STIX Wiki

Identity

Identities can represent actual individuals, organizations, or groups (e.g., ACME, Inc.) as well as classes of individuals, organizations, systems or groups (e.g., the finance sector).

The Identity SDO can capture basic identifying information, contact information, and the sectors that the Identity belongs to. Identity is used in STIX to represent, among other things, targets of attacks, information sources, object creators, and threat actor identities.

Properties

Required Common Properties

typespec_versionidcreatedmodifiedname

Optional Common Properties

created_by_reflabelsrevokedconfidencelangexternal_referencesobject_marking_refsgranular_markingsextensions

Not Applicable

defanged

Identity Specific

rolesnamedescriptionidentity_classsectorscontact_information

Property	Type	Description
`type`optional	`string`	The type of this object, which MUST be the literal `identity`.
`roles`optional	list of `string`	The list of roles that this Identity performs (e.g., CEO, Domain Administrators, Doctors, Hospital, or Retailer). No open vocabulary is yet defined for this property.
`name`required	`string`	The name of this Identity.
`description`optional	`string`	A description that provides more details and context about the Identity.
`identity_class`optional	`string`	The type of entity that this Identity describes, e.g., an individual or organization. Open Vocab - identity-class-ov
`sectors`optional	list of `string`	The list of sectors that this Identity belongs to. Open Vocab - industry-sector-ov
`contact_information`optional	`string`	The contact information (e-mail, phone number, etc.) for this Identity.

Relationships

These are the relationships explicitly defined between the Identity object and other STIX Objects. The first section lists the embedded relationships by property name along with their corresponding target. The rest of the table identifies the relationships that can be made from this object type to another object type by way of the Relationship object. The reverse relationships section illustrates the relationships targeting this object type from another object type. They are included here for convenience. For their definitions, please see the "Source" object.

Relationships are not restricted to those listed below. Relationships can be created between any objects using the related-to relationship type or, as with open vocabularies, user-defined names.

Identity

Identities can represent actual individuals, organizations, or groups (e.g., ACME, Inc.) as well as classes of individuals, organizations, systems or groups (e.g., the finance sector).

Properties

Required Common Properties

typespec_versionidcreatedmodifiedname

Optional Common Properties

created_by_reflabelsrevokedconfidencelangexternal_referencesobject_marking_refsgranular_markingsextensions

Not Applicable

defanged

Identity Specific

rolesnamedescriptionidentity_classsectorscontact_information

Property	Type	Description
`type`optional	`string`	The type of this object, which MUST be the literal `identity`.
`roles`optional	list of `string`	The list of roles that this Identity performs (e.g., CEO, Domain Administrators, Doctors, Hospital, or Retailer). No open vocabulary is yet defined for this property.
`name`required	`string`	The name of this Identity.
`description`optional	`string`	A description that provides more details and context about the Identity.
`identity_class`optional	`string`	The type of entity that this Identity describes, e.g., an individual or organization. Open Vocab - identity-class-ov
`sectors`optional	list of `string`	The list of sectors that this Identity belongs to. Open Vocab - industry-sector-ov
`contact_information`optional	`string`	The contact information (e-mail, phone number, etc.) for this Identity.

Relationships

Relationships are not restricted to those listed below. Relationships can be created between any objects using the related-to relationship type or, as with open vocabularies, user-defined names.

Identity

Properties

Relationships

On this page

Identity

Properties

Relationships

On this page