How do I authenticate to a TAXII Discovery Service endpoint?

kristopherrusso · ‎04-18-2018

I've built a TAXII profile but the discovery server requires a username and password of guest/guest. I'm not sure how to build the REST message to send that. When I test connecting to the TAXII server manually with the username and password using Cabby it works fine.

https://www.anomali.com/platform/limo

https://github.com/TAXIIProject/TAXII-Specifications

https://developer.servicenow.com/app.do#!/document/content/app_store_doc_outbound_rest_helsinki_t_ConfiguringARESTMessage?v=helsinki

Jon Williams · ‎09-20-2018

Hi Kristopher,

In order to set up the TAXII profile to use credentials you'll need to create an Outbound REST. This REST message will only be used to set up "Basic Authentication" credentials and use them for authentication with the server.

- Navigate to System Web Services > Outbound > REST and then create a NEW REST Message

- Give the new REST Message a name (usually something specific to the TAXII profile)

- You can leave Endpoint alone (we are only using this REST message for it's authentication profile)

- Go to Authentication > Authentication Type and select "Basic Auth"

- Now in the Basic Auth Profile field select the spyglass and either:

A. Select a previously created Auth Profile

B. Create a new Auth Profile with the TAXII server credentials

- In the Auth Profile list select NEW

- Name the Auth Profile and then enter in the Username and Password and save

- Now in the REST Message go to the HTTP Methods section

- You should see an auto-generated GET Method has been created

- Select the GET Method from the list to edit it

- Change the Name to POST and in the HTTP Method dropdown select POST

- (No other setup on the Method needs to be done)

- Save the HTTP Method and then Update and save the entire REST Message

- Now go to your TAXII profile > Discovery Service Configuration > Select "Use REST Message" checkbox

- In the Discovery Service REST Message field select your newly created REST Message

- In the Discovery Service REST Method field select your newly created REST Method

- Now in Collection Service Configuration select "Use REST Message" checkbox

- In the Collection Info Service REST Message select your newly created REST Message

- (No need to select a REST Method for the Collection Service so leave this blank)

- Now save your TAXII Profile and test it by selecting Get TAXII Collections from under Related Links

- You should start to see the TAXII Collections list start to populate if its setup correctly

Hope these steps help. It seems like a lot but setup time is less than 5 minutes or so. If you have any other questions please feel free to ask!

Thank you,

Jon W

Sanyam · ‎04-02-2020

Have anyone successfully completed this? Even after following the steps during the test connection everything works properly but after I click Get TAXII collections no requests are sent by Servicenow to my TAXII Server. Stuck on this if anyone can help

nitin11 · ‎09-08-2020

Hi,

OOB Setups also shows collections once we click on "get collections" link on HailaTaxi Profiles.

Each of the taxi collections shows few enteries, but i am unsure how to use them for Security Incident or Observables. Can someone explain how can i use this setup for threat intelligence.

gossi123 · ‎08-09-2023

It seems like you've successfully constructed a TAXII profile, but you're encountering difficulty with the discovery server's username and password requirements (guest/guest). You need to figure out how to formulate the REST message to accommodate this. Interestingly, everything functions smoothly when manually connecting to the TAXII server with the specified username and password using Cabby. If you need further guidance,