D. STIX (Structured Threat Information eXpression): STIX is a standardized language for representing threat information in a structured and machine-readable format. It facilitates the sharing ofthreat intelligence by ensuring that data is consistent and can be easily understood by all parties involved.
E. TAXII (Trusted Automated eXchange of Indicator Information): TAXII is a transport mechanism that enables the sharing of cyber threat information over a secure and trusted network. It works in conjunction with STIX to automate the exchange of threat intelligence among organizations.
Other options:
A. CWPP (Cloud Workload Protection Platform): This focuses on securing cloud workloads and is not directly related to threat intelligence sharing.
B. YARA: YARA is used for malware research and identifying patterns in files, but it is not a platform for sharing threat intelligence.
C. ATT&CK: This is a knowledge base of adversary tactics andtechniques but does not facilitate the sharing of threat intelligence data.
F. JTAG: JTAG is a standard for testing and debugging integrated circuits, not related to threat intelligence.
[References:, CompTIA Security+ Study Guide, "STIX and TAXII: The Backbone of Threat Intelligence Sharing" by MITRE, NIST SP 800-150, "Guide to Cyber Threat Information Sharing", , , , , ]
Submit