: STIX Elements and Fields
Focus
Focus

STIX Elements and Fields

Table of Contents

STIX Elements and Fields

The following table lists STIX-enabled resources along with the corresponding STIX, MAEC, and CybOX elements visible in the response:
Resource
Element
Fields
Observables are events or stateful properties such as the value of a registry key, deletion of a file, or the receipt of an HTTP GET.
Incidents are discrete instances of observable patterns affecting an organization; it includes information discovered during an incident response investigation.
TTPs (Tactics, Techniques, and Procedures) represent adversarial behavior, such as potentially targeted victims, attack patterns and malware, leveraged resources (infrastructure, tools, personas).
Indicators convey specific observable patterns combined with contextual information. They represent artifacts and behaviors of interest.

Recommended For You