Showing:

Annotations
Attributes
Diagrams
Facets
Source
Used by
Imported schema Network_Connection_Object.xsd
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Creation_Time
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The Creation_Time field specifies the date/time the network connection was created.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#DateTimeObjectPropertyRestrictionType_datatype cybox_common_xsd.tmp#DateTimeObjectPropertyRestrictionType cybox_common_xsd.tmp#DateTimeObjectPropertyType_precision cybox_common_xsd.tmp#DateTimeObjectPropertyType
Type cyboxCommon:DateTimeObjectPropertyType
Type hierarchy
Attributes
QName Type Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum dateTime optional
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
precision cyboxCommon:DateTimePrecisionEnum second optional
The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.
When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Creation_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Creation_Time field specifies the date/time the network connection was created.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Layer3_Protocol
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The Layer3_Protocol field specifies the particular network (layer 3 in the OSI model) layer protocol used in the connection.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType Network_Connection_Object_xsd.tmp#Layer3ProtocolType_datatype Network_Connection_Object_xsd.tmp#Layer3ProtocolType
Type NetworkConnectionObj:Layer3ProtocolType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Layer3_Protocol" type="NetworkConnectionObj:Layer3ProtocolType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Layer3_Protocol field specifies the particular network (layer 3 in the OSI model) layer protocol used in the connection.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Layer4_Protocol
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The Layer4_Protocol field specifies the particular transport (layer 4 in the OSI model) layer protocol used in the connection.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#Layer4ProtocolType_datatype cybox_common_xsd.tmp#Layer4ProtocolType
Type cyboxCommon:Layer4ProtocolType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Layer4_Protocol" type="cyboxCommon:Layer4ProtocolType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Layer4_Protocol field specifies the particular transport (layer 4 in the OSI model) layer protocol used in the connection.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Layer7_Protocol
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The Layer7_Protocol field specifies the particular application (layer 7 in the OSI model) layer protocol used in the connection.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType Network_Connection_Object_xsd.tmp#Layer7ProtocolType_datatype Network_Connection_Object_xsd.tmp#Layer7ProtocolType
Type NetworkConnectionObj:Layer7ProtocolType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Layer7_Protocol" type="NetworkConnectionObj:Layer7ProtocolType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Layer7_Protocol field specifies the particular application (layer 7 in the OSI model) layer protocol used in the connection.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Source_Socket_Address
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The Source_Socket_Address field specifies the source socket address, consisting of an IP Address and port number, used in the connection.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Socket_Address_Object_xsd.tmp#SocketAddressObjectType_IP_Address Socket_Address_Object_xsd.tmp#SocketAddressObjectType_Hostname Socket_Address_Object_xsd.tmp#SocketAddressObjectType_Port Socket_Address_Object_xsd.tmp#SocketAddressObjectType
Type SocketAddressObj:SocketAddressObjectType
Type hierarchy
Children SocketAddressObj:Hostname, SocketAddressObj:IP_Address, SocketAddressObj:Port, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
<xs:element name="Source_Socket_Address" type="SocketAddressObj:SocketAddressObjectType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Source_Socket_Address field specifies the source socket address, consisting of an IP Address and port number, used in the connection.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Source_TCP_State
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The Source_TCP_State field specifies the current state of the TCP network connection at the source, if applicable.
Diagram
Diagram Network_Connection_Object_xsd.tmp#TCPStateEnum
Type NetworkConnectionObj:TCPStateEnum
Facets
enumeration UNKNOWN
Indicates an unknown TCP connection state.
enumeration CLOSED
Indicates the closed TCP connection state--i.e. no connection state at all.
enumeration LISTENING
Indicates the listening TCP connection state.
enumeration SYN_SENT
Indicates the SYN sent TCP connection state--i.e. wait for a matching connection request after having sent a connection request.
enumeration SYN_RECEIVED
Indicates the SYN received TCP connection state--i.e. waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
enumeration ESTABLISHED
Indicates the established TCP connection state--i.e. an open connection in which data received can be delivered to the user.
enumeration FIN_WAIT_1
Indicates the FIN-WAIT-1 TCP connection state--i.e. waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent.
enumeration FIN_WAIT_2
Indicates the FIN-WAIT-2 TCP connection state--i.e. waiting for a connection termination request from the remote TCP.
enumeration CLOSE_WAIT
Indicates the CLOSE-WAIT TCP connection state--i.e. waiting for a connection termination request from the local user.
enumeration CLOSING
Indicates the CLOSING TCP connection state--i.e. waiting for a connection termination request acknowledgment from the remote TCP.
enumeration LAST_ACK
Indicates the LAST-ACK connection state--i.e. waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).
enumeration TIME_WAIT
Indicates the TIME-WAIT connection state--i.e. waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request.
enumeration DELETING_TCB
Indicates the DELETE-TCB connection state--i.e. the Transmission Control Block (TCB) is being deleted.
