TAXII FAQ

Updated 2 months ago by Elvis Hovor

This document explains details of how the TruSTAR TAXII Server works with TAXII clients.

Can I submit reports to the TruSTAR TAXII Server?

The TAXII server was designed to download Indicators that already exist in your Enclaves. The TruSTAR TAXII server is not configured to allow you to submit new Reports or Indicators into your Enclaves.

You can submit Reports programmatically by using TruSTAR's submit report REST API endpoint. The TruSTAR Python SDK's submit_report() method is a wrapper around that endpoint and makes submitting Reports easier.

How can I specify a time window?

The TruSTAR TAXII server accepts both "from" and "to" times that comply with TAXII standards. Refer to optional parameters in the TruSTAR TAXII Server document.

If a poll request does not specify "from" or "to" times, the TAXII server returns all Indicators submitted within the last 24 hours for the specified Enclaves.

What is the default time window?

By default, you get the last 24 hours of data from TruSTAR.

Where can I download public TAXII documentation?

OASIS has made the relevant files available here: https://docs.oasis-open.org/cti/taxii/v2.1/csprd02/taxii-v2.1-csprd02.zip

Please contact support@trustar.co for any additional questions.


How Did We Do?