Support for STIX
This list is incomplete and actively updated. Inclusion does not represent an endorsement.
STIX is being implemented in many products, services, and global communities.
Please fill out this form to contact the STIX Team and request inclusion or modification under User Communities or Products and Services.
User Communities
These organizations have publicly announced support for STIX and/or TAXII.
| User Community | Organization | Type | STIX | TAXII | Reference |
|---|---|---|---|---|---|
| Cyber Threat XChange (CTX) | Health Information Trust Alliance (HITRUST) | Automates process of collecting and analyzing cyber threats and distributing actionable indicators | ✓ | ✓ | Press Release |
| Defense Security Information Exchange (DSIE) | Defense Industrial Base Information Sharing and Analysis Organization (DIB ISAO) | DSIE serves as a member-based cyber information-sharing body focused on protecting and defending DIB critical cyber networks and systems and the information residing thereon. STIX and TAXII are the core foundations of the DSIE ACIX (Automated Cyber-Intelligence Inter-Exchange) initiatives focused on providing "Analyst Driven” automated Inter-Exchange of Actionable Cyber-Threat Intelligence | ✓ | ✓ | None available |
| hailataxii.com Repository of Open Source Cyber Threat Intelligence Feeds in STIX Format | Hail a TAXII | Repository of open source cyber threat intelligence feeds in STIX format | ✓ | ✓ | Cited as product features on website |
| ICS-ISAC | Industrial Control System Information Sharing and Analysis Center (ICS-ISAC) | ICS-ISAC brings together infrastructure stakeholder to improve cybersecurity knowledge sharing. ICS-ISAC’s virtual SoltraEdge server, which includes STIX and TAXII interoperability, provides real-time information sharing for members | ✓ | ✓ | Cited as features on website |
| Information Sharing Architecture (ISA) | Enhance Shared Situational Awareness (ESSA) Initiative | ISA enables machine speed sharing of cyber threat information via STIX and TAXII to promote shared cyber situational awareness among cyber mission partners (U.S. Federal Cyber Centers, other U.S. government, U.S. critical infrastructure owners, and key allies) in accordance with existing policy directives | ✓ | ✓ | None available |
| Malware Information Sharing Platform (MISP) | Computer Incident Response Center Luxembourg (CIRCL) MISP Community | MISP allows organizations to share, store, and correlate information about malware and threats and their indicators, including STIX export | ✓ | – | Cited as product feature on website |
| NH-ISAC National Health Cybersecurity Intelligence Platform | National Health Information Sharing & Analysis Center (NH-ISAC) | Automating cybersecurity "actionable" threat intelligence, with STIX and TAXII interoperability, powered by Soltra-Edge and Vorstack | ✓ | ✓ | Press Release |
| Open Threat Exchange (OTX) 2.0 | AlienVault, Inc. | OTX is an open threat information sharing and analysis network, upon which the latest threat intelligence will automatically update local security products into open formats such as STIX, JSON, OpenloC, MAEC, and CSV | ✓ | – | Press release |
| Retail Cyber Intelligence Sharing Center (R-CISC) Intelligence Sharing Portal | Retail Information Sharing and Analysis Center (Retail-ISAC) | Intelligence Sharing Portal managed by the Financial Services Information Sharing and Analysis Center (FS-ISAC) | ✓ | ✓ | Press Release,News Article |
| Soltra Edge | Financial Services Information Sharing and Analysis Center (FS-ISAC), The Depository Trust & Clearing Corporation (DTCC), and Soltra | Soltra is an FS-ISAC and DTCC joint venture created to help secure critical infrastructure entities from cyber threats via its Soltra Edge threat intelligence sharing platform | ✓ | ✓ | Press Release |
Products and Services
Many vendors have implemented STIX and TAXII in their product and service offerings.
