| Vulnerability |
A Vulnerability is a mistake in software that can be directly used by a hacke... |
no |
| CourseOfAction |
A Course of Action is an action taken either to prevent an attack or to respo... |
no |
| Opinion |
An Opinion is an assessment of the correctness of the information in a STIX O... |
no |
| Note |
A Note is a comment or note containing informative text to help explain the c... |
no |
| ThreatActor |
Threat Actors are actual individuals, groups, or organizations believed to be... |
no |
| StixDomainObject |
|
no |
| ObservedData |
Observed data conveys information that was observed on systems and networks, ... |
no |
| Campaign |
A Campaign is a grouping of adversary behavior that describes a set of malici... |
no |
| Infrastructure |
Infrastructure objects describe systems, software services, and associated ph... |
no |
| Location |
A Location represents a geographic location |
no |
| Report |
Reports are collections of threat intelligence focused on one or more topics,... |
no |
| IntrusionSet |
An Intrusion Set is a grouped set of adversary behavior and resources with co... |
no |
| Grouping |
A Grouping object explicitly asserts that the referenced STIX Objects have a ... |
no |
| MarkingDefinition |
The marking-definition object represents a specific marking |
yes |
| Core |
Common properties and behavior across all STIX Domain Objects and STIX Relati... |
yes |
| Tool |
Tools are legitimate software that can be used by threat actors to perform at... |
no |
| Indicator |
Indicators contain a pattern that can be used to detect suspicious or malicio... |
no |
| LanguageContent |
The language-content object represents text content for STIX Objects represen... |
no |
| MalwareAnalysis |
Malware Analysis captures the metadata and results of a particular analysis p... |
no |
| Malware |
Malware is a type of TTP that is also known as malicious code and malicious s... |
no |
| AttackPattern |
Attack Patterns are a type of TTP that describe ways that adversaries attempt... |
no |
| Sighting |
A Sighting denotes the belief that something in CTI (e |
no |
| Identity |
Identities can represent actual individuals, organizations, or groups (e |
no |
| Relationship |
The Relationship object is used to link together two SDOs in order to describ... |
no |
| Incident |
The Incident object in STIX 2 |
no |
| ExtensionDefinition |
The STIX Extension Definition object allows producers of threat intelligence ... |
no |
| StixRelationshipObject |
|
no |