TISC Key terminology

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • The terms defined below are used throughout the Threat Intelligence Security Center (TISC).

    Table 1. Terminology Definitions
    Terminology Definition
    Data Processing A Threat Intelligence Platform (TIP) is a technology solution that collects, aggregates, and organizes threat intelligence data from various sources and patterns. Threat intelligence is the data that is collected, processed, and analyzed to understand a threat actors targets and attack behaviors.
    Observables Observables represent stateful properties (such as the MD5 hash of a file or the value of a registry key) or measurable events (such as the creation of a registry key or the deletion of a file) that are pertinent to the operation of computers and networks. For more information, see Observables.
    Indicators Indicators contain a pattern that can be used to detect suspicious or malicious cyber activity. For example, an Indicator may be used to represent a set of malicious domains and use the STIX Patterning Language to specify these domains.

    The Indicator SDO contains a simple textual description, the Kill Chain Phases that it detects behavior in, a time window for when the Indicator is valid or useful, and a required pattern property to capture a structured detection pattern. For more information, see Indicators.
    Objects Defines the set of STIX Domain Objects (SDOs), each of which corresponds to a unique concept commonly represented in Cyber Threat Intelligence (CTI).

    Using SDOs and STIX Relationship Objects (SROs) as building blocks, individuals can create and share broad and comprehensive cyber threat intelligence. For more information, see TISC Library Repository.
    Relationships A relationship is a link between two observables or two SDOs or Observable and SDO that describes the way in which the objects are related.

    Relationships can be represented using an external STIX Relationship Object (SRO) or, in some cases, through certain properties which store an identifier reference that comprises an embedded relationship. For more information, see Relationships Objects.