Automated Sharing of TAXII Collections
Automated TAXII Collections automatically add intelligence records to TAXII Server Collections for seamless distribution to trusted external partners.
Before you begin
Role required:
- System Administrator (view, create or edit)
- sn_sec_tisc.admin (view)
About this task
The automated flow action adds the record provided in the inputs to TAXII server collections configured in the selected template. For more information, see Configuring Outbound Intel Sharing Templates.
Add record to TAXII Server Collection via automated process:
Procedure
- Navigate to All > Threat Intelligence Security Center > Administration.
- Select Automated Flows.
- Select Automatically add threat intelligence to a TAXII collection action link to view the respective rule details in the flow designer.
-
View the flow designer action for the following triggers:
Observable Created or Updated where (Type is IP address (V4), or Type is IP address (V6), or Type is Domain Name; and TISC Tags contains Add to: Sample Collection, and Reputation is Malicious, and Threat Score greater than or is 60) Actions Select multiple -
Go to Actions
Action Description Sharing Template[Outbound Intel Sharing] Select the sharing template. Template with a usage mode of both Automated addition to TAXII Collections can be selected for Automated Sharing.
For more information see, Configuring Outbound Intel Sharing Templates.Observable Record [Observable] Select the type of observable record to add records to TAXII server collections. Indicator Record [Indicator] Select the type of indicators record to add records to TAXII server collections. Object Record [Object] Select the type of objects record to add records to TAXII server collections. Include Related Records Select this check box to add the related records of the selected observables, including indicators and objects to TAXII server collections. - Select Done.
What to do next
Activate the flow.