0PricingLogin
Cyber Security Academy · Lesson

STIX, TAXII, and Threat Sharing

Structure threat data in STIX 2.1 objects and distribute via TAXII 2.1 servers.

The Sharing Problem

Organizations face similar threats but traditionally share intelligence poorly: different formats, manual email sharing, and no automation. STIX and TAXII provide standardized machine-readable formats and transport protocols for automated sharing.

STIX 2.1 Overview

STIX (Structured Threat Information eXpression) is a JSON-based language for expressing threat intelligence. It defines standard object types that represent real-world threat concepts.

# STIX 2.1 Domain Objects:
# indicator      - Pattern to detect threats
# threat-actor   - Named adversary group
# attack-pattern - ATT&CK technique
# malware        - Malware characteristics
# campaign       - Coordinated activity
# report         - Collection of STIX objects
# observed-data  - Raw observables
# relationship   - Links objects together

All lessons in this course

  1. Threat Intelligence Types and Sources
  2. MITRE ATT&CK Framework
  3. STIX, TAXII, and Threat Sharing
  4. Operationalizing Intel: Threat Hunting
← Back to Cyber Security Academy