Skip to content
Log in

STIX / TAXII

Definition

Structured Threat Information eXpression (STIX) is a standardised language for describing threat intelligence objects. Trusted Automated eXchange of Intelligence Information (TAXII) is the transport protocol used to share STIX data between platforms, including from a TIP to a SIEM.

Related terms

EDR (Endpoint Detection and Response)
An agent-based security tool deployed on individual endpoints (workstations, servers, mobile devices) that monitors process execution, file changes, network connections, and registry...
MTTD / MTTR
Mean Time to Detect and Mean Time to Respond: the two primary operational KPIs for a SOC. MTTD measures the gap between...
SIEM (Security Information and Event Management)
A platform that aggregates log and event data from systems, networks, and applications across an environment, correlates events against detection rules, generates...
SOAR (Security Orchestration, Automation, and Response)
A platform that receives alerts from the SIEM and other sources, executes automated playbooks to enrich and triage them, and integrates with...
Threat Intelligence Platform (TIP)
A system that ingests indicator feeds from external providers and internal sources, deduplicates and scores them, and exports curated indicators of compromise...

Explained in

  • SOC Tooling and the SIEMStructured Threat Information eXpression (STIX) is a standardised language for describing threat intelligence objects. Trusted Automated eXchange of Intelligen...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account