| Offering | Vendor | Type | STIX | TAXII | Reference |
|---|---|---|---|---|---|
| Adaptive Threat Protection Solution | Tripwire, Inc. | Integrates peer and community threat feeds, leveraging STIX and TAXII standards, and other commercial threat intelligence services | ✓ | ✓ | Press Release |
| Advanced Threat Prevention | Check Point Software Technology Ltd. | ATP allows users to import indicators into threat prevention technologies, anti-bot, anti-virus, with an interface to upload STIX-formatted messages containing indicators into threat indicator database | ✓ | – | Cited as product feature in "Threat Prevention R77 Versions Administration Guide" |
| Bromium LAVA | Bromium Inc. | Endpoint security prodcut leveraging hardware virtualization that automatically creates standardized indicator of compromise reports in STIX/MAEC format for collaboration with other security tools | ✓ | – | Data Sheet |
| Cabby | Intelworks BV | A TAXII client implementation designed to act as a Python library and a command line tool supporting all TAXII services according to TAXII specification v1.0 and v1.1 | – | ✓ | Cited as product features on website,Dedicated STIX/TAXII page on website |
| Carbon Black | Bit9 + Carbon Black | Endpoint threat detection and response product that collects endpoint activity in which STIX/TAXII data feeds can be matched up against event activity to find when particular indicators or observables occur | ✓ | ✓ | Blog article |
| Confer | Confer Technologies, Inc. | Confer, an advanced threat prevention and incident response solution, can import and export threat data in STIX format using TAXII, allowing customers to operationalize their intelligence across the endpoint | ✓ | ✓ | Cited as product features on website,Included in FAQs on website |
| Cyberprobe | Cybermaggedon | Cyberprobe is a distributed software architecture for monitoring of networks against attack that includes support for STIX and TAXII | ✓ | ✓ | Cited as product features on website |
| CyberSponse Security Operations Platform | CyberSponse,Inc. | CSOP, which provides a central hub for an organization's security operations and enables automated efforts, has a built-in TAXII server or can use Soltra Edge to both ingest and send STIX packages | ✓ | ✓ | Cited as product feature on website |
| Damballa Failsafe | Damballa, Inc. | Damballa Failsafe analyzes network traffic and automatically detects infected devices after other security controls have failed; security teams receive actionable and prioritized intelligence so they can take immediate action to prevent data theft | ✓ | – | None available |
| Deep-Secure iXGuard | Deep-Secure | Deep-Secure iXGuard enables secure information exchange by carefully controlling the content that is shared such that it does not present a risk to the system that it is protecting, including STIX content | ✓ | ✓ | Data Sheet |
| Endpoint Security | Tanium, Inc. | Endpoint security detection and remediation | ✓ | – | Cited as product features on website,"Tanium IOC Detect" Data Sheet |
| FLARE – Near Real Time Messaging System | Business Computers Management Consulting Group, LLC (BCMC) | FLARE is used for exchanging messages in a publish/subscribe model, and includes support for STIX and TAXII | ✓ | ✓ | Cited in installation guide |
| FreeSTIX | FreeSTIX | A set of APIs written in Go for generating JSON based STIX messages | ✓ | – | Cited as product feature on website |
| FreeTAXII | FreeTAXII | A set of APIs written in Go for generating JSON based TAXII messages | – | ✓ | Cited as product feature on website |
| hailataxii.com Repository of Open Source Cyber Threat Intelligence Feeds in STIX Format | Hail a TAXII | Repository of open source cyber threat intelligence feeds in STIX format | ✓ | ✓ | Cited as product features on website |
| InTELL Version 3.0 | Fox-IT | Real-time contextual cyber intelligence | ✓ | ✓ | Cited as product features on website, Press Release |
| Intelworks Platform | Intelworks BV | Powered by STIX and TAXII and enables users to consolidate, enrich, analyze, integrate, and collaborate on intelligence from multiple sources | ✓ | ✓ | Cited as product features on website,Dedicated STIX/TAXII page on website |
| Interflow | Microsoft Corporation | Security and threat information exchange platform | ✓ | ✓ | Cited as product features on website,Included in FAQ answers on website,Press Release |
| Invincea Advanced Endpoint Protection 5 | Invincea, Inc. | Uniquely combines containerization technology with advanced endpoint visibility, analysis, and control to provide superior compromise detection and elimination; allows selective publication of threats to trusted communities in standard STIX format | ✓ | – | Press release |
