Showing:

Annotations
Attributes
Diagrams
Source
Used by
Imported schema Process_Object.xsd
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
Element ProcessObj:ProcessObjectType / ProcessObj:PID
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The PID field specifies the Process ID, or PID, of the process.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedIntegerObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedIntegerObjectPropertyType
Type cyboxCommon:UnsignedIntegerObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedInt optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="PID" type="cyboxCommon:UnsignedIntegerObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The PID field specifies the Process ID, or PID, of the process.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:Name
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Name field specifies the name of the process.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Name field specifies the name of the process.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:Creation_Time
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Creation_Time field specifies the local date/time at which the process was created.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#DateTimeObjectPropertyRestrictionType_datatype cybox_common_xsd.tmp#DateTimeObjectPropertyRestrictionType cybox_common_xsd.tmp#DateTimeObjectPropertyType_precision cybox_common_xsd.tmp#DateTimeObjectPropertyType
Type cyboxCommon:DateTimeObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum dateTime optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
precision cyboxCommon:DateTimePrecisionEnum second optional 
The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.
 
When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Creation_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Creation_Time field specifies the local date/time at which the process was created.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:Parent_PID
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Parent_PID field specifies the process ID (PID) of the parent process (i.e. the process that spawned this one), if applicable.
 
NOTE: this field will be deprecated in the next major version of this object, at which point the parent process of this process should be specified using a Related_Object with the "Child_Of" Relationship value.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedIntegerObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedIntegerObjectPropertyType
Type cyboxCommon:UnsignedIntegerObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedInt optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Parent_PID" type="cyboxCommon:UnsignedIntegerObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Parent_PID field specifies the process ID (PID) of the parent process (i.e. the process that spawned this one), if applicable.</xs:documentation>
    <xs:documentation>NOTE: this field will be deprecated in the next major version of this object, at which point the parent process of this process should be specified using a Related_Object with the "Child_Of" Relationship value.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:Child_PID_List
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Child_PID_List field specifies any children spawned by the process being characterized, by way of a list of PIDs.
 
NOTE: this field will be deprecated in the next major version of this object, at which point child processes of this process should be specified using a Related_Object with the "Parent_Of" Relationship value.
Diagram
Diagram Process_Object_xsd.tmp#ChildPIDListType_Child_PID Process_Object_xsd.tmp#ChildPIDListType
Type ProcessObj:ChildPIDListType
Children ProcessObj:Child_PID
Source
 
<xs:element name="Child_PID_List" type="ProcessObj:ChildPIDListType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Child_PID_List field specifies any children spawned by the process being characterized, by way of a list of PIDs.</xs:documentation>
    <xs:documentation>NOTE: this field will be deprecated in the next major version of this object, at which point child processes of this process should be specified using a Related_Object with the "Parent_Of" Relationship value.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ChildPIDListType / ProcessObj:Child_PID
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Child_PID field specifies the process ID of a single child process.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedIntegerObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedIntegerObjectPropertyType
Type cyboxCommon:UnsignedIntegerObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedInt optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Child_PID" type="cyboxCommon:UnsignedIntegerObjectPropertyType" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Child_PID field specifies the process ID of a single child process.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:Image_Info
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Image_Info field specifies information about the image associated with the process, such as its file name and path.
Diagram
Diagram Process_Object_xsd.tmp#ImageInfoType_File_Name Process_Object_xsd.tmp#ImageInfoType_Command_Line Process_Object_xsd.tmp#ImageInfoType_Current_Directory Process_Object_xsd.tmp#ImageInfoType_Path Process_Object_xsd.tmp#ImageInfoType
Type ProcessObj:ImageInfoType
Children ProcessObj:Command_Line, ProcessObj:Current_Directory, ProcessObj:File_Name, ProcessObj:Path
Source
 
