STIX

STIX (Structured Threat Information eXpression) is a standardized language for representing and sharing cyber threat intelligence in a structured, machine-readable format.

Core Concepts

• STIX Domain Objects (SDOs) - Attack patterns, campaigns, indicators, malware, threat actors, tools, vulnerabilities
• STIX Relationship Objects (SROs) - Connections between objects
• STIX Cyber Observable Objects (SCOs) - Technical observables like IPs, domains, files
• STIX Bundle - Collection of STIX objects

Key Features

• JSON-Based Format - Human and machine-readable
• Extensibility - Custom objects and properties
• Versioning - Track changes to threat intelligence
• Relationships - Rich connections between data points

Use Cases

• Threat intelligence sharing between organizations
• Automated ingestion of threat feeds
• Incident documentation and analysis
• Integration with SIEM and security tools
• Regulatory and compliance reporting