Source
<xs:element name="Source_TCP_State" type="NetworkConnectionObj:TCPStateEnum" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Source_TCP_State field specifies the current state of the TCP network connection at the source, if applicable.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Destination_Socket_Address
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The Destination_Socket_Address field specifies the destination socket address, consisting of an IP Address and port number, used in the connection.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Socket_Address_Object_xsd.tmp#SocketAddressObjectType_IP_Address Socket_Address_Object_xsd.tmp#SocketAddressObjectType_Hostname Socket_Address_Object_xsd.tmp#SocketAddressObjectType_Port Socket_Address_Object_xsd.tmp#SocketAddressObjectType
Type SocketAddressObj:SocketAddressObjectType
Type hierarchy
Children SocketAddressObj:Hostname, SocketAddressObj:IP_Address, SocketAddressObj:Port, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
<xs:element name="Destination_Socket_Address" type="SocketAddressObj:SocketAddressObjectType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Destination_Socket_Address field specifies the destination socket address, consisting of an IP Address and port number, used in the connection.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Destination_TCP_State
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The Destination_TCP_State field specifies the current state of the TCP network connection at the destination, if applicable.
Diagram
Diagram Network_Connection_Object_xsd.tmp#TCPStateEnum
Type NetworkConnectionObj:TCPStateEnum
Facets
enumeration UNKNOWN
Indicates an unknown TCP connection state.
enumeration CLOSED
Indicates the closed TCP connection state--i.e. no connection state at all.
enumeration LISTENING
Indicates the listening TCP connection state.
enumeration SYN_SENT
Indicates the SYN sent TCP connection state--i.e. wait for a matching connection request after having sent a connection request.
enumeration SYN_RECEIVED
Indicates the SYN received TCP connection state--i.e. waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
enumeration ESTABLISHED
Indicates the established TCP connection state--i.e. an open connection in which data received can be delivered to the user.
enumeration FIN_WAIT_1
Indicates the FIN-WAIT-1 TCP connection state--i.e. waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent.
enumeration FIN_WAIT_2
Indicates the FIN-WAIT-2 TCP connection state--i.e. waiting for a connection termination request from the remote TCP.
enumeration CLOSE_WAIT
Indicates the CLOSE-WAIT TCP connection state--i.e. waiting for a connection termination request from the local user.
enumeration CLOSING
Indicates the CLOSING TCP connection state--i.e. waiting for a connection termination request acknowledgment from the remote TCP.
enumeration LAST_ACK
Indicates the LAST-ACK connection state--i.e. waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).
enumeration TIME_WAIT
Indicates the TIME-WAIT connection state--i.e. waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request.
enumeration DELETING_TCB
Indicates the DELETE-TCB connection state--i.e. the Transmission Control Block (TCB) is being deleted.
Source
<xs:element name="Destination_TCP_State" type="NetworkConnectionObj:TCPStateEnum" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Destination_TCP_State field specifies the current state of the TCP network connection at the destination, if applicable.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:NetworkConnectionObjectType / NetworkConnectionObj:Layer7_Connections
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The Layer7_Connections field allows for the characterization of any application (layer 7 in the OSI model) layer connections observed as part of the network connection.
Diagram
Diagram Network_Connection_Object_xsd.tmp#Layer7ConnectionsType_HTTP_Session Network_Connection_Object_xsd.tmp#Layer7ConnectionsType_DNS_Query Network_Connection_Object_xsd.tmp#Layer7ConnectionsType
Type NetworkConnectionObj:Layer7ConnectionsType
Children NetworkConnectionObj:DNS_Query, NetworkConnectionObj:HTTP_Session
Source
<xs:element name="Layer7_Connections" type="NetworkConnectionObj:Layer7ConnectionsType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Layer7_Connections field allows for the characterization of any application (layer 7 in the OSI model) layer connections observed as part of the network connection.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:Layer7ConnectionsType / NetworkConnectionObj:HTTP_Session
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The HTTP Session field specifies a single HTTP session initiated between source and destination IP addresses/ports, and includes 1-n HTTP Request/Response pairs.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType HTTP_Session_Object_xsd.tmp#HTTPSessionObjectType_HTTP_Request_Response HTTP_Session_Object_xsd.tmp#HTTPSessionObjectType
Type HTTPSessionObj:HTTPSessionObjectType
Type hierarchy
Children HTTPSessionObj:HTTP_Request_Response, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
<xs:element name="HTTP_Session" type="HTTPSessionObj:HTTPSessionObjectType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The HTTP Session field specifies a single HTTP session initiated between source and destination IP addresses/ports, and includes 1-n HTTP Request/Response pairs.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:Layer7ConnectionsType / NetworkConnectionObj:DNS_Query
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The DNS_Query field specifies a single DNS query/answer pair initiated between source and destination IP addresses/ports.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType DNS_Query_Object_xsd.tmp#DNSQueryObjectType_successful DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Transaction_ID DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Question DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Answer_Resource_Records DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Authority_Resource_Records DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Additional_Records DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Date_Ran DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Service_Used DNS_Query_Object_xsd.tmp#DNSQueryObjectType
Type DNSQueryObj:DNSQueryObjectType
Type hierarchy
Children DNSQueryObj:Additional_Records, DNSQueryObj:Answer_Resource_Records, DNSQueryObj:Authority_Resource_Records, DNSQueryObj:Date_Ran, DNSQueryObj:Question, DNSQueryObj:Service_Used, DNSQueryObj:Transaction_ID, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
successful xs:boolean optional
The successful field specifies whether or not the DNS Query was successful.
Source
<xs:element name="DNS_Query" type="DNSQueryObj:DNSQueryObjectType" minOccurs="0" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The DNS_Query field specifies a single DNS query/answer pair initiated between source and destination IP addresses/ports.</xs:documentation>
  </xs:annotation>
</xs:element>
Element NetworkConnectionObj:Network_Connection
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The Network_Connection object is intended to represent a single network connection.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_tls_used Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Creation_Time Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer3_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer4_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer7_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Source_Socket_Address Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Source_TCP_State Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Destination_Socket_Address Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Destination_TCP_State Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer7_Connections Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType
Type NetworkConnectionObj:NetworkConnectionObjectType
Type hierarchy
Children NetworkConnectionObj:Creation_Time, NetworkConnectionObj:Destination_Socket_Address, NetworkConnectionObj:Destination_TCP_State, NetworkConnectionObj:Layer3_Protocol, NetworkConnectionObj:Layer4_Protocol, NetworkConnectionObj:Layer7_Connections, NetworkConnectionObj:Layer7_Protocol, NetworkConnectionObj:Source_Socket_Address, NetworkConnectionObj:Source_TCP_State, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
tls_used xs:boolean optional
The tls_used field specifies whether or not Transport Layer Security (TLS) is used in the network connection.
Source
<xs:element name="Network_Connection" type="NetworkConnectionObj:NetworkConnectionObjectType">
  <xs:annotation>
    <xs:documentation>The Network_Connection object is intended to represent a single network connection.</xs:documentation>
  </xs:annotation>
</xs:element>
Complex Type NetworkConnectionObj:NetworkConnectionObjectType
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The NetworkConnectionObjectType is intended as a way of characterizing local or remote (i.e. Internet) network connections.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_tls_used Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Creation_Time Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer3_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer4_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer7_Protocol Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Source_Socket_Address Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Source_TCP_State Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Destination_Socket_Address Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Destination_TCP_State Network_Connection_Object_xsd.tmp#NetworkConnectionObjectType_Layer7_Connections
Type extension of cyboxCommon:ObjectPropertiesType
Type hierarchy
Used by
Children NetworkConnectionObj:Creation_Time, NetworkConnectionObj:Destination_Socket_Address, NetworkConnectionObj:Destination_TCP_State, NetworkConnectionObj:Layer3_Protocol, NetworkConnectionObj:Layer4_Protocol, NetworkConnectionObj:Layer7_Connections, NetworkConnectionObj:Layer7_Protocol, NetworkConnectionObj:Source_Socket_Address, NetworkConnectionObj:Source_TCP_State, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
tls_used xs:boolean optional
The tls_used field specifies whether or not Transport Layer Security (TLS) is used in the network connection.
