I'm attempting to utilize the taxii2-client library in Python to connect to a Pulse Dive TAXII 2.1 server for threat intelligence exchange. However, I'm encountering difficulties with connecting to pulse dive CTi feed. Could someone provide guidance on how to properly implement this connection using the taxii2-client library?
Current Setup: I'm working in a Python environment and using the taxii2-client library for my TAXII client implementation. Objective: My goal is to establish a connection with the Pulse Dive TAXII 2.1 server to retrieve threat intelligence data. Issue: I'm facing the following problem of not able to authenticate via api key, nor the library gives an option to include authentication headers. it only provides authentication methods using user name and password
in the code snippet below
from taxii2client.v21 import Collection
collection = Collection("https://pulsedive.com/taxii2/api/collections?accept=application%2Ftaxii%2Bjson%3Bversion%3D2.1&pretty=1&key=bbcff74cf8442edcc8d52a4b61ec9a58912e0b018bbb473c0f08136595676723")
print(collection.get_objects())
the provided url has an api key included but i am getting 401 error(not authenticated) Any way i can get around this?
i tried everything thats mentioned in pulse dive documentation
link
Also explored other libraries like cabby but it lacked taxii2.1 support
So I figured out how to connect to Pulsedive Taxii 2. 1 client, after a lot of research and despite very little resource on the internet, the code for pulling data from Pulsedive Taxii server is as follows:
import sys
import json
url = "https://pulsedive.com/taxii2"
username = "taxii2"
password = <your Api key> #Api key can be found out once you create an account and go to https://pulsedive.com/api/taxii
server = Server(url=url, user=username, password=password)
col = {}
num_collections = 0
for api_root in server.api_roots:
# Count the number of collections
num_collections += len(api_root.collections)
print('total number of collections',num_collections)
for collection in api_root.collections:
col[collection.id] = collection
response = collection.get_objects()
print('response objects',response)
in the above code, we are pulling data from all the objects from all the collections
make sure the access rights of each collection are protected, as not every collection would have read-only access