ITU-T X.1215 PDF

This Recommendation aims to provide various use cases for structured threat information expression (STIX), which is a structured language for describing cyber threat information. It is targeted to support a range of use cases involved in cyber threat management, including analysing cyber threats, specifying indicator patterns for cyber threats, managing response activities and sharing cyber threat information. These use cases are typically simple in nature and do not convey the full expressivity or flexibility of the STIX language. The use cases typically include some prose describing use case activities, representations of STIX content and fully validated STIX content documents. An implementation of the use cases in the extensible markup language (XML) is presented as version 1.2 of STIX released in 2016 uses XML schema, while version 2.0 employs JavaScript Object Notation (JSON). It is recommended to use requirements described in STIX 2.0.