Source
<xs:complexType name="NetworkConnectionObjectType" mixed="false">
  <xs:annotation>
    <xs:documentation>The NetworkConnectionObjectType is intended as a way of characterizing local or remote (i.e. Internet) network connections.</xs:documentation>
  </xs:annotation>
  <xs:complexContent>
    <xs:extension base="cyboxCommon:ObjectPropertiesType">
      <xs:sequence>
        <xs:element name="Creation_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Creation_Time field specifies the date/time the network connection was created.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Layer3_Protocol" type="NetworkConnectionObj:Layer3ProtocolType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Layer3_Protocol field specifies the particular network (layer 3 in the OSI model) layer protocol used in the connection.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Layer4_Protocol" type="cyboxCommon:Layer4ProtocolType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Layer4_Protocol field specifies the particular transport (layer 4 in the OSI model) layer protocol used in the connection.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Layer7_Protocol" type="NetworkConnectionObj:Layer7ProtocolType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Layer7_Protocol field specifies the particular application (layer 7 in the OSI model) layer protocol used in the connection.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Source_Socket_Address" type="SocketAddressObj:SocketAddressObjectType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Source_Socket_Address field specifies the source socket address, consisting of an IP Address and port number, used in the connection.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Source_TCP_State" type="NetworkConnectionObj:TCPStateEnum" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Source_TCP_State field specifies the current state of the TCP network connection at the source, if applicable.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Destination_Socket_Address" type="SocketAddressObj:SocketAddressObjectType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Destination_Socket_Address field specifies the destination socket address, consisting of an IP Address and port number, used in the connection.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Destination_TCP_State" type="NetworkConnectionObj:TCPStateEnum" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Destination_TCP_State field specifies the current state of the TCP network connection at the destination, if applicable.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Layer7_Connections" type="NetworkConnectionObj:Layer7ConnectionsType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Layer7_Connections field allows for the characterization of any application (layer 7 in the OSI model) layer connections observed as part of the network connection.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
      <xs:attribute name="tls_used" type="xs:boolean">
        <xs:annotation>
          <xs:documentation>The tls_used field specifies whether or not Transport Layer Security (TLS) is used in the network connection.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Complex Type NetworkConnectionObj:Layer3ProtocolType
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
Layer3ProtocolType specifies Layer 3 protocol types, via a union of the Layer3ProtocolEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType Network_Connection_Object_xsd.tmp#Layer3ProtocolType_datatype
Type restriction of cyboxCommon:BaseObjectPropertyType
Type hierarchy
Used by
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="Layer3ProtocolType">
  <xs:annotation>
    <xs:documentation>Layer3ProtocolType specifies Layer 3 protocol types, via a union of the Layer3ProtocolEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="cyboxCommon:BaseObjectPropertyType">
      <xs:simpleType>
        <xs:union memberTypes="NetworkConnectionObj:Layer3ProtocolEnum xs:string"/>
      </xs:simpleType>
      <xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string">
        <xs:annotation>
          <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Complex Type NetworkConnectionObj:Layer7ProtocolType
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
Layer7ProtocolType specifies Layer 7 protocol types, via a union of the Layer7ProtocolEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType Network_Connection_Object_xsd.tmp#Layer7ProtocolType_datatype
Type restriction of cyboxCommon:BaseObjectPropertyType
Type hierarchy
Used by
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
delimiter xs:string ##comma## optional
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
is_case_sensitive xs:boolean true optional
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
observed_encoding xs:string optional
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="Layer7ProtocolType">
  <xs:annotation>
    <xs:documentation>Layer7ProtocolType specifies Layer 7 protocol types, via a union of the Layer7ProtocolEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="cyboxCommon:BaseObjectPropertyType">
      <xs:simpleType>
        <xs:union memberTypes="NetworkConnectionObj:Layer7ProtocolEnum xs:string"/>
      </xs:simpleType>
      <xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string">
        <xs:annotation>
          <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type NetworkConnectionObj:TCPStateEnum
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The ConnectionStateEnum type is an enumeration of TCP connection states.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration UNKNOWN
Indicates an unknown TCP connection state.
enumeration CLOSED
Indicates the closed TCP connection state--i.e. no connection state at all.
enumeration LISTENING
Indicates the listening TCP connection state.
enumeration SYN_SENT
Indicates the SYN sent TCP connection state--i.e. wait for a matching connection request after having sent a connection request.
enumeration SYN_RECEIVED
Indicates the SYN received TCP connection state--i.e. waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
enumeration ESTABLISHED
Indicates the established TCP connection state--i.e. an open connection in which data received can be delivered to the user.
enumeration FIN_WAIT_1
Indicates the FIN-WAIT-1 TCP connection state--i.e. waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent.
