What is STIX?

STIX is a standardized language for sharing threat information. It provides a machine-readable data model to describe threats—indicators of compromise, observables, threat actors, campaigns, attack patterns, and defenses—so organizations can exchange intelligence in a consistent way and automate analysis and response. STIX, short for Structured Threat Information Expression, is often used with TAXII, the transport mechanism that moves STIX data between producers and consumers. It is not a standard for encrypting data, a patch management protocol, or merely a vocabulary for incident response; its purpose is to encode threat information in a structured format to enable interoperability and automation across security products and organizations.