Go to listing page

Cyware Adds STIX 2.1 Support for Custom Threat Intelligence Feeds

Cyware Adds STIX 2.1 Support for Custom Threat Intelligence Feeds

Share Blog Post

What is STIX 2.1?

STIX is a language and serialization format that enables organizations to share cyber threat intelligence with one another in a standardized and machine-readable format. STIX 2.1 is the latest version of this standard and was released in March, 2020

How does Cyware provide support for STIX 2.1 standard?

The Cyware Threat Intelligence eXchange (CTIX) offers two-fold support for the STIX 2.1 standard as embedded in the platform.

  • Sourced Threat Intelligence: The sourced intelligence is automatically ingested and normalized in real-time into several STIX standards including STIX 1.x, STIX 2.0, and STIX 2.1. Enterprises can use this capability to ingest and normalize technical threat intelligence sourced from commercial threat intelligence providers, vendors, ISACs/ISAOs, CERTs, and others.
  • Custom Threat Intelligence: The Threat Intelligence Analysts can use STIX 2.1 forms for manual conversion of custom intelligence into STIX 2.1 packages. The forms provide three fold-capability for creating of STIX 2.1 intel packages.  

The three-fold capability

  • Quick Submission: This form allows threat intelligence analysts to quickly create STIX 2.1 packages with minimal information. The CTIX platform runs automated analysis tasks in the background to draw full intelligence and patterns on the malicious attributes.
  • Detailed Submission: The detailed submission form allows threat intelligence analysts to create detailed STIX 2.1 packages. The feature also enables the creation of Custom Objects and Relations. 
  • Free Text Conversion to STIX Package: Threat intelligence teams can also automatically convert free text into a STIX 2.1 package with just a click of a button.  
What are Specialized Domain Objects (SDOs)? 

  • STIX Objects categorize each piece of information with specific attributes to be populated. Chaining multiple objects together through relationships allow for easy or complex representations of cyber threat intelligence. 
  • STIX 2.1 defines 18 SDOs which are Attack Pattern, Campaign, Course of Action, Grouping, Identity, Indicator, Intrusion Set, Infrastructure, Location, Malware, Malware Analysis, Note, Observed Data, Opinion, Report, Threat Actor, Tool, and Vulnerability. 
  • CTIX offers support for all 18 SDOs as defined in STIX 2.1 standard. 
Increasing reliance on Custom Threat Intelligence

  • More and more organizations are now leveraging capabilities offered by CTIX to harvest and operationalize internal threat intelligence.
  • Internal intel feeds are critical to drawing contextual and actionable threat intelligence for threat mitigation.
  • Cyware has now extended STIX 2.1 support to these custom internal intel feeds for making the actioning and threat data dissemination to security tools a simple and convenient task for security teams. 


stix 20
stix 1x
cyware threat intelligence exchange ctix
stix 21

Posted on: May 01, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite