Even the largest enterprises and governments must work together as the only viable way to get ahead of the threat. Central to this happening is having a robust means to share cyber threat intelligence (CTI) information. This requirement drove the creation of the Structured Threat Information eXpression (STIX) language.
Since its introduction in 2013, STIX has become a mainstay of intelligence sharing. However, its first releases were limited in communicating anything more than the basics. With the new STIX 2.1, CTI analysts can now convey higher-level concepts like context and relationships in a standardized way.
From this white paper, you will learn:
- The essential updates with STIX 2.1: streamlining the number of objects, improving data transfer efficiency with JSON, and improvements to community knowledge building.
- Explanation of STIX 2.1 STIX Domain Objects (SDO), STIX Cyber-observable Objects (SCO), and STIX Relationship Objects (SRO).
- What it means to be fully interoperable with STIX 2.1.
- Putting STIX 2.1 in perspective as an interchange format versus a data model.