Support Questions

Hello all,

I am facing a problem retrieving events from the TAXII server. I am trying to integrate MISP with the SIEM LogRhythm, and as recommended, I installed the OASIS TAXII server following the guide here: https://www.misp-project.org/2023/04/29/MISP.how.to.push.to.a.taxii.server.html/
.

So far, I have pushed 3 events from MISP to the TAXII server using MongoDB as the backend. Querying the TAXII server with curl (GET /objects) or viewing collections in MISP, the events are returned correctly.

The problem arises when pushing additional/new events, especially when the number exceeds 10. In this case:

• The TAXII server stores the events correctly in MongoDB (verified via db.objects.count() and db.objects.find()).

• The MISP push job shows status “Completed”.

• However, querying the TAXII server via curl hangs or only returns previously pushed events, ignoring the new ones.

This prevents proper integration with LogRhythm, as the SIEM cannot fetch the latest events from the TAXII server.

Could you please advise on why this happens and provide a fix or workaround?

Thank you,

MISP version

2.5.26

Operating System

Ubuntu server

Operating System version

24.04

PHP version

8.3

Browser

Chrome

Browser version

No response

Relevant log output

Extra attachments

No response

Code of Conduct

• I agree to follow this project's Code of Conduct