Skip to content

Slot: external_references

External references to non-STIX information.

URI: stix:external_references Alias: external_references

Applicable Classes

Name Description Modifies Slot
Grouping A Grouping object explicitly asserts that the referenced STIX Objects have a ... no
Report Reports are collections of threat intelligence focused on one or more topics,... no
Note A Note is a comment or note containing informative text to help explain the c... no
Relationship The Relationship object is used to link together two SDOs in order to describ... no
StixDomainObject no
Sighting A Sighting denotes the belief that something in CTI (e no
ExtensionDefinition The STIX Extension Definition object allows producers of threat intelligence ... no
StixRelationshipObject no
AttackPattern Attack Patterns are a type of TTP that describe ways that adversaries attempt... no
ThreatActor Threat Actors are actual individuals, groups, or organizations believed to be... no
Location A Location represents a geographic location no
MarkingDefinition The marking-definition object represents a specific marking yes
ObservedData Observed data conveys information that was observed on systems and networks, ... no
CourseOfAction A Course of Action is an action taken either to prevent an attack or to respo... no
Core Common properties and behavior across all STIX Domain Objects and STIX Relati... yes
Identity Identities can represent actual individuals, organizations, or groups (e no
Vulnerability A Vulnerability is a mistake in software that can be directly used by a hacke... no
Incident The Incident object in STIX 2 no
Opinion An Opinion is an assessment of the correctness of the information in a STIX O... no
MalwareAnalysis Malware Analysis captures the metadata and results of a particular analysis p... no
Infrastructure Infrastructure objects describe systems, software services, and associated ph... no
IntrusionSet An Intrusion Set is a grouped set of adversary behavior and resources with co... no
LanguageContent The language-content object represents text content for STIX Objects represen... no
Malware Malware is a type of TTP that is also known as malicious code and malicious s... no
Tool Tools are legitimate software that can be used by threat actors to perform at... no
Indicator Indicators contain a pattern that can be used to detect suspicious or malicio... no
Campaign A Campaign is a grouping of adversary behavior that describes a set of malici... no

Properties

Type and Range

Property Value
Range ExternalReference
Domain Of Core, MarkingDefinition

Cardinality and Requirements

Property Value
Multivalued Yes

Identifier and Mapping Information

Schema Source

  • from schema: https://w3id.org/lmodel/stix

Mappings

Mapping Type Mapped Value
self stix:external_references
native stix:external_references
close unified_cyber_ontology:externalReference

LinkML Source

name: external_references
description: External references to non-STIX information.
from_schema: https://w3id.org/lmodel/stix
close_mappings:
- unified_cyber_ontology:externalReference
rank: 1000
alias: external_references
domain_of:
- Core
- MarkingDefinition
range: ExternalReference
multivalued: true