This document explains details of how the TruSTAR TAXII Server works with TAXII clients.
Can I submit reports to the TruSTAR TAXII Server?
The TAXII server was designed to enable users to download the indicators that already exist in their enclaves. The TruSTAR TAXII server is not configured to allow you to send reports or indicators into your TruSTAR enclaves.
You can submit reports programmatically by using TruSTAR's submit report REST API endpoint. The TruSTAR Python SDK's submit_report() method is a wrapper around that endpoint and makes submitting reports easier.
How can I specify a time window?
The TruSTAR TAXII server accepts both "from" and "to" times that comply with TAXII standards.
If a poll request does not specify "from" or "to" times, the TAXII server returns all IOCs submitted within the last 24 hours for those enclaves.
How far back can I download data from TruSTAR enclaves?
By default, you can get the last 24 hours of data from TruSTAR if no time parameter is specified. However, users can use optional parameters in the query to specify a time period. Refer to optional parameters in the TruSTAR TAXII Server document.
Where can I download public TAXII documentation?
OASIS has made the relevant files available here: https://docs.oasis-open.org/cti/taxii/v2.1/csprd02/taxii-v2.1-csprd02.zip