<xs:element name="Image_Info" type="ProcessObj:ImageInfoType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Image_Info field specifies information about the image associated with the process, such as its file name and path.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ImageInfoType / ProcessObj:File_Name
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The File_Name field specifies the name of the binary file which represents the process image.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element minOccurs="0" name="File_Name" type="cyboxCommon:StringObjectPropertyType">
  <xs:annotation>
    <xs:documentation>The File_Name field specifies the name of the binary file which represents the process image.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ImageInfoType / ProcessObj:Command_Line
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Command_Line field specifies the complete command used to execute the process image.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Command_Line" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Command_Line field specifies the complete command used to execute the process image.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ImageInfoType / ProcessObj:Current_Directory
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Current_Directory field specifies the current directory of the process image.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Current_Directory" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Current_Directory field specifies the current directory of the process image.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ImageInfoType / ProcessObj:Path
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Path field specifies the fully qualified path to the image file, including the file name.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Path" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Path field specifies the fully qualified path to the image file, including the file name.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:Argument_List
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Argument_List field is optional and specifies a list of arguments utilized in initiating the process.
Diagram
Diagram Process_Object_xsd.tmp#ArgumentListType_Argument Process_Object_xsd.tmp#ArgumentListType
Type ProcessObj:ArgumentListType
Children ProcessObj:Argument
Source
 
<xs:element name="Argument_List" type="ProcessObj:ArgumentListType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Argument_List field is optional and specifies a list of arguments utilized in initiating the process.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ArgumentListType / ProcessObj:Argument
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Argument field is optional and specifies a single argument utilized in initiating the process.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Argument" type="cyboxCommon:StringObjectPropertyType" minOccurs="1" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Argument field is optional and specifies a single argument utilized in initiating the process.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:Environment_Variable_List
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Environment_Variable_List field specifies any environment variables associated with the process. This field imports and uses the EnvironmentVariableListType from the CybOX Common Types.
Diagram
Diagram cybox_common_xsd.tmp#EnvironmentVariableListType_Environment_Variable cybox_common_xsd.tmp#EnvironmentVariableListType
Type cyboxCommon:EnvironmentVariableListType
Children cyboxCommon:Environment_Variable
Source
 
<xs:element name="Environment_Variable_List" type="cyboxCommon:EnvironmentVariableListType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Environment_Variable_List field specifies any environment variables associated with the process. This field imports and uses the EnvironmentVariableListType from the CybOX Common Types.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:Kernel_Time
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Kernel_Time field specifies the duration of time that the process has executed in kernel mode.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#DurationObjectPropertyType_datatype cybox_common_xsd.tmp#DurationObjectPropertyType
Type cyboxCommon:DurationObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum duration optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Kernel_Time" type="cyboxCommon:DurationObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Kernel_Time field specifies the duration of time that the process has executed in kernel mode.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:Port_List
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Port_List field is optional and specifies a list of ports owned by the process.
Diagram
Diagram Process_Object_xsd.tmp#PortListType_Port Process_Object_xsd.tmp#PortListType
Type ProcessObj:PortListType
Children ProcessObj:Port
Source
 
<xs:element name="Port_List" type="ProcessObj:PortListType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Port_List field is optional and specifies a list of ports owned by the process.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:PortListType / ProcessObj:Port
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Port field is optional and specifies a single network port.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Port_Object_xsd.tmp#PortObjectType_Port_Value Port_Object_xsd.tmp#PortObjectType_Layer4_Protocol Port_Object_xsd.tmp#PortObjectType
Type PortObj:PortObjectType
Type hierarchy
Children PortObj:Layer4_Protocol, PortObj:Port_Value, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional 
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
 
<xs:element name="Port" type="PortObj:PortObjectType" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Port field is optional and specifies a single network port.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:Network_Connection_List
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Network_Connection_List field specifies information about any network connections opened or initiated by the process.
Diagram
Diagram Process_Object_xsd.tmp#NetworkConnectionListType_Network_Connection Process_Object_xsd.tmp#NetworkConnectionListType
Type ProcessObj:NetworkConnectionListType
Children ProcessObj:Network_Connection
Source
 