enumeration FIN_WAIT_2
Indicates the FIN-WAIT-2 TCP connection state--i.e. waiting for a connection termination request from the remote TCP.
enumeration CLOSE_WAIT
Indicates the CLOSE-WAIT TCP connection state--i.e. waiting for a connection termination request from the local user.
enumeration CLOSING
Indicates the CLOSING TCP connection state--i.e. waiting for a connection termination request acknowledgment from the remote TCP.
enumeration LAST_ACK
Indicates the LAST-ACK connection state--i.e. waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).
enumeration TIME_WAIT
Indicates the TIME-WAIT connection state--i.e. waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request.
enumeration DELETING_TCB
Indicates the DELETE-TCB connection state--i.e. the Transmission Control Block (TCB) is being deleted.
Used by
Source
<xs:simpleType name="TCPStateEnum">
  <xs:annotation>
    <xs:documentation>The ConnectionStateEnum type is an enumeration of TCP connection states.</xs:documentation>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="UNKNOWN">
      <xs:annotation>
        <xs:documentation>Indicates an unknown TCP connection state.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="CLOSED">
      <xs:annotation>
        <xs:documentation>Indicates the closed TCP connection state--i.e. no connection state at all.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="LISTENING">
      <xs:annotation>
        <xs:documentation>Indicates the listening TCP connection state.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SYN_SENT">
      <xs:annotation>
        <xs:documentation>Indicates the SYN sent TCP connection state--i.e. wait for a matching connection request after having sent a connection request.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SYN_RECEIVED">
      <xs:annotation>
        <xs:documentation>Indicates the SYN received TCP connection state--i.e. waiting for a confirming connection request acknowledgment after having both received and sent a connection request.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="ESTABLISHED">
      <xs:annotation>
        <xs:documentation>Indicates the established TCP connection state--i.e. an open connection in which data received can be delivered to the user.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="FIN_WAIT_1">
      <xs:annotation>
        <xs:documentation>Indicates the FIN-WAIT-1 TCP connection state--i.e. waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="FIN_WAIT_2">
      <xs:annotation>
        <xs:documentation>Indicates the FIN-WAIT-2 TCP connection state--i.e. waiting for a connection termination request from the remote TCP.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="CLOSE_WAIT">
      <xs:annotation>
        <xs:documentation>Indicates the CLOSE-WAIT TCP connection state--i.e. waiting for a connection termination request from the local user.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="CLOSING">
      <xs:annotation>
        <xs:documentation>Indicates the CLOSING TCP connection state--i.e. waiting for a connection termination request acknowledgment from the remote TCP.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="LAST_ACK">
      <xs:annotation>
        <xs:documentation>Indicates the LAST-ACK connection state--i.e. waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="TIME_WAIT">
      <xs:annotation>
        <xs:documentation>Indicates the TIME-WAIT connection state--i.e. waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DELETING_TCB">
      <xs:annotation>
        <xs:documentation>Indicates the DELETE-TCB connection state--i.e. the Transmission Control Block (TCB) is being deleted.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type NetworkConnectionObj:Layer7ConnectionsType
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
The Layer7ConnectionsType specifies the different types of application (layer 7 in the OSI model) connections that may be initiated as part of the network connection.
Diagram
Diagram Network_Connection_Object_xsd.tmp#Layer7ConnectionsType_HTTP_Session Network_Connection_Object_xsd.tmp#Layer7ConnectionsType_DNS_Query
Used by
Children NetworkConnectionObj:DNS_Query, NetworkConnectionObj:HTTP_Session
Source
<xs:complexType name="Layer7ConnectionsType">
  <xs:annotation>
    <xs:documentation>The Layer7ConnectionsType specifies the different types of application (layer 7 in the OSI model) connections that may be initiated as part of the network connection.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element name="HTTP_Session" type="HTTPSessionObj:HTTPSessionObjectType" minOccurs="0" maxOccurs="1">
      <xs:annotation>
        <xs:documentation>The HTTP Session field specifies a single HTTP session initiated between source and destination IP addresses/ports, and includes 1-n HTTP Request/Response pairs.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element name="DNS_Query" type="DNSQueryObj:DNSQueryObjectType" minOccurs="0" maxOccurs="unbounded">
      <xs:annotation>
        <xs:documentation>The DNS_Query field specifies a single DNS query/answer pair initiated between source and destination IP addresses/ports.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Simple Type NetworkConnectionObj:Layer3ProtocolEnum
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
Layer3ProtocolEnum is a non-exhaustive enumeration of Layer 3 (network) layer protocols.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration IPv4
Specifies the Internet Protocol, version 4.
