This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
The Information_Source_Type field is optional and utilizes a standardized controlled vocabulary to identify the type of information source leveraged for this cyber observation source.
This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is InformationSourceTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.
Source
<xs:element name="Information_Source_Type" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0"><xs:annotation><xs:documentation>The Information_Source_Type field is optional and utilizes a standardized controlled vocabulary to identify the type of information source leveraged for this cyber observation source.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is InformationSourceTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.</xs:documentation><xs:documentation>Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.</xs:documentation></xs:annotation></xs:element>
The Tool_Type field is optional and (when tools are used) enables identification of the type of tool leveraged as part of this cyber observation source, via a standardized controlled vocabulary.
This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ToolTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.
Source
<xs:element name="Tool_Type" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0"><xs:annotation><xs:documentation>The Tool_Type field is optional and (when tools are used) enables identification of the type of tool leveraged as part of this cyber observation source, via a standardized controlled vocabulary.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ToolTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.</xs:documentation><xs:documentation>Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.</xs:documentation></xs:annotation></xs:element>
Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interfering with XML validation of the CybOX document. If this attribute is absent, the implication is that no markup is being used.
Source
<xs:element name="Description" type="cyboxCommon:StructuredTextType" minOccurs="0"><xs:annotation><xs:documentation>The Description field is optional and enables a generalized but structured description of this syber observation source.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Contributors" type="cyboxCommon:PersonnelType" minOccurs="0"><xs:annotation><xs:documentation>The Contributors field is optional and enables description of the individual contributors involved in this cyber observation source.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Contributor" type="cyboxCommon:ContributorType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field contains information describing the identify, resources and timing of involvement for a single contributor.</xs:documentation></xs:annotation></xs:element>
This field describes the role played by this contributor.
Diagram
Type
xs:string
Source
<xs:element name="Role" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field describes the role played by this contributor.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Name" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the name of this contributor.</xs:documentation></xs:annotation></xs:element>
This field contains the email of this contributor.
Diagram
Type
xs:string
Source
<xs:element name="Email" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the email of this contributor.</xs:documentation></xs:annotation></xs:element>
This field contains a telephone number of this contributor.
Diagram
Type
xs:string
Source
<xs:element name="Phone" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains a telephone number of this contributor.</xs:documentation></xs:annotation></xs:element>
This field contains the organization name of this contributor.
Diagram
Type
xs:string
Source
<xs:element name="Organization" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the organization name of this contributor.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Date" type="cyboxCommon:DateRangeType" minOccurs="0"><xs:annotation><xs:documentation>This field contains a description (bounding) of the timing of this contributor's involvement.</xs:documentation></xs:annotation></xs:element>
This field contains the start date for this contributor's involvement. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
The precision of the associated date. If omitted, the default is "day", meaning the full field value.
Source
<xs:element name="Start_Date" type="cyboxCommon:DateWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>This field contains the start date for this contributor's involvement. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element>
This field contains the end date for this contributor's involvement. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
The precision of the associated date. If omitted, the default is "day", meaning the full field value.
Source
<xs:element name="End_Date" type="cyboxCommon:DateWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>This field contains the end date for this contributor's involvement. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element>
This field contains information describing the location at which the contributory activity occured.
Diagram
Type
xs:string
Source
<xs:element name="Contribution_Location" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing the location at which the contributory activity occured.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Time" type="cyboxCommon:TimeType" minOccurs="0"><xs:annotation><xs:documentation>The Time field is optional and enables description of various time-related properties for this cyber observation source instance.</xs:documentation></xs:annotation></xs:element>
The Start_Time field is optional and describes the starting time for this construct. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
The precision of the associated dateTime. If omitted, the default is "second", meaning the full field value (including fractional seconds).
Source
<xs:element name="Start_Time" type="cyboxCommon:DateTimeWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>The Start_Time field is optional and describes the starting time for this construct. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element>
The End_Time field is optional and describes the ending time for this construct. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
The precision of the associated dateTime. If omitted, the default is "second", meaning the full field value (including fractional seconds).
Source
<xs:element name="End_Time" type="cyboxCommon:DateTimeWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>The End_Time field is optional and describes the ending time for this construct. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element>
The Produced_Time field is optional and describes the time that this construct was produced. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
The precision of the associated dateTime. If omitted, the default is "second", meaning the full field value (including fractional seconds).
Source
<xs:element name="Produced_Time" type="cyboxCommon:DateTimeWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>The Produced_Time field is optional and describes the time that this construct was produced. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element>
The Received_Time field is optional and describes the time that this construct was received. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
The precision of the associated dateTime. If omitted, the default is "second", meaning the full field value (including fractional seconds).
Source
<xs:element name="Received_Time" type="cyboxCommon:DateTimeWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>The Received_Time field is optional and describes the time that this construct was received. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element>
The Observation_Location field specifies a relevant physical location for the observation measurement of the associated Observable.
This field is implemented through the xsi:type extension mechanism. The default type is CIQAddressInstanceType in the http://cybox.mitre.org/extensions/Identity#CIQAddress-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address/1.0/ciq_address_3.0.xsd.
Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field.
Specifies a reference to a unique ID defined elsewhere.
Source
<xs:element name="Observation_Location" type="cyboxCommon:LocationType" minOccurs="0"><xs:annotation><xs:documentation>The Observation_Location field specifies a relevant physical location for the observation measurement of the associated Observable.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default type is CIQAddressInstanceType in the http://cybox.mitre.org/extensions/Identity#CIQAddress-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address/1.0/ciq_address_3.0.xsd.</xs:documentation><xs:documentation>Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field.</xs:documentation></xs:annotation></xs:element>
The Name field allows for expression of an location through a simple name.
Diagram
Type
xs:string
Source
<xs:element name="Name" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>The Name field allows for expression of an location through a simple name.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Tools" type="cyboxCommon:ToolsInformationType" minOccurs="0"><xs:annotation><xs:documentation>The Tools field is optional and enables description of the tools utilized for this cyber observation source.</xs:documentation></xs:annotation></xs:element>
The idref field specifies reference to a unique ID for this Tool.
When idref is specified, the id attribute must not be specified, and any instance of this type should not hold content unless an extension of the type allows it.
Source
<xs:element name="Tool" type="cyboxCommon:ToolInformationType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Tool field is optional and enables description of a single tool utilized for this cyber observation source.</xs:documentation></xs:annotation></xs:element>
This field contains the name of the tool leveraged.
Diagram
Type
xs:string
Source
<xs:element name="Name" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the name of the tool leveraged.</xs:documentation></xs:annotation></xs:element>
This field contains the type of the tool leveraged.
This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for CybOX 2.0. Users may either define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a free string field. Additionally, locations where the ToolInformationType is used may define default vocabularies for this field.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.
Source
<xs:element name="Type" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field contains the type of the tool leveraged.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for CybOX 2.0. Users may either define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a free string field. Additionally, locations where the ToolInformationType is used may define default vocabularies for this field.</xs:documentation></xs:annotation></xs:element>
Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interfering with XML validation of the CybOX document. If this attribute is absent, the implication is that no markup is being used.
Source
<xs:element name="Description" type="cyboxCommon:StructuredTextType" minOccurs="0"><xs:annotation><xs:documentation>This field contains general descriptive information for this tool.</xs:documentation></xs:annotation></xs:element>
<xs:element name="References" type="cyboxCommon:ToolReferencesType" minOccurs="0"><xs:annotation><xs:documentation>This field contains references to instances or additional information for this tool.</xs:documentation></xs:annotation></xs:element>
Indicates the nature of the referenced material (documentation, source, executable, etc.).
Source
<xs:element name="Reference" type="cyboxCommon:ToolReferenceType" maxOccurs="unbounded"><xs:annotation><xs:documentation>Contains one reference to information or instances of a given tool.</xs:documentation></xs:annotation></xs:element>
This field contains information identifying the vendor organization for this tool.
Diagram
Type
xs:string
Source
<xs:element name="Vendor" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains information identifying the vendor organization for this tool.</xs:documentation></xs:annotation></xs:element>
This field contains an appropriate version descriptor of this tool.
Diagram
Type
xs:string
Source
<xs:element name="Version" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains an appropriate version descriptor of this tool.</xs:documentation></xs:annotation></xs:element>
This field contains an appropriate service pack descriptor for this tool.
