Structured Threat Intelligence Graph (STIG)
Structured Threat Intelligence Graph (STIG) is a tool for creating, editing, querying, analyzing and visualizing threat intelligence. It uses Sructured Threat Information Expression (STIX) version 2.1 as its data format. STIG uses a graph database (Neo4j) backend to allow highlighting of related threat data objects to focus on the most critical areas concerning the analyst in visual display, rather than reading thousands of lines of code to identify these relationships. STIG’s graph model offers scalability, visual discovery of relationships without complex queries, easy collaboration between analysts, and the ability to populate a database dynamically - meeting the dynamic nature of today’s cyberthreat. STIG is a unique means to easily share threat information with owners and operators of the critical infrastructure sectors.
Get the code: https://github.com/idaholab/STIG
More Information
For more information, please see this overview video or read the STIG Innovation Sheet.
STIX
The STIX version 2.1 specification can be found at https://oasis-open.github.io/cti-documentation/resources. An introduction and walk through of STIX can be found at https://oasis-open.github.io/cti-documentation/stix/intro.html, and https://oasis-open.github.io/cti-documentation/stix/walkthrough.html.
STIX provides a context-rich standard that can be tailored for installation specifics. This rich context provides actionable threat information to be shared across energy sector stakeholders. Beyond actionable, STIG code can be applied to the operational environment.