PickUpStix (PIX) is an open source threat intelligence feed provided by NC4 that will help you get your intelligence program up and running with a test feed of data. PIX can be used by any TAXII compliant client. To set up PIX in Soltra Edge, please follow the following steps.
Adding the Site
Log into your Soltra Edge appliance.
Select Settings > Sites from the navigation bar.
Select “Add a Site”.
Step 1 of the “Add Site” wizard:
Populate the “Site Name” field with a name for the site.
The “Discovery URL” is – https://pickupstix.io/taxii-discovery-service
Select the green “Default” STIX Profile option and select the green “Next” button.
Step 2 of the “Add Site” wizard:
Input the credentials for PIX.
Username = guest
Password = guest
Populate the “Username and Password” fields with this information and select the green “Next” button.
Step 3 for the “Add Site” wizard:
Two-way authentication is usually setup in this section; however, PickUpStix does not require Two-way Authentication. Please leave all fields blank and select the green “Next” button.
Step 4 of the “Add Site” wizard:
This section provides you the ability to route the site traffic through a proxy connection. If you are using a proxy connection, you will want to populate the fields in Step 4. If you are not using a proxy connection, please leave all fields blank and select the blue “Add Site” button.
Soltra Edge will show you your site status with a “Discovery” response as shown below.
If you receive any other Discovery message than “complete”, recheck your spelling of the Discovery URL, the STIX profile, and the username/password. If you are using a proxy and did not input your proxy information, or the information is correct however the traffic is not allowed due to network infrastructure, a “timeout” message is common.
Configuring PickupSTIX Feeds
Select the name of the site you just added, for this example “PIX”, and you will see what feeds this site allows you to poll.
You will select the blue “+” sign to the far right of the page of the feed you are looking to poll.
Scheduling the PickupSTIX Feed
Soltra Edge gives you three different scheduling options for your feed.
Once you have set your poll schedule, select the blue “Configure Feed” button.
It is recommended to set Periodic to 10 minutes or more.
Your configured feed will show under the “Configured Feeds” section of the “Sites” page.
To learn more about Soltra Edge Sites, please visit our Sites documentation page; http://soltra.com/en/soltra-edge-settings/soltra-edge-sites/.
Soltra Edge documentation and Release notes are located at the following link; http://soltra.com/en/documentation/ctx-soltra-edge/.
We want your feedback! We will continue to add new data sources and want your feedback on the sources we’ve selected.
For more information, join the conversation in the Soltra Edge Forums at forums.soltra.com.