Diagram
Type
xs:string
Source
<xs:element name="Service_Pack" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains an appropriate service pack descriptor for this tool.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Tool_Specific_Data" type="cyboxCommon:ToolSpecificDataType" minOccurs="0"><xs:annotation><xs:documentation>This is an abstract type provided to a flexible mechanism for enabling tool-specific data to be included.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Tool_Hashes" type="cyboxCommon:HashListType" minOccurs="0"><xs:annotation><xs:documentation>This field contains a hash value computed on the tool file content in order to verify its integrity.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Hash" type="cyboxCommon:HashType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Hash field specifies a single calculated hash value.</xs:documentation></xs:annotation></xs:element>
The Type field utilizes a standardized controlled vocabulary to capture the type of hash used in the Simple_Hash_Value or Fuzzy_Hash_Value elements.
This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is HashNameVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.
Source
<xs:element name="Type" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0"><xs:annotation><xs:documentation>The Type field utilizes a standardized controlled vocabulary to capture the type of hash used in the Simple_Hash_Value or Fuzzy_Hash_Value elements.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is HashNameVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.</xs:documentation><xs:documentation>Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Simple_Hash_Value" type="cyboxCommon:SimpleHashValueType" minOccurs="0"><xs:annotation><xs:documentation>The Simple_Hash_Value field specifies a single result value of a basic cryptograhic hash function outputting a single hexbinary hash value.</xs:documentation></xs:annotation></xs:element>
The Fuzzy_Hash_Value field specifies a single result value of a cryptograhic fuzzy hash function outputting a single complex string based hash value. (e.g. SSDEEP's Block1hash:Block2hash format).
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Fuzzy_Hash_Value" type="cyboxCommon:FuzzyHashValueType" minOccurs="0"><xs:annotation><xs:documentation>The Fuzzy_Hash_Value field specifies a single result value of a cryptograhic fuzzy hash function outputting a single complex string based hash value. (e.g. SSDEEP's Block1hash:Block2hash format).</xs:documentation></xs:annotation></xs:element>
The Fuzzy_Hash_Structure field is optional and enables the characterization of the key internal components of a fuzzy hash calculation with a given block size.
<xs:element name="Fuzzy_Hash_Structure" type="cyboxCommon:FuzzyHashStructureType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Fuzzy_Hash_Structure field is optional and enables the characterization of the key internal components of a fuzzy hash calculation with a given block size.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Block_Size" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Block_Size field is optional and specifies the calculated block size for this fuzzy hash calculation.</xs:documentation></xs:annotation></xs:element>
The Block_Hash field is optional and enables specification of the elemental components utilized for a fuzzy hash calculation on the hashed object utilizing Block_Size to calculate trigger points.
<xs:element name="Block_Hash" type="cyboxCommon:FuzzyHashBlockType" minOccurs="0"><xs:annotation><xs:documentation>The Block_Hash field is optional and enables specification of the elemental components utilized for a fuzzy hash calculation on the hashed object utilizing Block_Size to calculate trigger points.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Block_Hash_Value" type="cyboxCommon:HashValueType" minOccurs="0"><xs:annotation><xs:documentation>The Block_Hash_Value field is optional and specifies a fuzzy hash calculation result value for this Block.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Simple_Hash_Value" type="cyboxCommon:SimpleHashValueType" minOccurs="0"><xs:annotation><xs:documentation>The Simple_Hash_Value field specifies a single result value of a basic cryptograhic hash function outputting a single hexbinary hash value.</xs:documentation></xs:annotation></xs:element>
The Fuzzy_Hash_Value field specifies a single result value of a cryptograhic fuzzy hash function outputting a single complex string based hash value. (e.g. SSDEEP's Block1hash:Block2hash format).
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Fuzzy_Hash_Value" type="cyboxCommon:FuzzyHashValueType" minOccurs="0"><xs:annotation><xs:documentation>The Fuzzy_Hash_Value field specifies a single result value of a cryptograhic fuzzy hash function outputting a single complex string based hash value. (e.g. SSDEEP's Block1hash:Block2hash format).</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Segment_Count" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Segment_Count field is optional and specifies the number of segments identified and utilized within this fuzzy hash calculation.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Segments" type="cyboxCommon:HashSegmentsType" minOccurs="0"><xs:annotation><xs:documentation>The Segments field is optional and specifies the set of segments identified and utilized within this fuzzy hash calculation.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Segment" type="cyboxCommon:HashSegmentType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Segment field is optional and specifies a single segment identified and utilized within this fuzzy hash calculation.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Trigger_Point" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Trigger_point field is optional and specifies the offset within the hashed object of the trigger point for this segment.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Segment_Hash" type="cyboxCommon:HashValueType" minOccurs="0"><xs:annotation><xs:documentation>The Segment_Hash field is optional and specifies a calculated hash value for this segment.</xs:documentation></xs:annotation></xs:element>
The Raw_Segment_Content field is optional and contains the raw content of this segment of the hashed object.
Diagram
Source
<xs:element name="Raw_Segment_Content" type="xs:anyType" minOccurs="0"><xs:annotation><xs:documentation>The Raw_Segment_Content field is optional and contains the raw content of this segment of the hashed object.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Tool_Configuration" type="cyboxCommon:ToolConfigurationType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing the configuration and usage of the tool.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Configuration_Settings" type="cyboxCommon:ConfigurationSettingsType" minOccurs="0"><xs:annotation><xs:documentation>This field describes the configuration settings of this tool instance.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Configuration_Setting" type="cyboxCommon:ConfigurationSettingType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field contains a single configuration setting instance.</xs:documentation></xs:annotation></xs:element>
This field contains the name of the configuration item referenced by this configuration setting instance.
Diagram
Type
xs:string
Source
<xs:element name="Item_Name" type="xs:string"><xs:annotation><xs:documentation>This field contains the name of the configuration item referenced by this configuration setting instance.</xs:documentation></xs:annotation></xs:element>
This field contains the value of this configuration setting instance.
Diagram
Type
xs:string
Source
<xs:element name="Item_Value" type="xs:string"><xs:annotation><xs:documentation>This field contains the value of this configuration setting instance.</xs:documentation></xs:annotation></xs:element>
This field contains the type of the configuration item referenced in this configuration setting instance.
Diagram
Type
xs:string
Source
<xs:element name="Item_Type" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the type of the configuration item referenced in this configuration setting instance.</xs:documentation></xs:annotation></xs:element>
This field contains a description of the configuration item referenced in this configuration setting instance.
Diagram
Type
xs:string
Source
<xs:element name="Item_Description" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains a description of the configuration item referenced in this configuration setting instance.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Dependencies" type="cyboxCommon:DependenciesType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing the relevant dependencies for this tool.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Dependency" type="cyboxCommon:DependencyType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field contains information describing a single dependency for this tool.</xs:documentation></xs:annotation></xs:element>
This field describes the type of this dependency instance.
Diagram
Type
xs:string
Source
<xs:element name="Dependency_Type" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field describes the type of this dependency instance.</xs:documentation></xs:annotation></xs:element>
Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interfering with XML validation of the CybOX document. If this attribute is absent, the implication is that no markup is being used.
Source
<xs:element name="Dependency_Description" type="cyboxCommon:StructuredTextType"><xs:annotation><xs:documentation>This field contains a description of this dependency instance.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Usage_Context_Assumptions" type="cyboxCommon:UsageContextAssumptionsType" minOccurs="0"><xs:annotation><xs:documentation>This field contains descriptions of the various relevant usage context assumptions for this tool .</xs:documentation></xs:annotation></xs:element>
Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interfering with XML validation of the CybOX document. If this attribute is absent, the implication is that no markup is being used.
Source
<xs:element name="Usage_Context_Assumption" type="cyboxCommon:StructuredTextType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field contains a single usage context assumption for this tool.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Internationalization_Settings" type="cyboxCommon:InternationalizationSettingsType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing relevant internationalization setting for this tool .</xs:documentation></xs:annotation></xs:element>
<xs:element name="Internal_Strings" type="cyboxCommon:InternalStringsType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field contains a single internal string instance for this internationalization setting instance.</xs:documentation></xs:annotation></xs:element>
This field contains the actual key of this internal string instance.
Diagram
Type
xs:string
Source
<xs:element name="Key" type="xs:string"><xs:annotation><xs:documentation>This field contains the actual key of this internal string instance.</xs:documentation></xs:annotation></xs:element>
This field contains the actual content of this internal string instance.
