What is STIX?

STIX/TAXII is a global initiative designed to mitigate and prevention of cyber threats. Launched in December 2016 by the United States Department of Homeland Security (DHS), the organization is now managed under OASIS, a nonprofit organization that advances the development, adoption, and convergence of open standards for the Internet.

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence (CTI). STIX enables organizations to share CTI with one another in a consistent and machine-readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively. STIX is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

The objects and features added for inclusion in STIX 2.1 represent an iterative approach to fulfilling basic consumer and producer requirements for CTI sharing. Objects and properties not included in this version of STIX, but deemed necessary by the community, will be included in future releases.