We use cookies to improve your experience. Do you accept?

Skip to main content

Cyware Adds STIX 2.1 Support for Custom Threat Intelligence Feeds

Cyware Adds STIX 2.1 Support for Custom Threat Intelligence Feeds - Featured Image

STIX 2.0 May 1, 2020

What is STIX 2.1?

STIX is a language and serialization format that enables organizations to share cyber threat intelligence with one another in a standardized and machine-readable format. STIX 2.1 is the latest version of this standard and was released in March, 2020.

How does Cyware provide support for STIX 2.1 standard?

The Cyware Threat Intelligence eXchange (CTIX) offers two-fold support for the STIX 2.1 standard as embedded in the platform.

  • Sourced Threat Intelligence : The sourced intelligence is automatically ingested and normalized in real-time into several STIX standards including STIX 1.x, STIX 2.0, and STIX 2.1. Enterprises can use this capability to ingest and normalize technical threat intelligence sourced from commercial threat intelligence providers, vendors, ISACs/ISAOs, CERTs, and others.

  • Custom Threat Intelligence : The Threat Intelligence Analysts can use STIX 2.1 forms for manual conversion of custom intelligence into STIX 2.1 packages. The forms provide three fold-capability for creating of STIX 2.1 intel packages.

The three-fold capability

  • Quick Submission: This form allows threat intelligence analysts to quickly create STIX 2.1 packages with minimal information. The CTIX platform runs automated analysis tasks in the background to draw full intelligence and patterns on the malicious attributes.
  • Detailed Submission : The detailed submission form allows threat intelligence analysts to create detailed STIX 2.1 packages. The feature also enables the creation of Custom Objects and Relations.
  • Free Text Conversion to STIX Package: Threat intelligence teams can also automatically convert free text into a STIX 2.1 package with just a click of a button.

**What are Specialized Domain Objects (SDOs)? **

  • STIX Objects categorize each piece of information with specific attributes to be populated. Chaining multiple objects together through relationships allow for easy or complex representations of cyber threat intelligence.
  • STIX 2.1 defines 18 SDOs which are Attack Pattern, Campaign, Course of Action, Grouping, Identity, Indicator, Intrusion Set, Infrastructure, Location, Malware, Malware Analysis, Note, Observed Data, Opinion, Report, Threat Actor, Tool, and Vulnerability.
  • CTIX offers support for all 18 SDOs as defined in STIX 2.1 standard.

Increasing reliance on Custom Threat Intelligence

  • More and more organizations are now leveraging capabilities offered by CTIX to harvest and operationalize internal threat intelligence.
  • Internal intel feeds are critical to drawing contextual and actionable threat intelligence for threat mitigation.
  • Cywarehas now extended STIX 2.1 support to these custom internal intel feeds for making the actioning and threat data dissemination to security tools a simple and convenient task for security teams.

Related Blogs