Analysis of Threat Intelligence Information Exchange via the STIX Standard

Threat Information exchange is a highly relevant topic in today's environment of increasing data breaches, hacks and scams. Standardized formats for exchanging such information exist, but if and how they are used by an active community is determinant for gaining information from such provided information. We provide an in depth analysis of the current state of the Structured Threat Information Expression (STIX) standard, consisting of 5 different active threat information providers. Based on an analysis of 480,867 threat information objects, we find that the STIX standard is not used to its full capabilities, and lacks usefulness due to the quality and up-to-dateness of the information. We give suggestions for future improvements of standards based threat information exchange, such as more adherence to the core standard, and fostering an active community.