enumeration IPv6
Specifies the Internet Protocol, version 6.
enumeration ICMP
Specifies the Internet Control Message Protocol.
enumeration IGMP
Specifies the Internet Group Management Protocol.
enumeration IGRP
Specifies the Interior Gateway Routing Protocol.
enumeration CLNP
Specifies the Connectionless Networking Protocol.
enumeration EGP
Specifies the Exterior Gateway Protocol.
enumeration EIGRP
Specifies the Enhanced Interior Gateway Routing Protocol.
enumeration IPSec
Specifies the Internet Protocol Security suite.
enumeration IPX
Specifies the Internetwork Packet Exchange protocol.
enumeration Routed-SMLT
Specifies the Routed Split Multi-Link Trunking protocol.
enumeration SCCP
Specifies the Signalling Connection Control Part protocol.
Source
<xs:simpleType name="Layer3ProtocolEnum">
  <xs:annotation>
    <xs:documentation>Layer3ProtocolEnum is a non-exhaustive enumeration of Layer 3 (network) layer protocols.</xs:documentation>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="IPv4">
      <xs:annotation>
        <xs:documentation>Specifies the Internet Protocol, version 4.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IPv6">
      <xs:annotation>
        <xs:documentation>Specifies the Internet Protocol, version 6.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="ICMP">
      <xs:annotation>
        <xs:documentation>Specifies the Internet Control Message Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IGMP">
      <xs:annotation>
        <xs:documentation>Specifies the Internet Group Management Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IGRP">
      <xs:annotation>
        <xs:documentation>Specifies the Interior Gateway Routing Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="CLNP">
      <xs:annotation>
        <xs:documentation>Specifies the Connectionless Networking Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="EGP">
      <xs:annotation>
        <xs:documentation>Specifies the Exterior Gateway Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="EIGRP">
      <xs:annotation>
        <xs:documentation>Specifies the Enhanced Interior Gateway Routing Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IPSec">
      <xs:annotation>
        <xs:documentation>Specifies the Internet Protocol Security suite.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IPX">
      <xs:annotation>
        <xs:documentation>Specifies the Internetwork Packet Exchange protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Routed-SMLT">
      <xs:annotation>
        <xs:documentation>Specifies the Routed Split Multi-Link Trunking protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SCCP">
      <xs:annotation>
        <xs:documentation>Specifies the Signalling Connection Control Part protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Simple Type NetworkConnectionObj:Layer7ProtocolEnum
Namespace http://cybox.mitre.org/objects#NetworkConnectionObject-2
Annotations
Layer7ProtocolEnum is a non-exhaustive enumeration of Layer 7 (application) layer protocols.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration HTTP
Specifies the Hypertext Transfer Protocol.
enumeration HTTPS
Specifies the Hypertext Transfer Protocol Secure.
enumeration FTP
Specifies the File Transfer Protocol.
enumeration SMTP
Specifies the Simple Mail Transfer Protocol.
enumeration IRC
Specifies the Internet Relay Chat protocol.
enumeration IDENT
Specifies the Identification Protocol, IDENT.
enumeration DNS
Specifies the Domain Name System protocol.
enumeration TELNET
Specifies the Telnet protocol.
enumeration POP3
Specifies the Post Office Protocol, version 3.
enumeration IMAP
Specifies the Internet Message Access Protocol.
enumeration SSH
Specifies the Secure Shell protocol.
enumeration SMB
Specifies the Microsoft Server Message Block protocol.
enumeration ADC
Specifies the Advance Direct Connect protocol.
enumeration AFP
Specifies the Apple Filing Protocol.
enumeration BACNet
Specifies the Building Automation and Control Network protocol.
enumeration BitTorrent
Specifies the BitTorrent protocol.
enumeration BOOTP
Specifies the Bootstrap Protocol.
enumeration Diameter
Specifies the Diameter protocol.
enumeration DICOM
Specifies the Digital Imaging and Communications in Medicine protocol.
enumeration DICT
Specifies the Dictionary protocol.
enumeration DSM-CC
Specifies the Digital Storage Media Command and Control protocol.
enumeration DSNP
Specifies the Distributed Social Networking Protocol.
enumeration DHCP
Specifies the Dynamic Host Configuration Protocol.
enumeration ED2K
Specifies the EDonkey2000 protocol.
