Glossary

• CTI - cyber threat indicators. Any data that indicates potential malicious cyber activities.
• domain - a standard web address, typically ending in .com, .net, .org, and .edu, among others.
• URL - uniform resource locator. A complete web address, including the protocol (http/https), domain, and any additional pathing information.
• IP address - a decimal-separated numerical address assigned to acting systems on the internet to uniquely identify them
• port - a numerical identifier assigned to specific services running on a system. Common ports include 80 (HTTP), 443 (HTTPS), and 22 (SSH).
• ASN - autonomous system number. A uniquely-assigned number allowing a system to broadcast its presence to other systems.
• IOC - indicators of compromise. Data that points to potentially malicious activity on a network system.
• STIX - Structured Threat Indication Expression. A language designed specifically for communication of CTI.
• TAXII - Trusted Automated Exchange of Indicator Information. A transport protocol designed specifically for the communication of CTI over a network.
• IDS - Intrusion Detection system. An automated system built to detect when another system has been or is actively being compromised, usually by malicious actors on the internet.