OpenTAXII is a robust Python implementation of TAXII Services with a rich feature set and extensible, code-level APIs.

OpenTAXII allows developers to run an extensible implementation of TAXII Services for producers and consumers of threat intelligence. 
TAXII, or Trusted Automated eXchange of Indicator Information, defines a set of services and message exchanges used for sharing cyber threat intelligence, in various formats such as STIX, between parties. 
Check the OpenTAXII page on GitHub for more information.

Key Features

OpenTAXII implements all TAXII services and meets TAXII specifications (version 1.0 and 1.1). 

In addition to these core services, OpenTAXII functionality includes:

  • Persistence API for accessing a built-in SQL database
  • Authentication API for token exchange 
  • Signal API for asynchronous notifications, including custom signal listeners
  • Flexible logging
  • Extensible API’s

Technical Overview

Designed for extensibility and interoperability, OpenTAXII architecture follows the TAXII specifications with functional units for TAXII Transfer Unit (TTU), TAXII Message Handler (TMH), and back-end services.  

OpenTAXII includes:

  • Transport layer (Flask based web app)
  • TAXII logic layer (TAXII server/services/message handlers)
  • Persistence layer (extendable Persistence API)
  • Authentication layer (extendable Authentication API)
View on GitHub

OpenTAXII Users

Apache Metron


From the developers of open-source projects OpenTAXII and Cabby, EclecticIQ Platform is a full-featured Threat Intelligence Platform (TIP) that delivers analyst-centric technology to consolidate, analyze, manage, action, and disseminate intelligence and reports.

Get involved