STIX Elements and Fields

The following table lists STIX-enabled resources along with the corresponding STIX, MAEC, and CybOX elements visible in the response:
Resource
Element
Fields
Observables are events or stateful properties such as the value of a registry key, deletion of a file, or the receipt of an HTTP GET.
Incidents are discrete instances of observable patterns affecting an organization; it includes information discovered during an incident response investigation.
TTPs (Tactics, Techniques, and Procedures) represent adversarial behavior, such as potentially targeted victims, attack patterns and malware, leveraged resources (infrastructure, tools, personas).
Indicators convey specific observable patterns combined with contextual information. They represent artifacts and behaviors of interest.

Recommended For You