Diagram
Type
xs:string
Source
<xs:element name="Content" type="xs:string"><xs:annotation><xs:documentation>This field contains the actual content of this internal string instance.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Build_Information" type="cyboxCommon:BuildInformationType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing how this tool was built.</xs:documentation></xs:annotation></xs:element>
This field contains an externally defined unique identifier of this build of this application instance.
Diagram
Type
xs:string
Source
<xs:element name="Build_ID" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains an externally defined unique identifier of this build of this application instance.</xs:documentation></xs:annotation></xs:element>
This field contains the project name of this build of this application instance.
Diagram
Type
xs:string
Source
<xs:element name="Build_Project" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the project name of this build of this application instance.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Build_Utility" type="cyboxCommon:BuildUtilityType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information identifying the utility used to build this application.</xs:documentation></xs:annotation></xs:element>
This field contains the informally defined name of the utility used to build this application instance.
Diagram
Type
xs:string
Source
<xs:element name="Build_Utility_Name" type="xs:string"><xs:annotation><xs:documentation>This field contains the informally defined name of the utility used to build this application instance.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Build_Utility_Platform_Specification" type="cyboxCommon:PlatformSpecificationType"><xs:annotation><xs:documentation>This field identifies the build utility used to build this application.</xs:documentation></xs:annotation></xs:element>
Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interfering with XML validation of the CybOX document. If this attribute is absent, the implication is that no markup is being used.
Source
<xs:element name="Description" type="cyboxCommon:StructuredTextType" minOccurs="0"><xs:annotation><xs:documentation>A prose description of the indicated platform.</xs:documentation></xs:annotation></xs:element>
Indicates a pre-defined name for the given platform using some naming scheme. For example, one could provide a CPE (Common Platform Enumeration) name using the CPE naming format.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Identifier" type="cyboxCommon:PlatformIdentifierType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>Indicates a pre-defined name for the given platform using some naming scheme. For example, one could provide a CPE (Common Platform Enumeration) name using the CPE naming format.</xs:documentation></xs:annotation></xs:element>
This field contains the appropriate version descriptor of this build of this application instance.
Diagram
Type
xs:string
Source
<xs:element name="Build_Version" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the appropriate version descriptor of this build of this application instance.</xs:documentation></xs:annotation></xs:element>
This field contains any relevant label for this build of this application instance.
Diagram
Type
xs:string
Source
<xs:element name="Build_Label" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains any relevant label for this build of this application instance.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Compilers" type="cyboxCommon:CompilersType" minOccurs="0"><xs:annotation><xs:documentation>This field describes the compilers utilized during this build of this application.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Compiler" type="cyboxCommon:CompilerType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field describes a single compiler utilized during this build of this application.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Compiler_Informal_Description" type="cyboxCommon:CompilerInformalDescriptionType" minOccurs="0"><xs:annotation><xs:documentation>This field contains the informal description of this compiler instance.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Compiler_Name" type="xs:string"><xs:annotation><xs:documentation>This field contains the name of the compiler.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Compiler_Version" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the version of the compiler.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Compiler_Platform_Specification" type="cyboxCommon:PlatformSpecificationType" minOccurs="0"><xs:annotation><xs:documentation>This field identifies this compiler instance.</xs:documentation></xs:annotation></xs:element>
This field identifies the compilation date for the build of the tool. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
The precision of the associated dateTime. If omitted, the default is "second", meaning the full field value (including fractional seconds).
Source
<xs:element name="Compilation_Date" type="cyboxCommon:DateTimeWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>This field identifies the compilation date for the build of the tool. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Build_Configuration" type="cyboxCommon:BuildConfigurationType" minOccurs="0"><xs:annotation><xs:documentation>This field describes how the build utility was configured for this build of this application.</xs:documentation></xs:annotation></xs:element>
This field contains the description of the configuration settings for this build of this application instance.
Diagram
Type
xs:string
Source
<xs:element name="Configuration_Setting_Description" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the description of the configuration settings for this build of this application instance.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Configuration_Settings" type="cyboxCommon:ConfigurationSettingsType"><xs:annotation><xs:documentation>This field contains the configuration settings for this build of this application instance.</xs:documentation></xs:annotation></xs:element>
This field contains the actual build script for this build of this application instance.
Diagram
Type
xs:string
Source
<xs:element name="Build_Script" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the actual build script for this build of this application instance.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Libraries" type="cyboxCommon:LibrariesType" minOccurs="0"><xs:annotation><xs:documentation>This field identifies the libraries incorporated into the build of the tool.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Library" type="cyboxCommon:LibraryType" minOccurs="0"><xs:annotation><xs:documentation>This field identifies a library incorporated into the build of the tool.</xs:documentation></xs:annotation></xs:element>
This field contains a capture of the output log of the build process.
Diagram
Type
xs:string
Source
<xs:element name="Build_Output_Log" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains a capture of the output log of the build process.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Execution_Environment" type="cyboxCommon:ExecutionEnvironmentType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing the execution environment of the tool.</xs:documentation></xs:annotation></xs:element>
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
<xs:element name="System" type="cyboxCommon:ObjectPropertiesType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing the system on which the tool was executed. System should be of type SystemObj:SystemObjectType.</xs:documentation></xs:annotation></xs:element>
The Custom_Properties construct is optional and enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.
<xs:element name="Custom_Properties" type="cyboxCommon:CustomPropertiesType" minOccurs="0"><xs:annotation><xs:documentation>The Custom_Properties construct is optional and enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Property" type="cyboxCommon:PropertyType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Property construct enables the specification of a single Object Property.</xs:documentation></xs:annotation></xs:element>
This field contains information describing the user account that executed the tool. User_Account_Info should be of type UserAccountObj:UserAccountObjectType.
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
<xs:element name="User_Account_Info" type="cyboxCommon:ObjectPropertiesType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing the user account that executed the tool. User_Account_Info should be of type UserAccountObj:UserAccountObjectType.</xs:documentation></xs:annotation></xs:element>
This field specifies the command line string used to run the tool.
Diagram
Type
xs:string
Source
<xs:element name="Command_Line" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field specifies the command line string used to run the tool.</xs:documentation></xs:annotation></xs:element>
This field specifies when the tool was run. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
The precision of the associated dateTime. If omitted, the default is "second", meaning the full field value (including fractional seconds).
Source
<xs:element name="Start_Time" type="cyboxCommon:DateTimeWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>This field specifies when the tool was run. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Errors" type="cyboxCommon:ErrorsType" minOccurs="0"><xs:annotation><xs:documentation>This field captures any errors generated during the run of the tool.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Error" type="cyboxCommon:ErrorType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field captures a single type of error generated during the run of the tool.</xs:documentation></xs:annotation></xs:element>
This field specifies the type for this tool run error.
Diagram
Type
xs:string
Source
<xs:element name="Error_Type" type="xs:string"><xs:annotation><xs:documentation>This field specifies the type for this tool run error.</xs:documentation></xs:annotation></xs:element>
This field specifies the count of instances for this error in the tool run.
Diagram
Type
xs:integer
Source
<xs:element name="Error_Count" type="xs:integer" minOccurs="0"><xs:annotation><xs:documentation>This field specifies the count of instances for this error in the tool run.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Error_Instances" type="cyboxCommon:ErrorInstancesType" minOccurs="0"><xs:annotation><xs:documentation>This field captures the actual error output for each instance of this type of error.</xs:documentation></xs:annotation></xs:element>
This field captures the actual error output for a single instance of this type of error.
Diagram
Type
xs:string
Source
<xs:element name="Error_Instance" type="xs:string" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field captures the actual error output for a single instance of this type of error.</xs:documentation></xs:annotation></xs:element>
This field specifies the type of name of a single metadata field.
Source
<xs:element name="Metadata" type="cyboxCommon:MetadataType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field captures other relevant metadata including tool-specific fields.</xs:documentation></xs:annotation></xs:element>
This field specifies the value of name of a single metadata field.
Diagram
Type
xs:string
Source
<xs:element name="Value" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field specifies the value of name of a single metadata field.</xs:documentation></xs:annotation></xs:element>
This field specifies the type of name of a single metadata field.