<xs:element name="Network_Connection_List" type="ProcessObj:NetworkConnectionListType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Network_Connection_List field specifies information about any network connections opened or initiated by the process.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:NetworkConnectionListType / ProcessObj:Network_Connection
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Network_Connection field specifies information about a single network connection opened or initiated by the process.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_tls_used Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Creation_Time Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer3_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer4_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer7_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Source_Socket_Address Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Source_TCP_State Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Destination_Socket_Address Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Destination_TCP_State Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer7_Connections Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType
Type NetworkConnectionObj:NetworkConnectionObjectType
Type hierarchy
Children NetworkConnectionObj:Creation_Time, NetworkConnectionObj:Destination_Socket_Address, NetworkConnectionObj:Destination_TCP_State, NetworkConnectionObj:Layer3_Protocol, NetworkConnectionObj:Layer4_Protocol, NetworkConnectionObj:Layer7_Connections, NetworkConnectionObj:Layer7_Protocol, NetworkConnectionObj:Source_Socket_Address, NetworkConnectionObj:Source_TCP_State, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional 
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
tls_used xs:boolean optional 
The tls_used field specifies whether or not Transport Layer Security (TLS) is used in the network connection.
Source
 
<xs:element name="Network_Connection" type="NetworkConnectionObj:NetworkConnectionObjectType" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Network_Connection field specifies information about a single network connection opened or initiated by the process.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:Start_Time
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Start_Time field specifies the local date/time at which the process was started.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#DateTimeObjectPropertyRestrictionType_datatype cybox_common_xsd.tmp#DateTimeObjectPropertyRestrictionType cybox_common_xsd.tmp#DateTimeObjectPropertyType_precision cybox_common_xsd.tmp#DateTimeObjectPropertyType
Type cyboxCommon:DateTimeObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum dateTime optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
precision cyboxCommon:DateTimePrecisionEnum second optional 
The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.
 
When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Start_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Start_Time field specifies the local date/time at which the process was started.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:Status
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Status field specifies the current status of the process. Since this is an operating system specific Object property, this is defined here as an abstract type which is then used as a base type in any OS-specific extensions.
Diagram
Diagram Process_Object_xsd.tmp#ProcessStatusType
Type ProcessObj:ProcessStatusType
Source
 
<xs:element name="Status" type="ProcessObj:ProcessStatusType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Status field specifies the current status of the process. Since this is an operating system specific Object property, this is defined here as an abstract type which is then used as a base type in any OS-specific extensions.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:Username
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Username field specifies the name of the user that created the process.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Username" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Username field specifies the name of the user that created the process.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:User_Time
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The User_Time field specifies the duration of time that the process has executed in user mode.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#DurationObjectPropertyType_datatype cybox_common_xsd.tmp#DurationObjectPropertyType
Type cyboxCommon:DurationObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum duration optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="User_Time" type="cyboxCommon:DurationObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The User_Time field specifies the duration of time that the process has executed in user mode.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:ProcessObjectType / ProcessObj:Extracted_Features
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
A description of features extracted from the memory image of this process.
Diagram
Diagram cybox_common_xsd.tmp#ExtractedFeaturesType_Strings cybox_common_xsd.tmp#ExtractedFeaturesType_Imports cybox_common_xsd.tmp#ExtractedFeaturesType_Functions cybox_common_xsd.tmp#ExtractedFeaturesType_Code_Snippets cybox_common_xsd.tmp#ExtractedFeaturesType
Type cyboxCommon:ExtractedFeaturesType
Children cyboxCommon:Code_Snippets, cyboxCommon:Functions, cyboxCommon:Imports, cyboxCommon:Strings
Source
 
