Context Hub: STIX Tab

Document created by RSA Information Design and Development Employee on Sep 8, 2020Last modified by Shree Kulkarni on Sep 25, 2020
Version 3Show Document
  • View in full screen mode

In the STIX tab, you can create and configure Structured Threat Information eXpression (STIX) data source for Context Hub. Navigate to  (Admin) > Services> Select Context Hub service > View > Config > STIX tab.

The STIX tab of the Context Hub service allows you to create one or more STIX, REST URLs, or TAXII data sources and edit them whenever required. When STIX is configured, Context Hub service automatically considers it as a data source.

What do you want to do?

RoleI want to ...Show me how
AdministratorConfigure STIX Data Source for Context Hub*Configure STIX as a Data Source
Administrator/ AnalystView Contextual Information in Respond View

See the NetWitness Respond User Guide.

*You can complete this task here (that is in the Context Hub Lists Tab).

Related Topics

Quick Look

The following example illustrates how to add STIX to Context Hub service.

The STIX tab consists of add, delete and edit data sources options.  

Displays the STIX tab that allows you configure STIX as a data source

1Name that identifies the added STIX source.
2Type of data source - REST server, STIX or TAXII server.
3The path of the source from which the STIX files are obtained.
4Additional details related to the data source being added.
5Description of the data source.
6Date when the data source was created.

7

Click to edit the selected data source and configure advanced settings.

Toolbar

The following table describes the toolbar actions.

FeatureDescription

Add a new data source such as File, REST Server, or TAXII Server.

For more information, see Configure STIX as a Data Source .

Delete the selected data source.

Edit the selected data source.

The following table describes the all the data source server configuration options.

FieldDescription
Common Configuration Options
EnabledSelect this checkbox to enable the configuration.
NameProvide a name to the data source you want to add.
DescriptionDescription of the data source.
CancelClick to revert the data source addition.

Validate

Click to verify the URL path to the Server.

SaveClick to save the configuration and add the required server as a data source.
REST Server Configuration Options
URLURL of the REST server.

Username (Optional)

Provide the username of the REST server if it needs to be authenticated.

Password (Optional)Provide the password of REST server if it needs to be authenticated.

Trust All Certificates

Select this checkbox to trust all certificates.

Certificate FileClick browse to navigate to the location of the certificate file.
TAXII Server Configuration Options
URLURL of the TAXII server.

Username (Optional)

Provide the username of TAXII server if it needs to be authenticated.

Password (Optional)Provide the password of REST server if it needs to be authenticated.
Client CertificateBrowse to upload a pkcs12 format client certificate available on your local system.

Certificate Password

Enter the password to the certificate, if it is password-protected.

UserProxySelect this checkbox to enable proxy.

Trust All Certificates

Select this checkbox to trust all certificates.

Certificate FileBrowse and select the certificate file.

TAXII Collections

Select the TAXII Collection name from the drop-down to automatically download the collection.

Click to manually retrieve the list of available TAXII Servers, if the collections are not downloaded automatically.
STIX File Configuration Options
FileBrowse and select the STIX file.

Next steps

After completing the configuration, you can view the contextual data in the Context Summary Panel of the Respond view or Investigate view. For instructions, Navigate to Context Summary Panel and View Additional Context topic in the Investigate User Guide.

 

Previous Topic:Context Hub Lists Tab
Next Topic:Troubleshooting
You are here

Table of Contents > Context Hub STIX Tab

Attachments

    Outcomes