Source
<xs:element name="SubDatum" type="cyboxCommon:MetadataType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field uses recursion of the MetadataType specify subdatum structures for this metadata field.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Compensation_Model" type="cyboxCommon:CompensationModelType" minOccurs="0"><xs:annotation><xs:documentation>This field contains the name of the compensation model used for the tool.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Platform" type="cyboxCommon:PlatformSpecificationType" minOccurs="0"><xs:annotation><xs:documentation>The Platform field is optional and enables a formal, standardized specification of the platform for this cyber observation source.</xs:documentation></xs:annotation></xs:element>
The System field is optional and enables characterization of the system on which the mechanism of cyber observation executed. System should be an object of type SystemObj:SystemObjectType.
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
<xs:element name="System" type="cyboxCommon:ObjectPropertiesType" minOccurs="0"><xs:annotation><xs:documentation>The System field is optional and enables characterization of the system on which the mechanism of cyber observation executed. System should be an object of type SystemObj:SystemObjectType.</xs:documentation></xs:annotation></xs:element>
The Instance field is optional and enables characterization of the process instance in which the mechanism of cyber observation executed. Instance should be of type ProcessObj:ProcessObjectType.
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
<xs:element name="Instance" type="cyboxCommon:ObjectPropertiesType" minOccurs="0"><xs:annotation><xs:documentation>The Instance field is optional and enables characterization of the process instance in which the mechanism of cyber observation executed. Instance should be of type ProcessObj:ProcessObjectType.</xs:documentation></xs:annotation></xs:element>
The Observable_Location field specifies a relevant physical location for the associated Observable.
This field is implemented through the xsi:type extension mechanism. The default type is CIQAddressInstanceType in the http://cybox.mitre.org/extensions/Identity#CIQAddress-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address/1.0/ciq_address_3.0.xsd.
Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field.
Specifies a reference to a unique ID defined elsewhere.
Source
<xs:element name="Observable_Location" type="cyboxCommon:LocationType" minOccurs="0"><xs:annotation><xs:documentation>The Observable_Location field specifies a relevant physical location for the associated Observable.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default type is CIQAddressInstanceType in the http://cybox.mitre.org/extensions/Identity#CIQAddress-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address/1.0/ciq_address_3.0.xsd.</xs:documentation><xs:documentation>Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field.</xs:documentation></xs:annotation></xs:element>
Specifies any other type of data from the ones listed.
Source
<xs:element name="Data_Format" type="cyboxCommon:DataFormatEnum" minOccurs="0"><xs:annotation><xs:documentation>The Data_Format field refers to the type of data contained in the Data_Segment element.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
This field represents the Units used in the object size element.
Source
<xs:element name="Data_Size" type="cyboxCommon:DataSizeType" minOccurs="0"><xs:annotation><xs:documentation>The Data_Size field contains the size of the data contained in this element.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Byte_Order" type="cyboxCommon:EndiannessType" minOccurs="0"><xs:annotation><xs:documentation>The Byte_Order field specifies the endianness of the unpacked (e.g., decoded, unencrypted, etc.) data stored within the Data_Segment field.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Data_Segment" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Data_Segment field contains the actual segment of data being characterized.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Offset" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Offset field allows for the specification of where to start searching for the specified data segment in an object, in bytes.</xs:documentation></xs:annotation></xs:element>
The Search_Distance field specifies how far into an object should be ignored, in bytes, before starting to search for the specified data segment relative to the end of the previous data segment.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Search_Distance" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Search_Distance field specifies how far into an object should be ignored, in bytes, before starting to search for the specified data segment relative to the end of the previous data segment.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Search_Within" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Search_Within field specifies that at most N bytes are between data segments in related objects.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Strings" type="cyboxCommon:ExtractedStringsType" minOccurs="0"><xs:annotation><xs:documentation>This field enables description of a set of static strings extracted from a raw cyber object.</xs:documentation></xs:annotation></xs:element>
<xs:element name="String" type="cyboxCommon:ExtractedStringType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field enables description of a single static string extracted from a raw cyber object.</xs:documentation></xs:annotation></xs:element>
The Encoding field refers to the encoding method used for the string extracted from the CybOX object, via a standardized controlled vocabulary.
This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is CharacterEncodingVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.
Source
<xs:element name="Encoding" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0"><xs:annotation><xs:documentation>The Encoding field refers to the encoding method used for the string extracted from the CybOX object, via a standardized controlled vocabulary.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is CharacterEncodingVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.</xs:documentation><xs:documentation>Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.</xs:documentation></xs:annotation></xs:element>
The String_Value field specifies the actual value of the string extracted from the CybOX object, if it is capable of being represented in the encoding scheme used in the document (most commonly UTF-8).
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="String_Value" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The String_Value field specifies the actual value of the string extracted from the CybOX object, if it is capable of being represented in the encoding scheme used in the document (most commonly UTF-8).</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Byte_String_Value" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Byte_String_Value field specifies the raw, byte-string representation of the string extracted from the CybOX object, in hexadecimal format.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Hashes" type="cyboxCommon:HashListType" minOccurs="0"><xs:annotation><xs:documentation>The Hashes field is used to include any hash values computed using the string extracted from the CybOX object as input.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Address" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Address field specifies the location or offset of the specified string in the CybOX objects.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Length" type="cyboxCommon:PositiveIntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Length field specifies the length, in characters, of the string extracted from the CybOX object.</xs:documentation></xs:annotation></xs:element>
The Language field specifies the language the string is written in, e.g. English. For consistency, we strongly recommend using the ISO 639-2 language code, if available. Please see http://www.loc.gov/standards/iso639-2/php/code_list.php for a list of ISO 639-2 codes.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Language" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Language field specifies the language the string is written in, e.g. English. For consistency, we strongly recommend using the ISO 639-2 language code, if available. Please see http://www.loc.gov/standards/iso639-2/php/code_list.php for a list of ISO 639-2 codes.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="English_Translation" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The English_Translation field specifies the English translation of the string, if it is not written in English.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Imports" type="cyboxCommon:ImportsType" minOccurs="0"><xs:annotation><xs:documentation>This field enables description of a set of references to external resources imported by a raw cyber object.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Import" type="cyboxCommon:StringObjectPropertyType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field enables description of a single reference to an external resource imported by a raw cyber object.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Functions" type="cyboxCommon:FunctionsType" minOccurs="0"><xs:annotation><xs:documentation>This field enables description of a set of references to functions called by a raw cyber object.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Function" type="cyboxCommon:StringObjectPropertyType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field enables description of a single reference to a function called by a raw cyber object.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Code_Snippets" type="cyboxCommon:CodeSnippetsType" minOccurs="0"><xs:annotation><xs:documentation>This field enables description of a set of code snippets extracted from a raw cyber object.</xs:documentation></xs:annotation></xs:element>
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
<xs:element name="Code_Snippet" type="cyboxCommon:ObjectPropertiesType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field enables description of a single code snippet extracted from a raw cyber object. Code_Snippet should be of CodeObj:CodeObjectType.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Byte_Run" type="cyboxCommon:ByteRunType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Byte_Run field contains a single byte run from the raw object.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Offset" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Offset field specifies the offset of the beginning of the byte run as measured from the beginning of the object.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Byte_Order" type="cyboxCommon:EndiannessType" minOccurs="0"><xs:annotation><xs:documentation>The Byte_Order field specifies the endianness of the unpacked (e.g., unencoded, unencrypted, etc.) data contained within the Byte_Run_Data field.</xs:documentation></xs:annotation></xs:element>
The File_System_Offset field is relevant only for byte runs of files in forensic analysis.It specifies the offset of the beginning of the byte run as measured from the beginning of the relevant file system.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="File_System_Offset" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The File_System_Offset field is relevant only for byte runs of files in forensic analysis.It specifies the offset of the beginning of the byte run as measured from the beginning of the relevant file system.</xs:documentation></xs:annotation></xs:element>
The Image_Offset field is provided for forensic analysis purposes and specifies the offset of the beginning of the byte run as measured from the beginning of the relevant forensic image.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Image_Offset" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Image_Offset field is provided for forensic analysis purposes and specifies the offset of the beginning of the byte run as measured from the beginning of the relevant forensic image.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Length" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Length field specifies the number of bytes in the byte run.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Hashes" type="cyboxCommon:HashListType" minOccurs="0"><xs:annotation><xs:documentation>The Hashes field contains computed hash values for this the data in this byte run.</xs:documentation></xs:annotation></xs:element>
The Byte_Run_Data field contains a raw dump of the byte run data, typically enclosed within an XML CDATA section.
