We are excited to announce that Cloudflare Threat Events now supports the STIX2 (Structured Threat Information Expression) format. This was a highly requested feature designed to streamline how security teams consume and act upon our threat intelligence.
By adopting this industry-standard format, you can now integrate Cloudflare’s threat events data more effectively into your existing security ecosystem.
Key benefits
-
Eliminate the need for custom parsers, as STIX2 allows for “out of the box” ingestion into major Threat Intel Platforms (TIPs), SIEMs, and SOAR tools.
-
STIX2 provides a standardized way to represent relationships between indicators, sightings, and threat actors, giving your analysts a clearer picture of the threat landscape.
For technical details on how to query events using this format, please refer to our Threat Events API Documentation.
Source: Cloudflare
Latest Posts
- Dynamics 365 Project Operations – Calculate revenue recognition for stand-alone selling price contract lines [MC1230796]
- (Updated) Microsoft Teams: Select multiple messages to forward [MC1199767]
- (Updated) Remove toggle for Calendar in Teams [MC1129730]
- (Updated) Microsoft Teams: Digital signage in Teams Rooms on Android [MC1227077]
The move to STIX2 support is a big step toward making threat data more actionable across different security ecosystems. It’s great to see Cloudflare aligning with standards that many teams already use, since it removes a lot of the friction in correlating events across platforms. Curious to see how this influences automation possibilities for incident response workflows.