If you select the STIX (.xml) option when exporting all web address browsing results, Kaspersky Threat Intelligence Portal saves results as a file in STIX format.
By default, the format of the file name is as follows: <web address>.stix. You can change the file name if necessary.
Each STIX file contains sections described in the table below.
STIX file sections
Section |
Description |
|---|---|
Description |
Information about web address parameters and browsing settings, threats that were detected during the web address browsing, and SNORT or Suricata rules that were triggered during analysis of traffic from the web address. |
URL Domain |
WHOIS information about host of the analyzed web address. |
Hosts |
Information about IP addresses to which the fully qualified domain name (FQDN) for the requested web address resolved during the analysis. |