Views:

Before you begin

You must have a public key for the SMS (smscert.pem) before you can install the certificate in the TAXII client.

Procedure

  1. Install Anomali STAXX. When installation is complete, access the console from the Virtual Machine (VM), and do the following:
    1. Enter a new Anomali password for sudo escalation.
    2. Enter the following command to enable SSH access, which allows you to access the instance remotely: 
       systemctl start sshd.service
      Note
      Note
      Some third-party TAXII clients may require an appropriate certificate for verification. Anomali STAXX, a tool to collect and share STIX/TAXII feeds, is used as an example.
  2. (Optional) Enter the following commands to enable NTP: 
    sudo systemctl enable ntpd
systemctl start ntpd
  3. (Optional) Set a static IP address.
    1. To discover the current IP address, enter the following command: 
      ifconfig
    2. To discover the interface/adapter name, enter the following command: 
      sudo vi /etc/sysconfig/network-scripts/<interface name>
    1. Once open, scroll down and modify BOOTPROTO= static.
    2. Add the following: 
      IPADDR= <host IP address>
NETMASK= <subnet mask>
GATEWAY= <default gateway>
NS1= <DNS record>
NS2= <secondary DNS server>
    3. To exit the editor, click ESC followed by wq!.
  4. Upload the public key to STAXX. The following example uses the Secure Copy (scp) command-line tool. You can also use SFTP from the command line or client.
    1. Locate the directory that has the public key.
    2. Enter the following command to transfer the file: 
      scp smscert.pem root@ip_staxx_server:/usr/share/pki/ca-trust/anchors
    3. After you upload the file, enter the following command: 
      update-ca-trust
  5. (Optional) Add the certificate common name to the /etc/hosts on the STAXX server. This is required if the SMS DNS entry does not match the certificate common name.
    1. From the VM console (or the SSH instance), connect as the Anomali user.
    2. Enter the following command: 
      sudo vi /etc/hosts
    3. Press i to enter insert mode.
    4. Add the corresponding IP address of the SMS server, and then map it to the common name of the created web certificate.
    TM_TP_STAXX=GUID-43158FFC-3A59-4D83-8585-F211C4AA4B22=1=en-us=Low.png
  6. Access the Anomali web console at https://staxx_ip_address:8080, and then do the following:
    1. Click the Gear to open the Settings page.
    2. Click Add Site.
    3. Enter a Description.
    4. Use the common name of the web certificate and the path of /taxii/ for the Discovery URL. For example, https://TrendMicroTippingPoint/taxii/.
  7. Select Basic Authentication.
  8. Enter a user which has permissions to access SMS Web Services, and note the following:
    • You can use any account that has the default superuser role.
    • You can create a new SMS user that has limited rights, but includes the ability to access SMS user rights.
    edit_site=GUID-0A0DBDDD-FDA9-4F46-A847-62CEB5CB2445=1=en-us=Low.png
  9. Test and verify that you have a successful connection.
    successful_connection=GUID-526D52F0-9938-4F56-8186-625E63F03960=1=en-us=Low.png