Current ThreatQ Version Filter
 

Reviewing the Client Access Log

THREATQ REQUIRED PERMISSIONS

Default ThreatQ Role: Administrative or Maintenance
Custom Role - Action Permissions: Data Exchange - Edit Data Exchange Feeds

The Client Access Log tracks connection attempts and data polling on the TAXII server.  The log stores the last seven days of activity or 1,000 entries and lists these entries in from most recent to oldest.

  1. From the TAXI Users & Collections page, click the Client Access Log tab.
    The Client Access Log is displayed.
    Client Access Log
  2. From the Client Access Log tab, you can view the following information:
    Column Name Description
    Status The status code returned to the TAXII client from the TAXII server when a request was made and responded to. Statuses with a value greater than or equal to 400 are displayed with a red background.
    Method The Request method used by the TAXII client.
    Identity The derived identity of the TAXII client based on the client's provided authorization header.
    Client IP The IP address from which the request originated.
    Accept Header The accept header the TAXII client sent in the request.
    Path The server path the TAXII client requested.
    Reason Describes the reason for a failed attempt.
    Date The date and time the request was made.
  3. Click the refresh button in the upper right corner to refresh the log entries displayed.  You can also use the navigation options at the bottom of the page to view additional pages of log entries or update the number of entries displayed in each page.