Skip to content

TAXII Integration

Jump to bottom
j987987 edited this page May 29, 2018 · 4 revisions

Basic Usage

Currently, the TAXII server is intended to work with Unfetter when building from source. Use one of the following commands to start the Unfetter stack with the TAXII server.

  • docker-compose -f docker-compose.yml -f docker-compose.development.yml -f docker-compose.taxii.development.yml up
  • docker-compose -f docker-compose.yml -f docker-compose.deploy.yml -f docker-compose.taxii.development.yml up

Configuration

In docker-compose.taxii.development.yml, there are two sections to include TAXII Nginx configurations in unfetter-discover-gateway volume mountings. The first one is completely unsecured, the second one uses mutual TLS authentication through Nginx but requires the additional configuration seen below.

For information about configuring the TAXII server itself, see: https://github.com/unfetter-discover/taxii-server#configuration

Mutual TLS

Mutual TLS is handled through Nginx.

  1. Go to unfetter/mutual TLS and run the ./init.sh script
  2. Start/Restart the stack
  3. Confirm it's working by running the ./test_taxii.sh script and confirming a successful return
  4. Confirm that it's secured by confirming the following command is not successful (ie, returns a 400):
curl -ks https://localhost:8443/taxii \
    -H 'accept: application/vnd.oasis.taxii+json; version=2.0' \
    -H 'content-type: application/vnd.oasis.taxii+json; charset=utf-8; version=2.0'
  1. To create additional client certificates, run the ./new_client.sh somename script, and give somename the somename-crt.pem and somename-key.pem files. This can be tested via ./test_taxii.sh somename, as long as somename's cert and key as in the same directory.
  2. FYI - This configuration will open the reverse proxy to the TAXII server on a separate port, 8443 - be sure that port is exposed from the server
  3. WARNING - The certificates generated by these scripts are NOT secure as they are self signed and the password is password. These scripts are meant to provide an example and are for testing purposes.

Note: This instructions will only configure TLS between the client and Nginx. It is possible to configure TLS to the TAXII server directly (see the TAXII README for details)

Made by NSA Information Assurance

Clone this wiki locally