STIX Wiki
STIX Wiki

Overview

IntroductionGetting StartedWalkthrough

Reference

Domain Objects
Attack PatternCampaignCourse of ActionGroupingIdentityIncidentIndicatorInfrastructureIntrusion SetLocationMalware AnalysisMalwareNoteObserved DataOpinionReportThreat ActorToolVulnerability
Relationship Objects
Cyber-observable Objects
Meta Objects
Bundle Object
Domain Objects

Infrastructure

The Infrastructure SDO represents a type of TTP and describes any systems, software services and any associated physical or virtual resources intended to support some purpose (e.g., C2 servers used as part of an attack, device or server that are part of defense, database servers targeted by an attack, etc.). While elements of an attack can be represented by other SDOs or SCOs, the Infrastructure SDO represents a named group of related data that constitutes the infrastructure.

Properties

Required Common Properties
typespec_versionidcreatedmodifiedname
Optional Common Properties
created_by_reflabelsrevokedconfidencelangexternal_referencesobject_marking_refsgranular_markingsextensions
Not Applicable
defanged
Infrastructure Specific
namedescriptioninfrastructure_typesaliaseskill_chain_phasesfirst_seenlast_seen
PropertyTypeDescription
typeoptional
stringThe type of this object, which MUST be the literal `infrastructure`.
namerequired
stringThe name used to identify the Infrastructure.
descriptionoptional
stringA description that provides more details and context about this Infrastructure potentially including its purpose and its key characteristics.
infrastructure_typesoptional
list of stringThis field is an Open Vocabulary that specifies the type of infrastructure. Open vocab - infrastructure-type-ov
aliasesoptional
list of stringAlternative names used to identify this Infrastructure.
kill_chain_phasesoptional
list of objectThe list of kill chain phases for which this infrastructure is used.
first_seenoptional
stringRepresents timestamps across the CTI specifications. The format is an RFC3339 timestamp, with a required timezone specification of 'Z'.
last_seenoptional
stringRepresents timestamps across the CTI specifications. The format is an RFC3339 timestamp, with a required timezone specification of 'Z'.

Relationships

These are the relationships explicitly defined between the Infrastructure object and other STIX Objects. The first section lists the embedded relationships by property name along with their corresponding target. The rest of the table identifies the relationships that can be made from this object type to another object type by way of the Relationship object. The reverse relationships section illustrates the relationships targeting this object type from another object type. They are included here for convenience. For their definitions, please see the "Source" object.

Relationships are not restricted to those listed below. Relationships can be created between any objects using the related-to relationship type or, as with open vocabularies, user-defined names.

Indicator

Previous Page

Intrusion Set

Next Page

On this page

PropertiesRelationships