This page describes several central STIX concepts that cut across all of the core STIX data types, including extension points, relationships, versioning, and data markings.
Go »STIX idioms describe how common patterns in threat intelligence (for example, C2 IPs for a trojan) are represented in STIX. They're similar to programming language idioms in that they document common patterns for representing content in STIX.
Go »STIX Profiles are a mechanism to allow communities of interest to define how they intend to use STIX. They're most often used to define which parts of the STIX/CybOX data models are in scope.
Go »The STIX Project provides an official Python library for scripting the creation, modification, and processing of STIX documents. The documentation is available online, and describes how to install and usage the library. Additionally, it provides API documentation for the library.
Go »Security considerations are a list of security issues that might arise when processing STIX content. The guide is non-exhaustive and does not take the place of security coding practices or other security processes but can be a good starting point.
Go »Suggested practices (often called best practices) are guidelines that will help you create STIX content that conforms to the STIX design goals and ensures the best compatibility with other STIX tooling.
Go »The utilities page has information on both STIX-provided and community-provided utilities for working with STIX. It includes both user-level utilities such as visualization tools and developer-focused tooling such as bindings and APIs.
Go »Checking whether STIX content is valid is an important part of helping to ensure compatibility. The STIX Validation rules outline how STIX documents can be validated against either STIX in general or against a specific profile.
Go »