原文参考链接:How to use STIX for Automated Sharing and Graphing of Cyber Threat Data
本文不打算进行翻译操作,只讲重点和我个人的看法。原文是我最近读过的文章中思路最清晰,或者说我最能看懂的一篇…………
STIX Overview
STIX itself is a set of XML schemas which together comprise a language for describing cyber threat information in a standardized manner. This is important because cyber threat sharing currently occurs manually between trusted parties; with a standardized way of describing the data, automated threat sharing becomes possible. For this purpose MITRE has also developed TAXII to share STIX data over HTTP and HTTPS.
stix/taxii概念的提出是出于共享的存在。各个机构之间的威胁情报格式不一,如果想要共享,就必须有一套标准,大家都能看的懂。从另一方面而言,标准的建立有助于机读,自动化分析存储
的完成。