EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Journey to Support STIX 2.1

Fusion Center March 9, 2018

Our Journey to Support STIX 2.1

STIX (Structured Threat Information eXpression) is an important Cyber Threat Intelligence (CTI) standard for EclecticIQ. It is the foundation of the data model of the EclecticIQ Platform, and its disruptive power has helped to enable and transform the threat intelligence community in a relatively short time span. It’s for this reason that it was a logical step for us to become a proud member of OASIS back in 2016 and contribute to the STIX 1.x series.

We are big supporters of the hard work and effort that the CTI community has put into the ongoing development of STIX. STIX 2.0 marked a significant overhaul of version 1.2 and we regarded it as a very promising step. It is, however, normal that such a big overhaul cannot be perfect from the outset. We at EclecticIQ for instance, thought version 2.0 was lacking some key elements that really matter to us, such as the Incident object and the Analyst Opinions and Notes, which would provide an opportunity for advanced analytic assertion management. More importantly, Confidence was removed, and Malware entities also required some additional details, which will be included in version 2.1.

As a result of these missing elements, we decided not to rush into supporting 2.0 immediately and instead we would wait for the more refined version 2.1, which we believe will address the majority of its issues.

So, no need to be alarmed! We will support STIX 2. We’re simply putting our efforts into supporting version 2.1.

We did not just want to tick a box and claim to support STIX 2.0. Therefore, we have opted for a gradual adoption product road map that allows us to combine the capabilities of STIX 1.2 in addition to elements from STIX 2.0, with support of STIX 2.1 as the final result.

Before going into more detail, let’s consider how we currently use STIX.

 

STIX 2.1

 

The STIX model is crucial for a successful CTI practice, so we integrated it into our platform with the aim of sticking to the true intention of the language. This would mean that cyber threats can not only be described but also stored, shared and analyzed in a consistent manner. When we inject data into our platform we pull it apart, create a structure based on STIX and add in more context to allow for real analysis, correlation and the ability to build structured models.

True STIX Support

We believe that supporting only a selection of STIX objects or limiting capabilities to reading indicators and moving them around is not good enough — for us or the threat intelligence community. We aim to achieve complete support with the highest number of available objects as well as supporting the required functionality to deal with them completely; from correlation to analysis to reporting.

So how can we transition from STIX 1.2 to STIX 2.1 with that goal in mind?

While we are waiting for STIX 2 to mature with the 2.1 release, we are gradually moving towards version 2.1 by transitioning our internal data model in stages throughout the year. We will move from STIX 1.2 to STIX 2.0, then from STIX 2.0 to STIX 2.1.

The goal during the transition phase is to always be able to ingest and send out STIX 2.0 data throughout our platform. Customers can always make full use of the functionalities provided by STIX 1.2 until we are ready to adopt STIX 2.1.

At the end of this journey our customers can look forward to using the more detailed, flexible and capable STIX 2.1 data model, which reduces the ambiguity that exists in STIX 1.2, and adds the important capabilities that are missing from STIX 2.0. In addition, the usability and scalability will become easier and more accessible to a wider audience under STIX 2.1. Our hope is that with STIX 2.1, STIX use will become commonplace and the base on which businesses and organizations build their CTI practices on.

STIX is a prime example of what can be achieved when we collectively work together for a common goal. We are grateful to be part of a community that shares our ambition to consciously improve CTI.

 
We hope you enjoyed this post. Follow our blog for more interesting reads on Cyber Threat Intelligence or check out our resource section for whitepapers, threat analysis reports and more. 

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (115)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo