Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Intelligence Information (TAXII)
The old adage of “sharing is caring” is paramount within the cyber threat intelligence community. Quick and in-depth transfer of knowledge between individuals, organizations, products, and platforms can lead to improved prevention and mitigation of cyber-attacks. There are many sources of information possible for acquiring such knowledge, but sharing opens many questions:
- How best to share this information and what should the information look like?
- What structure will ensure that it is quickly and efficiently parsed?
- How can you guarantee that the information you share is detailed and accurate?
Cyber threat sharing protocols called Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Intelligence Information (TAXII) have been developed in response to these questions. The establishment of STIX/TAXII is an open, community-driven effort that provides free specifications to aid in the automated expression of cyber threat information.