// THREAT DETECTION AND DATA PRIVACY TERM
STIX
STIX, or Structured Threat Information Expression, is a standardized language designed to describe and share cyber threat intelligence in a way that computers can easily understand and process. It helps organizations automate the exchange of information about cyberattacks and threats.
TECHNICAL DEFINITION
STIX (Structured Threat Information Expression) is an OASIS open standard that defines a structured, machine-readable language for representing and sharing cyber threat intelligence (CTI). It facilitates automated information exchange and interoperability among cybersecurity tools and entities by expressing actionable threat information, including indicators of compromise (IOCs), attack patterns, campaigns, and adversaries.
BACKGROUND
The Mitre Corporation is an American not-for-profit organization with dual headquarters in Bedford, Massachusetts, and McLean, Virginia. It manages federally funded research and development centers (FFRDCs) supporting various U.S. government agencies in the aviation, defense, healthcare, homeland security, and cybersecurity fields, among others.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Structured Threat Information Expression
- CTI Standard
- Threat Intelligence Format
- OASIS STIX
USAGE NOTE
STIX is widely used in cybersecurity for automating the sharing of threat intelligence, improving collaborative defense, and enabling faster, more coordinated responses to cyber incidents.
DEVELOPERS
Organizations developing technology related to STIX.
MITRE is the primary developer and maintainer of the STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Indicator Information) standards, which are fundamental for sharing cyber threat intelligence.
Recorded Future is a leading threat intelligence company that utilizes and supports STIX for ingesting, enriching, and disseminating threat intelligence within its platform and with partners.
As a prominent cyber security and incident response firm, Mandiant leverages STIX for exchanging critical threat intelligence to enhance defensive capabilities and share insights into sophisticated attacks.
EclecticIQ offers a threat intelligence platform (TIP) that is built to support open standards like STIX, enabling organizations to collect, analyze, and share cyber threat intelligence efficiently.
ThreatConnect provides a Threat Intelligence Platform (TIP) and SOAR (Security Orchestration, Automation, and Response) solution that deeply integrates STIX for managing, analyzing, and acting upon cyber threat intelligence.
Splunk's security products, including Splunk Enterprise Security and Splunk SOAR, consume and process cyber threat intelligence, often integrating with STIX-compliant feeds to enhance detection and response capabilities.
Palo Alto Networks leverages STIX within its Unit 42 threat intelligence operations and its Cortex XSOAR platform to automate the ingestion and actionable use of cyber threat intelligence for proactive defense.