Showing:

Annotations
Attributes
Diagrams
Facets
Source
Used by
Imported schema Network_Connection_Object.xsd
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Creation_Time
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The Creation_Time field specifies the date/time the network connection was created.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#DateTimeObjectPropertyRestrictionType_datatype cybox_common_xsd.tmp#DateTimeObjectPropertyRestrictionType cybox_common_xsd.tmp#DateTimeObjectPropertyType_precision cybox_common_xsd.tmp#DateTimeObjectPropertyType
Type cyboxCommon:DateTimeObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum dateTime optional 
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
precision cyboxCommon:DateTimePrecisionEnum second optional 
The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.
 
When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Creation_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Creation_Time field specifies the date/time the network connection was created.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Layer3_Protocol
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The Layer3_Protocol field specifies the particular network (layer 3 in the OSI model) layer protocol used in the connection.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType Network_Connection_Object_xsd.tmp#Layer3ProtocolType_datatype Network_Connection_Object_xsd.tmp#Layer3ProtocolType
Type NetworkConnectionObj:Layer3ProtocolType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Layer3_Protocol" type="NetworkConnectionObj:Layer3ProtocolType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Layer3_Protocol field specifies the particular network (layer 3 in the OSI model) layer protocol used in the connection.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Layer4_Protocol
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The Layer4_Protocol field specifies the particular transport (layer 4 in the OSI model) layer protocol used in the connection.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#Layer4ProtocolType_datatype cybox_common_xsd.tmp#Layer4ProtocolType
Type cyboxCommon:Layer4ProtocolType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Layer4_Protocol" type="cyboxCommon:Layer4ProtocolType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Layer4_Protocol field specifies the particular transport (layer 4 in the OSI model) layer protocol used in the connection.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Layer7_Protocol
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The Layer7_Protocol field specifies the particular application (layer 7 in the OSI model) layer protocol used in the connection.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType Network_Connection_Object_xsd.tmp#Layer7ProtocolType_datatype Network_Connection_Object_xsd.tmp#Layer7ProtocolType
Type NetworkConnectionObj:Layer7ProtocolType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:element name="Layer7_Protocol" type="NetworkConnectionObj:Layer7ProtocolType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Layer7_Protocol field specifies the particular application (layer 7 in the OSI model) layer protocol used in the connection.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Source_Socket_Address
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The Source_Socket_Address field specifies the source socket address, consisting of an IP Address and port number, used in the connection.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Socket_Address_Object_xsd.tmp#SocketAddressObjectType_IP_Address Socket_Address_Object_xsd.tmp#SocketAddressObjectType_Hostname Socket_Address_Object_xsd.tmp#SocketAddressObjectType_Port Socket_Address_Object_xsd.tmp#SocketAddressObjectType
Type SocketAddressObj:SocketAddressObjectType
Type hierarchy
Children SocketAddressObj:Hostname, SocketAddressObj:IP_Address, SocketAddressObj:Port, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional 
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
 
<xs:element name="Source_Socket_Address" type="SocketAddressObj:SocketAddressObjectType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Source_Socket_Address field specifies the source socket address, consisting of an IP Address and port number, used in the connection.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Source_TCP_State
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The Source_TCP_State field specifies the current state of the TCP network connection at the source, if applicable.
Diagram
Diagram Network_Connection_Object_xsd.tmp#TCPStateEnum
Type NetworkConnectionObj:TCPStateEnum
Facets
enumeration UNKNOWN 
Indicates an unknown TCP connection state.
enumeration CLOSED 
Indicates the closed TCP connection state--i.e. no connection state at all.
enumeration LISTENING 
Indicates the listening TCP connection state.
enumeration SYN_SENT 
Indicates the SYN sent TCP connection state--i.e. wait for a matching connection request after having sent a connection request.
enumeration SYN_RECEIVED 
Indicates the SYN received TCP connection state--i.e. waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
enumeration ESTABLISHED 
Indicates the established TCP connection state--i.e. an open connection in which data received can be delivered to the user.
enumeration FIN_WAIT_1 
Indicates the FIN-WAIT-1 TCP connection state--i.e. waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent.
enumeration FIN_WAIT_2 
Indicates the FIN-WAIT-2 TCP connection state--i.e. waiting for a connection termination request from the remote TCP.
enumeration CLOSE_WAIT 
Indicates the CLOSE-WAIT TCP connection state--i.e. waiting for a connection termination request from the local user.
enumeration CLOSING 
Indicates the CLOSING TCP connection state--i.e. waiting for a connection termination request acknowledgment from the remote TCP.
enumeration LAST_ACK 
Indicates the LAST-ACK connection state--i.e. waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).
enumeration TIME_WAIT 
Indicates the TIME-WAIT connection state--i.e. waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request.
enumeration DELETING_TCB 
Indicates the DELETE-TCB connection state--i.e. the Transmission Control Block (TCB) is being deleted.
Source
 
