top of page

Reference implementation revision 1 for representation of adversary behavior in STIX format


This is not the first time we have talked about the Structured Threat Information Exchange (STIX) a description language used to compile and organise information about anything related to cybersecurity. It can be shared, stored, and analyzed in a consistent manner.


Today’s paper attempts to use STIX 2 to capture an additional piece of information : the opponent’s behavior. It’s a first step in this work, but its aim is to fill the gap left in the Cyber Threat Intelligence, which is almost entirely characterized by IoCs (Indicators of Compromise).


We will follow the development of this researcher's work with great interest.


https://github.com/opencybersecurityalliance/oca-iob/blob/main/apl_reference_implementation_bundle/revision_1/Overview of Machine Readable Adverary Behavior Object Revision 1.pdf

Recent Posts

See All

The article introduces AI-powered investigation capabilities in Chronicle Security Operations, a platform by Google Cloud. It highlights the challenges faced by security teams in investigating and res

What is Sigma ? Sigma is a project presented as a generic and open signature format for SIEM detection rules. The idea is to provide a structured form in which researchers or analysts can describe the

Follow our adventures !

  • Discord
  • Twitter
  • Linkedin

Subscribe to our newsletter

Be notified every time we have news !

Thanks for subscribing !

By subscribing, I agree to the General Terms of Use and Privacy Policy.

bottom of page