Diagram
Source
<xs:element name="Byte_Run_Data" type="xs:anyType" minOccurs="0"><xs:annotation><xs:documentation>The Byte_Run_Data field contains a raw dump of the byte run data, typically enclosed within an XML CDATA section.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Environment_Variable" type="cyboxCommon:EnvironmentVariableType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Environment_Variable field is used for representing environment variables using a name/value pair.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Name" type="cyboxCommon:StringObjectPropertyType"><xs:annotation><xs:documentation>The Name field specifies the name of the environment variable.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Value" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Value field specifies the value of the environment variable.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Digital_Signature" type="cyboxCommon:DigitalSignatureInfoType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Digital_Signature field is optional and captures a single digital signature for this Object.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Certificate_Issuer" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The certificate issuer of the digital signature.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Certificate_Subject" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The certificate subject of the digital signature.</xs:documentation></xs:annotation></xs:element>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Signature_Description" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>A description of the digital signature.</xs:documentation></xs:annotation></xs:element>
Complex Type cyboxCommon:StructuredTextType
Namespace
http://cybox.mitre.org/common-2
Annotations
The StructuredTextType is a type representing a generalized structure for capturing structured or unstructured textual information such as descriptions of things.
Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interfering with XML validation of the CybOX document. If this attribute is absent, the implication is that no markup is being used.
Source
<xs:complexType name="StructuredTextType"><xs:annotation><xs:documentation>The StructuredTextType is a type representing a generalized structure for capturing structured or unstructured textual information such as descriptions of things.</xs:documentation></xs:annotation><xs:simpleContent><xs:extension base="xs:string"><xs:attribute name="structuring_format" type="xs:string" use="optional"><xs:annotation><xs:documentation>Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interfering with XML validation of the CybOX document. If this attribute is absent, the implication is that no markup is being used.</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:MeasureSourceType
Namespace
http://cybox.mitre.org/common-2
Annotations
The MeasureSourceType is a type representing a description of a single cyber observation source.
The source_type field is optional and enables identification of the broad type of this cyber observation source.
Source
<xs:complexType name="MeasureSourceType"><xs:annotation><xs:documentation>The MeasureSourceType is a type representing a description of a single cyber observation source.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Information_Source_Type" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0"><xs:annotation><xs:documentation>The Information_Source_Type field is optional and utilizes a standardized controlled vocabulary to identify the type of information source leveraged for this cyber observation source.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is InformationSourceTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.</xs:documentation><xs:documentation>Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.</xs:documentation></xs:annotation></xs:element><xs:element name="Tool_Type" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0"><xs:annotation><xs:documentation>The Tool_Type field is optional and (when tools are used) enables identification of the type of tool leveraged as part of this cyber observation source, via a standardized controlled vocabulary.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ToolTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.</xs:documentation><xs:documentation>Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.</xs:documentation></xs:annotation></xs:element><xs:element name="Description" type="cyboxCommon:StructuredTextType" minOccurs="0"><xs:annotation><xs:documentation>The Description field is optional and enables a generalized but structured description of this syber observation source.</xs:documentation></xs:annotation></xs:element><xs:element name="Contributors" type="cyboxCommon:PersonnelType" minOccurs="0"><xs:annotation><xs:documentation>The Contributors field is optional and enables description of the individual contributors involved in this cyber observation source.</xs:documentation></xs:annotation></xs:element><xs:element name="Time" type="cyboxCommon:TimeType" minOccurs="0"><xs:annotation><xs:documentation>The Time field is optional and enables description of various time-related properties for this cyber observation source instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Observation_Location" type="cyboxCommon:LocationType" minOccurs="0"><xs:annotation><xs:documentation>The Observation_Location field specifies a relevant physical location for the observation measurement of the associated Observable.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default type is CIQAddressInstanceType in the http://cybox.mitre.org/extensions/Identity#CIQAddress-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address/1.0/ciq_address_3.0.xsd.</xs:documentation><xs:documentation>Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field.</xs:documentation></xs:annotation></xs:element><xs:element name="Tools" type="cyboxCommon:ToolsInformationType" minOccurs="0"><xs:annotation><xs:documentation>The Tools field is optional and enables description of the tools utilized for this cyber observation source.</xs:documentation></xs:annotation></xs:element><xs:element name="Platform" type="cyboxCommon:PlatformSpecificationType" minOccurs="0"><xs:annotation><xs:documentation>The Platform field is optional and enables a formal, standardized specification of the platform for this cyber observation source.</xs:documentation></xs:annotation></xs:element><xs:element name="System" type="cyboxCommon:ObjectPropertiesType" minOccurs="0"><xs:annotation><xs:documentation>The System field is optional and enables characterization of the system on which the mechanism of cyber observation executed. System should be an object of type SystemObj:SystemObjectType.</xs:documentation></xs:annotation></xs:element><xs:element name="Instance" type="cyboxCommon:ObjectPropertiesType" minOccurs="0"><xs:annotation><xs:documentation>The Instance field is optional and enables characterization of the process instance in which the mechanism of cyber observation executed. Instance should be of type ProcessObj:ProcessObjectType.</xs:documentation></xs:annotation></xs:element><xs:element name="Observable_Location" type="cyboxCommon:LocationType" minOccurs="0"><xs:annotation><xs:documentation>The Observable_Location field specifies a relevant physical location for the associated Observable.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default type is CIQAddressInstanceType in the http://cybox.mitre.org/extensions/Identity#CIQAddress-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address/1.0/ciq_address_3.0.xsd.</xs:documentation><xs:documentation>Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field.</xs:documentation></xs:annotation></xs:element></xs:sequence><xs:attribute name="class" type="cyboxCommon:SourceClassTypeEnum"><xs:annotation><xs:documentation>The class field is optional and enables identification of the high-level class of this cyber observation source.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="source_type" type="cyboxCommon:SourceTypeEnum"><xs:annotation><xs:documentation>The source_type field is optional and enables identification of the broad type of this cyber observation source.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="name" type="xs:string"><xs:annotation><xs:documentation>The name field is optional and enables the assignment of a relevant name to this Discovery Method.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="sighting_count" type="xs:positiveInteger"><xs:annotation><xs:documentation>The sighting_count field specifies how many different identical instances of a given Observable may have been seen/sighted by the observation source.</xs:documentation></xs:annotation></xs:attribute></xs:complexType>
Complex Type cyboxCommon:ControlledVocabularyStringType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ControlledVocabularyStringType is used as the basis for defining controlled vocabularies.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.
Source
<xs:complexType name="ControlledVocabularyStringType"><xs:annotation><xs:documentation>The ControlledVocabularyStringType is used as the basis for defining controlled vocabularies.</xs:documentation></xs:annotation><xs:simpleContent><xs:extension base="cyboxCommon:PatternableFieldType"><xs:attribute name="vocab_name" type="xs:string" use="optional"><xs:annotation><xs:documentation>The vocab_name field specifies the name of the controlled vocabulary.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="vocab_reference" type="xs:anyURI" use="optional"><xs:annotation><xs:documentation>The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:PatternableFieldType
Namespace
http://cybox.mitre.org/common-2
Annotations
The PatternableFieldType is a grouping of attributes applicable to defining patterns on a specific field.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="PatternableFieldType"><xs:annotation><xs:documentation>The PatternableFieldType is a grouping of attributes applicable to defining patterns on a specific field.</xs:documentation></xs:annotation><xs:simpleContent><xs:extension base="xs:anySimpleType"><xs:attributeGroup ref="cyboxCommon:PatternFieldGroup"/></xs:extension></xs:simpleContent></xs:complexType>
Simple Type cyboxCommon:ConditionTypeEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
ConditionTypeEnum is a (non-exhaustive) enumeration of condition types.