<xs:element name="Source_TCP_State" type="NetworkConnectionObj:TCPStateEnum" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Source_TCP_State field specifies the current state of the TCP network connection at the source, if applicable.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Destination_Socket_Address
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The Destination_Socket_Address field specifies the destination socket address, consisting of an IP Address and port number, used in the connection.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Socket_Address_Object_xsd.tmp#SocketAddressObjectType_IP_Address Socket_Address_Object_xsd.tmp#SocketAddressObjectType_Hostname Socket_Address_Object_xsd.tmp#SocketAddressObjectType_Port Socket_Address_Object_xsd.tmp#SocketAddressObjectType
Type SocketAddressObj:SocketAddressObjectType
Type hierarchy
Children SocketAddressObj:Hostname, SocketAddressObj:IP_Address, SocketAddressObj:Port, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional 
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
 
<xs:element name="Destination_Socket_Address" type="SocketAddressObj:SocketAddressObjectType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Destination_Socket_Address field specifies the destination socket address, consisting of an IP Address and port number, used in the connection.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Destination_TCP_State
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The Destination_TCP_State field specifies the current state of the TCP network connection at the destination, if applicable.
Diagram
Diagram Network_Connection_Object_xsd.tmp#TCPStateEnum
Type NetworkConnectionObj:TCPStateEnum
Facets
enumeration UNKNOWN 
Indicates an unknown TCP connection state.
enumeration CLOSED 
Indicates the closed TCP connection state--i.e. no connection state at all.
enumeration LISTENING 
Indicates the listening TCP connection state.
enumeration SYN_SENT 
Indicates the SYN sent TCP connection state--i.e. wait for a matching connection request after having sent a connection request.
enumeration SYN_RECEIVED 
Indicates the SYN received TCP connection state--i.e. waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
enumeration ESTABLISHED 
Indicates the established TCP connection state--i.e. an open connection in which data received can be delivered to the user.
enumeration FIN_WAIT_1 
Indicates the FIN-WAIT-1 TCP connection state--i.e. waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent.
enumeration FIN_WAIT_2 
Indicates the FIN-WAIT-2 TCP connection state--i.e. waiting for a connection termination request from the remote TCP.
enumeration CLOSE_WAIT 
Indicates the CLOSE-WAIT TCP connection state--i.e. waiting for a connection termination request from the local user.
enumeration CLOSING 
Indicates the CLOSING TCP connection state--i.e. waiting for a connection termination request acknowledgment from the remote TCP.
enumeration LAST_ACK 
Indicates the LAST-ACK connection state--i.e. waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).
enumeration TIME_WAIT 
Indicates the TIME-WAIT connection state--i.e. waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request.
enumeration DELETING_TCB 
Indicates the DELETE-TCB connection state--i.e. the Transmission Control Block (TCB) is being deleted.
Source
 
<xs:element name="Destination_TCP_State" type="NetworkConnectionObj:TCPStateEnum" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Destination_TCP_State field specifies the current state of the TCP network connection at the destination, if applicable.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Layer7_Connections
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The Layer7_Connections field allows for the characterization of any application (layer 7 in the OSI model) layer connections observed as part of the network connection.
Diagram
Diagram Network_Connection_Object_xsd.tmp#Layer7ConnectionsType_HTTP_Session Network_Connection_Object_xsd.tmp#Layer7ConnectionsType_DNS_Query Network_Connection_Object_xsd.tmp#Layer7ConnectionsType
Type NetworkConnectionObj:Layer7ConnectionsType
Children NetworkConnectionObj:DNS_Query, NetworkConnectionObj:HTTP_Session
Source
 
<xs:element name="Layer7_Connections" type="NetworkConnectionObj:Layer7ConnectionsType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Layer7_Connections field allows for the characterization of any application (layer 7 in the OSI model) layer connections observed as part of the network connection.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:Layer7ConnectionsType / NetworkConnectionObj:HTTP_Session
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The HTTP Session field specifies a single HTTP session initiated between source and destination IP addresses/ports, and includes 1-n HTTP Request/Response pairs.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType HTTP_Session_Object_xsd.tmp#HTTPSessionObjectType_HTTP_Request_Response HTTP_Session_Object_xsd.tmp#HTTPSessionObjectType
Type HTTPSessionObj:HTTPSessionObjectType
Type hierarchy
Children HTTPSessionObj:HTTP_Request_Response, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional 
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
 
