Cognitive Intelligence allows you to pull information on detected incidents down to your client for further correlation analysis and archival. The service supports MITRE's Trusted Automated eXchange of Indicator Information (TAXII) standard for integration with your Security Information and Event Management (SIEM) system. The TAXII standard specifies transport mechanisms used to share cyber threat information between systems.
For more information on TAXII, see:
The information in each incident is represented using the Structured Threat Information eXpression (STIX) language format. STIX is a structured language used to describe cyber threat information so it can be shared, stored, and analyzed in a consistent manner. The STIX format allows Cognitive Intelligence to represent its breach detection findings in a hierarchical format. The TAXII service uses a subset of the STIX language to describe the incidents Cognitive Intelligence has detected. Currently, the supported objects include:
Campaign—Confirmed threat category, if available
TTP—Tactics, Techniques, and Procedures
Indicator—Pattern identifying observable conditions
For more information on STIX, see: