// THREAT DETECTION AND DATA PRIVACY TERM
TAXII
TAXII, which stands for Trusted Automated Exchange of Intelligence Information, is a set of open standards for automatically sharing cyber threat intelligence between organizations. It acts like a secure delivery system for information about cyber threats, making it easier for different security systems to communicate and exchange data.
TECHNICAL DEFINITION
The Trusted Automated Exchange of Intelligence Information (TAXII) is an application-layer protocol specification, part of the STIX/TAXII framework, designed for the automated and secure exchange of structured Cyber Threat Intelligence (CTI) between trusted entities, facilitating machine-to-machine sharing of threat indicators and adversary information.
BACKGROUND
The Mitre Corporation is an American not-for-profit organization with dual headquarters in Bedford, Massachusetts, and McLean, Virginia. It manages federally funded research and development centers (FFRDCs) supporting various U.S. government agencies in the aviation, defense, healthcare, homeland security, and cybersecurity fields, among others.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- CTI Sharing Protocol
- Threat Intelligence Transport
- Automated Threat Exchange
- STIX/TAXII Protocol
- Threat Exchange Protocol
USAGE NOTE
TAXII is widely adopted in cybersecurity operations centers and intelligence-sharing communities to automate the ingestion and distribution of threat indicators, campaigns, and adversary tactics, techniques, and procedures (TTPs).
DEVELOPERS
Organizations developing technology related to TAXII.
A not-for-profit organization that manages federally funded research and development centers, heavily involved in developing and promoting cybersecurity standards like STIX and TAXII for threat intelligence sharing.
A prominent threat intelligence company that provides a platform for aggregating, analyzing, and disseminating cyber threat information, often supporting STIX/TAXII for data exchange.
Offers a leading threat intelligence platform that helps organizations operationalize threat data, supporting STIX/TAXII for seamless integration and sharing of cyber threat indicators.
A European vendor providing a threat intelligence platform and fusion center technology, actively supporting STIX/TAXII standards for threat information sharing and integration.
A major cybersecurity vendor, with products like IBM QRadar and X-Force Threat Intelligence, which utilize and integrate with TAXII for exchanging threat indicator information.
A leading data platform provider whose Splunk Enterprise Security solution integrates with various threat intelligence feeds, often leveraging TAXII for ingesting structured cyber threat information.
A global cybersecurity leader providing platforms and services, including advanced threat intelligence from Unit 42 and WildFire, which integrates with industry standards like TAXII for threat data exchange.
A U.S. federal agency responsible for strengthening the security and resilience of the nation's critical infrastructure, actively promoting and utilizing standards like TAXII for automated cyber threat information sharing.
Mandiant, now part of Google Cloud Security, provides advanced threat intelligence and incident response services, heavily leveraging and contributing to the use of standardized formats like STIX/TAXII for threat information exchange.
A leader in cloud-native endpoint protection and threat intelligence, whose CrowdStrike Falcon platform consumes and disseminates threat information, often supporting industry standards like TAXII for interoperability.