The OASIS CTI TC is offering a FREE, one-day training course on the new versions of STIX and TAXII – STIX2/TAXII2 on Wednesday, June 6th. This training is targeted at developers and analysts who are interested in learning more about these new standards. Both in-person and remote participation options are available.

STIX/TAXII v2 Training Agenda
Theory/Introduction Key Lessons Learned
Wednesday, June 6, 2018

Target audience:

  • Developers
  • Analysts


  • Some programming experience helpful (e.g. python), but not required
  • Some experience in threat intelligence and security technologies


Register Now


Draft Agenda:

9.00 am – 9.30 am: Overview on STIX/TAXII & History

9.30 am – 12.00 pm: STIX 2 Data Model Foundations

  • Use Cases supported
  • Overall architecture
  • Working with objects and how to construct related intelligence
  • Object versioning
  • Customization and extension
  • Pattern language introduction and examples
  • Interop implications integrated throughout

12.00 pm – 1.00 pm: Lunch

1.00 pm – 3.00 pm: TAXII 2 & Interop Foundations

  • Key methods
  • Filtering techniques
  • Post/get methods
  • Interop persona, test methodology…etc.

3.00 pm – 3.30 pm: Coffee/Break

3.30 pm – 6.00 pm: STIX/TAXII 2 In Practice

  • Leveraging STIX2 for Modelling TI
    • Key things to consider when your modelling
    • Specific examples of
      • intel report to stix model
      • indicators vs sightings and why
      • how to model common uses for mitigation leveraging pattern grammar
  • Using PythonSTIX2 tutorial/implementation guidance
    • Programming using the MITRE libraries