cti-taxii-server
This is an OASIS TC Open Repository. See the Governance section for more information.
Trusted Automated Exchange of Intelligence Information (TAXIIβ’) is an application layer protocol for the communication of cyber threat information in a simple and scalable manner.
Medallion is a minimal implementation of a TAXII 2.1 Server in Python.
WARNING: medallion was designed as a prototype and reference implementation of TAXII 2.1, and is not intended for production use.
medallion has been designed to be a simple front-end REST server providing access to the endpoints defined in that specification. It uses the python framework - Flask. medallion depends on back-end "plugins" which handle the persistence of the TAXII data and metadata. The TAXII specification is agnostic to what type of data a TAXII server stores, but this will usually be STIX 2 content.
Two back-end plugins are provided with medallion: the Memory back-end and the MongoDB back-end. The Memory back-end persists data "in memory". It is initialized using a json file that contains TAXII data and metadata. It is possible to save the current state of the in memory store, but this back-end is really intended only for testing purposes. The MongoDB backend is somewhat more robust and makes use of a MongoDB server, installed independently. The MongoDB back-end can only be used if the pymongo python package is installed. An error message will result if it is used without that package.
For more information, see the documentation on ReadTheDocs.
Installation
The easiest way to install medallion is with pip
$ pip install medallion
Usage
As a script
Medallion provides a command-line interface to start the TAXII Server
usage: medallion [-h] [--host HOST] [--port PORT] [--debug-mode]
[--log-level {DEBUG,INFO,WARN,ERROR,CRITICAL}]
[-c CONF_FILE] [--conf-dir CONF_DIR | --no-conf-dir]
[--conf-check] [CONFIG_PATH]
medallion v3.0.0
positional arguments:
CONFIG_PATH Deprecated argument for specifying a single
JSON configuration file. Do not specify this
and `--conf-file`.
optional arguments:
-h, --help show this help message and exit
--host HOST The host to listen on.
--port PORT The port of the web server.
--debug-mode If set, start application in debug mode.
--log-level {DEBUG,INFO,WARN,ERROR,CRITICAL}
The logging output level for medallion.
-c CONF_FILE, --conf-file CONF_FILE
Path to a single configuration file. Defaults to the
value of the MEDALLION_CONFFILE environment variable
or /etc/xdg/medallion/3/medallion.conf.
--conf-dir CONF_DIR Path to a directory containing JSON configuration
files with names ending in .json or .conf. Defaults to
the value of the MEDALLION_CONFDIR environment
variable or /etc/xdg/medallion/3/config.d.
--no-conf-dir Disable the use of any configuration directory as
described for --conf-dir. This may be used to ensure
that the default or some value from the environment is
not used.
--conf-check Evaluate medallion configuration without running the
server.
To run medallion
$ python medallion/scripts/run.py --conf-file <config-file>
Make sure medallion is using the same port that your TAXII client will be connecting on. You can specify which port medallion runs on using the --port option, for example
$ medallion --port 80 --conf-file config_file.json
The <config_file> contains:
- configuration information for the backend plugin
- a simple user name/password dictionary
To use the Memory back-end plug, include the following in the <config-file>:
{
"backend": {
"module_class": "MemoryBackend",
"filename": "<path to json file with initial data>"
}
}
To use the Mongo DB back-end plug, include the following in the <config-file>:
{
"backend": {
"module_class": "MongoBackend",
"uri": "<Mongo DB server url> # e.g., 'mongodb://localhost:27017/'"
}
}
Note: A Mongo DB should be available at some URL when using the Mongo DB back-end
A description of the Mongo DB structure expected by the mongo db backend code is described in the documentation.
As required by the TAXII specification, medallion supports HTTP Basic authorization. However, the user names and passwords are currently stored in the <config_file> in plain text.
Here is an example:
{
"users": {
"admin": "Password0",
"user1": "Password1",
"user2": "Password2"
}
}
The authorization is enabled using the python package flask_httpauth. Authorization could be enhanced by changing the method "decorated" using @auth.get_password in medallion/__init__.py
Configs may also contain a "taxii" section as well, as shown below:
{
"taxii": {
"max_page_size": 100
"interop_requirements": true
}
}
All TAXII servers require a config, though if any of the sections specified above are missing, they will be filled with default values.
The interop_requirements
option will enforce additional requireemnts from
the TAXII 2.1 Interoperability specification. It defaults to false
.
We welcome contributions for other back-end plugins.
Docker
We also provide a Docker image to make it easier to run medallion
$ docker build . -t medallion -f docker_utils/Dockerfile
If operating behind a proxy, add the following option (replacing <proxy> with
your proxy location and port): --build-arg https_proxy=<proxy>
.
Then run the image
$ docker run --rm -p 5000:5000 -v <directory>:/var/taxii medallion
Replace <directory>
with the full path to the directory containing your
medallion configuration.
Governance
This GitHub public repository ( https://github.com/oasis-open/cti-taxii-server ) was created at the request of the OASIS Cyber Threat Intelligence (CTI) TC as an OASIS TC Open Repository to support development of open source resources related to Technical Committee work.
While this TC Open Repository remains associated with the sponsor TC, its development priorities, leadership, intellectual property terms, participation rules, and other matters of governance are separate and distinct from the OASIS TC Process and related policies.
All contributions made to this TC Open Repository are subject to open source license terms expressed in the BSD-3-Clause License. That license was selected as the declared "Applicable License" when the TC Open Repository was created.
As documented in "Public Participation Invited", contributions to this OASIS TC Open Repository are invited from all parties, whether affiliated with OASIS or not. Participants must have a GitHub account, but no fees or OASIS membership obligations are required. Participation is expected to be consistent with the OASIS TC Open Repository Guidelines and Procedures, the open source LICENSE designated for this particular repository, and the requirement for an Individual Contributor License Agreement that governs intellectual property.
Maintainers
TC Open Repository Maintainers are responsible for oversight of this project's community development activities, including evaluation of GitHub pull requests and preserving open source principles of openness and fairness. Maintainers are recognized and trusted experts who serve to implement community goals and consensus design preferences.
Initially, the associated TC members have designated one or more persons to serve as Maintainer(s); subsequently, participating community members may select additional or substitute Maintainers, per consensus agreements.
Current Maintainers of this TC Open Repository
- Chris Lenk; GitHub ID: https://github.com/clenk/; WWW: MITRE Corporation
- Rich Piazza; GitHub ID: https://github.com/rpiazza/; WWW: MITRE Corporation
- Zach Rush; GitHub ID: https://github.com/zrush-mitre/; WWW: MITRE Corporation
- Jason Keirstead; GitHub ID: https://github.com/JasonKeirstead; WWW: IBM
About OASIS TC Open Repositories
- TC Open Repositories: Overview and Resources
- Frequently Asked Questions
- Open Source Licenses
- Contributor License Agreements (CLAs)
- Maintainers' Guidelines and Agreement
Feedback
Questions or comments about this TC Open Repository's activities should be composed as GitHub issues or comments. If use of an issue/comment is not possible or appropriate, questions may be directed by email to the Maintainer(s) listed above. Please send general questions about Open Repository participation to OASIS Staff at [email protected] and any specific CLA-related questions to [email protected].