TAXII Feeds

Data feeds are available as STIX feeds via TAXII. You can see the list of TAXII feeds and activate the desired ones in the TAXII FEEDS section. The feeds can be accessed or incorporated into your internal system by a standard TAXII interface. See the sample Python script for accessing TAXII feeds. When downloaded and extracted, open the script in a simple text editor to see further instructions for use.

Additionally, you can access TAXII feeds via the Postman template. To start using it, download the file, import it to Postman and set the variables values as described in the template.

To learn how to activate a TAXII feed, see the next chapter.

Data retention and filtering

The TAXII feeds data retention is two weeks; data older than 14 days is not available for retrieval.

To review the TAXII feeds from a specific period, use the added_after filter parameter with a timestamp value in the "YYYY-MM-DDTHH:MM:SS.ssssssZ" format. This way, the system will return the objects added after the specified timestamp. To learn more information, review the TAXII 2.1 specification.

If you do not provide the added_after filter parameter, the system will automatically set the default timestamp: two days before the current date and time. In this case, you will receive the TAXII feeds from the past two days.

Feed formats

All TAXII Feeds are available in STIX 2.1 format via TAXII 2.1 collections.

To preview a sample feed in the portal, select a report collection and click Download example. The downloaded JSON file contains a static sample feed that does not have live data; it is not updated.

The discovery link for TAXII feeds: https://taxii.eset.com/taxii2

You can choose from several types of feeds: