使用 STIX™规范 网络威胁情报信息公益 译文项目 Sean Barnum 2014年2月20日 文档信息 原文名称 Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression(STIX™) 原文作者 Sean Barnum 原文发布日期 2014年2月20日 作者简介 原文发布单位 MITRE 原文出处 https://stixproject.github.io/ 译者 小蜜蜂公益翻译组 校对者 小蜜蜂公益翻译组 免责声明  本文原文来自于互联网的公共方式，由“安全加”社区出于学习交流的目的进行翻译，而无任何商业利益的考虑和利用， “安全加”社区已经尽可能地对作者和来源进行了通告，但不保证能够穷尽，如您主张相关权利，请及时与“安全加” 社区联系。  “安全加”社区不对翻译版本的准确性、可靠性作任何保证，也不为由翻译不准确所导致的直接或间接损失承担责任。在使用翻译版本中所包含的技术信息时，用户同意“安全加”社区对可能出现的翻译不完整、或不准确导致的全部或 部分损失不承担任何责任。用户亦保证不用做商业用途，也不以任何方式修改本译文，基于上述问题产生侵权行为的， 法律责任由用户自负。 小蜜蜂公益翻译组 “安全加”社区目录 摘要······························································································ 1 1 引言 ··························································································· 2 2 背景 ··························································································· 3 3 现用方法 ····················································································· 5 4 发展历史 ····················································································· 6 5 何为 STIX？ ················································································ 7 6 用例 ··························································································· 8 6.1 （用例 1）分析网络威胁 ··································································· 8 6.2 （用例 2）明确网络威胁的指标特征 ···················································· 8 6.3 （用例 3）管理网络威胁响应活动 ······················································· 8 6.4 （用例 4）共享网络威胁信息 ····························································· 9 7 指导原则 ··················································································· 10 7.1 清晰表达 ······················································································· 10 7.2 集成，而非复制 ·············································································· 10 7.3 灵活性 ·························································································· 10 7.4 扩展性 ·························································································· 10 7.5 自动化 ·························································································· 10 7.6 可读性 ·························································································· 10 8 架构 ·························································································· 11 9 STIX结构 ·················································································· 12 9.1 可观察物 ······················································································· 12 9.2 指标 ····························································································· 12 9.3 安全事件 ······················································································· 12 9.4 策略、技术与过程（TTP） ······························································· 12 9.5 行动 ····························································································· 13 9.6 威胁源起方 ···················································································· 13 9.7 利用目标 ······················································································· 13 9.8 行动方案（COA） ·········································································· 14 9.9 数据标记 ······················································································· 14 10 实现 ······················································································· 15 11 用法 ························································································ 16 12 结论及未来工作 ········································································ 17 13 致谢 ······················································································· 18 参考···························································································· 19使用 STIX™规范网络威胁情报信息 2014年2月 V1.1公益 译文项目 2017 1 摘要 对组织来说，获得网络威胁情报能力越来越必要，而成功获取该等能力的关键要素是与合作伙伴、友商 及所信任的其他人进行信息共享。网络威胁情报和信息共享可帮助组织聚焦庞杂的网络安全信息，并对数据 的使用进行优先级排序