Using the TAXII Server Parser

To use the TAXII server parser, you must have a configured instance for the TAXII server you are using.

The collections/gather_data variables follow the logic shown in the configuration file.

TAXII 1 Specifics

The collection_management_uri is used whenever there is a specified collection management URI by the TAXII Server. Otherwise, it uses the default URI provided by the discovery endpoint of the TAXII Server.

If you specify certain collections within the collections variable, it looks like this example:

from cabby import Client10, Client11


collections = [
    "collection-a",
    "collection-b"
]

# Used for `begin_date`, `end_date`
kwargs = {}

taxii_client = Client10(...) # or Client11(...)
cbcsdk = CBCloudAPI(profile="default")
stix_parser = STIX1Parser(cbcsdk)

stix_parser.parse_taxii_server(
    client=taxii_client,
    collections=collections,
    collection_management_uri=None,
    **kwargs
)

iocs = stix_parser.iocs

You can specify collections="*" to pull every collection.

TAXII 2 Specifics

You can add multiple roots (dict elements of the following list) in the gather_data variable. The roots look like this:

from taxii2client.v20 import Server as Client20
from taxii2client.v21 import Server as Client21


gather_data = [
    {
        "title": "api_root_title",
        "collections": ["collection-a", "collection-b"]
    },
    {
        "title": "api_root_title2",
        "collections": "*"
    }
]

# Used for `added_after` date
kwargs = {}

taxii_client = Client20(...) # Or Client21(...)
cbcsdk = CBCloudAPI(profile="default")
stix_parser = STIX2Parser(cbcsdk)

stix_parser.parse_taxii_server(
    taxii_client,
    gather_data=gather_data,
    **kwargs
)

iocs = stix_parser.iocs

You can set gather_data="*" to pull every collection out of every root.