What is STIX and TAXII?

STIX (Structured Threat Information eXpression) is a standardized language which has been developed by MITRE in a collaborative way in order to represent structured information about cyber threats. It has been developed so it can be shared, stored, and otherwise used in a consistent manner that facilitates automation and human assisted analysis.TAXII (Trusted Automated eXchange of Indicator Information) is a collection of services and message exchanges to enable the sharing of information about cyber threats across product, service and organizational boundaries. It is a transport vehicle for STIX structured threat information and key enabler to widespread exchange.

What is STIX / TAXII? Standards for Threat Intelligence

STIX

STIX (Structured Threat Information eXpression) is a standardized language which has been developed by MITRE in a collaborative way in order to represent structured information about cyber threats. It has been developed so it can be shared, stored, and otherwise used in a consistent manner that facilitates automation and human assisted analysis.

TAXII

TAXII (Trusted Automated eXchange of Indicator Information) is a collection of services and message exchanges to enable the sharing of information about cyber threats across product, service and organizational boundaries. It is a transport vehicle for STIX structured threat information and key enabler to widespread exchange.

Why is it important?

STIX and TAXII allow transportation of threat information among IT security and intelligence technologies. Re-aligning IT security efforts based on real-time information exchanges between government, commercial suppliers, non-profit efforts and industry partners. One organization’s reactive, is the other’s proactive.

STIX and TAXII are open community efforts sponsored by the U.S. Department of Homeland Security are heavily supported by MITRE corporation. Enjoying global adoption, the industry will need to continue to work together and build upon this platform to make STIX and TAXII standards we continue to rely on.

The ecosystem

STIX and TAXII make it easier to share and collaborate within your sector, community or with partners, which in turn creates true Cyber Intelligence communities.

TAXII
STIX

Get started

.01

Read About STIX and TAXII

MITRE and the community have consolidated their documentation on Github. Find STIX documentation here and TAXII documentation here.
.02

Set-up your TAXII server and/or client

EclecticIQ has released an open-source TAXII Server named OpenTAXII and TAXII Client named Cabby. You can also request a hosted TAXII Server from us, use one of the test servers for experimentation, or get started using Docker.
.03

Transform your Intelligence / Indicators

Learn more about how to represent information in STIX, subscribe to the mailinglist or contact us at [email protected].
.04

Lift off!

Congratulations! You’re now part of the STIX and TAXII community. Talk to you on the mailing lists or contact us at [email protected] if you need any further assistance.

Resources

STIX 2.1

Prepare yourself for STIX 2.1. Read the White Paper 'STIX 2.1 - Built your own intel'.
Awesome libraries

A python library and java bindings for parsing, manipulating, and generating STIX content.
TAXII servers

OpenTAXII and its hosted test implementation. Also Hailataxii provides open source STIX/TAXII feeds.
Other

threatTRANSFORM was created out of the need for streamlining the creation of STIX datasets. Please let us know if you have a resource to share. [email protected]

What is STIX and TAXII?

The industry standards for Cyber Threat Intelligence

STIX

TAXII

Why is it important?

The ecosystem

Get started

Read About STIX and TAXII

Set-up your TAXII server and/or client

Transform your Intelligence / Indicators

Lift off!

Resources

STIX 2.1

Awesome libraries

TAXII servers

Other