Retrieving Data From the ThreatConnect TAXII 2.1 Server (App Version 2.0)
- 18 Dec 2024
- 2 Minutes to read
-
Print
-
DarkLight
Retrieving Data From the ThreatConnect TAXII 2.1 Server (App Version 2.0)
- Updated on 18 Dec 2024
- 2 Minutes to read
-
Print
-
DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Note
This article applies to the ThreatConnect TAXII 2.1 server available with version 2.0 of the ThreatConnect TAXII Server App. For instruction on using the ThreatConnect TAXII 2.1 server available with version 1.0 of the ThreatConnect TAXII Server App, see Using the ThreatConnect TAXII 2.1 Server (App Version 1.0). For instruction on using the ThreatConnect TAXII 1.x server, see Using the ThreatConnect TAXII Server.
Overview
The ThreatConnect® TAXII™ 2.1 server can be used by an external TAXII client to retrieve data from your Organization, Communities, and Sources. After installing and configuring the ThreatConnect TAXII Server Service App and creating a TAXII user account that can use the corresponding Service, you can use the TAXII user account to connect to the TAXII REST API and retrieve data from the ThreatConnect TAXII 2.1 server.
Before You Start
User Roles
- To connect to the TAXII REST API and retrieve data in an Organization from the ThreatConnect TAXII 2.1 server, your TAXII user account must have an Organization role of Standard User. Note that this is the only Organization role that may be assigned to a TAXII user account.
- To connect to the TAXII REST API and retrieve data in a Community or Source from the ThreatConnect TAXII 2.1 server, your TAXII user account can have any Community role.
Prerequisites
- Create a TAXII user account (if you do not already have one), as one is required to connect to the TAXII REST API and retrieve data from the ThreatConnect TAXII 2.1 server.
Authentication
The TAXII REST API uses basic authentication, which is completed by combining a TAXII user account’s username and password with a colon and then encoding the resulting string in Base64 format.
For example, if your TAXII user account’s username and password is taxii and p@55w0rd, respectively, the combination of taxii:p@55w0rd will be Base64 encoded and become dGF4aWk6cEA1NXcwcmQ=. In this case, the authentication header for your request would be the following:
Authorization: Basic dGF4aWk6cEA1NXcwcmQ=Required Headers
Authorization: Basic {credentials}Accept: application/taxii+json;version=2.1
Available Endpoints
Refer to Table 1 for a description of each available API endpoint on the TAXII REST API and supported HTTP method for each endpoint.
| Endpoint | HTTP Method | Description |
|---|---|---|
/tc_taxii | GET | Retrieve information about the ThreatConnect TAXII 2.1 server |
/tc_taxii/collections | GET | Retrieve information about all collections available on the ThreatConnect TAXII 2.1 server |
/tc_taxii/collections/{collectionId or ownerName} | GET | Retrieve information about a specific collection available on the ThreatConnect TAXII 2.1 server |
/tc_taxii/collections/{collectionId or ownerName}/objects | GET | Retrieve all objects from a specific collection available on the ThreatConnect TAXII 2.1 server |
/taxii2 | GET | Retrieve information about the ThreatConnect TAXII 2.1 server and available API roots |
Query Parameters
The TAXII REST API supports query parameters included in common STIX™ 2.1 frameworks.
Example Requests and Responses
Example requests and responses for each endpoint listed in Table 1 are available at docs.threatconnect.com/en/latest/rest_api/taxii/taxii_2.1.html.
ThreatConnect® is a registered trademark of ThreatConnect, Inc.
STIX™ and TAXII™ are trademarks of The MITRE Corporation.
20167-04 v.01.A
Was this article helpful?
