STIX - Samples

Samples

Sample content for STIX Version 1.1.1 is provided below. Both simple examples of very basic STIX documents, and examples of full threat reports that have been mapped from real-world sources into STIX, are included.

IMPORTANT: Although these examples are sourced from real-world reports, they should be considered illustrative examples only and should not be used in real-world operations.

ALL SAMPLES: ZIP

Simple Examples

This section includes very basic STIX documents intended to illustrate a particular concept or basic use case. For example, the confidence snippet exhibits how to use confidence, and the IP Watchlist exhibits a simple IP Watchlist.

Name

Type

Download

Domain Watchlist

XML

Email w/ Attachment

XML

Email w/ Full Attachment

XML

Email w/ Link

XML

Filehash Watchlist

XML

Indicator Snort

XML

IP Watchlist

XML

Malware Sample

XML

Phishing Indicator

XML

Confidence Snippet

XML Snippet

XML

Controlled Vocabulary Snippet

XML Snippet

XML

Controlled Vocabulary Specification Snippet

XML Snippet

XML

Handling Snippet

XML Snippet

XML

Sightings Snippet

XML Snippet

XML

xsi:type Snippet

XML Snippet

XML

URL Watchlist

XML

Full Report Examples

This section includes more complete examples of full threat reports that have been mapped from real-world sources into STIX. These examples help demonstrate how STIX can represent full-spectrum cyber threat intelligence from TTPs to Threat Actors to Indicators and Observables.

Structured Threat Information eXpression

Samples

Simple Examples

Full Report Examples