Schema

STIX is a schema that defines a taxonomy of cyber threat intelligence that is represented by the following objects:

STIX Core Objects

Any SDO, SCO, or SRO.

STIX Domain Objects

Higher Level Intelligence Objects that represent behaviors and constructs that threat analysts would typically create or work with while understanding the threat landscape.

STIX Cyber-observable Objects

Objects that represent observed facts about a network or host that may be used and related to higher level intelligence to form a more complete understanding of the threat landscape.

STIX Relationship Objects

Objects that connect STIX Domain Objects together, STIX Cyber-observable Objects together, and connect STIX Domain Objects and STIX Cyber-observable Objects together to form a more complete understanding of the threat landscape.

STIX Meta Objects (SMO)

A STIX Object that provides the necessary glue and associated metadata to enrich or extend STIX Core Objects to support user and system workflows.

STIX Bundle Object

An object that provides a wrapper mechanism for packaging arbitrary STIX content together.

Schema

STIX Core Objects​

STIX Domain Objects​

STIX Cyber-observable Objects​

STIX Relationship Objects​

STIX Meta Objects (SMO)​