What is Structured Threat Information Expression (STIX™)

A structured language for cyber threat intelligence

STIX™, short for Structured Threat Information eXpression, is a standardised language and serialisation format developed by MITRE and the OASIS Cyber Threat Intelligence (CTI) Technical Committee for describing cyber threat information and used to exchange cyber threat intelligence (CTI).

STIX enables organizations to share CTI with one another in a consistent and machine readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively.

STIX is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

It has been adopted as an international standard by various intelligence sharing communities and organizations. It is designed to be shared via TAXII, but can be shared by other means. STIX is structured in such a fashion that users can describe threat:

  • Motivations
  • Abilities
  • Capabilities
  • Response

Website: https://oasis-open.github.io/cti-documentation/