Cyber Security Badge

STIX Visualizer

Threat Intelligence Graph Explorer

Home
Articles

Live STIX 2.1 Threat Intelligence Visualizer

Every CyberNetSec.io threat briefing is backed by a machine-readable STIX 2.1 bundle — structured intelligence you can graph, filter, and export. The visualizer renders the full threat picture: actors, malware, attack patterns, indicators, vulnerabilities, and the relationships that connect them, all in a live interactive force graph.

Look for the View STIX Graph button on any article page to open its bundle directly in this visualizer. Hover or click any node to inspect its full STIX properties. Export to PNG or download the raw STIX 2.1 JSON or SIGMA rules.

STIX bundles are available for articles published from 1 April 2026 onwards.

Interactive Graph

Force-directed vis-network graph with circuit-board aesthetic. Pan, zoom, and click any node or edge to inspect STIX properties. Hover a type badge to highlight all matching nodes and connected edges instantly.

MITRE + SIGMA

Attack patterns are mapped to MITRE ATT&CK technique IDs. Indicators carry embedded SIGMA detection rules — download them per-indicator or as a bulk YAML file ready to drop into your SIEM.

Article Bundles

Every published article generates a STIX 2.1 bundle automatically. Articles that include a bundle show a View STIX Graph button that opens the visualizer in a new tab — zero copy-paste required.

STIX Visualizer screenshot

Sample bundle

CPUID Supply Chain Attack Distributes STX RAT Malware

Open Live Graph

What is STIX 2.1?

Structured Threat Information eXpression (STIX) is an open standard language and serialization format for exchanging cyber threat intelligence — endorsed by OASIS and adopted across the security industry.

STIX 2.1 defines a rich vocabulary of objects — threat actors, malware, attack patterns, indicators, vulnerabilities, and more — plus typed relationships between them, all serialised as JSON. Bundles are distributed via TAXII 2.1 servers for machine-to-machine sharing.

CyberNetSec.io generates a STIX 2.1 bundle for every published article, maps incidents to MITRE ATT&CK techniques, embeds SIGMA detection rules into indicator objects, and publishes everything through a live TAXII 2.1 endpoint.

Common STIX Object Types

threat-actorthreat-actorAdversary group or individual
attack-patternattack-patternMITRE ATT&CK technique or tactic
malwaremalwareMalicious code or tool
indicatorindicatorObservable pattern (IOC)
vulnerabilityvulnerabilityCVE or software weakness
identityidentityPerson, org, or system
tooltoolLegitimate software used by actors
locationlocationGeographic or civic location
reportreportContainer wrapping a bundle
relationshiprelationshipDirected edge between objects