
    • Certificate url: certificate location path 
  • Key Passphrase (if applicable)
  • TAXII Server URL ("Poll URL")
  • Collections (comma separated)
TruSTAR Admin rights are required to activate this Premium Intelligence feed.

Getting Started

  1. Log into the TruSTAR Web App.
  2. Click the Marketplace icon on the Navigation Bar.
  3. Choose Premium intel.
  4. Click Subscribe on the "TAXII Client A" box.
  5. Enter the information requested and click Save Credentials & Request Subscription. (refer to marketplace tile setup below for more details on filling out tile information)

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

If you want to connect to more than one TAXII client configure the "TAXII Client B" tile to connect to second TAXII Server

Marketplace Tile Setup

Configure your own TAXII Client to start pulling indicators from the TAXII Server of your preference. Enter the corresponding credentials: username and password or your certificate contents; along with the poll URL and the collections you're interested in (to ingest multiple collections, enter their names separated by commas)

API Username: Username for the TAXII server to connect.

API Password: Password for the TAXII server to connect.

Content of pem file containing private key and certificate: (optional) PEM File Format Sample

Key Passphrase: (optional) Key passphrase for certificate above

TAXII server url: poll URL of the TAXII server you want to connect to poll collections from.

Collections (comma separated): Comma separated list of the TAXII server collections you want submitted into TruSTAR.

Known Issues

No reported issues.

Please reach out to if you have issues with this integration.

How Did We Do?