| iSIGHT Partners ThreatScape API | iSIGHT Partners Inc. | ThreatScape API extends iSIGHT Partners cyber threat intelligence products and associated technical indicators to easily match indicators to rich intelligence context, ingest indicator data associated with intelligence reporting, and collect and consume intelligence reports including those in STIX format | ✓ | – | Cited as product feature on website,Included in FAQ answers on website,Press Release,Blog article |
| Malware Analysis Appliance | Blue Coat Systems, Inc. | Malware Analysis Appliance can export malware characterization data in STIX format | ✓ | – | Cited in user guide |
| Malware Information Sharing Platform (MISP) | Computer Incident Response Center Luxembourg (CIRCL) MISP Community | MISP allows organizations to share, store, and correlate information about malware and threats and their indicators, including STIX export | ✓ | – | Cited as product feature on website |
| OpenTAXII | Intelworks BV | A Python implementation of TAXII Services that delivers a rich feature set and friendly pythonic API; Implements all TAXII services according to TAXII specification v1.0 and v1.1 | – | ✓ | Cited as product features on website,Dedicated STIX/TAXII page on website |
| pan-stix | Palo Alto Networks, Inc. | pan-stix is a python package for converting Palo Alto Networks Wildfire threat information into STIX/MAEC format | ✓ | – | Cited as product feature on website |
| Protect Your Network | Malcovery Security | Machine-readable threat intelligence (MRTI) delivers human-confirmed indicators of current malware infrastructure in near-real time via our API in STIX and other formats for your automated consumption by your SIEM, proxy, firewall, etc. | ✓ | – | Cited as product feature on website |
| RedSocks Malware Threat Defender | RedSocks B.V. | RedSocks Malware Threat Defender is a network appliance that analyses digital traffic flows in real-time based on algorithms and lists of malicious indicators; it includes the ability to import malware intelligence that is structured according to the STIX and TAXII format | ✓ | ✓ | Press Release |
| Soltra Edge | Soltra | Open and scalable threat information platform that uses open standards | ✓ | ✓ | Cited as product features on website,Included in FAQ answers on website,Press Release |
| SPLICE Version 1.3.1 | Splunk, Inc. | Correlates Indicators of Compromise (IOCs) from SPLUNK data | ✓ | ✓ | Cited as product features on website |
| Splunk App for Enterprise Security | Splunk, Inc. | Next-generation security intelligence platform that includes integration with STIX/TAXII and OpenIOC to allow access to threat intelligence using emerging industry specifications | ✓ | ✓ | Press release |
| Targeted Threat Intelligence Service | Solutionary | Targeted Threat Intelligence Service | ✓ | – | Cited as product feature on website,Press Release |
| TAXII Directory | Intelworks BV | A sort of a phone book, listing organizations and available cyber threat intelligence servers and feeds | ✓ | ✓ | Cited as product features on website,Dedicated STIX/TAXII page on website |
| ThreatConnect | ThreatConnect, Inc. | Available both on-premises and in the cloud, ThreatConnect is a threat intelligence platform that allows you to aggregate, analyze, and act on threat intelligence data, including STIX documents via TAXII | ✓ | ✓ | Cited as product features on website, Press Release |
| ThreatQ | ThreatQuotient, Inc. | On-premise threat intelligence platform (TIP) that automates, structures, and manages intelligence in a central analytical repository | ✓ | ✓ | "ThreatQuotient Battle Rhythm Workflow" Data Sheet |
| ThreatStream OPTIC | ThreatStream | Threat Intelligence Management platform with full support for STIX and TAXII from both an import and export capacity | ✓ | ✓ | Cited as product feature on website |
| threatTRANSFORM | threatTRANSFORM | Open source application designed to streamline the creation, compiling, and publishing of STIX datasets | ✓ | – | Cited as product features on website, Press Release |
| TitaniumCore Version 2.6 | ReversingLabs | Threat detection and automated static analysis platform | ✓ | – | Data Sheet |
| Vorstack Automation and Collaboration Platform (ACP) Integration for HP ArcSight, IBM QRadar, and RSA Security Analytics, and Hadoop/other SIEM sources | Vorstack Corporation | Automated threat intelligence analysis and collaboration platform integration | ✓ | ✓ | Cited as product features on website, Press Release |