Github user cestella commented on the issue:
https://github.com/apache/metron/pull/643
Presumptions:
* Fulldev has opentaxii installed with the `guest.phishtank_com` collection
configured
Test:
* Ensure that opentaxii is running by running `service opentaxii status`
* Ensure that the collection is sync'd by running `service opentaxii sync
guest.phishtank_com 2017-08-01`
* Open `~/taxii.json` and input the following:
```
{
"endpoint" : "http://localhost:9000/services/discovery";
,"type" : "DISCOVER"
,"collection" : "guest.phishtank_com"
,"table" : "threatintel"
,"columnFamily" : "t"
,"allowedIndicatorTypes" : [ ]
}
```
* Create a file `~/extractor.json` with the following:
```
{
"extractor" : "STIX",
"config" : {}
}
```
* Run the taxii loader via `/usr/metron/0.4.1/bin/threatintel_taxii_load.sh
-e ./extractor.json -c ./taxii.json`
* Ensure it functions and data flows as usual (or not, depending on what
data is in hailataxii). Prior to this PR, you'd have seen an exception.
One thing to note, most of the recent hailataxii data are URIs which isn't
something that we support. I patched this branch with support for URIs and
verified data was flowing into HBase. That URI support is done via #689
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
