We use cookies to improve your experience. Do you accept?

Cyware Adds STIX 2.1 Support for Custom Threat Intelligence Feeds

Cyware Adds STIX 2.1 Support for Custom Threat Intelligence Feeds - Featured Image

STIX 2.0 May 1, 2020

What is STIX 2.1?

STIX is a language and serialization format that enables organizations to share cyber threat intelligence with one another in a standardized and machine-readable format. STIX 2.1 is the latest version of this standard and was released in March, 2020.

How does Cyware provide support for STIX 2.1 standard?

The Cyware Threat Intelligence eXchange (CTIX) offers two-fold support for the STIX 2.1 standard as embedded in the platform.

  • Sourced Threat Intelligence : The sourced intelligence is automatically ingested and normalized in real-time into several STIX standards including STIX 1.x, STIX 2.0, and STIX 2.1. Enterprises can use this capability to ingest and normalize technical threat intelligence sourced from commercial threat intelligence providers, vendors, ISACs/ISAOs, CERTs, and others.

  • Custom Threat Intelligence : The Threat Intelligence Analysts can use STIX 2.1 forms for manual conversion of custom intelligence into STIX 2.1 packages. The forms provide three fold-capability for creating of STIX 2.1 intel packages.

The three-fold capability

  • Quick Submission: This form allows threat intelligence analysts to quickly create STIX 2.1 packages with minimal information. The CTIX platform runs automated analysis tasks in the background to draw full intelligence and patterns on the malicious attributes.
  • Detailed Submission : The detailed submission form allows threat intelligence analysts to create detailed STIX 2.1 packages. The feature also enables the creation of Custom Objects and Relations.
  • Free Text Conversion to STIX Package: Threat intelligence teams can also automatically convert free text into a STIX 2.1 package with just a click of a button.

**What are Specialized Domain Objects (SDOs)? **

  • STIX Objects categorize each piece of information with specific attributes to be populated. Chaining multiple objects together through relationships allow for easy or complex representations of cyber threat intelligence.
  • STIX 2.1 defines 18 SDOs which are Attack Pattern, Campaign, Course of Action, Grouping, Identity, Indicator, Intrusion Set, Infrastructure, Location, Malware, Malware Analysis, Note, Observed Data, Opinion, Report, Threat Actor, Tool, and Vulnerability.
  • CTIX offers support for all 18 SDOs as defined in STIX 2.1 standard.

Increasing reliance on Custom Threat Intelligence

  • More and more organizations are now leveraging capabilities offered by CTIX to harvest and operationalize internal threat intelligence.
  • Internal intel feeds are critical to drawing contextual and actionable threat intelligence for threat mitigation.
  • Cywarehas now extended STIX 2.1 support to these custom internal intel feeds for making the actioning and threat data dissemination to security tools a simple and convenient task for security teams.

Related Blogs

Cyware Threat Intelligence Lite Platform Now Available on AWS Marketplace - Featured Image

Cyware Threat Intelligence Lite Platform Now Available on AWS Marketplace

We are pleased to announce another milestone for Cyware, with the release and immediate availability of the [Intel Exchange (CTIX Lite)](https://aws.amazon.com/

Cyware Threat Intelligence Exchange (CTIX)AWS MarketplaceCTIX Lite
Gain 360-Degree Insights into Threat Data with Cyware’s Revamped Threat Data Capabilities - Featured Image

Gain 360-Degree Insights into Threat Data with Cyware’s Revamped Threat Data Capabilities

If security teams fail to gain the required context from the ingested threat data for predicting and preempting threats, then such threat data is meaningless. W

Use CaseThreat DataCyware Threat Intelligence Exchange (CTIX)
Accelerate Investigation and Build Contextualized Threat Intel with Cyware Threat Intelligence eXchange - Featured Image

Accelerate Investigation and Build Contextualized Threat Intel with Cyware Threat Intelligence eXchange

