New in the QRadar Threat Intelligence App: STIX/TAXII 2.1 Support

As threat actors evolve, so must our intelligence capabilities. In response to industry demand and evolving interoperability standards, we’re excited to announce that the QRadar Threat Intelligence (TI) app now supports STIX/TAXII 2.1, the latest version of the Structured Threat Information Expression and Trusted Automated Exchange of Intelligence Information protocols.

This enhancement builds upon our existing support for STIX/TAXII 1.x, 2.x — enabling QRadar users to connect with more modern and secure threat feeds that align with today’s cybersecurity ecosystem.

Download the application now: https://apps.xforce.ibmcloud.com

What Is STIX/TAXII 2.1?

STIX 2.1 and TAXII 2.1 are open standards developed by OASIS for sharing threat intelligence in a machine-readable format. They offer improved modelling of threat data, better support for custom objects and extensions, and clearer guidance on how producers and consumers should structure content.

As organisations increasingly rely on automated threat detection and enrichment, having access to real-time, structured, and reliable intelligence is essential. By supporting STIX/TAXII 2.1, the TI App can now ingest data from modern threat intel providers that are deprecating earlier protocol versions.

This upgrade is especially important for customers who:

• Need compliance with modern threat intelligence sharing requirements

• Are leveraging private TAXII servers or curated intelligence feeds using 2.1

Feature Highlights

• Added support for STIX 2.1 and TAXII 2.1: enabling broader compatibility with modern threat intelligence standards
• Introduced new objects:
  • type (e.g., Malware, Infrastructure)
  • confidence_score
• Enhanced contextualisation of threat data: irrespective of the feed provider, so users get richer, actionable insights.
• Support for multiple STIX 2.1 formats: increases coverage of threat feeds and format of STIX 2.1, allowing QRadar to detect suspicious IPs, hashes, files, and more, regardless of the feed source.
• Configuration retention: previously, all feed configurations were lost after an upgrade; now, all metadata and configurations are retained when upgrading to the latest TI app version.
• Direct response to customer demand: addressing requests from over 100+ customers who asked for flexibility to use the TI app with feeds of their choice.

Built with You in Mind

This feature has been developed in close alignment with customer feedback — particularly from highly regulated industries, financial services, and government clients where TAXII 2.1 has become the expected baseline.

As always, we welcome continued feedback to guide future enhancements. If you have additional feature requests for apps or integrations you’d like to see supported, please submit them via the QRadar Ideas Portal.

Additional Resources

• IBM QRadar TI App Documentation

• Submit New Feature Ideas

Stay ahead of threats — with better intelligence, deeper context, and smarter detection.
Update your Threat Intelligence App today: https://apps.xforce.ibmcloud.com