The OASIS and Mitre Corporation Staff are developing an open source TAXII 2.0 Server to support the global cyber threat intelligence community in its build-out of the STIX 2.0 ecosystem. The taxii-server code under development is in a GitHub repository. It is a Python library which will process HTTPS requests from TAXII clients in conformance with the TAXII specification. Contributions to this OASIS Open Repository are invited from all parties, whether affiliated with OASIS or not. Participants must have a GitHub account, but no fees or OASIS membership obligations are required.
You can access the code at:
It is currently being maintained by Rich Piazza and Greg Back of the Mitre Corporation. They encourage feedback through the use of issues or comments directly on the GitHub site.
In addition, Bret Jordan, Co-Chairman of the TAXII 2.0 Subcommittee has stood up an Open Source Server at:
The following Accept headers are supported (you can change your accept header in Chrome with the ModHeader plugin)
application/vnd.oasis.taxii+json – the standard TAXII 2 format
application/json – a pretty JSON representation
text/html – you will get a pretty web interface
If you do not want to use your web browser and do not yet have a TAXII client, you can use curl:
curl -H “Accept:application/vnd.oasis.taxii+json;” https://test.freetaxii.com:8000/taxii/
curl -H “Accept:application/vnd.oasis.taxii+json;” https://test.freetaxii.com:8000/api1/
curl -H “Accept:application/vnd.oasis.taxii+json;” https://test.freetaxii.com:8000/api1/collections/
taxii2lib.js uses asynchronous requests to fetch TAXII 2.0 server resources. It has five classes, namely:
TaxiiConnect, providing the async communications to the server.
Server, endpoint for retrieving the discovery and api roots resources.
Collections, endpoint for retrieving the list of collection resources.
Collection, endpoint for retrieving a collection resource and associated objects.
Status, endpoint for retrieving a status resources.
The following TAXII 2.0 API services are supported with these corresponding async methods:
Server Discovery –> server.discovery()
Get API Root Information –> server.api_roots()
Get Collections –> collections.get() and collections.get(i)
Get a Collection –> collection.get()
Get Objects –> collection.getObjects()
Add Objects –> collection.addObject(bundle)
Get an Object –> collection.getObject(obj_id)
Get Object Manifests –> collection.getManifest() and collection.getManifest(obj_id)
Get Status –> status.get()