<xs:element name="HTTP_Session" type="HTTPSessionObj:HTTPSessionObjectType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The HTTP Session field specifies a single HTTP session initiated between source and destination IP addresses/ports, and includes 1-n HTTP Request/Response pairs.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:Layer7ConnectionsType / NetworkConnectionObj:DNS_Query
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The DNS_Query field specifies a single DNS query/answer pair initiated between source and destination IP addresses/ports.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType DNS_Query_Object_xsd.tmp#DNSQueryObjectType_successful DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Transaction_ID DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Question DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Answer_Resource_Records DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Authority_Resource_Records DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Additional_Records DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Date_Ran DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Service_Used DNS_Query_Object_xsd.tmp#DNSQueryObjectType
Type DNSQueryObj:DNSQueryObjectType
Type hierarchy
Children DNSQueryObj:Additional_Records, DNSQueryObj:Answer_Resource_Records, DNSQueryObj:Authority_Resource_Records, DNSQueryObj:Date_Ran, DNSQueryObj:Question, DNSQueryObj:Service_Used, DNSQueryObj:Transaction_ID, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional 
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
successful xs:boolean optional 
The successful field specifies whether or not the DNS Query was successful.
Source
 
<xs:element name="DNS_Query" type="DNSQueryObj:DNSQueryObjectType" minOccurs="0" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The DNS_Query field specifies a single DNS query/answer pair initiated between source and destination IP addresses/ports.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:Network_Connection
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The Network_Connection object is intended to represent a single network connection.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_tls_used Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Creation_Time Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer3_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer4_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer7_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Source_Socket_Address Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Source_TCP_State Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Destination_Socket_Address Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Destination_TCP_State Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer7_Connections Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType
Type NetworkConnectionObj:NetworkConnectionObjectType
Type hierarchy
Children NetworkConnectionObj:Creation_Time, NetworkConnectionObj:Destination_Socket_Address, NetworkConnectionObj:Destination_TCP_State, NetworkConnectionObj:Layer3_Protocol, NetworkConnectionObj:Layer4_Protocol, NetworkConnectionObj:Layer7_Connections, NetworkConnectionObj:Layer7_Protocol, NetworkConnectionObj:Source_Socket_Address, NetworkConnectionObj:Source_TCP_State, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional 
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
tls_used xs:boolean optional 
The tls_used field specifies whether or not Transport Layer Security (TLS) is used in the network connection.
Source
 
<xs:element name="Network_Connection" type="NetworkConnectionObj:NetworkConnectionObjectType">
  <xs:annotation>
    <xs:documentation>The Network_Connection object is intended to represent a single network connection.</xs:documentation>
  </xs:annotation>
</xs:element>
Complex Type NetworkConnectionObj:NetworkConnectionObjectType
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The NetworkConnectionObjectType is intended as a way of characterizing local or remote (i.e. Internet) network connections.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_tls_used Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Creation_Time Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer3_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer4_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer7_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Source_Socket_Address Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Source_TCP_State Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Destination_Socket_Address Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Destination_TCP_State Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer7_Connections
Type extension of cyboxCommon:ObjectPropertiesType
Type hierarchy
Used by
Children NetworkConnectionObj:Creation_Time, NetworkConnectionObj:Destination_Socket_Address, NetworkConnectionObj:Destination_TCP_State, NetworkConnectionObj:Layer3_Protocol, NetworkConnectionObj:Layer4_Protocol, NetworkConnectionObj:Layer7_Connections, NetworkConnectionObj:Layer7_Protocol, NetworkConnectionObj:Source_Socket_Address, NetworkConnectionObj:Source_TCP_State, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional 
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
tls_used xs:boolean optional 
The tls_used field specifies whether or not Transport Layer Security (TLS) is used in the network connection.
Source
 
