Skip to content

Slot: external_references

External references to non-STIX information.

URI: stix:external_references Alias: external_references

Applicable Classes

Name Description Modifies Slot
Campaign A Campaign is a grouping of adversary behavior that describes a set of malici... no
Grouping A Grouping object explicitly asserts that the referenced STIX Objects have a ... no
Incident The Incident object in STIX 2 no
Note A Note is a comment or note containing informative text to help explain the c... no
StixDomainObject no
Identity Identities can represent actual individuals, organizations, or groups (e no
Vulnerability A Vulnerability is a mistake in software that can be directly used by a hacke... no
MarkingDefinition The marking-definition object represents a specific marking yes
AttackPattern Attack Patterns are a type of TTP that describe ways that adversaries attempt... no
Tool Tools are legitimate software that can be used by threat actors to perform at... no
IntrusionSet An Intrusion Set is a grouped set of adversary behavior and resources with co... no
StixRelationshipObject no
LanguageContent The language-content object represents text content for STIX Objects represen... no
Opinion An Opinion is an assessment of the correctness of the information in a STIX O... no
CourseOfAction A Course of Action is an action taken either to prevent an attack or to respo... no
MalwareAnalysis Malware Analysis captures the metadata and results of a particular analysis p... no
Location A Location represents a geographic location no
Relationship The Relationship object is used to link together two SDOs in order to describ... no
ObservedData Observed data conveys information that was observed on systems and networks, ... no
ExtensionDefinition The STIX Extension Definition object allows producers of threat intelligence ... no
Indicator Indicators contain a pattern that can be used to detect suspicious or malicio... no
Infrastructure Infrastructure objects describe systems, software services, and associated ph... no
ThreatActor Threat Actors are actual individuals, groups, or organizations believed to be... no
Sighting A Sighting denotes the belief that something in CTI (e no
Core Common properties and behavior across all STIX Domain Objects and STIX Relati... yes
Malware Malware is a type of TTP that is also known as malicious code and malicious s... no
Report Reports are collections of threat intelligence focused on one or more topics,... no

Properties

Type and Range

Property Value
Range ExternalReference
Domain Of Core, MarkingDefinition

Cardinality and Requirements

Property Value
Multivalued Yes

Identifier and Mapping Information

Schema Source

  • from schema: https://w3id.org/lmodel/stix

Mappings

Mapping Type Mapped Value
self stix:external_references
native stix:external_references
close unified_cyber_ontology:externalReference

LinkML Source

name: external_references
description: External references to non-STIX information.
from_schema: https://w3id.org/lmodel/stix
close_mappings:
- unified_cyber_ontology:externalReference
rank: 1000
alias: external_references
domain_of:
- Core
- MarkingDefinition
range: ExternalReference
multivalued: true