STIX support through AutoFocus currently conforms to
STIX 1.1.1. To effectively provide the volume of data available through AutoFocus, responses contain embedded MAEC (Malware Attribute Enumeration and Characterization) and CybOX (Cyber Observable eXpression) content. MAEC is especially suited for structured, detailed malware information, such as behaviors, static analysis, and dynamic analysis of malware. CybOX content captures observable events and properties of malware such as platforms where the malware is found and actions taken by the malware.
For example, when you
Get Sample Analysis
reports using the STIX API, the response shows a combination of STIX, MAEC, and CybOX content: