// THREAT DETECTION AND DATA PRIVACY TERM
STIX
STIX, or Structured Threat Information Expression, is a standardized language designed to describe and share cyber threat intelligence in a way that computers can easily understand and process. It helps organizations automate the exchange of information about cyberattacks and threats.
TECHNICAL DEFINITION
STIX (Structured Threat Information Expression) is an OASIS open standard that defines a structured, machine-readable language for representing and sharing cyber threat intelligence (CTI). It facilitates automated information exchange and interoperability among cybersecurity tools and entities by expressing actionable threat information, including indicators of compromise (IOCs), attack patterns, campaigns, and adversaries.
BACKGROUND
Cyber threat intelligence (CTI) is a part of cybersecurity that focuses on collecting, analyzing, and sharing information about potential or existing cyber threats. It gives organizations the information needed to predict, prevent, and respond to cyberattacks, enabling them to understand attackers’ behavior, tactics, and the vulnerabilities they exploit.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Structured Threat Information Expression
- CTI Standard
- Threat Intelligence Format
- OASIS STIX
USAGE NOTE
STIX is widely used in cybersecurity for automating the sharing of threat intelligence, improving collaborative defense, and enabling faster, more coordinated responses to cyber incidents.
DEVELOPERS
Organizations developing technology related to STIX.
MITRE is the primary developer and maintainer of the STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Indicator Information) standards, which are fundamental for sharing cyber threat intelligence.
Recorded Future is a leading threat intelligence company that utilizes and supports STIX for ingesting, enriching, and disseminating threat intelligence within its platform and with partners.
As a prominent cyber security and incident response firm, Mandiant leverages STIX for exchanging critical threat intelligence to enhance defensive capabilities and share insights into sophisticated attacks.
EclecticIQ offers a threat intelligence platform (TIP) that is built to support open standards like STIX, enabling organizations to collect, analyze, and share cyber threat intelligence efficiently.
ThreatConnect provides a Threat Intelligence Platform (TIP) and SOAR (Security Orchestration, Automation, and Response) solution that deeply integrates STIX for managing, analyzing, and acting upon cyber threat intelligence.
Splunk's security products, including Splunk Enterprise Security and Splunk SOAR, consume and process cyber threat intelligence, often integrating with STIX-compliant feeds to enhance detection and response capabilities.
Palo Alto Networks leverages STIX within its Unit 42 threat intelligence operations and its Cortex XSOAR platform to automate the ingestion and actionable use of cyber threat intelligence for proactive defense.