STIX-TAXII#

STIX-TAXII integration allows Scrutinizer to import comprehensive and up-to-date threat intelligence in the industry-standard Structured Threat Information eXchange (STIX) format via the Trusted Automated eXchange of Indicator Information (TAXII) protocol from external systems and organizations. This greatly enhances Scrutinizer’s already robust IP detection capabilities.

Important

STIX-TAXII integration requires additional licensing to enable. Contact Plixer Technical Support to learn more.

Importing STIX files via CLI#

To have Scrutinizer automatically import IP/domain watchlists, download the files in STIX format (v1 or v2) and copy them to the /home/plixer/scrutinizer/files/threats directory on the appliance. The name of the file will also be used as the category.

Important

Domain watchlists are currently only used in AI-based threat detection algorithms and need not be imported for deployments that do not include the Plixer ML Engine.

Note

Scrutinizer supports .stix, .stix1, and .stixv1 extensions for v1 (XML) and .stix2 and .stxv2 extensions for v2 (JSON).

Configuring STIX-TAXII feeds#

To configure a new STIX-TAXII feed in the Scrutinizer web interface, refer to the Admin > Integrations > STIX-TAXII section.