STIX Concepts

This page describes several central STIX concepts that cut across all of the core STIX data types.

Controlled Vocabularies

Describes how to use values from a default vocabulary, define custom vocabularies, or use values outside of any vocabulary.

Go »
Data Marking Icon

Data Markings

Describes how to use data markings to mark STIX content.

Go »

Creating Great Indicators

Hot tips for making your indicators (IOCs) the best they can possibly be

Go »

Relationships

Describes how to use STIX relationships.

Go »
Indicator Icon Observable Icon

Composition of Observables and Indicators

Describes STIX/CybOX mechanisms for characterizing/specifying composite Observables and Indicators.

Go »

Versioning

Describes a few different versioning scenarios and how those are handled in STIX.

Go »

xsi:type

Describes the STIX usage of xsi:type for core components, extension points, and controlled vocabularies.

Go »
Observable Icon

Observable Instances vs Observable Patterns

Describes the two primary forms of Observables leveraged in STIX.

Go »
Indicator Icon TTP Icon

TTP vs Indicator: A simple usage overview

Describes the basic intent of the TTP and Indicator components and when to use which one.

Go »