enumeration Finger
Specifies the Finger protocol.
enumeration Gnutella
Specifies the Gnutella protocol.
enumeration Gopher
Specifies the Gopher protocol.
enumeration ISUP
Specifies the ISDN User Part protocol.
enumeration LDAP
Specifies the Lightweight Directory Access Protocol.
enumeration MIME
Specifies the Multipurpose Internet Mail Extensions protocol.
enumeration MSNP
Specifies the Microsoft Notification Protocol.
enumeration MAP
Specifies the Mobile Application Part protocol.
enumeration NetBIOS
Specifies the Network Basic Input/Output System protocol.
enumeration NNTP
Specifies the Network News Transfer Protocol.
enumeration NTP
Specifies the Network Time Protocol.
enumeration NTCIP
Specifies the National Transportation Communications for Intelligent Transportation System Protocol.
enumeration RADIUS
Specifies the Remote Authentication Dial In User Service protocol.
enumeration RDP
Specifies the Remote Desktop Protocol.
enumeration rlogin
Specifies the rlogin protocol.
enumeration rsync
Specifies the rsync potocol.
enumeration RTP
Specifies the Real-time Transport Protocol.
enumeration RTSP
Specifies the Real-time Transport Streaming Protocol.
enumeration SISNAPI
Specifies the Siebel Internet Session Network API protocol.
enumeration SIP
Specifies the Session Initiation Protocol.
enumeration SNMP
Specifies the Simple Network Management Protocol.
enumeration STUN
Specifies the Session Traversal Utilities for NAT protocol.
enumeration TUP
Specifies the Telephone User Part protocol.
enumeration TCAP
Specifies the Transaction Capabilities Application Part protocol.
enumeration TFTP
Specifies the Trivial File Transfer Protocol.
enumeration WebDAV
Specifies the Web Distributed Authoring and Versioning protocol.
enumeration XMPP
Specifies the Extensible Messaging and Presence Protocol.
enumeration Modbus
Specifies the Modbus Protocol.
Source
<xs:simpleType name="Layer7ProtocolEnum">
  <xs:annotation>
    <xs:documentation>Layer7ProtocolEnum is a non-exhaustive enumeration of Layer 7 (application) layer protocols.</xs:documentation>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="HTTP">
      <xs:annotation>
        <xs:documentation>Specifies the Hypertext Transfer Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="HTTPS">
      <xs:annotation>
        <xs:documentation>Specifies the Hypertext Transfer Protocol Secure.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="FTP">
      <xs:annotation>
        <xs:documentation>Specifies the File Transfer Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SMTP">
      <xs:annotation>
        <xs:documentation>Specifies the Simple Mail Transfer Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IRC">
      <xs:annotation>
        <xs:documentation>Specifies the Internet Relay Chat protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IDENT">
      <xs:annotation>
        <xs:documentation>Specifies the Identification Protocol, IDENT.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DNS">
      <xs:annotation>
        <xs:documentation>Specifies the Domain Name System protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="TELNET">
      <xs:annotation>
        <xs:documentation>Specifies the Telnet protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="POP3">
      <xs:annotation>
        <xs:documentation>Specifies the Post Office Protocol, version 3.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IMAP">
      <xs:annotation>
        <xs:documentation>Specifies the Internet Message Access Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SSH">
      <xs:annotation>
        <xs:documentation>Specifies the Secure Shell protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SMB">
      <xs:annotation>
        <xs:documentation>Specifies the Microsoft Server Message Block protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="ADC">
      <xs:annotation>
        <xs:documentation>Specifies the Advance Direct Connect protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="AFP">
      <xs:annotation>
        <xs:documentation>Specifies the Apple Filing Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="BACNet">
      <xs:annotation>
        <xs:documentation>Specifies the Building Automation and Control Network protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="BitTorrent">
      <xs:annotation>
        <xs:documentation>Specifies the BitTorrent protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="BOOTP">
      <xs:annotation>
        <xs:documentation>Specifies the Bootstrap Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Diameter">
      <xs:annotation>
        <xs:documentation>Specifies the Diameter protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DICOM">
      <xs:annotation>
        <xs:documentation>Specifies the Digital Imaging and Communications in Medicine protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DICT">
      <xs:annotation>
        <xs:documentation>Specifies the Dictionary protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DSM-CC">
      <xs:annotation>
        <xs:documentation>Specifies the Digital Storage Media Command and Control protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DSNP">
      <xs:annotation>
        <xs:documentation>Specifies the Distributed Social Networking Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DHCP">
      <xs:annotation>
        <xs:documentation>Specifies the Dynamic Host Configuration Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="ED2K">
      <xs:annotation>
        <xs:documentation>Specifies the EDonkey2000 protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Finger">
      <xs:annotation>
        <xs:documentation>Specifies the Finger protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Gnutella">
