User guide

This user guide gives an overview of Cabby. It covers:

  • using Cabby as a library
  • using Cabby as a command line tool
  • configuration via environment variables
  • Docker quickstart guide

Note: this document assumes basic familiarity with TAXII specifications. Visit the TAXII homepage for more information about its features.

Using Cabby as a Python library

Below a few examples of how to use the Cabby in your code. We use test server instance hosted by TAXIIstand in examples.

Create a client:

from cabby import create_client

client = create_client(

Discover advertised services:

services = client.discover_services()
for service in services:
    print('Service type={s.type}, address={s.address}'

Poll content from a collection:

content_blocks = client.poll(collection_name='all-data')

for block in content_blocks:

Fetch the collections from Collection Management Serice (or Feed Management Service):

collections = client.get_collections(

Push content into Inbox Service:

content = '<some>content-text</some>'
binding = ''

    content, binding, uri='/read-write/services/inbox/default')

To force client to use TAXII 1.0 specifications, initiate it with a specific version argument value:

from cabby import create_client

client = create_client('', version='1.0')


Cabby client instances configured for TAXII 1.0 or TAXII 1.1 we will have slightly different method signatures (see Cabby API documentation for details).

Authentication methods

It is possible to set authentication parameters for TAXII requests:

from cabby import create_client

client = create_client(

# basic authentication
client.set_auth(username='john', password='p4ssw0rd')

# or JWT based authentication

# or basic authentication with SSL

# or only SSL authentication

Using Cabby as a command line tool

During installation Cabby adds a family of the command line tools prefixed with taxii- to your path:

Discover services:

(venv) $ taxii-discovery \
              --host \
              --path /read-only/services/discovery \

Fetch the collections list from Collection Management Service:

(venv) $ taxii-collections \

Poll content from a collection (Polling Service will be autodiscovered in advertised services):

(venv) $ $ taxii-poll \
               --host \
               --https --collection single-binding-slow \
               --discovery /read-only/services/discovery

Push content into Inbox Service:

(venv) $ taxii-push \
             --host \
             --https \
             --discovery /read-write/services/discovery \
             --content-file /intel/stix/stuxnet.stix.xml \
             --binding "" \
             --subtype custom-subtype

Create a subscription:

(venv) $ taxii-subscription \
             --host \
             --https \
             --path /read-write/services/collection-management \
             --action subscribe \
             --collection collection-A

Fetch the collections from a service protected by Basic authentication:

(venv) $ taxii-collections \
             --path \
             --username test \
             --password test

Fetch the collections from a service protected by JWT authentication:

(venv) $ taxii-collections \
             --host \
             --https \
             --path /read-write-auth/services/collection-management \
             --username guest \
             --password guest \
             --jwt-auth /management/auth

Copy content blocks from one server to another:

(venv) $ taxii-proxy \
             --poll-path \
             --poll-collection vxvault \
             --inbox-path \
             --inbox-collection stix-data \

Use --help to get more usage details.

Configuration via environment variables

  • CABBY_NO_HUGE_TREES: by default Cabby enables support for huge trees in lxml lib (see lxml manual). This disables security restrictions and enables support for very deep trees and very long text content. To disable this, set CABBY_NO_HUGE_TREES environment variable to any value.

Docker Quickstart

To ease the threshold for trying out Cabby, it is possible to use the image provided by EclecticIQ:

$ docker run --rm cabby bash

This will show you some helpful information on what commands are available, and then give you an interactive shell to play around in.

Next steps

See Cabby API documentation.