Security teams often face challenges with the structured investigation, absence of team collaboration, and unorganized threat data. The [Cyware Threat Intellige

Threat InvestigationsCyware Threat Intelligence Exchange (CTIX)
Reinforce Threat Investigation Data with Interactive Threat Bulletins - Featured Image

Reinforce Threat Investigation Data with Interactive Threat Bulletins

Threat Bulletins enable security teams and stakeholders to make smarter business decisions while helping them keep pace with the evolving threat landscape. The

Threat BulletinsCyware Threat Intelligence Exchange (CTIX)
Enhance Ransomware Intelligence Sharing with CTIX Automation - Featured Image

Enhance Ransomware Intelligence Sharing with CTIX Automation

In July 2021, security researchers and analysts from [Huntress](https://www.crn.com/slide-shows/security/kaseya-likely-got-ransomware-decryptor-from-revil-huntr

Cyware Threat Intelligence Exchange (CTIX)Ransomware
Cyware's SOAR Response Workflow for SUNBURST Attack - Featured Image

Cyware's SOAR Response Workflow for SUNBURST Attack

Over the last several days, the malware tracked by several names including Solorigate and SUNBURST is being used in a widespread campaign termed UNC2452. The ca

Cyware Fusion and Threat Response (CFTR)Cyware Situational Awareness Platform (CSAP)Cyware Threat Intelligence Exchange (CTIX)Cyware Security Orchestration Layer (CSOL)
Driving Threat Intelligence Towards the Most Critical Threats Using MITRE ATT&CK Navigator - Featured Image

Driving Threat Intelligence Towards the Most Critical Threats Using MITRE ATT&CK Navigator

The [MITRE ATT&CK framework](https://cyware.com/educational-guides/cyber-threat-intelligence/how-useful-is-mitre-attck-framework-in-threat-intelligence-7c59) is

Cyware Threat Intelligence Exchange (CTIX)
Unlock Actionable Threat Intelligence with the Cyware’s Feeds ROI Dashboard - Featured Image

Unlock Actionable Threat Intelligence with the Cyware’s Feeds ROI Dashboard

While every organization in today’s day and age leverages threat intelligence to enhance its security operations, there is often a lot of ambiguity around the u

Cyware Threat Intelligence Exchange (CTIX)
Collect Actionable Intel in Real-time with Cyware's Twitter Feed Integration - Featured Image

Collect Actionable Intel in Real-time with Cyware's Twitter Feed Integration

Social media is used as a networking tool by many people. However, security professionals can use it as an additional information source to improve their analys

Cyware Threat Intelligence Exchange (CTIX)
Cyware Partners with Sixgill to Deliver Proactive Threat Intelligence Solution - Featured Image

Cyware Partners with Sixgill to Deliver Proactive Threat Intelligence Solution

NEW YORK, July 23, 2020 – [Cyware](https://cyware.com/), the leading provider of threat intelligence and cyber fusion solutions, today announced a new partnersh

Threat Intelligence Feeds Threat Intelligence PlatformCyware Threat Intelligence Exchange (CTIX)Sixgill
The Role of Threat Intelligence Sharing in Collective Defense - Featured Image

The Role of Threat Intelligence Sharing in Collective Defense

492 BC - The Battle of Marathon was to begin. After 9 days of waiting for the other side to attack, the Athenians directly charged the Persians in a Phalanx for

Threat intelligenceCTIXCyware Threat Intelligence Exchange (CTIX)Collective Defense
Cyware’s Threat Intelligence Solutions Now Integrate with Dragos WorldView - Featured Image

Cyware’s Threat Intelligence Solutions Now Integrate with Dragos WorldView

**NEW YORK, June 11, 2020** \- Cyware, the leading provider of threat intelligence and cyber fusion solutions, is proud to announce its integration with [Drago

DragosDragos WorldView APICyware Threat Intelligence Exchange (CTIX)Cyware