STIX (Structured Threat Information eXpression)

Contributor(s): Madelyn Bacon

STIX (Structured Threat Information eXpression) is a standardized XML programming language for conveying data about cybersecurity threats in a common language that can be easily understood by humans and security technologies.

Designed for broad use, there are several core use cases for STIX. First, it is used by threat analysts to review cyberthreats and threat-related activity. Threat analysts also use STIX to identify patterns that could indicate cyberthreats. Any sort of decision maker or operations personnel may use STIX data to help facilitate cyberthreat response activities, including prevention, detection and response. The final core use for STIX is the sharing of cyber threat information within an organization and with outside partners or communities that benefit from the information.

STIX, which was originally sponsored by the office of Cybersecurity and Communications within the United States Department of Homeland Security (DHS), has been transitioned to OASIS, a non-profit consortium that seeks to advance the development, convergence and adoption of open standards for the Internet. STIX can be used manually or programmatically. Manual use requires an XML editor, but no additional tools. Programmatic use requires Python and Java bindings, Python APIs and utilities. Bindings and related tools to help security analysts process and work with STIX are open source on Github.

This was last updated in September 2015

Continue Reading About STIX (Structured Threat Information eXpression)



Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Will the culture of secrecy that surrounds cyberthreats keep threat data in silos in spite of the good intentions that inspired STIX?


File Extensions and File Formats






  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...