{"id":1576,"date":"2014-11-20T22:29:01","date_gmt":"2014-11-20T20:29:01","guid":{"rendered":"http:\/\/saisa.eu\/blogs\/Guidance\/?p=1576"},"modified":"2014-11-20T22:46:01","modified_gmt":"2014-11-20T20:46:01","slug":"stix-structured-threat-information-expression-by-mitre","status":"publish","type":"post","link":"https:\/\/saisa.eu\/blogs\/Guidance\/?p=1576","title":{"rendered":"STIX, Structured Threat Information eXpression, by Mitre"},"content":{"rendered":"

Structured Threat Information eXpression STIX<\/a> is a collaborative community-driven effort to define and develop a standardized language to represent structured cyber threat information.<\/p>\n

STIX Use Cases<\/strong><\/p>\n

\"STIX-usecases\"<\/a><\/p>\n

STIX sample<\/strong><\/p>\n

This is from the training material<\/a>.<\/p>\n

\n

\"STIX-sample\"<\/a><\/p>\n<\/blockquote>\n

From samples page<\/a>:<\/p>\n

\n<\/blockquote>\n

STIX Tree Viewer<\/strong><\/p>\n

One can use the tool STIX Tree Viewer from the training package.
\nSee training material<\/a> download on their training page<\/a>.
\nStixViz.exe is included in the directory .\\stix-taxii-workshop\\stix\\stix-viz<\/p>\n

\n

\"STIX-viewer\"<\/a><\/p>\n<\/blockquote>\n

In the example below, 2 files were selected from the .\\stix-taxii-workshop\\stix\\samples directory.<\/p>\n

\n

\"STIX-tree-view\"<\/a><\/p>\n<\/blockquote>\n

from FAQ<\/a><\/strong><\/p>\n

C2. What is the relationship between STIX and CybOX?<\/p>\n

\n

STIX uses the Cyber Observable eXpression (CybOX\u2122) language to describe cyber Observables. The CybOX schema is natively imported and used within STIX to characterize system and network events, characteristics, and behaviors observed within the operational domain.<\/p>\n<\/blockquote>\n

C5. What is the relationship between STIX and OpenIOC?<\/p>\n

\n

STIX Indicators can convey non-standard Indicator patterns in formats other than CybOX using the Test_Mechanism structure. Each format must be implemented as an extension of the Test_Mechanism extension point. STIX provides a default extension for Mandiant\u2019s Open Indicators of Compromise (OpenIOC) as well as extensions for the Open Vulnerability and Assessment Language (OVAL\u00c2\u00c2\u00ae), SNORT rules, and YARA rules.<\/p>\n<\/blockquote>\n

Other links<\/strong><\/p>\n