Note: this is a project preview, not intended for production services yet.
Taxii2 server based on https://docs.google.com/document/d/1Jv9ICjUNZrOnwUXtenB1QcnBLO35RnjQcJLsa1mGSkI/pub#h.1fg89uogyma3
Uses Node.js with MongoDB backend.
- Modern Linux installation (preferably Ubuntu, Mint, Debian, Manjaro, Arch, CentOS or something similar) with sudo permissions
- Expects these installed packages:
- docker
- docker-compose
- openssl
- git
Download and run the installation script
wget https://raw.githubusercontent.com/SecurityRiskAdvisors/sra-taxii2-server/master/setup-taxii-server.sh
sudo ./setup-taxii-server.sh
cd <installation_directory>/sra-taxii2-server
sudo docker-compose -p dev up
Make Self-signed SSL Work
- Chrome Settings > Manage certificates > Authorities > add /opt/taxii/taxiiRootCA.pem
- edit /etc/hosts add "127.0.0.1 sra-taxii2-server" and "127.0.0.1 sra-taxii2-manager-server"
Default username: admin@example.com
Default pw: admin
Use Postman or a taxii2 client to talk to taxii endpoints like https://localhost:3003/taxii
For Postman, you'll need to turn off SSL cert verification or make your host trust the CA cert.
Endpoints support filtering like https://localhost:3003/apiroot1/collections/9ee8a9b3-da1b-45d1-9cf6-8141f7039f82/objects?added_after=2018-05-08T21:07:34.514Z
The server also supports HTTP requests to taxii endpoints and will render them differently for browser viewing.
The manager server API supports some CRUD operations for accounts and collections, but it's currently incomplete.
Beyond the POST operation, new directories in /opt/taxii/sharedimport will create taxii collections with the title as the dir name if they dont exist. Pasting valid STIX2 json bundles in these directories will trigger a background job that inserts the data into the collection.
Make a directory to house taxii server and manager:
mkdir taxii2
cd taxii2
Clone taxii 2 server into its own subdirectory:
(Make sure you're in the taxii2 directory you created above)
mkdir sra-taxii2-server
cd sra-taxii2-server
git clone https://github.com/SecurityRiskAdvisors/sra-taxii2-server.git .
cd ..
Clone taxii 2 manager server into its own subdirectory:
(Make sure you're in the taxii2 directory you created above)
mkdir sra-taxii2-manager
cd sra-taxii2-manager
mkdir server
cd server
git clone https://github.com/SecurityRiskAdvisors/sra-taxii2-manager-server.git .
cd ..
Clone taxii 2 server queue into its own subdirectory:
(Make sure you're in the taxii2 directory you created above)
sudo mkdir –p /opt/taxii/filetemp
mkdir sra-taxii2-server-queue
cd sra-taxii2-server-queue
git clone https://github.com/SecurityRiskAdvisors/sra-taxii2-server-queue.git .
cd ..
Create self-signed certificates for dev/testing:
Note: Uses self-signed certs and a local cert authority, not a good idea to use this stuff in prod.
sudo mkdir –p /opt/taxii/certs
cd /opt/taxii/certs
Follow the guide here: https://engineering.circle.com/https-authorized-certs-with-node-js-315e548354a2 and put all your certs in /opt/taxii/certs. sra-taxii2-server expects taxii-server-key.pem and taxii-server-crt.pem. sra-taxii2-manager-server expects taxii-manager-key.pem and taxii-manager-crt.pem
Build .env files or pass ENV vars into services
See the bash setup script for the env files created, build them in appropriate directories.
Start the TAXII server
(you may not need sudo depending on how you set your docker perms)
cd <location_to_your_taxii2_dir>/taxii2/sra-taxii2-server
sudo docker-compose up
Full Taxii 2.0 spec minus complete error-handling related to content types and other scenarios.
The POST side to add STIX 2 objects to a collection (and status to check on the progress of imports) is handled by a deferred job queue at https://github.com/SecurityRiskAdvisors/sra-taxii2-server-queue. The queue functionality is roughed-in and was done this way to support larger STIX bundle uploads from other REST operations in the future. The queue streams in files and processes them piecemeal rather than blocking to accept and parse a huge upload in memory.
Designed to be a full implementation of the spec with a separate manager application for easier integration into other projects or standalone use. This server is reliant on the sra-taxii2-manager-server and sra-taxii2-server-queue project.
Note: Tests are integration only and expect some defaults for now.
sudo docker exec -it sra-taxii2-server /bin/bash
npm test