Diagram
Type
restriction of xs:string
Facets
enumeration
Equals
Specifies the equality or = condition.
enumeration
DoesNotEqual
Specifies the "does not equal" or != condition.
enumeration
Contains
Specifies the "contains" condition.
enumeration
DoesNotContain
Specifies the "does not contain" condition.
enumeration
StartsWith
Specifies the "starts with" condition.
enumeration
EndsWith
Specifies the "ends with" condition.
enumeration
GreaterThan
Specifies the "greater than" condition.
enumeration
GreaterThanOrEqual
Specifies the "greater than or equal to" condition.
enumeration
LessThan
Specifies the "less than" condition.
enumeration
LessThanOrEqual
Specifies the "less than or equal" condition.
enumeration
InclusiveBetween
The pattern is met if the given value lies between the values indicated in the field value body, inclusive of the bounding values themselves. The field value body MUST contain at least 2 values to be valid. If the field value body contains more than 2 values, then only the greatest and least values are considered. (I.e., If the body contains "2,4,6", then an InclusiveBetween condition would be satisfied if the observed value fell between 2 and 6, inclusive. Since this is an inclusive range, an observed value of 2 or 6 would fit the pattern in this example.) As such, always treat the InclusiveBetween condition as applying to a single range for the purpose of evaluating the apply_condition attribute.
enumeration
ExclusiveBetween
The pattern is met if the given value lies between the values indicated in the field value body, exclusive of the bounding values themselves. The field value body MUST contain at least 2 values to be valid. If the field value body contains more than 2 values, then only the greatest and least values are considered. (I.e., If the body contains "2,4,6", then an InclusiveBetween condition would be satisfied if the observed value fell between 2 and 6, exclusive. Since this is an exclusive range, an observed value of 2 or 6 would not fit the pattern in this example.) As such, always treat the ExclusiveBetween condition as applying to a single range for the purpose of evaluating the apply_condition attribute.
enumeration
FitsPattern
Specifies the condition that a value fits a given pattern.
enumeration
BitwiseAnd
Specifies the condition of bitwise AND. Specifically, when applying this pattern, a given value is bitwise-ANDed with the bit_mask attribute value (which must be present). If the result is identical to the value provided in the body of this field value, the pattern is considered fulfilled.
enumeration
BitwiseOr
Specifies the condition of bitwise OR. Specifically, when applying this pattern, a given value is bitwise-ORed with the bit_mask attribute value (which must be present). If the result is identical to the value provided in the body of this field value, the pattern is considered fulfilled.
enumeration
BitwiseXor
Specifies the condition of bitwise XOR. Specifically, when applying this pattern, a given value is bitwise-XORed with the bit_mask attribute value (which must be present). If the result is identical to the value provided in the body of this field value, the pattern is considered fulfilled.
<xs:simpleType name="ConditionTypeEnum"><xs:annotation><xs:documentation>ConditionTypeEnum is a (non-exhaustive) enumeration of condition types.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="Equals"><xs:annotation><xs:documentation>Specifies the equality or = condition.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="DoesNotEqual"><xs:annotation><xs:documentation>Specifies the "does not equal" or != condition.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Contains"><xs:annotation><xs:documentation>Specifies the "contains" condition.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="DoesNotContain"><xs:annotation><xs:documentation>Specifies the "does not contain" condition.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="StartsWith"><xs:annotation><xs:documentation>Specifies the "starts with" condition.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="EndsWith"><xs:annotation><xs:documentation>Specifies the "ends with" condition.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="GreaterThan"><xs:annotation><xs:documentation>Specifies the "greater than" condition.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="GreaterThanOrEqual"><xs:annotation><xs:documentation>Specifies the "greater than or equal to" condition.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="LessThan"><xs:annotation><xs:documentation>Specifies the "less than" condition.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="LessThanOrEqual"><xs:annotation><xs:documentation>Specifies the "less than or equal" condition.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="InclusiveBetween"><xs:annotation><xs:documentation>The pattern is met if the given value lies between the values indicated in the field value body, inclusive of the bounding values themselves. The field value body MUST contain at least 2 values to be valid. If the field value body contains more than 2 values, then only the greatest and least values are considered. (I.e., If the body contains "2,4,6", then an InclusiveBetween condition would be satisfied if the observed value fell between 2 and 6, inclusive. Since this is an inclusive range, an observed value of 2 or 6 would fit the pattern in this example.) As such, always treat the InclusiveBetween condition as applying to a single range for the purpose of evaluating the apply_condition attribute.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="ExclusiveBetween"><xs:annotation><xs:documentation>The pattern is met if the given value lies between the values indicated in the field value body, exclusive of the bounding values themselves. The field value body MUST contain at least 2 values to be valid. If the field value body contains more than 2 values, then only the greatest and least values are considered. (I.e., If the body contains "2,4,6", then an InclusiveBetween condition would be satisfied if the observed value fell between 2 and 6, exclusive. Since this is an exclusive range, an observed value of 2 or 6 would not fit the pattern in this example.) As such, always treat the ExclusiveBetween condition as applying to a single range for the purpose of evaluating the apply_condition attribute.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="FitsPattern"><xs:annotation><xs:documentation>Specifies the condition that a value fits a given pattern.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="BitwiseAnd"><xs:annotation><xs:documentation>Specifies the condition of bitwise AND. Specifically, when applying this pattern, a given value is bitwise-ANDed with the bit_mask attribute value (which must be present). If the result is identical to the value provided in the body of this field value, the pattern is considered fulfilled.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="BitwiseOr"><xs:annotation><xs:documentation>Specifies the condition of bitwise OR. Specifically, when applying this pattern, a given value is bitwise-ORed with the bit_mask attribute value (which must be present). If the result is identical to the value provided in the body of this field value, the pattern is considered fulfilled.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="BitwiseXor"><xs:annotation><xs:documentation>Specifies the condition of bitwise XOR. Specifically, when applying this pattern, a given value is bitwise-XORed with the bit_mask attribute value (which must be present). If the result is identical to the value provided in the body of this field value, the pattern is considered fulfilled.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Simple Type cyboxCommon:ConditionApplicationEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
Used to indicate how a condition should be applied to a list of values.
Diagram
Type
restriction of xs:string
Facets
enumeration
ANY
Indicates that a pattern holds if the given condition can be successfully applied to any of the field values.
enumeration
ALL
Indicates that a pattern holds only if the given condition can be successfully applied to all of the field values.
enumeration
NONE
Indicates that a pattern holds only if the given condition can be successfully applied to none of the field values.
<xs:simpleType name="ConditionApplicationEnum"><xs:annotation><xs:documentation>Used to indicate how a condition should be applied to a list of values.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="ANY"><xs:annotation><xs:documentation>Indicates that a pattern holds if the given condition can be successfully applied to any of the field values.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="ALL"><xs:annotation><xs:documentation>Indicates that a pattern holds only if the given condition can be successfully applied to all of the field values.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="NONE"><xs:annotation><xs:documentation>Indicates that a pattern holds only if the given condition can be successfully applied to none of the field values.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Simple Type cyboxCommon:PatternTypeEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
The PatternTypeEnum type is a non-exhaustive enumeration of potentially relevant pattern types.
Diagram
Type
restriction of xs:string
Facets
enumeration
Regex
Specifies the regular expression pattern type.
enumeration
Binary
Specifies the binary (bit operations) pattern type.
<xs:simpleType name="PatternTypeEnum"><xs:annotation><xs:documentation>The PatternTypeEnum type is a non-exhaustive enumeration of potentially relevant pattern types.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="Regex"><xs:annotation><xs:documentation>Specifies the regular expression pattern type.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Binary"><xs:annotation><xs:documentation>Specifies the binary (bit operations) pattern type.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="XPath"><xs:annotation><xs:documentation>Specifies the XPath 1.0 expression pattern type.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Complex Type cyboxCommon:PersonnelType
Namespace
http://cybox.mitre.org/common-2
Annotations
The PersonnelType is an abstracted data type to standardize the description of sets of personnel.
<xs:complexType name="PersonnelType"><xs:annotation><xs:documentation>The PersonnelType is an abstracted data type to standardize the description of sets of personnel.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Contributor" type="cyboxCommon:ContributorType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field contains information describing the identify, resources and timing of involvement for a single contributor.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:ContributorType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ContributorType represents a description of an individual who contributed as a source of cyber observation data.
