What are two functions of TAXII in threat intelligence sharing?

 TAXII, short for Trusted Automated eXchange of Intelligence Information, is a protocol that defines how cyber threat information can be shared via services and message exchanges. It is designed specifically to support STIX information, which is a standardized language for expressing and exchanging cyber threat information. TAXII enables organizations to share STIX information by defining an API that aligns with common sharing models, such as hub and spoke, source/subscriber, and peer-to-peer. TAXII also defines four services that allow users to discover, manage, receive, and request STIX information. Therefore, TAXII supports STIX information and determines how threat intelligence information is relayed. TAXII does not determine the “what” of threat intelligence, as that is the role of STIX. TAXII does not allow users to describe threat motivations and abilities, as that is also part of STIX. TAXII does not exchange trusted anomaly intelligence information, as that is a specific type of threat intelligence that may or may not be represented in STIX. References:

What are STIX/TAXII Standards I Resources I Anomali

Cyber Threat Intelligence Technical Committee - GitHub Pages