What are STIX / TAXII
The industry standard for sharing threat intelligence
STIX/TAXII Was Developed From a Need for a Threat Intelligence Sharing Standard
STIX and TAXII are standards developed in an effort to improve the prevention and mitigation of cyber-attacks. STIX states the “what” of threat intelligence, while TAXII defines “how” that information is relayed. Unlike previous methods of sharing, STIX and TAXII are machine-readable and therefore easily automated.
STIX/TAXII aims to improve security measures in a few ways:
- Extend the capabilities of current threat intelligence sharing
- Balance response with proactive detection
- Encourage a holistic approach to threat intelligence
The establishment of STIX/TAXII is an open, community-driven effort that provides free specifications to aid in the automated expression of cyber threat information. Both possess an active community of developers and analysts.
STIX
STIX, short for Structured Threat Information eXpression, is a standardized language developed by MITRE and the OASIS Cyber Threat Intelligence (CTI) Technical Committee for describing cyber threat information. It has been adopted as an international standard by various intelligence sharing communities and organizations. It is designed to be shared via TAXII but can be shared by other means. STIX is structured so that users can describe threat:
- Motivations
- Abilities
- Capabilities
- Response