In the STIX tab, you can create and configure Structured Threat Information eXpression (STIX) data source for Context Hub. Navigate to (Admin) > Services> Select Context Hub service > View > Config > STIX tab.
The STIX tab of the Context Hub service allows you to create one or more STIX, REST URLs, or TAXII data sources and edit them whenever required. When STIX is configured, Context Hub service automatically considers it as a data source.
What do you want to do?
|Role||I want to ...||Show me how|
|Administrator||Configure STIX Data Source for Context Hub*||Configure STIX as a Data Source|
|Administrator/ Analyst||View Contextual Information in Respond View|
See the NetWitness Respond User Guide.
*You can complete this task here (that is in the Context Hub Lists Tab).
The following example illustrates how to add STIX to Context Hub service.
The STIX tab consists of add, delete and edit data sources options.
|1||Name that identifies the added STIX source.|
|2||Type of data source - REST server, STIX or TAXII server.|
|3||The path of the source from which the STIX files are obtained.|
|4||Additional details related to the data source being added.|
|5||Description of the data source.|
|6||Date when the data source was created.|
The following table describes the toolbar actions.
Add a new data source such as File, REST Server, or TAXII Server.
For more information, see Configure STIX as a Data Source .
Delete the selected data source.
|Edit the selected data source.|
The following table describes the all the data source server configuration options.
After completing the configuration, you can view the contextual data in the Context Summary Panel of the Respond view or Investigate view. For instructions, Navigate to Context Summary Panel and View Additional Context topic in the Investigate User Guide.
Table of Contents > Context Hub STIX Tab