<xs:complexType name="NetworkConnectionObjectType" mixed="false">
  <xs:annotation>
    <xs:documentation>The NetworkConnectionObjectType is intended as a way of characterizing local or remote (i.e. Internet) network connections.</xs:documentation>
  </xs:annotation>
  <xs:complexContent>
    <xs:extension base="cyboxCommon:ObjectPropertiesType">
      <xs:sequence>
        <xs:element name="Creation_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Creation_Time field specifies the date/time the network connection was created.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Layer3_Protocol" type="NetworkConnectionObj:Layer3ProtocolType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Layer3_Protocol field specifies the particular network (layer 3 in the OSI model) layer protocol used in the connection.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Layer4_Protocol" type="cyboxCommon:Layer4ProtocolType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Layer4_Protocol field specifies the particular transport (layer 4 in the OSI model) layer protocol used in the connection.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Layer7_Protocol" type="NetworkConnectionObj:Layer7ProtocolType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Layer7_Protocol field specifies the particular application (layer 7 in the OSI model) layer protocol used in the connection.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Source_Socket_Address" type="SocketAddressObj:SocketAddressObjectType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Source_Socket_Address field specifies the source socket address, consisting of an IP Address and port number, used in the connection.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Source_TCP_State" type="NetworkConnectionObj:TCPStateEnum" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Source_TCP_State field specifies the current state of the TCP network connection at the source, if applicable.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Destination_Socket_Address" type="SocketAddressObj:SocketAddressObjectType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Destination_Socket_Address field specifies the destination socket address, consisting of an IP Address and port number, used in the connection.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Destination_TCP_State" type="NetworkConnectionObj:TCPStateEnum" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Destination_TCP_State field specifies the current state of the TCP network connection at the destination, if applicable.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Layer7_Connections" type="NetworkConnectionObj:Layer7ConnectionsType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Layer7_Connections field allows for the characterization of any application (layer 7 in the OSI model) layer connections observed as part of the network connection.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
      <xs:attribute name="tls_used" type="xs:boolean">
        <xs:annotation>
          <xs:documentation>The tls_used field specifies whether or not Transport Layer Security (TLS) is used in the network connection.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Complex Type NetworkConnectionObj:Layer3ProtocolType
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
Layer3ProtocolType specifies Layer 3 protocol types, via a union of the Layer3ProtocolEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType Network_Connection_Object_xsd.tmp#Layer3ProtocolType_datatype
Type restriction of cyboxCommon:BaseObjectPropertyType
Type hierarchy
Used by
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:complexType name="Layer3ProtocolType">
  <xs:annotation>
    <xs:documentation>Layer3ProtocolType specifies Layer 3 protocol types, via a union of the Layer3ProtocolEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="cyboxCommon:BaseObjectPropertyType">
      <xs:simpleType>
        <xs:union memberTypes="NetworkConnectionObj:Layer3ProtocolEnum xs:string"/>
      </xs:simpleType>
      <xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string">
        <xs:annotation>
          <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Complex Type NetworkConnectionObj:Layer7ProtocolType
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
Layer7ProtocolType specifies Layer 7 protocol types, via a union of the Layer7ProtocolEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType Network_Connection_Object_xsd.tmp#Layer7ProtocolType_datatype
Type restriction of cyboxCommon:BaseObjectPropertyType
Type hierarchy
Used by
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional 
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional 
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional 
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional 
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional 
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional 
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional 
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional 
The id field specifies a unique ID for this Object Property.
idref xs:QName optional 
The idref field specifies a unique ID reference for this Object Property.
 
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional 
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional 
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional 
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional 
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional 
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
 
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
 
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional 
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional 
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional 
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional 
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
 
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
 
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional 
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
 
<xs:complexType name="Layer7ProtocolType">
  <xs:annotation>
    <xs:documentation>Layer7ProtocolType specifies Layer 7 protocol types, via a union of the Layer7ProtocolEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="cyboxCommon:BaseObjectPropertyType">
      <xs:simpleType>
        <xs:union memberTypes="NetworkConnectionObj:Layer7ProtocolEnum xs:string"/>
      </xs:simpleType>
      <xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string">
        <xs:annotation>
          <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type NetworkConnectionObj:TCPStateEnum
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The ConnectionStateEnum type is an enumeration of TCP connection states.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration UNKNOWN 
Indicates an unknown TCP connection state.
enumeration CLOSED 
Indicates the closed TCP connection state--i.e. no connection state at all.
enumeration LISTENING 
Indicates the listening TCP connection state.
enumeration SYN_SENT 
Indicates the SYN sent TCP connection state--i.e. wait for a matching connection request after having sent a connection request.
enumeration SYN_RECEIVED 
Indicates the SYN received TCP connection state--i.e. waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
enumeration ESTABLISHED 
Indicates the established TCP connection state--i.e. an open connection in which data received can be delivered to the user.
enumeration FIN_WAIT_1 
Indicates the FIN-WAIT-1 TCP connection state--i.e. waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent.
enumeration FIN_WAIT_2 
Indicates the FIN-WAIT-2 TCP connection state--i.e. waiting for a connection termination request from the remote TCP.
enumeration CLOSE_WAIT 
Indicates the CLOSE-WAIT TCP connection state--i.e. waiting for a connection termination request from the local user.
enumeration CLOSING 
Indicates the CLOSING TCP connection state--i.e. waiting for a connection termination request acknowledgment from the remote TCP.
enumeration LAST_ACK 
Indicates the LAST-ACK connection state--i.e. waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).
enumeration TIME_WAIT 
Indicates the TIME-WAIT connection state--i.e. waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request.
enumeration DELETING_TCB 
Indicates the DELETE-TCB connection state--i.e. the Transmission Control Block (TCB) is being deleted.
Used by
Source
 
