processing-stix-taxii-feeds

Featured

Processes STIX 2.1 threat intelligence bundles delivered via TAXII 2.1 servers, normalizing objects into platform-native schemas and routing them to appropriate consuming systems. Use when onboarding new TAXII collection endpoints, automating bi-directional intelligence sharing with ISACs, or building pipeline validation for malformed STIX bundles. Activates for requests involving OASIS STIX, TAXII server configuration, MISP TAXII, or Cortex XSOAR feed integrations.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Processing STIX/TAXII Feeds ## When to Use Use this skill when: - Onboarding a new TAXII 2.1 collection from a government feed (CISA AIS, FS-ISAC) or commercial provider - Validating that ingested STIX bundles conform to the OASIS STIX 2.1 specification before import - Building automated pipelines that parse STIX relationship objects to reconstruct campaign context **Do not use** this skill for proprietary vendor feed formats (Recorded Future JSON, CrowdStrike IOC lists) that require vendor-specific parsers rather than STIX processing. ## Prerequisites - Python 3.9+ with `stix2` library (pip install stix2) and `taxii2-client` library - Network access to TAXII 2.1 server endpoint with valid credentials - Target TIP or SIEM with import API (MISP, OpenCTI, or Splunk ES) ## Workflow ### Step 1: Discover TAXII Server Collections ```python from taxii2client.v21 import Server, as_pages server = Server("https://cti.example.com/taxii/", user="apiuser", password="apikey") api_root = server.api_roots[0] for collection in api_root.collections: print(collection.id, collection.title, collection.can_read) ``` Select collections relevant to your threat profile. CISA AIS provides collections segmented by sector (financial, energy, healthcare). ### Step 2: Fetch STIX Bundles with Pagination ```python from taxii2client.v21 import Collection from datetime import datetime, timedelta, timezone collection = Collection( "https://cti.example.com/taxii/api1/colle...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-stix-taxii-feed-integration

STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information) are OASIS open standards for representing and transporting cyber threat intelligence.

12,642 Updated today
mukul975
AI & Automation Solid

stixtaxii-intelligence-skill

STIX/TAXII threat intelligence format and sharing

1,034 Updated today
a5c-ai
AI & Automation Featured

implementing-security-information-sharing-with-stix2

Create, validate, and share STIX 2.1 threat intelligence objects using the stix2 Python library. Covers indicators, malware, campaigns, relationships, bundles, and TAXII 2.1 publishing.

12,642 Updated today
mukul975
AI & Automation Featured

building-threat-intelligence-feed-integration

Builds automated threat intelligence feed integration pipelines connecting STIX/TAXII feeds, open-source threat intel, and commercial TI platforms into SIEM and security tools for real-time IOC matching and alerting. Use when SOC teams need to operationalize threat intelligence by automating feed ingestion, normalization, scoring, and distribution to detection systems.

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

implementing-taxii-server-with-opentaxii

Deploy and configure an OpenTAXII server to share and consume STIX-formatted cyber threat intelligence using the TAXII 2.1 protocol for automated indicator exchange between organizations.

12,642 Updated today
mukul975