We are excited to announce that Cloudflare Threat Events now supports the STIX2 (Structured Threat Information Expression) format. This was a highly requested feature designed to streamline how security teams consume and act upon our threat intelligence.
By adopting this industry-standard format, you can now integrate Cloudflare’s threat events data more effectively into your existing security ecosystem.
Key benefits
-
Eliminate the need for custom parsers, as STIX2 allows for “out of the box” ingestion into major Threat Intel Platforms (TIPs), SIEMs, and SOAR tools.
-
STIX2 provides a standardized way to represent relationships between indicators, sightings, and threat actors, giving your analysts a clearer picture of the threat landscape.
For technical details on how to query events using this format, please refer to our Threat Events API Documentation.
Source: Cloudflare
Latest Posts
- GCP Release Notes: February 04, 2026
- Microsoft Teams: Digital signage in Teams Rooms on Android [MC1227077]
- Events in Meet app – Introducing a redesigned, unified Events experience in Microsoft Teams [MC1227087]
- Engage is retiring live events powered by Teams Live Events effective April 15th, 2026 [MC1227085]
The move to STIX2 support is a big step toward making threat data more actionable across different security ecosystems. It’s great to see Cloudflare aligning with standards that many teams already use, since it removes a lot of the friction in correlating events across platforms. Curious to see how this influences automation possibilities for incident response workflows.