Structured Threat Information Expression (STIX) is a structured language for the specifications, capture, characterization and comunications of standardized cyber threat information so it can be shared, stored, and analyzed in a consistent manner. The STIX Language conveys the full range of potential cyber threat information and strives to be fully expressive, flexible, extensible, automatable, and as human-readable as possible.
Its data model is built upon eight principal concepts: observables, indicators, incidents, TTPs, exploit targets, campaigns, threat actors and course of actions.
Related to: TAXII, CybOX, MAEC, CAPEC, OSVDB, CVRF, CWE, CCE, IODEF, OpenIOC, VERIS, OVAL, CPE, CWE.
Address: https://stixproject.github.io/