<xs:simpleType name="TCPStateEnum">
  <xs:annotation>
    <xs:documentation>The ConnectionStateEnum type is an enumeration of TCP connection states.</xs:documentation>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="UNKNOWN">
      <xs:annotation>
        <xs:documentation>Indicates an unknown TCP connection state.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="CLOSED">
      <xs:annotation>
        <xs:documentation>Indicates the closed TCP connection state--i.e. no connection state at all.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="LISTENING">
      <xs:annotation>
        <xs:documentation>Indicates the listening TCP connection state.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SYN_SENT">
      <xs:annotation>
        <xs:documentation>Indicates the SYN sent TCP connection state--i.e. wait for a matching connection request after having sent a connection request.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SYN_RECEIVED">
      <xs:annotation>
        <xs:documentation>Indicates the SYN received TCP connection state--i.e. waiting for a confirming connection request acknowledgment after having both received and sent a connection request.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="ESTABLISHED">
      <xs:annotation>
        <xs:documentation>Indicates the established TCP connection state--i.e. an open connection in which data received can be delivered to the user.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="FIN_WAIT_1">
      <xs:annotation>
        <xs:documentation>Indicates the FIN-WAIT-1 TCP connection state--i.e. waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="FIN_WAIT_2">
      <xs:annotation>
        <xs:documentation>Indicates the FIN-WAIT-2 TCP connection state--i.e. waiting for a connection termination request from the remote TCP.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="CLOSE_WAIT">
      <xs:annotation>
        <xs:documentation>Indicates the CLOSE-WAIT TCP connection state--i.e. waiting for a connection termination request from the local user.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="CLOSING">
      <xs:annotation>
        <xs:documentation>Indicates the CLOSING TCP connection state--i.e. waiting for a connection termination request acknowledgment from the remote TCP.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="LAST_ACK">
      <xs:annotation>
        <xs:documentation>Indicates the LAST-ACK connection state--i.e. waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="TIME_WAIT">
      <xs:annotation>
        <xs:documentation>Indicates the TIME-WAIT connection state--i.e. waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DELETING_TCB">
      <xs:annotation>
        <xs:documentation>Indicates the DELETE-TCB connection state--i.e. the Transmission Control Block (TCB) is being deleted.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type NetworkConnectionObj:Layer7ConnectionsType
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
The Layer7ConnectionsType specifies the different types of application (layer 7 in the OSI model) connections that may be initiated as part of the network connection.
Diagram
Diagram Network_Connection_Object_xsd.tmp#Layer7ConnectionsType_HTTP_Session Network_Connection_Object_xsd.tmp#Layer7ConnectionsType_DNS_Query
Used by
Children NetworkConnectionObj:DNS_Query, NetworkConnectionObj:HTTP_Session
Source
 
<xs:complexType name="Layer7ConnectionsType">
  <xs:annotation>
    <xs:documentation>The Layer7ConnectionsType specifies the different types of application (layer 7 in the OSI model) connections that may be initiated as part of the network connection.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element name="HTTP_Session" type="HTTPSessionObj:HTTPSessionObjectType" minOccurs="0" maxOccurs="1">
      <xs:annotation>
        <xs:documentation>The HTTP Session field specifies a single HTTP session initiated between source and destination IP addresses/ports, and includes 1-n HTTP Request/Response pairs.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element name="DNS_Query" type="DNSQueryObj:DNSQueryObjectType" minOccurs="0" maxOccurs="unbounded">
      <xs:annotation>
        <xs:documentation>The DNS_Query field specifies a single DNS query/answer pair initiated between source and destination IP addresses/ports.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Simple Type NetworkConnectionObj:Layer3ProtocolEnum
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
Layer3ProtocolEnum is a non-exhaustive enumeration of Layer 3 (network) layer protocols.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration IPv4 
Specifies the Internet Protocol, version 4.
enumeration IPv6 
Specifies the Internet Protocol, version 6.
enumeration ICMP 
Specifies the Internet Control Message Protocol.
enumeration IGMP 
Specifies the Internet Group Management Protocol.
enumeration IGRP 
Specifies the Interior Gateway Routing Protocol.
enumeration CLNP 
Specifies the Connectionless Networking Protocol.
enumeration EGP 
Specifies the Exterior Gateway Protocol.
enumeration EIGRP 
Specifies the Enhanced Interior Gateway Routing Protocol.
enumeration IPSec 
Specifies the Internet Protocol Security suite.
enumeration IPX 
Specifies the Internetwork Packet Exchange protocol.
enumeration Routed-SMLT 
Specifies the Routed Split Multi-Link Trunking protocol.
enumeration SCCP 
Specifies the Signalling Connection Control Part protocol.
Source
 
