OASIS Cyber Threat Intelligence (CTI) TC
Supporting automated information sharing for cybersecurity situational awareness, real-time network defense, and sophisticated threat analysis
Alexandre Dulaunoy, alexandre.dulaunoy@circl.lu, Chair
Marlon Taylor, Chair
Jane Ginn, jg@ctin.us, Secretary
Jonathan Matkowsky, jmatkowsky@microsoft.com, Secretary
Table of Contents
- Announcements
- Overview
- Subcommittees
- TC Liaisons
- TC Tools and Approved Publications
- Technical Work Produced by the Committee
- OASIS TC Open Repositories Sponsored by the Committee
- Expository Work Produced by the Committee
- External Resources
- Mailing Lists and Comments
- Press Coverage and Commentary
- Additional Information
Tweet #STIX Tweet #TAXII
First STIX/TAXII 2.1 PlugFest Demonstrates Interoperability Between Cybersecurity Tools. Members of the CTI TC confirmed the multi-vendor interoperability of their CTI tools and verified their compliance with the STIX 2.1 and TAXII 2.1 Interoperability Test Documents. 15-17 June 2022
OriginBX Alliance for Digital Trade and STIX/TAXII Cybersecurity Standards Win Open Cup Awards. The Open Cup for Outstanding Approved Standard was awarded to STIX v2.1 & TAXII v2.1, two widely used cybersecurity standards that enable the automated exchange of cyber threat intelligence. 19 Jan 2022
The press release on STIX and TAXII's approval as OASIS Standards is available now. You can read it here.
STIX v2.1 and TAXII v2.1 OASIS Standards are approved and published
STIX Version 2.1 is approved as Committee Specification 02. This edition adds new objects and concepts and incorporates improvements based on experience implementing Version 2.0.
TAXII Version 2.1 is approved as a Committee Specification. A number of updates and additions have been added in response to testing and feedback. The list of major changes and additions can be found in Section 1.7.1.
OASIS Completes Second Successful Plugfest for STIX/TAXII 2 Interoperability: Cisco, Fujitsu, LookingGlass, NC4, New Context, U.S. DHS, and Others Participate in Event to Validate Threat Intelligence Sharing Standards. 29 June 2018
Cybersecurity Companies Demo Support for STIX and TAXII Standards for Automated Threat Intelligence Sharing at RSA 2018: Anomali, EclecticIQ, Fujitsu, Hitachi, IBM Security, New Context, NC4, ThreatQuotient, and TruSTAR Demo STIX and TAXII Support; 16 April 2018.
In TechRepublic video, Richard Struse of MITRE explains how STIX and TAXII give cyber defenders better weapons.
Sharing Cyber Threat Intelligence Just Got a Lot Easier. Learn about STIX and TAXII 2.0.
STIX and TAXII Version 2.0 are now approved and published OASIS Committee Specifications.
STIX and TAXII receive 2016 Open Standards Cup. Former CTI TC co-chair, Richard Struse of US Department of Homeland Security, was named Distinguished Contributor. See press release.
STIX, TAXII, and CybOX received the European Identity Conference (EIC) 2016 Award for Best Innovation/New Standard in Information Security. Congratulations to all CTI TC members.
Participation in the OASIS CTI TC is open to all interested parties. Contact join@oasis-open.org for more information.
The OASIS Cyber Threat Intelligence (CTI) TC was chartered to define a set of information representations and protocols to address the need to model, analyze, and share cyber threat intelligence. The CTI TC focuses on development and standardization of STIX (Structured Threat Information Expression) and TAXII (Trusted Automated Exchange of Indicator Information) under the OASIS open standards process.
The OASIS CTI Technical Committee will:
- define composable information sharing services for peer-to-peer, hub-and-spoke, and source subscriber threat intelligence sharing models
- develop standardized representations for campaigns, threat actors, incidents, tactics techniques and procedures (TTPs), indicators, exploit targets, observables, and courses of action
- develop formal models that allow organizations to develop their own standards-based sharing architectures to meet specific needs
For more information on the CTI TC, see the TC Charter.
- CTI STIX Subcommittee, with list archives from OASIS and MarkMail
- CTI TAXII Subcommittee, with list archives from OASIS and MarkMail
- -->CTI Interoperability Subcommittee, with list archives from OASIS and MarkMail
No TC Liaisons have been announced for this TC.
TC Tools and Approved Publications
Technical Work Produced by the Committee
- STIX v2.1 OASIS Standard
- TAXII v2.1 OASIS Standard
- STIX v2.1 Interoperability Test Document Version 1.0
- TAXII v2.1 Interoperability Test Document Version 1.0
- Best Practices Committee Note
OASIS TC Open Repositories Sponsored by the Committee
- cti-stix-common-objects: A repository for commonly used STIX objects in order to avoid needless duplication.
- cti-stix-generator: A tool for generating STIX content for prototyping and testing.
