New GUI STIX Builder!
Build Custom STIX Bundles, Preview documents and MITRE ATT&CK Profiles

Yay, new toys! I hear you shout... and yes it's that time again. We're working on a new big preview feature to get us closer to our vision. Our new STIX bundle builder will enable users to build their own custom STIX intelligence bundles based upon the dataset that's in the Cybergeist cyber threat intelligence store, along with their own personal knowledge. We're working on this due to some valuable feedback about how we structure our STIX objects by default, and our choice to focus on the justification of how a determination was made rather than enabling a more clean external expression of the threat itself. This way, we can do both.

We've got a longer term roadmap for this feature, but if you're in a position where you want to share some basic information about a threat, along with your own notes now, it's in a basic usable state today. Simply head over to the STIX builder interface to take a look. In general our goals for this feature are:

  • Make it crazy easy and accessible to build STIX Threat Intel bundles along with your blog posts or reports
  • Allow users to build their own libraries of bundles that they can share as a complete set and collaborate upon with others
  • Publish these public bundles via TAXII for anyone that needs them to consume

I think we should have all three done by the end of 2024 🤞


To get started with a new STIX bundle, simply search for the threat objects you would like to add, and you'll see them appear in the visual palette below. Select the object to further add details of related malware, threat actors, vulnerabilities and reports. This should get you a raw STIX JSON bundle that you can copy and perform whatever additional edits you choose to.

In other news, you'll notice a few additional features have appeared.

MITRE Descriptions

When a threat actor or malware object has an identified MITRE Profile, this is now displayed next to the description (logged in users only).

Preview Document Icon

We've added a preview icon next to document links to make it more clear that a cached version of the report is ready for your viewing in app.

As always, if things don't work, email us at [email protected]

Max