-
Notifications
You must be signed in to change notification settings - Fork 21
Getting Started (1.0.1)
The first and most important step to getting started with STIX is to understand why it was developed, what problems it is designed to solve, and how you can use it to solve those problems. The STIX Whitepaper is a great start to understanding this: it will explain all of that as well as what the individual components of STIX are and how they fit together.
We're also happy to set up either teleconferences or in-person meetings (in the Boston, MA and Washington, DC area) to go through introductory session, a more in-depth training/development session, or to walk you through how to map your existing content into STIX. If that's something you're interested in, reach out to us at stix@mitre.org and let us know.
In STIX 1.0.1 and 1.1, the data model is represented as an XML Schema. The STIX schemas define the canonical STIX data model and the only official way to share STIX information is through XML instance documents that conform to these schemas.
If you're an XML person, now would be a good time to download the schemas. To do so, visit the release page and choose which bundle of content you want to download. The recommended download is the All Files (Offline) bundle. It contains all STIX schemas, all CybOX schemas, and all extension/external schemas. In other words, everything you need to validate STIX instance documents. We do not suggest using the schemas from this GitHub schemas repository unless you know what you're doing: these are development versions and are not optimized for ease of use.
In either case, the schema documentation is available both for those of you that aren't as familiar with XML Schema and those that are but don't want to have to pour through XML. This documentation is available on the release page, under the "Documentation" column.
If you're like many people, there's no substitute for good sample data when working with a new language or tool. The STIX project has a samples page for just that reason, containing both short, use-case driven samples and longer reports that map to prose reports released by industry. We also have a walkthrough that takes a look at the IP Watchlist from the samples page and walks you through the various STIX and CybOX concepts that it uses.
Once you understand the core concepts of how STIX works and have either the schemas or the documentation so you can look up any data model questions, there are a couple options for where to look next:
- If you want to jump right into sample content, see the Sample Walkthrough
- If you're interested in user-level tooling and programmatic support, go to the Tools page
- Finally, if you want to get started creating content, you want the Authoring Tutorial