<xs:simpleType name="Layer3ProtocolEnum">
  <xs:annotation>
    <xs:documentation>Layer3ProtocolEnum is a non-exhaustive enumeration of Layer 3 (network) layer protocols.</xs:documentation>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="IPv4">
      <xs:annotation>
        <xs:documentation>Specifies the Internet Protocol, version 4.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IPv6">
      <xs:annotation>
        <xs:documentation>Specifies the Internet Protocol, version 6.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="ICMP">
      <xs:annotation>
        <xs:documentation>Specifies the Internet Control Message Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IGMP">
      <xs:annotation>
        <xs:documentation>Specifies the Internet Group Management Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IGRP">
      <xs:annotation>
        <xs:documentation>Specifies the Interior Gateway Routing Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="CLNP">
      <xs:annotation>
        <xs:documentation>Specifies the Connectionless Networking Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="EGP">
      <xs:annotation>
        <xs:documentation>Specifies the Exterior Gateway Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="EIGRP">
      <xs:annotation>
        <xs:documentation>Specifies the Enhanced Interior Gateway Routing Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IPSec">
      <xs:annotation>
        <xs:documentation>Specifies the Internet Protocol Security suite.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IPX">
      <xs:annotation>
        <xs:documentation>Specifies the Internetwork Packet Exchange protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Routed-SMLT">
      <xs:annotation>
        <xs:documentation>Specifies the Routed Split Multi-Link Trunking protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SCCP">
      <xs:annotation>
        <xs:documentation>Specifies the Signalling Connection Control Part protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Simple Type NetworkConnectionObj:Layer7ProtocolEnum
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
 
Layer7ProtocolEnum is a non-exhaustive enumeration of Layer 7 (application) layer protocols.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration HTTP 
Specifies the Hypertext Transfer Protocol.
enumeration HTTPS 
Specifies the Hypertext Transfer Protocol Secure.
enumeration FTP 
Specifies the File Transfer Protocol.
enumeration SMTP 
Specifies the Simple Mail Transfer Protocol.
enumeration IRC 
Specifies the Internet Relay Chat protocol.
enumeration IDENT 
Specifies the Identification Protocol, IDENT.
enumeration DNS 
Specifies the Domain Name System protocol.
enumeration TELNET 
Specifies the Telnet protocol.
enumeration POP3 
Specifies the Post Office Protocol, version 3.
enumeration IMAP 
Specifies the Internet Message Access Protocol.
enumeration SSH 
Specifies the Secure Shell protocol.
enumeration SMB 
Specifies the Microsoft Server Message Block protocol.
enumeration ADC 
Specifies the Advance Direct Connect protocol.
enumeration AFP 
Specifies the Apple Filing Protocol.
enumeration BACNet 
Specifies the Building Automation and Control Network protocol.
enumeration BitTorrent 
Specifies the BitTorrent protocol.
enumeration BOOTP 
Specifies the Bootstrap Protocol.
enumeration Diameter 
Specifies the Diameter protocol.
enumeration DICOM 
Specifies the Digital Imaging and Communications in Medicine protocol.
enumeration DICT 
Specifies the Dictionary protocol.
enumeration DSM-CC 
Specifies the Digital Storage Media Command and Control protocol.
enumeration DSNP 
Specifies the Distributed Social Networking Protocol.
enumeration DHCP 
Specifies the Dynamic Host Configuration Protocol.
enumeration ED2K 
Specifies the EDonkey2000 protocol.
enumeration Finger 
Specifies the Finger protocol.
enumeration Gnutella 
Specifies the Gnutella protocol.
enumeration Gopher 
Specifies the Gopher protocol.
enumeration ISUP 
Specifies the ISDN User Part protocol.
enumeration LDAP 
Specifies the Lightweight Directory Access Protocol.
enumeration MIME 
Specifies the Multipurpose Internet Mail Extensions protocol.
enumeration MSNP 
Specifies the Microsoft Notification Protocol.
enumeration MAP 
Specifies the Mobile Application Part protocol.
enumeration NetBIOS 
Specifies the Network Basic Input/Output System protocol.
enumeration NNTP 
Specifies the Network News Transfer Protocol.
enumeration NTP 
Specifies the Network Time Protocol.
enumeration NTCIP 
Specifies the National Transportation Communications for Intelligent Transportation System Protocol.
enumeration RADIUS 
Specifies the Remote Authentication Dial In User Service protocol.
enumeration RDP 
Specifies the Remote Desktop Protocol.
enumeration rlogin 
Specifies the rlogin protocol.
enumeration rsync 
Specifies the rsync potocol.
enumeration RTP 
Specifies the Real-time Transport Protocol.
enumeration RTSP 
Specifies the Real-time Transport Streaming Protocol.
enumeration SISNAPI 
Specifies the Siebel Internet Session Network API protocol.
enumeration SIP 
Specifies the Session Initiation Protocol.
enumeration SNMP 
Specifies the Simple Network Management Protocol.
enumeration STUN 
Specifies the Session Traversal Utilities for NAT protocol.
enumeration TUP 
Specifies the Telephone User Part protocol.
enumeration TCAP 
Specifies the Transaction Capabilities Application Part protocol.
enumeration TFTP 
Specifies the Trivial File Transfer Protocol.
enumeration WebDAV 
Specifies the Web Distributed Authoring and Versioning protocol.
enumeration XMPP 
Specifies the Extensible Messaging and Presence Protocol.
enumeration Modbus 
Specifies the Modbus Protocol.
Source
 