<xs:element name="Extracted_Features" type="cyboxCommon:ExtractedFeaturesType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>A description of features extracted from the memory image of this process.</xs:documentation>
  </xs:annotation>
</xs:element>
Element ProcessObj:Process
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The Process object is intended to characterize system processes.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Process_Object_xsd.tmp#ProcessObjectType_is_hidden Process_Object_xsd.tmp#ProcessObjectType_PID Process_Object_xsd.tmp#ProcessObjectType_Name Process_Object_xsd.tmp#ProcessObjectType_Creation_Time Process_Object_xsd.tmp#ProcessObjectType_Parent_PID Process_Object_xsd.tmp#ProcessObjectType_Child_PID_List Process_Object_xsd.tmp#ProcessObjectType_Image_Info Process_Object_xsd.tmp#ProcessObjectType_Argument_List Process_Object_xsd.tmp#ProcessObjectType_Environment_Variable_List Process_Object_xsd.tmp#ProcessObjectType_Kernel_Time Process_Object_xsd.tmp#ProcessObjectType_Port_List Process_Object_xsd.tmp#ProcessObjectType_Network_Connection_List Process_Object_xsd.tmp#ProcessObjectType_Start_Time Process_Object_xsd.tmp#ProcessObjectType_Status Process_Object_xsd.tmp#ProcessObjectType_Username Process_Object_xsd.tmp#ProcessObjectType_User_Time Process_Object_xsd.tmp#ProcessObjectType_Extracted_Features Process_Object_xsd.tmp#ProcessObjectType
Type ProcessObj:ProcessObjectType
Type hierarchy
Children ProcessObj:Argument_List, ProcessObj:Child_PID_List, ProcessObj:Creation_Time, ProcessObj:Environment_Variable_List, ProcessObj:Extracted_Features, ProcessObj:Image_Info, ProcessObj:Kernel_Time, ProcessObj:Name, ProcessObj:Network_Connection_List, ProcessObj:PID, ProcessObj:Parent_PID, ProcessObj:Port_List, ProcessObj:Start_Time, ProcessObj:Status, ProcessObj:User_Time, ProcessObj:Username, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
is_hidden xs:boolean optional 
The is_hidden field specifies whether the process is hidden or not.
object_reference xs:QName optional 
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
 
<xs:element name="Process" type="ProcessObj:ProcessObjectType">
  <xs:annotation>
    <xs:documentation>The Process object is intended to characterize system processes.</xs:documentation>
  </xs:annotation>
</xs:element>
Complex Type ProcessObj:ProcessObjectType
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The ProcessObjectType type is intended to characterize system processes.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Process_Object_xsd.tmp#ProcessObjectType_is_hidden Process_Object_xsd.tmp#ProcessObjectType_PID Process_Object_xsd.tmp#ProcessObjectType_Name Process_Object_xsd.tmp#ProcessObjectType_Creation_Time Process_Object_xsd.tmp#ProcessObjectType_Parent_PID Process_Object_xsd.tmp#ProcessObjectType_Child_PID_List Process_Object_xsd.tmp#ProcessObjectType_Image_Info Process_Object_xsd.tmp#ProcessObjectType_Argument_List Process_Object_xsd.tmp#ProcessObjectType_Environment_Variable_List Process_Object_xsd.tmp#ProcessObjectType_Kernel_Time Process_Object_xsd.tmp#ProcessObjectType_Port_List Process_Object_xsd.tmp#ProcessObjectType_Network_Connection_List Process_Object_xsd.tmp#ProcessObjectType_Start_Time Process_Object_xsd.tmp#ProcessObjectType_Status Process_Object_xsd.tmp#ProcessObjectType_Username Process_Object_xsd.tmp#ProcessObjectType_User_Time Process_Object_xsd.tmp#ProcessObjectType_Extracted_Features
Type extension of cyboxCommon:ObjectPropertiesType
Type hierarchy
Used by
Children ProcessObj:Argument_List, ProcessObj:Child_PID_List, ProcessObj:Creation_Time, ProcessObj:Environment_Variable_List, ProcessObj:Extracted_Features, ProcessObj:Image_Info, ProcessObj:Kernel_Time, ProcessObj:Name, ProcessObj:Network_Connection_List, ProcessObj:PID, ProcessObj:Parent_PID, ProcessObj:Port_List, ProcessObj:Start_Time, ProcessObj:Status, ProcessObj:User_Time, ProcessObj:Username, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
is_hidden xs:boolean optional 
The is_hidden field specifies whether the process is hidden or not.
object_reference xs:QName optional 
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
 
