Resources
General Documents
| CTI-TC Cover Page | The list of current STIX and TAXII documents in Google Docs |
| TC Roadmap | Current roadmap items, their status, and their proposed release target |
Individual Specification Documents
STIX 2.1 Specification
| HTML | Word | Description | |
|---|---|---|---|
| STIX 2.1 Specification | STIX 2.1 Specification | STIX 2.1 Specification | Defines concepts and structure of the STIX language, domain objects, relationship objects, cyber observable objects, and meta objects. Defines the patterning language to enable the detection of possibly malicious activity on networks and endpoints |
Note: This version of the specification is no longer a multipart document. Older STIX 2.1 documents can be found here
TAXII 2.1 Specification
| HTML | Word | Description | |
|---|---|---|---|
| TAXII 2.1 Specification | TAXII 2.1 Specification | TAXII 2.1 Specification | Defines the TAXII RESTful API and its resources along with the requirements for TAXII Client and Server implementations |
STIX/TAXII 2.1 Interoperability Documents
| HTML | Word | Description | |
|---|---|---|---|
| TAXII 2.1 Interoperability Test Document Version 1.0 | TAXII 2.1 Interoperability Test Document Version 1.0 | TAXII 2.1 Interoperability Test Document Version 1.0 | This document provides detailed requirements on how product implementers within the threat intelligence ecosystem may demonstrate TAXII 2.1 interoperability compliance. |
| STIX 2.1 Interoperability Test Document Version 1.0 | STIX 2.1 Interoperability Test Document Version 1.0 | STIX 2.1 Interoperability Test Document Version 1.0 | This document provides detailed requirements on how producers of products within the threat intelligence ecosystem may demonstrate STIX 2.1 interoperability compliance. |
STIX 2.0 Specification
| HTML | Word | Description | |
|---|---|---|---|
| Part 1: STIX Core Concepts | Part 1: STIX Core Concepts | Part 1: STIX Core Concepts | Defines concepts that apply across all of STIX and defines the overall structure of the STIX language |
| Part 2: STIX Objects | Part 2: STIX Objects | Part 2: STIX Objects | Defines the set of domain objects and relationship objects that STIX uses to represent cyber threat information |
| Part 3: Cyber Observables Core Concepts | Part 3: Cyber Observables Core Concepts | Part 3: Cyber Observables Core Concepts | Defines concepts that apply across all of STIX Cyber Observables |
| Part 4: Cyber Observable Objects | Part 4: Cyber Observable Objects | Part 4: Cyber Observable Objects | Defines a set of cyber observable objects that can be used in STIX and elsewhere |
| Part 5: STIX Patterning | Part 5: STIX Patterning | Part 5: STIX Patterning | Defines a patterning language to enable the detection of possibly malicious activity on networks and endpoints |
TAXII 2.0 Specification
| HTML | Word | Description | |
|---|---|---|---|
| TAXII 2.0 Specification | TAXII 2.0 Specification | TAXII 2.0 Specification | Defines the TAXII RESTful API and its resources along with the requirements for TAXII Client and Server implementations |
STIX/TAXII 2.0 Interoperability Documents
| HTML | Word | Description | |
|---|---|---|---|
| Part 1: STIX/TAXII 2.0 Interoperability Test Document | Part 1: STIX/TAXII 2.0 Interoperability Test Document | Part 1: STIX/TAXII 2.0 Interoperability Test Document | Document that provides detailed requirements on how producers of products within the threat intelligence ecosystem may demonstrate conformity with STIX/TAXII 2.0 if they wish to self-certify that their software is verified as interoperable |
| Part 2: STIX/TAXII 2.0 Interoperability Test Document | Part 2: STIX/TAXII 2.0 Interoperability Test Document | Part 2: STIX/TAXII 2.0 Interoperability Test Document | Document that provides detailed requirements on how producers of products within the threat intelligence ecosystem may demonstrate conformity with STIX/TAXII 2.0 if they wish to self-certify that their software is verified as interoperable |
OASIS CTI TC Open Repositories
| cti-documentation | GitHub Pages site for STIX and TAXII |
| cti-marking-prototype | Prototype for processing granular data markings in STIX (archived) |
| cti-pattern-matcher | Match STIX content against STIX patterns |
| cti-pattern-validator | Validate patterns used to express Cyber Observable content in STIX Indicators |
| cti-python-stix2 | Python APIs for STIX 2 |
| cti-sep-repository | Collection of STIX Enhancement Proposals (archived) |
| cti-common-objects | Collection of commonly used STIX 2.1 objects and extensions |
| cti-stix-elevator | Convert STIX 1 XML to STIX 2 JSON |
| cti-stix-generator | Tool for generating random STIX content for prototyping and testing |
| cti-stix-slider | Convert STIX 2 JSON to STIX 1 XML |
| cti-stix-validator | Validator for STIX 2 JSON normative requirements and best practices |
| cti-stix-visualization | Lightweight visualization for STIX 2 objects and relationships |
| cti-stix2-json-schemas | Non-normative STIX schemas and examples |
| cti-taxii-client | TAXII 2 Client Library Written in Python |
| cti-taxii-server | TAXII 2 Server Library Written in Python |
| cti-training | Collection of CTI-related training materials |
Other Resources
| FreeTAXII YouTube Channel | Informational videos about STIX/TAXII - Not affiliated with OASIS |
| STIX 2 Preferred Program | Self-Certification Program for STIX/TAXII |
| Introduction to STIX | Brief intro to STIX and what it is used for |
| Introduction to TAXII | Brief intro to TAXII and what it is used for |