Structured Threat Information eXpression
A Structured Language for Cyber Threat Intelligence Information
Sample content for STIX Version 1.1.1 is provided below. Both simple examples of very basic STIX documents, and examples of full threat reports that have been mapped from real-world sources into STIX, are included.
IMPORTANT: Although these examples are sourced from real-world reports, they should be considered illustrative examples only and should not be used in real-world operations.
ALL SAMPLES: ZIP
This section includes very basic STIX documents intended to illustrate a particular concept or basic use case. For example, the confidence snippet exhibits how to use confidence, and the IP Watchlist exhibits a simple IP Watchlist.
This section includes more complete examples of full threat reports that have been mapped from real-world sources into STIX. These examples help demonstrate how STIX can represent full-spectrum cyber threat intelligence from TTPs to Threat Actors to Indicators and Observables.