<xs:complexType name="ProcessObjectType" mixed="false">
  <xs:annotation>
    <xs:documentation>The ProcessObjectType type is intended to characterize system processes.</xs:documentation>
  </xs:annotation>
  <xs:complexContent>
    <xs:extension base="cyboxCommon:ObjectPropertiesType">
      <xs:sequence>
        <xs:element name="PID" type="cyboxCommon:UnsignedIntegerObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The PID field specifies the Process ID, or PID, of the process.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Name field specifies the name of the process.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Creation_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Creation_Time field specifies the local date/time at which the process was created.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Parent_PID" type="cyboxCommon:UnsignedIntegerObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Parent_PID field specifies the process ID (PID) of the parent process (i.e. the process that spawned this one), if applicable.</xs:documentation>
            <xs:documentation>NOTE: this field will be deprecated in the next major version of this object, at which point the parent process of this process should be specified using a Related_Object with the "Child_Of" Relationship value.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Child_PID_List" type="ProcessObj:ChildPIDListType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Child_PID_List field specifies any children spawned by the process being characterized, by way of a list of PIDs.</xs:documentation>
            <xs:documentation>NOTE: this field will be deprecated in the next major version of this object, at which point child processes of this process should be specified using a Related_Object with the "Parent_Of" Relationship value.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Image_Info" type="ProcessObj:ImageInfoType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Image_Info field specifies information about the image associated with the process, such as its file name and path.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Argument_List" type="ProcessObj:ArgumentListType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Argument_List field is optional and specifies a list of arguments utilized in initiating the process.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Environment_Variable_List" type="cyboxCommon:EnvironmentVariableListType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Environment_Variable_List field specifies any environment variables associated with the process. This field imports and uses the EnvironmentVariableListType from the CybOX Common Types.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Kernel_Time" type="cyboxCommon:DurationObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Kernel_Time field specifies the duration of time that the process has executed in kernel mode.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Port_List" type="ProcessObj:PortListType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Port_List field is optional and specifies a list of ports owned by the process.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Network_Connection_List" type="ProcessObj:NetworkConnectionListType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Network_Connection_List field specifies information about any network connections opened or initiated by the process.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Start_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Start_Time field specifies the local date/time at which the process was started.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Status" type="ProcessObj:ProcessStatusType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Status field specifies the current status of the process. Since this is an operating system specific Object property, this is defined here as an abstract type which is then used as a base type in any OS-specific extensions.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Username" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Username field specifies the name of the user that created the process.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="User_Time" type="cyboxCommon:DurationObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The User_Time field specifies the duration of time that the process has executed in user mode.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Extracted_Features" type="cyboxCommon:ExtractedFeaturesType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>A description of features extracted from the memory image of this process.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
      <xs:attribute name="is_hidden" type="xs:boolean">
        <xs:annotation>
          <xs:documentation>The is_hidden field specifies whether the process is hidden or not.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Complex Type ProcessObj:ChildPIDListType
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The ChildPIDListType type captures the PID's of the children of the process in a list format.
Diagram
Diagram Process_Object_xsd.tmp#ChildPIDListType_Child_PID
Used by
Children ProcessObj:Child_PID
Source
 
<xs:complexType name="ChildPIDListType">
  <xs:annotation>
    <xs:documentation>The ChildPIDListType type captures the PID's of the children of the process in a list format.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element name="Child_PID" type="cyboxCommon:UnsignedIntegerObjectPropertyType" maxOccurs="unbounded">
      <xs:annotation>
        <xs:documentation>The Child_PID field specifies the process ID of a single child process.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Complex Type ProcessObj:ImageInfoType
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The ImageInfoType type captures information about the process image.
Diagram
Diagram Process_Object_xsd.tmp#ImageInfoType_File_Name Process_Object_xsd.tmp#ImageInfoType_Command_Line Process_Object_xsd.tmp#ImageInfoType_Current_Directory Process_Object_xsd.tmp#ImageInfoType_Path
Used by
Children ProcessObj:Command_Line, ProcessObj:Current_Directory, ProcessObj:File_Name, ProcessObj:Path
Source
 
