Standardizing Cyber Threat Intelligence Information with the Structured Threat Information Expression
This document reflects ongoing efforts to create, evolve, and refine the community-based development of sharing and structuring cyber threat information. STIX is built upon feedback and active participation from organizations and experts across a broad spectrum of industry, academia, and government. This includes consumers and producers of cyber threat information in security operations centers, CERTs, cyber threat intelligence cells, and security executives and decision makers, as well as numerous currently active information sharing groups, with a diverse set of sharing models. MITRE serves as the moderator of the STIX community on behalf of the Department of Homeland Security (DHS) and welcomes your participation.
Cyber security is a complex and multifaceted problem domain and continues to become more so. Our dependence on complex technology continues to grow and, at the same time, the threat environment continues to grow and evolve in dynamic and daunting ways. Traditional approaches for cyber security, that focus inward on understanding and addressing vulnerabilities, weaknesses and configurations are necessary but insufficient.
Effective defense against current and future threats also requires the addition of a balancing, outward focus, on understanding the adversary’s behavior, capability, and intent. Only through a balanced understanding of both the adversary and ourselves can we hope to understand enough about the true nature of the threats we face to make intelligent defensive decisions.