From 5071bf33591aa0c147b3d53e4a98d4eab3b1755b Mon Sep 17 00:00:00 2001 From: Carlos Castillo Date: Mon, 16 Dec 2024 16:47:01 -0600 Subject: [PATCH 1/2] Vendor requested changes --- .../stix-taxii-1-client-source.md | 2 +- .../stix-taxii-2-client-source.md | 2 +- static/files/c2c/taxii-1/recorded-future-config.json | 2 +- static/files/c2c/taxii-2/recorded-future-config.json | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md index 94c95e6ac0..21f2a671da 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md @@ -114,7 +114,7 @@ Below is a list of Sumo Logic recommended configuration examples for specific th | Vendor | Notes | | :-- | :-- | | AlienVault | Use your API key as the HTTP username and leave the password blank. | -| Recorded Future | Use your API key as the HTTP password and leave the username blank. We recommend you setup both this TAXII 1 feed and the Recorded Future TAXII 2 feed. | +| Recorded Future | Use your API key as the HTTP password and use any non-empty string as username. The Recorded Future TAXII v1 service supports Recorded Future’s [default and large risk lists](https://support.recordedfuture.com/hc/en-us/articles/115008327148-Default-and-Large-Risk-Lists), as well as collections for each risk rule. More information can be found on the [Recorded Future Support portal](https://support.recordedfuture.com/hc/en-us/articles/115004303128-TAXII-V1-service) | ## FAQ diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md index 043948aa71..1ab0ddfdc4 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source.md @@ -122,7 +122,7 @@ Below is a list of Sumo Logic recommended configuration examples for specific th | Cybersixgill | Be sure to specify collection `102` in the configuration. | | Dragos | | Eclecticiq | | -| Recorded Future | Use your API key as the HTTP password and leave the username blank. We recommend you setup both this TAXII 2 feed and the Recorded Future TAXII 1 feed. | +| Recorded Future | Use your API key as the HTTP password and leave the username blank. Currently, the Recorded Future TAXII v2 service supports Recorded Future’s [default and large risk lists](https://support.recordedfuture.com/hc/en-us/articles/115008327148-Default-and-Large-Risk-Lists). For more specific risk lists based on an individual risk rule, use Recorded Future’s TAXII v1 service. | | PaloAlto Unit42 | | ## FAQ diff --git a/static/files/c2c/taxii-1/recorded-future-config.json b/static/files/c2c/taxii-1/recorded-future-config.json index f543f3fc72..552c0aa085 100644 --- a/static/files/c2c/taxii-1/recorded-future-config.json +++ b/static/files/c2c/taxii-1/recorded-future-config.json @@ -1,5 +1,5 @@ { - "name":"TAXII 1 RF - IP Large Test", + "name":"TAXII 1 Recorded Future IP Default", "useBasicAuth":true, "httpBasicPassword":"--- API KEY HERE ---", "discoveryURL":"https://api.recordedfuture.com/taxii", diff --git a/static/files/c2c/taxii-2/recorded-future-config.json b/static/files/c2c/taxii-2/recorded-future-config.json index 92f0f2a7e3..894a752e98 100644 --- a/static/files/c2c/taxii-2/recorded-future-config.json +++ b/static/files/c2c/taxii-2/recorded-future-config.json @@ -1,5 +1,5 @@ { - "name": "Recorded Future Large and Default Collections", + "name": "TAXII 2 Recorded Future Large and Default Collections", "authType": "Basic", "basicPassword": "--- API KEY HERE ---", "ti_version": "2.1", From ae8cd29b41cf6335363efb7819f6075f27239fa7 Mon Sep 17 00:00:00 2001 From: "John Pipkin (Sumo Logic)" Date: Mon, 16 Dec 2024 17:31:45 -0600 Subject: [PATCH 2/2] Update docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md --- .../stix-taxii-1-client-source.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md index 21f2a671da..068ede8221 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-1-client-source.md @@ -114,7 +114,7 @@ Below is a list of Sumo Logic recommended configuration examples for specific th | Vendor | Notes | | :-- | :-- | | AlienVault | Use your API key as the HTTP username and leave the password blank. | -| Recorded Future | Use your API key as the HTTP password and use any non-empty string as username. The Recorded Future TAXII v1 service supports Recorded Future’s [default and large risk lists](https://support.recordedfuture.com/hc/en-us/articles/115008327148-Default-and-Large-Risk-Lists), as well as collections for each risk rule. More information can be found on the [Recorded Future Support portal](https://support.recordedfuture.com/hc/en-us/articles/115004303128-TAXII-V1-service) | +| Recorded Future | Use your API key as the HTTP password and use any non-empty string as username. The Recorded Future TAXII v1 service supports Recorded Future’s [default and large risk lists](https://support.recordedfuture.com/hc/en-us/articles/115008327148-Default-and-Large-Risk-Lists), as well as collections for each risk rule. More information can be found on the [Recorded Future Support portal](https://support.recordedfuture.com/hc/en-us/articles/115004303128-TAXII-V1-service). | ## FAQ