Forum Discussion
STIX/TAXII security intelligence sharing
I'm afraid not - I'm not aware of any active development toward either consuming or publishing third party feeds - it's possible that there might be BIG-IP NEXT work going on in that regard that I'm not aware of, but certainly not anything I can find in Classic BIG-IP.
NEXT PM is probably the group to reach out to, if you have any contacts there.
Ok, but I see other major leading security vendors (not mentioning names here) already doing this where you can use TAXII server feeds to "import" this shared intelligence and enforce it on your product. I also found vulnerability scanners supporting STIX format as well.
I think F5 development should also focus on this and see how to embed this feature, for example with F5 AFM / IP intelligence to support the STIX format and read intel. AFM IP intelligence already supports external feeds but not STIX format I believe. It would also be interesting to do the same for ASM file uploads feature to detect malicious malware hash (information which is publicly available). For SWG / SSL Orchestrator URL filtering to detect malicious IP/domains, just to name a few.
Interesting project that integrates with third party.
https://docs.sekoia.io/cti/features/integrations/taxii/
I see this as a very strong standard which allows end users to combine several intelligence feeds/sources and have a similar security posture regardless of the security technology used.
This is indeed not an easy question but perhaps something for the F5 security architect to investigate, which I would find interesting in that position (perhaps Heath Parrot could have a look or someone from his team).
Oppertunities come with great ideas 🙂 NEXT PM not sure what that means but will inform my local F5 contacts about this.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com