Skip to content

STIX & TAXII Export Enhancements #1793

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AlyaGomaa merged 33 commits into from
Feb 3, 2026
Merged

STIX & TAXII Export Enhancements #1793

AlyaGomaa merged 33 commits into from
Feb 3, 2026
+1,113 −46

Conversation

@AlyaGomaa
Copy link
Collaborator

@AlyaGomaa AlyaGomaa commented Feb 3, 2026

1. STIX Export Enhancements

  • Added threat_level to meta in StixExporter for richer evidence descriptions.
  • Included observed and created timestamps in STIX metadata for better temporal context.
  • Improved STIX indicator descriptions with metadata and valid time information.
  • Refactored STIX XML formatting for readability and correctness.
  • Enhanced STIX export logic to support direct export and improve error messaging.
  • Enhanced logging for STIX export: included sample objects and detailed error messages.
  • Added error handling and IP validation in STIX export.

2. TAXII Integration Updates

  • Added TAXII version support and configuration retrieval methods.
  • Updated TAXII content binding to use attribute format.
  • Corrected TAXII inbox XML structure and consolidated collection names.
  • Enhanced direct export functionality for TAXII alerts, including configuration for workers, retries, backoff delays, and caching.
  • Added taxii_timeout parameter for HTTP requests and updated direct_export_retry_max to allow infinite retries.

3. Direct Export Worker Implementation

  • Implemented direct export workers for STIX evidence with graceful shutdown.
  • Introduced worker configuration and evidence locking to manage concurrent exports safely.
  • Refactored worker management and error handling for robustness.

4. Configuration and Documentation

  • Updated slips.yaml documentation for TAXII_server parameter.
  • Added configuration options for direct export retry, worker management, and backoff delays.

5. Miscellaneous

  • Implemented SQLite queue for direct export of evidence to improve reliability.
  • Added handling for None in data_to_send in ScanDetectionsHandler.
  • Added old-pipeline directory to .gitignore.

eldraco added 30 commits January 24, 2026 17:06
@eldraco
add handling for None data_to_send in ScanDetectionsHandler
0eab9bb
@eldraco
add old-pipeline directory to .gitignore
195a25e
@eldraco
enhance STIX export functionality with error handling and IP validation
24d100f
@eldraco
add logging for STIX export process and handle export conditions
e46768f
@eldraco
enhance STIX export logging with sample objects and detailed error me…
75027be 
…ssages
@eldraco
refactor STIX export logic to handle direct export and improve error …
1488925 
…messaging
@eldraco
implement direct export functionality with caching and enhanced logging
6ad4603
@eldraco
add method to retrieve direct export configuration for TAXII alerts
29d3d26
@eldraco
add direct export option for TAXII alerts in configuration
e9b117f
@eldraco
implement direct export workers for STIX evidence with graceful shutdown
bd7d273
@eldraco
add direct export worker configuration for TAXII alerts
d590d58
@eldraco
enhance direct export functionality with worker configuration and evi…
579e9cc 
…dence locking
@eldraco
add method to retrieve TAXII direct export worker configuration
78bdfdd
@eldraco
refactor direct export worker management and enhance error handling
bc22cbe
@eldraco
add configuration options for direct export retry and worker management
17e0925
@eldraco
add TAXII direct export configuration options for max workers, retry …
6329095 
…settings, and backoff delays
@eldraco
add direct export configuration options for max workers and retry set…
b4677ad 
…tings
@eldraco
add TAXII protocol version configuration to exporting alerts
4c54142
@eldraco
add TAXII version configuration for direct export
0d3af8c
@eldraco
add TAXII version support and enhance direct export functionality
211ca1e
@eldraco
add TAXII version retrieval method to ConfigParser
024a2fc
@eldraco
refactor STIX XML and TAXII inbox message formatting for improved rea…
d33e99f 
…dability
@eldraco
fix: correct XML structure for TAXII inbox message by consolidating c…
e8eba08 
…ollection names
@eldraco
fix: update TAXII content binding to use attribute format
ef7b280
@eldraco
fix: enhance STIX indicator description with metadata and valid time …
83d913d 
…information
@eldraco
fix: update SLIPS_META to include observed and created timestamps in …
00bef74 
…STIX description
@eldraco
fix: implement SQLite queue for direct export of evidence
45b6a41
@eldraco
fix: enhance StixExporter with timeout and object URL resolution impr…
04c8fba 
…ovements
@eldraco
fix: add taxii_timeout method and update direct_export_retry_max defa…
f513245 
…ult value
@eldraco
fix: update direct_export_retry_max to allow infinite retries and add…
9fee1f7 
… taxii_timeout for HTTP requests
@github-project-automation github-project-automation bot moved this to Todo in Slips Feb 3, 2026
@AlyaGomaa AlyaGomaa merged commit 983c4b9 into develop Feb 3, 2026
75 checks passed
@github-project-automation github-project-automation bot moved this from Todo to Done in Slips Feb 3, 2026
@AlyaGomaa AlyaGomaa deleted the sebas-fix-error-update branch February 3, 2026 08:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Slips
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AlyaGomaa @eldraco