      <xs:annotation>
        <xs:documentation>Specifies the Gnutella protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Gopher">
      <xs:annotation>
        <xs:documentation>Specifies the Gopher protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="ISUP">
      <xs:annotation>
        <xs:documentation>Specifies the ISDN User Part protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="LDAP">
      <xs:annotation>
        <xs:documentation>Specifies the Lightweight Directory Access Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="MIME">
      <xs:annotation>
        <xs:documentation>Specifies the Multipurpose Internet Mail Extensions protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="MSNP">
      <xs:annotation>
        <xs:documentation>Specifies the Microsoft Notification Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="MAP">
      <xs:annotation>
        <xs:documentation>Specifies the Mobile Application Part protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="NetBIOS">
      <xs:annotation>
        <xs:documentation>Specifies the Network Basic Input/Output System protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="NNTP">
      <xs:annotation>
        <xs:documentation>Specifies the Network News Transfer Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="NTP">
      <xs:annotation>
        <xs:documentation>Specifies the Network Time Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="NTCIP">
      <xs:annotation>
        <xs:documentation>Specifies the National Transportation Communications for Intelligent Transportation System Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="RADIUS">
      <xs:annotation>
        <xs:documentation>Specifies the Remote Authentication Dial In User Service protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="RDP">
      <xs:annotation>
        <xs:documentation>Specifies the Remote Desktop Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="rlogin">
      <xs:annotation>
        <xs:documentation>Specifies the rlogin protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="rsync">
      <xs:annotation>
        <xs:documentation>Specifies the rsync potocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="RTP">
      <xs:annotation>
        <xs:documentation>Specifies the Real-time Transport Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="RTSP">
      <xs:annotation>
        <xs:documentation>Specifies the Real-time Transport Streaming Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SISNAPI">
      <xs:annotation>
        <xs:documentation>Specifies the Siebel Internet Session Network API protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SIP">
      <xs:annotation>
        <xs:documentation>Specifies the Session Initiation Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="SNMP">
      <xs:annotation>
        <xs:documentation>Specifies the Simple Network Management Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="STUN">
      <xs:annotation>
        <xs:documentation>Specifies the Session Traversal Utilities for NAT protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="TUP">
      <xs:annotation>
        <xs:documentation>Specifies the Telephone User Part protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="TCAP">
      <xs:annotation>
        <xs:documentation>Specifies the Transaction Capabilities Application Part protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="TFTP">
      <xs:annotation>
        <xs:documentation>Specifies the Trivial File Transfer Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="WebDAV">
      <xs:annotation>
        <xs:documentation>Specifies the Web Distributed Authoring and Versioning protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="XMPP">
      <xs:annotation>
        <xs:documentation>Specifies the Extensible Messaging and Presence Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Modbus">
      <xs:annotation>
        <xs:documentation>Specifies the Modbus Protocol.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Attribute NetworkConnectionObj:Layer3ProtocolType / @datatype
Namespace No namespace
Annotations
This attribute is optional and specifies the expected type for the value of the specified property.
Type cyboxCommon:DatatypeEnum
Facets
enumeration string
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration Binary
Specifies arbitrary binary encoded data.
enumeration BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
Used by
Source
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string">
  <xs:annotation>
    <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute NetworkConnectionObj:Layer7ProtocolType / @datatype
Namespace No namespace
Annotations
This attribute is optional and specifies the expected type for the value of the specified property.
Type cyboxCommon:DatatypeEnum
Facets
enumeration string
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration Binary
Specifies arbitrary binary encoded data.
enumeration BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
Used by
Source
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string">
  <xs:annotation>
    <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute NetworkConnectionObj:NetworkConnectionObjectType / @tls_used
Namespace No namespace
Annotations
The tls_used field specifies whether or not Transport Layer Security (TLS) is used in the network connection.
Type xs:boolean
Used by
Source
<xs:attribute name="tls_used" type="xs:boolean">
  <xs:annotation>
    <xs:documentation>The tls_used field specifies whether or not Transport Layer Security (TLS) is used in the network connection.</xs:documentation>
  </xs:annotation>
</xs:attribute>