search

oasis-open / cti-taxii-client

OASIS TC Open Repository: TAXII 2 Client Library Written in Python
https://taxii2client.readthedocs.io/
BSD 3-Clause "New" or "Revised" License
107 stars 51 forks source link

filter by type="indicator" is not working with taxii filters #112

Open generic2715 opened 1 year ago

generic2715 commented 1 year ago

Hi Team,

I am using get_objects on taxii2 server feeds with type as taxii filter. I am not getting expected output

Like bundle = collection.get_objects(added_after=dt, type="indicator")

/usr/lib/python3.6/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) /usr/lib/python3.6/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) {'type': 'identity', 'id': 'identity--9bdc509a-cfff-42e8-a133-71bb5dc6d3a8', 'created': '2020-08-11T14:30:00.000Z', 'modified': '2020-08-24T20:03:00.000Z', 'name': 'IBM X-Force', 'identity_class': 'organization'} {'type': 'report', 'id': 'report--6593c0c2-012d-4c77-2c22-50b5bdc7b8e0', 'name': 'verified phishing urls', 'created': '2020-10-13T12:59:12.607Z', 'modified': '2023-03-06T20:29:57.635Z', 'published': '2023-03-06T20:29:57.635Z', 'object_refs': ['x-xfe-collection--6593c0c2-012d-4c77-2c22-50b5bdc7b8e0', 'identity--9bdc509a-cfff-42e8-a133-71bb5dc6d3a8'], 'labels': ['phishing', 'threat-report'], 'description': '# Phishing\n\nVarious phishing urls\n\n# Overview\n\nGive a succinct overview of the threat involved\n\n# Protection\n\nDo not click, do not browse urls reported here'}

Here I am getting both identity and report even when filtered on indicator. Can you please help here.

chisholm commented 1 year ago

The TAXII client isn't responsible for filtering. It just passes your query parameters on to the server. The TAXII server is responsible for finding objects which match your criteria, and returning them. Which TAXII server are you using?

generic2715 commented 1 year ago

I am using ibm servers, free tier account. One year data fetch with added_after parameter is also getting timed out with this client, is the server responsible for this as well? Can you please suggest efficient way to fetch data for an year? Previous taxii1 server has start and end time specification which can be used for fetching chunks of data, any similar implementation with this client? Also can you please suggest any working free taxii2 servers which can be used for my development? Thank you for your response, much appreciated.

JasonKeirstead commented 1 year ago

Hi @generic2715 it might be better to open a support ticket with XForce Exchange on this issue.