TraxTi is a TAXII client/consumer that reads STIX objects from the MITRE TAXII server. STIX stands for Structured Threat Information Expression (STIX™) and is a language and serialisation format used to exchange cyber threat intelligence (CTI). TAXII, stands for Trusted Automated eXchange of Intelligence Information and defines how cyber threat information can be shared via services and message exchanges. It is designed specifically to support STIX information. More information on STIX and TAXII can be found via this link.

The MITRE TAXII server maintains the following collections, MITRE ATT&CK is a registered trademark of he MITRE Corporation (MITRE):

  • Enterprise ATT&CK; This collection holds the STIX objects from Enterprise ATT&CK,
  • PRE-ATT&CK; This collection holds the STIX Objects from the PRE-ATT&CK,
  • Mobile ATT&CK; This collection holds the STIX objects from the Mobile ATT&CK and
  • ICS ATT&CK; This collection holds the STIX objects from the ICS ATT&CK.

In a single view the TAXII server details, the collections on the server, the objects list for selected collection and the object details for the selected object.

Each of the object types are labelled in a color to make it more easy to quickly scroll to the list in search of a specific object type.

The search function allows to search for a specific object type. For the selected object the details are presented. If attributes are not available for that specific object they will also not be shown.

Links are made ‘clickable’ so these can easily be opened in a browser.

Server, Collections, Objects and Object Details in a Single view on the iPad.