Resources
General Documents
CTI-TC Cover Page | The list of current STIX and TAXII documents in Google Docs |
TC Roadmap | Current roadmap items, their status, and their proposed release target |
Individual Specification Documents
STIX 2.1 Specification
HTML | Word | Description | |
---|---|---|---|
STIX 2.1 Specification | STIX 2.1 Specification | STIX 2.1 Specification | Defines concepts and structure of the STIX language, domain objects, relationship objects, cyber observable objects, and meta objects. Defines the patterning language to enable the detection of possibly malicious activity on networks and endpoints |
Note: This version of the specification is no longer a multipart document. Older STIX 2.1 documents can be found here
TAXII 2.1 Specification
HTML | Word | Description | |
---|---|---|---|
TAXII 2.1 Specification | TAXII 2.1 Specification | TAXII 2.1 Specification | Defines the TAXII RESTful API and its resources along with the requirements for TAXII Client and Server implementations |
STIX/TAXII 2.1 Interoperability Documents
HTML | Word | Description | |
---|---|---|---|
TAXII 2.1 Interoperability Test Document Version 1.0 | TAXII 2.1 Interoperability Test Document Version 1.0 | TAXII 2.1 Interoperability Test Document Version 1.0 | This document provides detailed requirements on how product implementers within the threat intelligence ecosystem may demonstrate TAXII 2.1 interoperability compliance. |
STIX 2.1 Interoperability Test Document Version 1.0 | STIX 2.1 Interoperability Test Document Version 1.0 | STIX 2.1 Interoperability Test Document Version 1.0 | This document provides detailed requirements on how producers of products within the threat intelligence ecosystem may demonstrate STIX 2.1 interoperability compliance. |
STIX 2.0 Specification
HTML | Word | Description | |
---|---|---|---|
Part 1: STIX Core Concepts | Part 1: STIX Core Concepts | Part 1: STIX Core Concepts | Defines concepts that apply across all of STIX and defines the overall structure of the STIX language |
Part 2: STIX Objects | Part 2: STIX Objects | Part 2: STIX Objects | Defines the set of domain objects and relationship objects that STIX uses to represent cyber threat information |
Part 3: Cyber Observables Core Concepts | Part 3: Cyber Observables Core Concepts | Part 3: Cyber Observables Core Concepts | Defines concepts that apply across all of STIX Cyber Observables |
Part 4: Cyber Observable Objects | Part 4: Cyber Observable Objects | Part 4: Cyber Observable Objects | Defines a set of cyber observable objects that can be used in STIX and elsewhere |
Part 5: STIX Patterning | Part 5: STIX Patterning | Part 5: STIX Patterning | Defines a patterning language to enable the detection of possibly malicious activity on networks and endpoints |
TAXII 2.0 Specification
HTML | Word | Description | |
---|---|---|---|
TAXII 2.0 Specification | TAXII 2.0 Specification | TAXII 2.0 Specification | Defines the TAXII RESTful API and its resources along with the requirements for TAXII Client and Server implementations |
STIX/TAXII 2.0 Interoperability Documents
HTML | Word | Description | |
---|---|---|---|
Part 1: STIX/TAXII 2.0 Interoperability Test Document | Part 1: STIX/TAXII 2.0 Interoperability Test Document | Part 1: STIX/TAXII 2.0 Interoperability Test Document | Document that provides detailed requirements on how producers of products within the threat intelligence ecosystem may demonstrate conformity with STIX/TAXII 2.0 if they wish to self-certify that their software is verified as interoperable |
Part 2: STIX/TAXII 2.0 Interoperability Test Document | Part 2: STIX/TAXII 2.0 Interoperability Test Document | Part 2: STIX/TAXII 2.0 Interoperability Test Document | Document that provides detailed requirements on how producers of products within the threat intelligence ecosystem may demonstrate conformity with STIX/TAXII 2.0 if they wish to self-certify that their software is verified as interoperable |
STIX Extensions
Extension Name & Link | Extension Status | Extension Description |
---|---|---|
Incident | Specification Track | Objects to allow tracking an incident across its lifecycle |
TLP 2.0 | External | Apply TLP 2.0 markings to STIX objects |
Malware Artifact | Open | Capture malware artifacts |
Malware Behavior | Open | Objects to capture malware behavior information, including objectives, behaviors, and methods |
ACS Data Markings | External | Mark STIX objects using the Information Sharing Architecture (ISA) Access Control Specification (ACS) tagging specification |
Please submit a pull request or an issue to the cti-documentation project, if you would like to have your open extension listed here.
More information about how extensions are developed and managed is available in the STIX Extensions Definition Policy.
OASIS CTI TC Open Repositories
cti-documentation | GitHub Pages site for STIX and TAXII |
cti-pattern-matcher | Match STIX content against STIX patterns |
cti-pattern-validator | Validate patterns used to express Cyber Observable content in STIX Indicators |
cti-python-stix2 | Python APIs for STIX 2 |
cti-common-objects | Collection of commonly used STIX 2.1 objects and extensions |
cti-stix-elevator | Convert STIX 1 XML to STIX 2 JSON |
cti-stix-generator | Tool for generating random STIX content for prototyping and testing |
cti-stix-slider | Convert STIX 2 JSON to STIX 1 XML |
cti-stix-validator | Validator for STIX 2 JSON normative requirements and best practices |
cti-stix-visualization | Lightweight visualization for STIX 2 objects and relationships |
cti-stix2-json-schemas | Non-normative STIX schemas and examples |
cti-taxii-client | TAXII 2 Client Library Written in Python |
cti-taxii-server | TAXII 2 Server Library Written in Python |
cti-training | Collection of CTI-related training materials |
ARCHIVED OASIS CTI TC Repositories
cti-marking-prototype | Prototype for processing granular data markings in STIX |
cti-sep-repository | Collection of STIX Enhancement Proposals |
Other Resources
FreeTAXII YouTube Channel | Informational videos about STIX/TAXII - Not affiliated with OASIS |
STIX 2 Preferred Program | Self-Certification Program for STIX/TAXII |
Introduction to STIX | Brief intro to STIX and what it is used for |
Introduction to TAXII | Brief intro to TAXII and what it is used for |