PUBLICATION

Filtering Automated Indicator Sharing (AIS) Content Based on Specified Criteria

V1.0
Related topics:

Filters are a capability in the Trusted Automated Exchange of Intelligence Information (TAXII) specification that enable users to query and retrieve a subset of Structured Threat Information Expression (STIX) content from the entire set of STIX content on a TAXII server based on a set of parameters. Filters assist analysts in the triage process and allow them to extract a smaller subset of the overall AIS feed to prioritize the STIX objects that are most likely to be actionable in support of their organization’s network defense. This guide reviews how TAXII filtering works and includes example filters for common use cases.