Understanding the TAXII standard
TAXII is an open source standard for CTI that automates the process of information sharing. Compared to STIX, TAXII is considered a transport mechanism for CTI information exchanged over HTTPS. The standard uses a client-server architecture to facilitate data exchange. The protocol standard defines services, messages, and requirements to create an effective sharing environment. Two services are defined in the sharing mode:
- Collection: TAXII servers have logical repositories that contain CTI objects. When a CTI analyst installs a TAXII server, a set of CTI data is hosted in it. The clients use the collection service to request CTI information from the server. Therefore, the collection service is an interface that communicates with the TAXII server repositories. It adopts a request-response model.
- Channel: When analysts perform intelligence operations, they might want to share the result with the rest of the security community. TAXII adopts...
