TAXII

TAXII (Trusted Automated eXchange of Intelligence Information) is a transport protocol designed for sharing cyber threat intelligence in a standardized, automated manner.

Core Concepts

• Collections - Sets of STIX objects organized by topic or source
• Channels - Publication mechanism for threat intelligence
• API Roots - Logical groupings of collections and channels
• Discovery - Finding available TAXII services

Service Models

• Collection Service - Request-response retrieval of threat intelligence
• Channel Service - Publish-subscribe distribution model

Key Features

• RESTful API - Standard HTTP-based communication
• Authentication - Secure access control
• Pagination - Handling large datasets efficiently
• Filtering - Query specific threat intelligence

Use Cases

• Automated threat feed consumption
• Sharing indicators between organizations
• ISAC/ISAO information sharing
• Threat intelligence platform integration