Indicators are probably the most frequently used object in the STIX 2 data model. At the heart of STIX Indicators is the STIX Patterning Language. STIX Patterning is a powerful tool capable of describing a wide spectrum of malicious attacker behavior in a machine-parsable format suitable for security automation.
STIX Patterning is also a language and as such it is defined by a grammar. The official OASIS specification for STIX Patterning weighs in at a sizable 34 pages of dense prose. We wanted to make life easier for folks coming up to speed on STIX Patterning, so we created a handy, quick reference card. We hope that you’ll find it useful!
We intend to update this as the STIX Patterning Language evolves. Please send any suggestions or corrections to firstname.lastname@example.org.
Check out our STIX resource page, your one-stop shop for STIX and TAXII tools and info.