- cti-stix2-json-schemas: Non-normative schemas and examples for STIX 2
- cti-documentation: GitHub Pages site for STIX, CybOX, and TAXII
- cti-stix-validator: Validator for STIX 2.0 JSON normative requirements and best practices
- cti-pattern-validator: Validate patterns used to express CybOX content in STIX Indicators
- cti-stix-visualization: Lightweight visualization for STIX 2.0 objects and relationships
- cti-stix-elevator: Convert STIX 1.2 XML to STIX 2.0 JSON
- cti-stix-slider: Supports development of a Python application to convert STIX 2.0 content to STIX 1.x content
- cti-pattern-matcher: Match STIX content against STIX patterns
- cti-python-stix2: Python APIs for STIX 2
- cti-taxii-client: TAXII 2 Client Library Written in Python
- cti-taxii-server: TAXII 2 Server Library Written in Python
Expository Work Produced by the Committee
There are no approved expository work products for this TC yet.
Although not produced by the OASIS CTI TC, the following information offers useful insights into its work:
cti: the discussion list used by CTI TC members to conduct Committee work. TC membership is required to post, and TC members are automatically subscribed. The public may view the OASIS list archives, also mirrored by MarkLogic at MarkMail.org.
cti-publicmirror: a read-only public mirror of the CTI TC discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-publicmirror-subscribe@lists.oasis-open.org
cti-users: a public forum for asking questions, offering answers, and discussing topics of interest on STIX and TAXII. Users and developers of solutions that leverage those cybersecurity specifications are invited to participate. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-users-subscribe@lists.oasis-open.org. The public may view the OASIS list archives, also mirrored by MarkLogic at MarkMail.org
cti-stix-publicmirror: a read-only public mirror of the CTI STIX Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-stix-publicmirror-subscribe@lists.oasis-open.org
cti-taxii-publicmirror: a read-only public mirror of the CTI TAXII Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-taxii-publicmirror-subscribe@lists.oasis-open.org
cti-cybox-publicmirror: (LIST DEPRECATED) a read-only public mirror of the CTI CybOX Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-cybox-publicmirror-subscribe@lists.oasis-open.org
cti-comment: a public mailing list for providing feedback on the technical work of the OASIS CTI TC. Send a comment or view the OASIS comment list archives, also mirrored by MarkLogic at MarkMail.org.
- The EU-US Trade & Technology Council: from ambitious work plans to concrete outcomes. STIX called out by the EU as a transatlantic best practice. 12 September 2022
- Long Awaited STIX TAXII Cyber Threat Sharing Standards Approved 17 July 2021
- OASIS Completes Second Successful Plugfest for STIX/TAXII 2 Interoperability: Cisco, Fujitsu, LookingGlass, NC4, New Context, U.S. DHS, and Others Participate in Event to Validate Threat Intelligence Sharing Standards. 29 June 2018
- Cybersecurity Companies Demo Support for STIX and TAXII Standards for Automated Threat Intelligence Sharing at RSA 2018: Anomali, EclecticIQ, Fujitsu, Hitachi, IBM Security, New Context, NC4, ThreatQuotient, and TruSTAR Demo STIX and TAXII Support; 16 April 2018.
- OASIS Completes 1st Successful Plugfest for STIX/TAXII 2 Interoperability: Anomali, Cisco, Fujitsu, IBM Security, LookingGlass Cyber Solutions, NC4, New Context, Phantom, and Others Participate in Event to Validate Threat IntellIgence Sharing Standards.
- RSA 2017 Features Huge Demonstration of Support for Cyber Threat Intelligence, Encryption, and Cryptography Standards as 24 OASIS Member Companies Collaborate. Bay Dynamics, DFLabs, EclecticIQ, Fujitsu, IBM, LookingGlass, New Context, NC4, ThreatConnect, ThreatQuotient, TruSTAR, and Verisign Demo STIX and TAXII Support. 13 Feb 2017
- STIX, TAXII, and CybOX receive 2016 Open Standards Cup; CTI TC co-chair, Richard Struse of US Department of Homeland Security, named Distinguished Contributor; 8 Aug 2016
- "United we stand: Protecting against cyber threats with standards for sharing"; OECD ITAC News, 27 Jul 2015
- "DHS Transitions STIX, TAXII and CybOX Standards to OASIS"; DarkMatters, 29 July 2015
- "OASIS Advances Automated Cyber Threat Intelligence Sharing with STIX, TAXII, CybOX"; Boeing, Check Point, Cisco, Dell, EMC, eSentire, Fortinet, Fujitsu, IBM, iboss, iSIGHT Partners, NEC, New Context, Palo Alto Networks, Resilient, Securonix, Soltra, TELUS, ThreatQuotient, ThreatStream, TruSTAR, US DHS Office of Cybersecurity and Communications, US NIST, ViaSat, and Others Collaborate on International Standards to Prevent and Defend Against Cyber Attack; 17 July 2015
Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.