<xs:complexType name="ImageInfoType">
  <xs:annotation>
    <xs:documentation>The ImageInfoType type captures information about the process image.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element minOccurs="0" name="File_Name" type="cyboxCommon:StringObjectPropertyType">
      <xs:annotation>
        <xs:documentation>The File_Name field specifies the name of the binary file which represents the process image.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element name="Command_Line" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
      <xs:annotation>
        <xs:documentation>The Command_Line field specifies the complete command used to execute the process image.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element name="Current_Directory" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
      <xs:annotation>
        <xs:documentation>The Current_Directory field specifies the current directory of the process image.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element name="Path" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
      <xs:annotation>
        <xs:documentation>The Path field specifies the fully qualified path to the image file, including the file name.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Complex Type ProcessObj:ArgumentListType
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The ArgumentListType is intended to specify a list of arguments utilized in initiating the process.
Diagram
Diagram Process_Object_xsd.tmp#ArgumentListType_Argument
Used by
Children ProcessObj:Argument
Source
 
<xs:complexType name="ArgumentListType">
  <xs:annotation>
    <xs:documentation>The ArgumentListType is intended to specify a list of arguments utilized in initiating the process.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element name="Argument" type="cyboxCommon:StringObjectPropertyType" minOccurs="1" maxOccurs="unbounded">
      <xs:annotation>
        <xs:documentation>The Argument field is optional and specifies a single argument utilized in initiating the process.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Complex Type ProcessObj:PortListType
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The PortListType is intended to specify a list of network ports.
Diagram
Diagram Process_Object_xsd.tmp#PortListType_Port
Used by
Children ProcessObj:Port
Source
 
<xs:complexType name="PortListType">
  <xs:annotation>
    <xs:documentation>The PortListType is intended to specify a list of network ports.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element name="Port" type="PortObj:PortObjectType" maxOccurs="unbounded">
      <xs:annotation>
        <xs:documentation>The Port field is optional and specifies a single network port.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Complex Type ProcessObj:NetworkConnectionListType
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The NetworkConnectionListType type is a list of network connections.
Diagram
Diagram Process_Object_xsd.tmp#NetworkConnectionListType_Network_Connection
Used by
Children ProcessObj:Network_Connection
Source
 
<xs:complexType name="NetworkConnectionListType">
  <xs:annotation>
    <xs:documentation>The NetworkConnectionListType type is a list of network connections.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element name="Network_Connection" type="NetworkConnectionObj:NetworkConnectionObjectType" maxOccurs="unbounded">
      <xs:annotation>
        <xs:documentation>The Network_Connection field specifies information about a single network connection opened or initiated by the process.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Complex Type ProcessObj:ProcessStatusType
Namespace http://cybox.mitre.org/objects#ProcessObject-2
Annotations
 
The ProcessStatusType is used for specifying the status of a running or terminated process. Since this property is platform-specific, it is created here as an abstract type and then used in the platform-specific process CybOX objects.
Diagram
Diagram
Used by
Source
 
<xs:complexType name="ProcessStatusType" abstract="true">
  <xs:annotation>
    <xs:documentation>The ProcessStatusType is used for specifying the status of a running or terminated process. Since this property is platform-specific, it is created here as an abstract type and then used in the platform-specific process CybOX objects.</xs:documentation>
  </xs:annotation>
</xs:complexType>
Attribute ProcessObj:ProcessObjectType / @is_hidden
Namespace No namespace
Annotations
 
The is_hidden field specifies whether the process is hidden or not.
Type xs:boolean
Used by
Source
 
<xs:attribute name="is_hidden" type="xs:boolean">
  <xs:annotation>
    <xs:documentation>The is_hidden field specifies whether the process is hidden or not.</xs:documentation>
  </xs:annotation>
</xs:attribute>
XML Schema documentation generated by ® XML Editor.