We are excited to announce that Cloudflare Threat Events now supports the STIX2 (Structured Threat Information Expression) format. This was a highly requested feature designed to streamline how security teams consume and act upon our threat intelligence.
By adopting this industry-standard format, you can now integrate Cloudflare’s threat events data more effectively into your existing security ecosystem.
Key benefits
-
Eliminate the need for custom parsers, as STIX2 allows for “out of the box” ingestion into major Threat Intel Platforms (TIPs), SIEMs, and SOAR tools.
-
STIX2 provides a standardized way to represent relationships between indicators, sightings, and threat actors, giving your analysts a clearer picture of the threat landscape.
For technical details on how to query events using this format, please refer to our Threat Events API Documentation.
Source: Cloudflare
Latest Posts
- New admin control for AI‑generated code previews in Microsoft 365 Copilot Pages [MC1254560]
- Purview DSPM’s Data Risk Assessments now support item-level investigation and remediation of SharePoint [MC1254556]
- Copilot Notebooks: New features coming to Frontier Public [MC1254552]
- Microsoft Teams: New slash command in compose to create workflows [MC1254553]
The move to STIX2 support is a big step toward making threat data more actionable across different security ecosystems. It’s great to see Cloudflare aligning with standards that many teams already use, since it removes a lot of the friction in correlating events across platforms. Curious to see how this influences automation possibilities for incident response workflows.