<xs:complexType name="ContributorType"><xs:annotation><xs:documentation>The ContributorType represents a description of an individual who contributed as a source of cyber observation data.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Role" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field describes the role played by this contributor.</xs:documentation></xs:annotation></xs:element><xs:element name="Name" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the name of this contributor.</xs:documentation></xs:annotation></xs:element><xs:element name="Email" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the email of this contributor.</xs:documentation></xs:annotation></xs:element><xs:element name="Phone" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains a telephone number of this contributor.</xs:documentation></xs:annotation></xs:element><xs:element name="Organization" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the organization name of this contributor.</xs:documentation></xs:annotation></xs:element><xs:element name="Date" type="cyboxCommon:DateRangeType" minOccurs="0"><xs:annotation><xs:documentation>This field contains a description (bounding) of the timing of this contributor's involvement.</xs:documentation></xs:annotation></xs:element><xs:element name="Contribution_Location" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing the location at which the contributory activity occured.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
<xs:complexType name="DateRangeType"><xs:annotation><xs:documentation>The DateRangeType specifies a range of dates.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Start_Date" type="cyboxCommon:DateWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>This field contains the start date for this contributor's involvement. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element><xs:element name="End_Date" type="cyboxCommon:DateWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>This field contains the end date for this contributor's involvement. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:DateWithPrecisionType
Namespace
http://cybox.mitre.org/common-2
Annotations
This type is used as a replacement for the standard xs:date type but allows for the representation of the precision of the date. If the precision is given, consumers must ignore the portions of this field that is more precise than the given precision. Producers should zero-out (fill with zeros) digits in the date that are required by the xs:date datatype but are beyond the specified precision.
In order to avoid ambiguity, it is strongly suggested that all dates include a specification of the timezone if it is known.
The precision of the associated date. If omitted, the default is "day", meaning the full field value.
Source
<xs:complexType name="DateWithPrecisionType"><xs:annotation><xs:documentation>This type is used as a replacement for the standard xs:date type but allows for the representation of the precision of the date. If the precision is given, consumers must ignore the portions of this field that is more precise than the given precision. Producers should zero-out (fill with zeros) digits in the date that are required by the xs:date datatype but are beyond the specified precision.</xs:documentation><xs:documentation>In order to avoid ambiguity, it is strongly suggested that all dates include a specification of the timezone if it is known.</xs:documentation></xs:annotation><xs:simpleContent><xs:extension base="xs:date"><xs:attribute name="precision" type="cyboxCommon:DatePrecisionEnum" default="day"><xs:annotation><xs:documentation>The precision of the associated date. If omitted, the default is "day", meaning the full field value.</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:simpleContent></xs:complexType>
<xs:simpleType name="DatePrecisionEnum"><xs:annotation><xs:documentation>Possible values for representing date precision.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="year"><xs:annotation><xs:documentation>Date is precise to the given year.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="month"><xs:annotation><xs:documentation>Date is precise to the given month.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="day"><xs:annotation><xs:documentation>Date is precise to the given day.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Complex Type cyboxCommon:TimeType
Namespace
http://cybox.mitre.org/common-2
Annotations
The TimeType specifies various time properties for this construct.
<xs:complexType name="TimeType"><xs:annotation><xs:documentation>The TimeType specifies various time properties for this construct.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Start_Time" type="cyboxCommon:DateTimeWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>The Start_Time field is optional and describes the starting time for this construct. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element><xs:element name="End_Time" type="cyboxCommon:DateTimeWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>The End_Time field is optional and describes the ending time for this construct. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element><xs:element name="Produced_Time" type="cyboxCommon:DateTimeWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>The Produced_Time field is optional and describes the time that this construct was produced. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element><xs:element name="Received_Time" type="cyboxCommon:DateTimeWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>The Received_Time field is optional and describes the time that this construct was received. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:DateTimeWithPrecisionType
Namespace
http://cybox.mitre.org/common-2
Annotations
This type is used as a replacement for the standard xs:dateTime type but allows for the representation of the precision of the dateTime. If the precision is given, consumers must ignore the portions of this field that is more precise than the given precision. Producers should zero-out (fill with zeros) digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision.
In order to avoid ambiguity, it is strongly suggested that all dateTimes include a specification of the timezone if it is known.
The precision of the associated dateTime. If omitted, the default is "second", meaning the full field value (including fractional seconds).
Source
<xs:complexType name="DateTimeWithPrecisionType"><xs:annotation><xs:documentation>This type is used as a replacement for the standard xs:dateTime type but allows for the representation of the precision of the dateTime. If the precision is given, consumers must ignore the portions of this field that is more precise than the given precision. Producers should zero-out (fill with zeros) digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision.</xs:documentation><xs:documentation>In order to avoid ambiguity, it is strongly suggested that all dateTimes include a specification of the timezone if it is known.</xs:documentation></xs:annotation><xs:simpleContent><xs:extension base="xs:dateTime"><xs:attribute name="precision" type="cyboxCommon:DateTimePrecisionEnum" default="second"><xs:annotation><xs:documentation>The precision of the associated dateTime. If omitted, the default is "second", meaning the full field value (including fractional seconds).</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:simpleContent></xs:complexType>
<xs:simpleType name="DateTimePrecisionEnum"><xs:annotation><xs:documentation>Possible values for representing time precision.</xs:documentation></xs:annotation><xs:union memberTypes="cyboxCommon:DatePrecisionEnum cyboxCommon:TimePrecisionEnum"/></xs:simpleType>
Complex Type cyboxCommon:LocationType
Namespace
http://cybox.mitre.org/common-2
Annotations
The LocationType is used to express geographic location information.
This type is extended through the xsi:type mechanism. The default type is CIQAddress3.0InstanceType in the http://cybox.mitre.org/extensions/Address#CIQAddress3.0-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address_3.0/1.0/ciq_address_3.0.xsd.
Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field of this type.
Specifies a reference to a unique ID defined elsewhere.
Source
<xs:complexType name="LocationType"><xs:annotation><xs:documentation>The LocationType is used to express geographic location information.</xs:documentation><xs:documentation>This type is extended through the xsi:type mechanism. The default type is CIQAddress3.0InstanceType in the http://cybox.mitre.org/extensions/Address#CIQAddress3.0-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address_3.0/1.0/ciq_address_3.0.xsd.</xs:documentation><xs:documentation>Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field of this type.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Name" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>The Name field allows for expression of an location through a simple name.</xs:documentation></xs:annotation></xs:element></xs:sequence><xs:attribute name="id" type="xs:QName"><xs:annotation><xs:documentation>Specifies a unique ID for this Location.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="idref" type="xs:QName"><xs:annotation><xs:documentation>Specifies a reference to a unique ID defined elsewhere.</xs:documentation></xs:annotation></xs:attribute></xs:complexType>
Complex Type cyboxCommon:ToolsInformationType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ToolsInformationType represents a description of a set of automated tools.
<xs:complexType name="ToolsInformationType"><xs:annotation><xs:documentation>The ToolsInformationType represents a description of a set of automated tools.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Tool" type="cyboxCommon:ToolInformationType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Tool field is optional and enables description of a single tool utilized for this cyber observation source.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:ToolInformationType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ToolInformationType is intended to characterize the properties of a hardware or software tool, including those related to instances of its use.
The idref field specifies reference to a unique ID for this Tool.
When idref is specified, the id attribute must not be specified, and any instance of this type should not hold content unless an extension of the type allows it.
