Hey Ryan,
Really this feature should just work out of box, when you Get TAXII Collections.
After a bit of poking around and consulting my colleagues, the potential causes of a 404 (that we can think of) could be one of the following:
1. Files got skipped during the upgrade
If files are skipped especially for files in sn_ti, you will not get the latest logic of retrieving the TAXII collections which can potentially cause a 404. So 'Upgrade Summary Report' would be something worth checking.
2. TAXII profile has been modified
To check this, compare the XML of your TAXII profile record with the one I have attached here. A modified profile would change the way we form the HTTP request sent to MITRE (endpoint, HTTP method, request headers, etc).
3. Network
To check if it is caused by network issue, run the following script in the background script and check the output:
var sm = new sn_ws.RESTMessageV2();
sm.setEndpoint("https://cti-taxii.mitre.org/stix/collections/");
sm.setRequestHeader("Content-Type", "application/json");
sm.setRequestHeader("Accept", "application/vnd.oasis.taxii+json; version=2.0");
sm.setHttpMethod("get");
var response = sm.execute();
var status = response.getStatusCode();
var body = response.getBody();
gs.info(status);
gs.info(body);
You should see a similar output as the below screenshot if there is no network issue:
If none of that works, then you should definitely open a ticket with support, so we can get in and have a look!
Sorry for the inconvenience - this really should be a plug n' play feature.
All the best,
J
Hi Ryan!
I just noticed the same thing in a demo instance I spun up yesterday.
I just used the "Get TAXII collections" related link on the form, and the collections were populated. Have you tried that already?
Hope all's well.
Cheers,
J
