STIX 2 Utilities

STIX2 Entities and Transforms for Maltego

Structured Threat Information Expression (STIX™) is a language and serialization format used to exchange cyber threat intelligence (CTI).

STIX is open source and free, enabling organizations to share CTI with one another in a consistent and machine-readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively.

It is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

This integration contains a standard STIX 2 Entity definitions and a set of helper Transforms to pivot between these Entities and the relations they have to other STIX objects via their properties. To make full use of STIX threat intelligence in Maltego, a supplementary integration into a STIX-compatible system (for example, OpenCTI) is also needed.

The development of STIX2 entities for Maltego was initially started by ANSSI and was subsequently supported by Maltego. The project is available as open-source software, learn more about the original project here.

Benefits

• The STIX2 Entities enable representing and visualizing STIX2-compliant data in Maltego and serve as the basis for any integrations with STIX2-compatible Threat Intelligence systems
• Leverage the 40 object types adapted from STIX into the standard Maltego ontology in your investigations, along with over 100 utility Transforms for converting standard Maltego Entities into STIX data and pivoting STIX objects into their property relationships

Typical Users

• Cyber defenders
• Cyber Threat Analysts
• Malware Analysts
• Security Tool Vendors
• Security Researchers
• Threat Sharing Communities