Borderless Cyber Conference

STIX Patterning is perhaps the most innovative addition to STIX 2.0, yet it is poorly understood. STIX Patterning is the language in which IOCs are conveyed in STIX 2.0 Indicators. But STIX Patterning targets much more than IOCs.

Join Us

Join us for the Cyber Threat Intelligence Matters Borderless Cyber Conference in Prague, December 6-8, 2017, where Trey Darley, Director of Standards Development, New Context and Jason Keirstead, Senior Technical Staff Member, IBM, will present STIX Patterning: Viva la revolución!

In this talk Jason and Trey will provide an overview of STIX Patterning as currently defined in STIX 2.0. Audience members will receive a quick-reference card as a handout. Jason and Trey will show how to define network indicators (à la Snort) and host-based indicators (à la YARA), then progress to demonstrate how to define more sophisticated indicators correlating potentially malicious behavior across both network sensors and endpoints.

They will show where the language is ultimately heading as powerful new capabilities are added in forthcoming STIX releases, including a sneak peek into the work being done to enable an even more ambitious goal – the sharing of advanced analytics across organizations and platforms.

Trey Darley


Trey Darley
Director of Standards Development, New Context


Jason Keirstead
Senior Technical Staff Member, IBM