STIX - Samples

Samples

Sample content for STIX Version 1.0.1 is provided below. Both simple examples of very basic STIX documents, and examples of full threat reports that have been mapped from real-world sources into STIX, are included.

IMPORTANT: Although these examples are sourced from real-world reports, they should be considered illustrative examples only and should not be used in real-world operations.

Simple Examples

This section includes very basic STIX documents intended to illustrate a particular concept or basic use case. For example, the confidence snippet exhibits how to use confidence, and the IP Watchlist exhibits a simple IP Watchlist.

Name

Type

Download

Domain Watchlist

XML

XML | HTML

Email w/Attachment

XML

XML | HTML

Email w/Full Attachment

XML

XML | HTML

Email w/Link

XML

XML | HTML

FileHash Watchlist

XML

XML | HTML

IP Watchlist

XML

XML | HTML

Indicator Snort

XML

XML | HTML

Malware Sample

XML

XML | HTML

Phishing Indicator

XML

XML | HTML

Confidence Snippet

XML Snippet

XML

Controlled Vocabulary Snippet

XML Snippet

XML

Controlled Vocabulary Specification Snippet

XML Snippet

XML

Handling Snippet

XML Snippet

XML

Sightings Snippet

XML Snippet

XML

XML Snippet

XML

URL Watchlist

XML

XML | HTML

Full Report Examples

This section includes more complete examples of full threat reports that have been mapped from real-world sources into STIX. These examples help demonstrate how STIX can represent full-spectrum cyber threat intelligence from TTPs to Threat Actors to Indicators and Observables.

Structured Threat Information eXpression

Samples

Simple Examples

Full Report Examples