<xs:simpleType name="Layer7ProtocolEnum">
  <xs:annotation>
    <xs:documentation>Layer7ProtocolEnum is a non-exhaustive enumeration of Layer 7 (application) layer protocols.</xs:documentation>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="HTTP">
      <xs:annotation>
        <xs:documentation>Specifies the Hypertext Transfer Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="HTTPS">
      <xs:annotation>
        <xs:documentation>Specifies the Hypertext Transfer Protocol Secure.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="FTP">
      <xs:annotation>
        <xs:documentation>Specifies the File Transfer Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SMTP">
      <xs:annotation>
        <xs:documentation>Specifies the Simple Mail Transfer Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IRC">
      <xs:annotation>
        <xs:documentation>Specifies the Internet Relay Chat protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IDENT">
      <xs:annotation>
        <xs:documentation>Specifies the Identification Protocol, IDENT.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DNS">
      <xs:annotation>
        <xs:documentation>Specifies the Domain Name System protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="TELNET">
      <xs:annotation>
        <xs:documentation>Specifies the Telnet protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="POP3">
      <xs:annotation>
        <xs:documentation>Specifies the Post Office Protocol, version 3.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IMAP">
      <xs:annotation>
        <xs:documentation>Specifies the Internet Message Access Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SSH">
      <xs:annotation>
        <xs:documentation>Specifies the Secure Shell protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SMB">
      <xs:annotation>
        <xs:documentation>Specifies the Microsoft Server Message Block protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="ADC">
      <xs:annotation>
        <xs:documentation>Specifies the Advance Direct Connect protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="AFP">
      <xs:annotation>
        <xs:documentation>Specifies the Apple Filing Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="BACNet">
      <xs:annotation>
        <xs:documentation>Specifies the Building Automation and Control Network protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="BitTorrent">
      <xs:annotation>
        <xs:documentation>Specifies the BitTorrent protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="BOOTP">
      <xs:annotation>
        <xs:documentation>Specifies the Bootstrap Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Diameter">
      <xs:annotation>
        <xs:documentation>Specifies the Diameter protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DICOM">
      <xs:annotation>
        <xs:documentation>Specifies the Digital Imaging and Communications in Medicine protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DICT">
      <xs:annotation>
        <xs:documentation>Specifies the Dictionary protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DSM-CC">
      <xs:annotation>
        <xs:documentation>Specifies the Digital Storage Media Command and Control protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DSNP">
      <xs:annotation>
        <xs:documentation>Specifies the Distributed Social Networking Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DHCP">
      <xs:annotation>
        <xs:documentation>Specifies the Dynamic Host Configuration Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="ED2K">
      <xs:annotation>
        <xs:documentation>Specifies the EDonkey2000 protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Finger">
      <xs:annotation>
        <xs:documentation>Specifies the Finger protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Gnutella">
      <xs:annotation>
        <xs:documentation>Specifies the Gnutella protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Gopher">
      <xs:annotation>
        <xs:documentation>Specifies the Gopher protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="ISUP">
      <xs:annotation>
        <xs:documentation>Specifies the ISDN User Part protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="LDAP">
      <xs:annotation>
        <xs:documentation>Specifies the Lightweight Directory Access Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="MIME">
      <xs:annotation>
        <xs:documentation>Specifies the Multipurpose Internet Mail Extensions protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="MSNP">
      <xs:annotation>
        <xs:documentation>Specifies the Microsoft Notification Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="MAP">
      <xs:annotation>
        <xs:documentation>Specifies the Mobile Application Part protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="NetBIOS">
      <xs:annotation>
        <xs:documentation>Specifies the Network Basic Input/Output System protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="NNTP">
      <xs:annotation>
        <xs:documentation>Specifies the Network News Transfer Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="NTP">
      <xs:annotation>
        <xs:documentation>Specifies the Network Time Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="NTCIP">
      <xs:annotation>
        <xs:documentation>Specifies the National Transportation Communications for Intelligent Transportation System Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="RADIUS">
      <xs:annotation>
        <xs:documentation>Specifies the Remote Authentication Dial In User Service protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="RDP">
      <xs:annotation>
        <xs:documentation>Specifies the Remote Desktop Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="rlogin">
      <xs:annotation>
        <xs:documentation>Specifies the rlogin protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="rsync">
      <xs:annotation>
        <xs:documentation>Specifies the rsync potocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="RTP">
      <xs:annotation>
        <xs:documentation>Specifies the Real-time Transport Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="RTSP">
      <xs:annotation>
        <xs:documentation>Specifies the Real-time Transport Streaming Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SISNAPI">
      <xs:annotation>
        <xs:documentation>Specifies the Siebel Internet Session Network API protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SIP">
      <xs:annotation>
        <xs:documentation>Specifies the Session Initiation Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SNMP">
      <xs:annotation>
        <xs:documentation>Specifies the Simple Network Management Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="STUN">
      <xs:annotation>
        <xs:documentation>Specifies the Session Traversal Utilities for NAT protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="TUP">
      <xs:annotation>
        <xs:documentation>Specifies the Telephone User Part protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="TCAP">
      <xs:annotation>
        <xs:documentation>Specifies the Transaction Capabilities Application Part protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="TFTP">
      <xs:annotation>
        <xs:documentation>Specifies the Trivial File Transfer Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="WebDAV">
      <xs:annotation>
        <xs:documentation>Specifies the Web Distributed Authoring and Versioning protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="XMPP">
      <xs:annotation>
        <xs:documentation>Specifies the Extensible Messaging and Presence Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Modbus">
      <xs:annotation>
        <xs:documentation>Specifies the Modbus Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Attribute NetworkConnectionObj:Layer3ProtocolType / @datatype
Namespace No namespace
Annotations
 
