Description
This is the Interoperability test document to supplement the Structured Threat Information Expression (STIX) 2.1 OASIS Standard developed by the Cyber Threat Intelligence Technical Committee (CTI TC) of the Organization for the Advancement of Structured Information Systems (OASIS). It is available at: https://www.oasis-open.org/committees/document.php?document_id=69153&wg_abbrev=cti This test document provides detailed requirements on how producers of products within the threat intelligence ecosystem may demonstrate STIX 2.1 interoperability compliance. There are several personas detailed in section 1 of this specification. These are: Adversary Infrastructure Mapping (AIM), Local Infrastructure Mapping (LIM), Malware Analysis System (MAS), Security Incident and Event Management (SIEM), STIX Consumer (SXC), STIX Producer (SXP), Threat Detection System (TDS), Threat Intelligence Platform (TIP), and Threat Mitigation System (TMS). This Interoperability test document defines tests of the following use cases: Attack Pattern sharing, Campaign sharing, confidence sharing, Course of Action sharing, Data Marking sharing, Grouping sharing, Indicator sharing, Infrastructure sharing, Intrusion Set sharing, Location sharing, Malware Analysis sharing, Malware sharing, Note sharing, Observed Data sharing, Opinion sharing, Report sharing, Sighting sharing, Threat Actor sharing, Tool sharing, versioning, and Vulnerability sharing. For each of these use cases the document details the Producer support and the Consumer support to be used for the test cases.
