Skip to content
Log in

STIX

Definition

Structured Threat Information eXpression. A standardised, machine-readable language for encoding and sharing threat intelligence objects such as indicators, threat actors, campaigns, and malware. Maintained by OASIS and widely supported by commercial and open-source intelligence platforms.

Related terms

Diamond Model
An analytic framework that structures a cyber intrusion event around four linked elements: adversary, capability, infrastructure, and victim. The model makes explicit...
Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
MITRE ATT&CK
A publicly available knowledge base of adversary tactics, techniques, and procedures derived from real-world intrusion observations. Maintained by the MITRE Corporation. Techniques...
Tactics, Techniques, and Procedures (TTPs)
A three-level description of adversary behaviour. Tactics are the high-level goals (initial access, persistence, exfiltration). Techniques are the specific methods (spear-phishing, pass-the-hash)....
TAXII
Trusted Automated eXchange of Intelligence Information. The transport protocol used to share STIX content between organisations. TAXII defines server and client roles,...

Explained in

  • Threat Intelligence FundamentalsStructured Threat Information eXpression. A standardised, machine-readable language for encoding and sharing threat intelligence objects such as indicators, th...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account