Schema documentation for yara_test

Showing:

Annotations

Attributes

Diagrams

Source

Main schema yara_test_mechanism.xsd

Namespace

http://stix.mitre.org/extensions/TestMechanism#YARA-1

Annotations

This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.

Element yaraTM:YaraTestMechanismType / yaraTM:Version

Namespace

http://stix.mitre.org/extensions/TestMechanism#YARA-1

Annotations

The Version of YARA that the rule was written against.

Diagram

Type

xs:string

Source

<xs:element name="Version" type="xs:string" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Version of YARA that the rule was written against.</xs:documentation>
  </xs:annotation>
</xs:element>

Element yaraTM:YaraTestMechanismType / yaraTM:Rule

Namespace

http://stix.mitre.org/extensions/TestMechanism#YARA-1

Annotations

The Rule field encapsulates a YARA rule in its native format within a String field. The specification should be within a CDATA construct within the String field.

Diagram

Type

stixCommon:EncodedCDATAType

Attributes

QName

Type

Default

Use

Annotation

encoded

xs:boolean

false

optional

If true, specifies that the content encoded in the element is encoded using Base64 per RFC4648.

Source

<xs:element name="Rule" type="stixCommon:EncodedCDATAType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Rule field encapsulates a YARA rule in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
  </xs:annotation>
</xs:element>

Complex Type yaraTM:YaraTestMechanismType

Namespace

http://stix.mitre.org/extensions/TestMechanism#YARA-1

Annotations

The YaraTestMechanismType specifies an instantial extension from the abstract TestMechanismType intended to support the inclusion of a YARA rule as a test mechanism content.

Diagram

Type

extension of indicator:TestMechanismType

Type hierarchy

indicator:TestMechanismType
- yaraTM:YaraTestMechanismType

Children

indicator:Efficacy, indicator:Producer, yaraTM:Rule, yaraTM:Version

Attributes

QName

Type

Use

Annotation

xs:QName

optional

Specifies a unique ID for this Test Mechanism.

idref

xs:QName

optional

Specifies a reference to the ID of a Test Mechanism specified elsewhere.

When idref is specified, the id attribute must not be specified, and any instance of this Test Mechanism should not hold content.

Source

<xs:complexType name="YaraTestMechanismType">
  <xs:annotation>
    <xs:documentation>The YaraTestMechanismType specifies an instantial extension from the abstract TestMechanismType intended to support the inclusion of a YARA rule as a test mechanism content.</xs:documentation>
  </xs:annotation>
  <xs:complexContent>
    <xs:extension base="indicator:TestMechanismType">
      <xs:sequence>
        <xs:element name="Version" type="xs:string" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Version of YARA that the rule was written against.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Rule" type="stixCommon:EncodedCDATAType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Rule field encapsulates a YARA rule in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>