Skip to content

Slot: id

STIX object identifier.

URI: stix:id Alias: id

Applicable Classes

Name Description Modifies Slot
X509V3ExtensionsType Specifies any standard X no
MacAddr The MAC Address Object represents a single Media Access Control (MAC) address yes
Directory The Directory Object represents the properties common to a file system direct... yes
HashesType The Hashes type represents one or more cryptographic hashes, as a special set... no
X509Certificate The X509 Certificate Object represents the properties of an X yes
HttpRequestExt The HTTP Request extension specifies a default extension for capturing networ... no
KillChainPhase The kill-chain-phase represents a phase in a kill chain no
PEBinaryExt The Windows PE Binary File extension specifies a default extension for captur... no
Timestamp Represents timestamps across the CTI specifications no
MimePartType Specifies a component of a multi-part email body as defined in the email-mess... no
IcmpExt The ICMP extension specifies a default extension for capturing network traffi... no
CourseOfAction A Course of Action is an action taken either to prevent an attack or to respo... yes
Extension Converted from common/extension no
MalwareAnalysis Malware Analysis captures the metadata and results of a particular analysis p... yes
EmailAddr The Email Address Object represents a single email address yes
Ipv6Addr The IPv6 Address Object represents one or more IPv6 addresses expressed using... yes
Tool Tools are legitimate software that can be used by threat actors to perform at... yes
Software The Software Object represents high-level properties associated with software... yes
Campaign A Campaign is a grouping of adversary behavior that describes a set of malici... yes
ExternalReference External references are used to describe pointers to information represented ... no
StixEntity no
ExtensionDefinition The STIX Extension Definition object allows producers of threat intelligence ... yes
UnixAccountExt The Unix Account extension specifies a default extension for capturing the ad... no
WindowsServiceExt The Windows Service extension specifies properties specific to Windows servic... no
Url The URL Object represents the properties of a uniform resource locator (URL) yes
Mutex The Mutex Object represents the properties of a mutual exclusion (mutex) obje... yes
ThreatActor Threat Actors are actual individuals, groups, or organizations believed to be... yes
RasterImageExt The Raster Image extension specifies a default extension for capturing proper... no
ObservedData Observed data conveys information that was observed on systems and networks, ... yes
Identity Identities can represent actual individuals, organizations, or groups (e yes
TcpExt The TCP extension specifies a default extension for capturing network traffic... no
Dictionary A dictionary captures a set of key/value pairs no
WindowsRegistryValue Structured value entry under a Windows registry key no
Hex The hex data type encodes an array of octets (8-bit bytes) as hexadecimal no
IntrusionSet An Intrusion Set is a grouped set of adversary behavior and resources with co... yes
Indicator Indicators contain a pattern that can be used to detect suspicious or malicio... yes
SocketExt The Socket extension specifies a default extension for capturing network traf... no
Relationship The Relationship object is used to link together two SDOs in order to describ... yes
StixDomainObject no
WindowsPEOptionalHeaderType The Windows PE Optional Header type represents the properties of the PE optio... no
Sighting A Sighting denotes the belief that something in CTI (e yes
StixRelationshipObject no
Properties Rules for custom properties no
WindowsPESection The Windows PE Section type specifies metadata about a PE file section no
AlternateDataStreamType Specifies properties of an NTFS alternate data stream no
ArchiveExt The Archive File extension specifies a default extension for capturing proper... no
PdfExt The PDF extension specifies a default extension for capturing properties spec... no
Location A Location represents a geographic location yes
Core Common properties and behavior across all STIX Domain Objects and STIX Relati... yes
AutonomousSystem The AS object represents the properties of an Autonomous Systems (AS) yes
Incident The Incident object in STIX 2 yes
CyberObservableObject no
NtfsExt The NTFS extension specifies a default extension for capturing properties spe... no
Malware Malware is a type of TTP that is also known as malicious code and malicious s... yes
Grouping A Grouping object explicitly asserts that the referenced STIX Objects have a ... yes
UserAccount The User Account Object represents an instance of any type of user account, i... yes
WindowsProcessExt The Windows Process extension specifies properties specific to Windows proces... no
EmailMessage The Email Message Object represents an instance of an email message yes
Note A Note is a comment or note containing informative text to help explain the c... yes
Bundle A Bundle is a collection of arbitrary STIX Objects and Marking Definitions gr... yes
UrlRegex Matches a URI according to RFC 3986 no
Ipv4Addr The IPv4 Address Object represents one or more IPv4 addresses expressed using... yes
Artifact The Artifact Object permits capturing an array of bytes (8-bits), as a base64... yes
DomainName The Domain Name represents the properties of a network domain name yes
Process The Process Object represents common properties of an instance of a computer ... yes
WindowsRegistryKey The Registry Key Object represents the properties of a Windows registry key yes
AttackPattern Attack Patterns are a type of TTP that describe ways that adversaries attempt... yes
Identifier Represents identifiers across the CTI specifications no
MarkingDefinition The marking-definition object represents a specific marking yes
Vulnerability A Vulnerability is a mistake in software that can be directly used by a hacke... yes
GranularMarking The granular-marking type defines how the list of marking-definition objects ... no
Opinion An Opinion is an assessment of the correctness of the information in a STIX O... yes
CyberObservableCore Common properties and behavior across all Cyber Observable Objects yes
Infrastructure Infrastructure objects describe systems, software services, and associated ph... yes
CommonSchemaComponent no
LanguageContent The language-content object represents text content for STIX Objects represen... yes
File The File Object represents the properties of a file yes
NetworkTraffic The Network Traffic Object represents arbitrary network traffic that originat... yes
Report Reports are collections of threat intelligence focused on one or more topics,... yes

Properties

Type and Range

Property Value
Range StixIdentifier
Domain Of StixEntity, Bundle, Core, CyberObservableCore, ExtensionDefinition, LanguageContent, MarkingDefinition, File

Cardinality and Requirements

Property Value

Identifier and Mapping Information

Schema Source

  • from schema: https://w3id.org/lmodel/stix

Mappings

Mapping Type Mapped Value
self stix:id
native stix:id
related unified_cyber_ontology:externalReference

LinkML Source

name: id
description: STIX object identifier.
from_schema: https://w3id.org/lmodel/stix
related_mappings:
- unified_cyber_ontology:externalReference
rank: 1000
alias: id
domain_of:
- StixEntity
- Bundle
- Core
- CyberObservableCore
- ExtensionDefinition
- LanguageContent
- MarkingDefinition
- File
range: stix_identifier