This attribute is optional and specifies the expected type for the value of the specified property.
Type cyboxCommon:DatatypeEnum
Facets
enumeration string 
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration int 
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration float 
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration date 
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration positiveInteger 
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration unsignedInt 
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration dateTime 
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration time 
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration boolean 
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration name 
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration long 
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration unsignedLong 
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration duration 
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration double 
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration nonNegativeInteger 
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration hexBinary 
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration anyURI 
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration base64Binary 
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration IPv4 Address 
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration IPv6 Address 
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration Host Name 
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration MAC Address 
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration Domain Name 
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration URI 
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration TimeZone 
Specifies a timezone in UTC notation (UTC+number).
enumeration Octal 
Specifies arbitrary octal (base-8) encoded data.
enumeration Binary 
Specifies arbitrary binary encoded data.
enumeration BinHex 
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration Subnet Mask 
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration UUID/GUID 
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration Collection 
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration CVE ID 
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration CWE ID 
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration CAPEC ID 
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration CCE ID 
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration CPE Name 
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
Used by
Source
 
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string">
  <xs:annotation>
    <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute NetworkConnectionObj:Layer7ProtocolType / @datatype
Namespace No namespace
Annotations
 
This attribute is optional and specifies the expected type for the value of the specified property.
Type cyboxCommon:DatatypeEnum
Facets
enumeration string 
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration int 
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration float 
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration date 
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration positiveInteger 
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration unsignedInt 
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration dateTime 
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration time 
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration boolean 
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration name 
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration long 
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration unsignedLong 
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration duration 
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration double 
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration nonNegativeInteger 
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration hexBinary 
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration anyURI 
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration base64Binary 
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration IPv4 Address 
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration IPv6 Address 
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration Host Name 
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration MAC Address 
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration Domain Name 
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration URI 
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration TimeZone 
Specifies a timezone in UTC notation (UTC+number).
enumeration Octal 
Specifies arbitrary octal (base-8) encoded data.
enumeration Binary 
Specifies arbitrary binary encoded data.
enumeration BinHex 
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration Subnet Mask 
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration UUID/GUID 
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration Collection 
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration CVE ID 
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration CWE ID 
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration CAPEC ID 
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration CCE ID 
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration CPE Name 
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
Used by
Source
 
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string">
  <xs:annotation>
    <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute NetworkConnectionObj:NetworkConnectionObjectType / @tls_used
Namespace No namespace
Annotations
 
The tls_used field specifies whether or not Transport Layer Security (TLS) is used in the network connection.
Type xs:boolean
Used by
Source
 
<xs:attribute name="tls_used" type="xs:boolean">
  <xs:annotation>
    <xs:documentation>The tls_used field specifies whether or not Transport Layer Security (TLS) is used in the network connection.</xs:documentation>
  </xs:annotation>
</xs:attribute>
XML Schema documentation generated by ® XML Editor.