TAXII

Trusted Automated eXchange of Intelligence Information (TAXII) is a protocol for exchanging cyber threat information (CTI) across organizations and services. TAXII is a transport mechanism that uses Hypertext Transfer Protocol Secure (HTTPS) to transfer STIX insights.

TAXII is a U.S. Department of Homeland Security initiative that enables organizations to share CTI to detect, prevent, and mitigate cyber threats. TAXII is not a specific application or information-sharing initiative; it provides the tools to help organizations share CTI with their chosen partners.

TAXII defines a set of requirements for TAXII clients and servers and a RESTful API that supports various sharing models. The three main TAXII models are:

Hub and spoke: A single repository of information

Source/subscriber: A single source of information

Peer-to-peer: Multiple groups share information

TAXII is a good starting point for those new to threat intelligence.