search
Go to main website

TAXII Server

hashtag
Introduction

TAXII (Trusted Automated eXchange of Intelligence Information) is a protocol used to exchange cyber threat intelligence over HTTP. TAXII 2.1 is the latest version of this protocol.

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence (CTI). We use STIX version 2.1.

hashtag
Base URL

BforeAI's TAXII server is available at https://vm-opentaxii-prd.bfore.ai

PreCrime Intelligence collection id: 365fed99-08fa-fdcd-a1b3-fb247eb41d01

hashtag
Discovery

get

Returns information about the TAXII server, including the API roots available

Authorizations
AuthorizationstringRequired

Basic Authentication using Base64 encoded username:password. In the request Headers, the Authorization header passes the API a Base64 encoded string representing your username and password values, appended to the text Basic.

Responses
chevron-right
200

Server discovery information

application/taxii+json;version=2.1
get
/taxii2/

hashtag
Headers

A valid Accept header is required. The client must specify a media type supported by the TAXII 2.1 server. These include the following:

Media Type
Description

application/taxii+json;version=2.1

TAXII version 2.1 in JSON

hashtag
Authentication

Our TAXII implementation currently supports Basic Authentication. We plan to add Bearer Tokens with API Keys authentication in the near future.

In the request headers, the Authorization header passes the API a Base64 encoded string representing your username and password values, appended to the text Basic as follows:

hashtag
Getting your credentials

Credentials for TAXII server are generated upon request, please get in touch with us in order to manage the access to our TAXII server.

hashtag
Error Handling

If an error occurs, the server will return a HTTP status code in the 400 or 500 range, along with a JSON object containing more information about the error.

hashtag
Filtering

TAXII Clients can request specific content from the TAXII Server by specifying a set of filters included in the request to the server. If no URL query parameter is specified then the TAXII Server returns all content for that endpoint.

  • added_after, A single timestamp that filters objects to only include those objects added after the specified timestamp. The value of this parameter is a timestamp. The added_after parameter is not in any way related to dates or times in a STIX object or any other CTI object. Example: ?added_after=2022-01-01

  • match[<field>], The match parameter defines filtering on the specified field. The list of fields that MUST be supported is defined per endpoint. The match parameter can be specified any number of times, where each match instance specifies an additional filter to be applied to the resulting data and each MUST NOT occur more than once in a request. Said another way, all match fields are ANDed together.

hashtag
Supported Fields for Match:

Field
Description

id

The STIX ID of the object(s) that are being requested. Examples: ?match[id]=indicator--3600ad1b-fff1-4c98-bcc9-4de3bc2e2ffb

type

The type of the object(s) that are being requested. Examples: ?match[type]=indicator, ?match[type]=indicator,sighting

version

The version(s) of the object(s) that are being requested from either an object or manifest endpoint. If no version parameter is provided, the server will return only the latest version for each object matching the remainder of the request. Examples: ?match[version]=all, ?match[version]=last,first, ?match[version]=first,2018-03-02T01:01:01.123Z,last, ?match[version]=2016-03-23T01:01:01.000Z,2018-03-02T01:01:

hashtag
Endpoints

hashtag
Get API Root Information

get

Returns information about the API root, including the collections available

Authorizations
AuthorizationstringRequired

Basic Authentication using Base64 encoded username:password. In the request Headers, the Authorization header passes the API a Base64 encoded string representing your username and password values, appended to the text Basic.

Path parameters
api-rootstringRequired

The API root identifier

Example: apibfore
Responses
chevron-right
200

API root information

application/taxii+json;version=2.1
get
/{api-root}/

hashtag
Get Collections

get

Returns a list of the collections available at the API root

Authorizations
AuthorizationstringRequired

Basic Authentication using Base64 encoded username:password. In the request Headers, the Authorization header passes the API a Base64 encoded string representing your username and password values, appended to the text Basic.

Path parameters
api-rootstringRequired

The API root identifier

Example: apibfore
Responses
chevron-right
200

List of available collections

application/taxii+json;version=2.1
get
/{api-root}/collections/

hashtag
Get Collection

get

Returns information about a specific collection

Authorizations
AuthorizationstringRequired

Basic Authentication using Base64 encoded username:password. In the request Headers, the Authorization header passes the API a Base64 encoded string representing your username and password values, appended to the text Basic.

Path parameters
api-rootstringRequired

The API root identifier

Example: apibfore
collection-idstring · uuidRequired

The collection identifier

Example: 365fed99-08fa-fdcd-a1b3-fb247eb41d01
Responses
chevron-right
200

Collection information

application/taxii+json;version=2.1
get
/{api-root}/collections/{collection-id}/

hashtag
Get Objects

get

Returns a list of the STIX objects in a specific collection

Authorizations
AuthorizationstringRequired

Basic Authentication using Base64 encoded username:password. In the request Headers, the Authorization header passes the API a Base64 encoded string representing your username and password values, appended to the text Basic.

Path parameters
api-rootstringRequired

The API root identifier

Example: apibfore
collection-idstring · uuidRequired

The collection identifier

Example: 365fed99-08fa-fdcd-a1b3-fb247eb41d01
Query parameters
added_afterstring · dateOptional

A timestamp that filters objects to only include those objects added after the specified timestamp. The added_after parameter is not in any way related to dates or times in a STIX object.

Example: 2022-01-01
match[id]stringOptional

The STIX ID of the object(s) that are being requested

Example: indicator--3600ad1b-fff1-4c98-bcc9-4de3bc2e2ffb
match[type]stringOptional

The type of the object(s) that are being requested

Example: indicator
match[version]stringOptional

The version(s) of the object(s) that are being requested from either an object or manifest endpoint. If no version parameter is provided, the server will return only the latest version for each object matching the remainder of the request.

Example: {"value":"all","description":"All versions"}
Responses
chevron-right
200

List of STIX objects

application/taxii+json;version=2.1
get
/{api-root}/collections/{collection-id}/objects/

hashtag
Get Object

get

Returns a specific STIX object

Authorizations
AuthorizationstringRequired

Basic Authentication using Base64 encoded username:password. In the request Headers, the Authorization header passes the API a Base64 encoded string representing your username and password values, appended to the text Basic.

Path parameters
api-rootstringRequired

The API root identifier

Example: apibfore
collection-idstring · uuidRequired

The collection identifier

Example: 365fed99-08fa-fdcd-a1b3-fb247eb41d01
object-idstringRequired

The STIX object identifier

Example: indicator--708a6b3e-04c5-4e7c-885b-b826f520fe97
Query parameters
match[version]stringOptional

The version(s) of the object that are being requested. If no version parameter is provided, the server will return only the latest version.

Example: {"value":"all","description":"All versions"}
Responses
chevron-right
200

STIX object

application/taxii+json;version=2.1
get
/{api-root}/collections/{collection-id}/objects/{object-id}/
PreviousIntelligence APINextIntegrations

Last updated

Was this helpful?