Source
<xs:complexType name="ToolInformationType"><xs:annotation><xs:documentation>The ToolInformationType is intended to characterize the properties of a hardware or software tool, including those related to instances of its use.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Name" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the name of the tool leveraged.</xs:documentation></xs:annotation></xs:element><xs:element name="Type" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field contains the type of the tool leveraged.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for CybOX 2.0. Users may either define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a free string field. Additionally, locations where the ToolInformationType is used may define default vocabularies for this field.</xs:documentation></xs:annotation></xs:element><xs:element name="Description" type="cyboxCommon:StructuredTextType" minOccurs="0"><xs:annotation><xs:documentation>This field contains general descriptive information for this tool.</xs:documentation></xs:annotation></xs:element><xs:element name="References" type="cyboxCommon:ToolReferencesType" minOccurs="0"><xs:annotation><xs:documentation>This field contains references to instances or additional information for this tool.</xs:documentation></xs:annotation></xs:element><xs:element name="Vendor" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains information identifying the vendor organization for this tool.</xs:documentation></xs:annotation></xs:element><xs:element name="Version" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains an appropriate version descriptor of this tool.</xs:documentation></xs:annotation></xs:element><xs:element name="Service_Pack" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains an appropriate service pack descriptor for this tool.</xs:documentation></xs:annotation></xs:element><xs:element name="Tool_Specific_Data" type="cyboxCommon:ToolSpecificDataType" minOccurs="0"><xs:annotation><xs:documentation>This is an abstract type provided to a flexible mechanism for enabling tool-specific data to be included.</xs:documentation></xs:annotation></xs:element><xs:element name="Tool_Hashes" type="cyboxCommon:HashListType" minOccurs="0"><xs:annotation><xs:documentation>This field contains a hash value computed on the tool file content in order to verify its integrity.</xs:documentation></xs:annotation></xs:element><xs:element name="Tool_Configuration" type="cyboxCommon:ToolConfigurationType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing the configuration and usage of the tool.</xs:documentation></xs:annotation></xs:element><xs:element name="Execution_Environment" type="cyboxCommon:ExecutionEnvironmentType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing the execution environment of the tool.</xs:documentation></xs:annotation></xs:element><xs:element name="Errors" type="cyboxCommon:ErrorsType" minOccurs="0"><xs:annotation><xs:documentation>This field captures any errors generated during the run of the tool.</xs:documentation></xs:annotation></xs:element><xs:element name="Metadata" type="cyboxCommon:MetadataType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field captures other relevant metadata including tool-specific fields.</xs:documentation></xs:annotation></xs:element><xs:element name="Compensation_Model" type="cyboxCommon:CompensationModelType" minOccurs="0"><xs:annotation><xs:documentation>This field contains the name of the compensation model used for the tool.</xs:documentation></xs:annotation></xs:element></xs:sequence><xs:attribute name="id" type="xs:QName"><xs:annotation><xs:documentation>The id field specifies a unique ID for this Tool.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="idref" type="xs:QName"><xs:annotation><xs:documentation>The idref field specifies reference to a unique ID for this Tool.</xs:documentation><xs:documentation>When idref is specified, the id attribute must not be specified, and any instance of this type should not hold content unless an extension of the type allows it.</xs:documentation></xs:annotation></xs:attribute></xs:complexType>
Complex Type cyboxCommon:ToolReferencesType
Namespace
http://cybox.mitre.org/common-2
Annotations
Used to indicate one or more references to tool instances and information.
<xs:complexType name="ToolReferencesType"><xs:annotation><xs:documentation>Used to indicate one or more references to tool instances and information.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Reference" type="cyboxCommon:ToolReferenceType" maxOccurs="unbounded"><xs:annotation><xs:documentation>Contains one reference to information or instances of a given tool.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:ToolReferenceType
Namespace
http://cybox.mitre.org/common-2
Annotations
Contains one reference to information or instances of a given tool.
Indicates the nature of the referenced material (documentation, source, executable, etc.).
Source
<xs:complexType name="ToolReferenceType"><xs:annotation><xs:documentation>Contains one reference to information or instances of a given tool.</xs:documentation></xs:annotation><xs:simpleContent><xs:extension base="xs:anyURI"><xs:attribute name="reference_type" type="cyboxCommon:ToolReferenceTypeEnum"><xs:annotation><xs:documentation>Indicates the nature of the referenced material (documentation, source, executable, etc.).</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:simpleContent></xs:complexType>
Simple Type cyboxCommon:ToolReferenceTypeEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
The nature of referenced material regarding a tool.
Diagram
Type
restriction of xs:string
Facets
enumeration
Documentation
The reference is to documentation about the identified tool.
enumeration
Source
The reference is to source code for the identified tool.
enumeration
Download
The reference is to where an executable version of the tool can be downloaded.
enumeration
Execute
The reference is to the tool implemented as an online service.
enumeration
Other
The reference is to material about the tool not covered by other values in this enumeration.
<xs:simpleType name="ToolReferenceTypeEnum"><xs:annotation><xs:documentation>The nature of referenced material regarding a tool.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="Documentation"><xs:annotation><xs:documentation>The reference is to documentation about the identified tool.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Source"><xs:annotation><xs:documentation>The reference is to source code for the identified tool.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Download"><xs:annotation><xs:documentation>The reference is to where an executable version of the tool can be downloaded.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Execute"><xs:annotation><xs:documentation>The reference is to the tool implemented as an online service.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Other"><xs:annotation><xs:documentation>The reference is to material about the tool not covered by other values in this enumeration.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Complex Type cyboxCommon:ToolSpecificDataType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ToolSpecificDataType is an Abstract type placeholder within the CybOX schema enabling the inclusion of metadata for a specific type of tool through the use of a custom type defined as an extension of this base Abstract type.
<xs:complexType name="ToolSpecificDataType" abstract="true"><xs:annotation><xs:documentation>The ToolSpecificDataType is an Abstract type placeholder within the CybOX schema enabling the inclusion of metadata for a specific type of tool through the use of a custom type defined as an extension of this base Abstract type.</xs:documentation></xs:annotation></xs:complexType>
Complex Type cyboxCommon:HashListType
Namespace
http://cybox.mitre.org/common-2
Annotations
The HashListType type is used for representing a list of hash values.
<xs:complexType name="HashListType"><xs:annotation><xs:documentation>The HashListType type is used for representing a list of hash values.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Hash" type="cyboxCommon:HashType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Hash field specifies a single calculated hash value.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:HashType
Namespace
http://cybox.mitre.org/common-2
Annotations
The HashType type is intended to characterize hash values.
<xs:complexType name="HashType"><xs:annotation><xs:documentation>The HashType type is intended to characterize hash values.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Type" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0"><xs:annotation><xs:documentation>The Type field utilizes a standardized controlled vocabulary to capture the type of hash used in the Simple_Hash_Value or Fuzzy_Hash_Value elements.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is HashNameVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.</xs:documentation><xs:documentation>Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.</xs:documentation></xs:annotation></xs:element><xs:choice><xs:element name="Simple_Hash_Value" type="cyboxCommon:SimpleHashValueType" minOccurs="0"><xs:annotation><xs:documentation>The Simple_Hash_Value field specifies a single result value of a basic cryptograhic hash function outputting a single hexbinary hash value.</xs:documentation></xs:annotation></xs:element><xs:element name="Fuzzy_Hash_Value" type="cyboxCommon:FuzzyHashValueType" minOccurs="0"><xs:annotation><xs:documentation>The Fuzzy_Hash_Value field specifies a single result value of a cryptograhic fuzzy hash function outputting a single complex string based hash value. (e.g. SSDEEP's Block1hash:Block2hash format).</xs:documentation></xs:annotation></xs:element></xs:choice><xs:element name="Fuzzy_Hash_Structure" type="cyboxCommon:FuzzyHashStructureType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Fuzzy_Hash_Structure field is optional and enables the characterization of the key internal components of a fuzzy hash calculation with a given block size.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:SimpleHashValueType
Namespace
http://cybox.mitre.org/common-2
Annotations
The SimpleHashValueType is used for characterizing the output of basic cryptograhic hash functions outputting a single hexbinary hash value.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="SimpleHashValueType"><xs:annotation><xs:documentation>The SimpleHashValueType is used for characterizing the output of basic cryptograhic hash functions outputting a single hexbinary hash value.</xs:documentation></xs:annotation><xs:complexContent><xs:extension base="cyboxCommon:HexBinaryObjectPropertyType"/></xs:complexContent></xs:complexType>
Complex Type cyboxCommon:HexBinaryObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The HexBinaryObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type HexBinary. This type will be assigned to any property of a CybOX object that should contain content of type HexBinary and enables the use of relevant metadata for the property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="HexBinaryObjectPropertyType"><xs:annotation><xs:documentation>The HexBinaryObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type HexBinary. This type will be assigned to any property of a CybOX object that should contain content of type HexBinary and enables the use of relevant metadata for the property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="hexBinary"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:BaseObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The BaseObjectPropertyType is a type representing a common typing foundation for the specification of a single Object Property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="BaseObjectPropertyType" abstract="true"><xs:annotation><xs:documentation>The BaseObjectPropertyType is a type representing a common typing foundation for the specification of a single Object Property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:extension base="xs:anySimpleType"><xs:attributeGroup ref="cyboxCommon:BaseObjectPropertyGroup"/><xs:attributeGroup ref="cyboxCommon:PatternFieldGroup"/></xs:extension></xs:simpleContent></xs:complexType>
Simple Type cyboxCommon:DatatypeEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
DataTypeEnum is a (non-exhaustive) enumeration of data types.
Diagram
Type
restriction of xs:string
Facets
enumeration
string
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:simpleType name="DatatypeEnum"><xs:annotation><xs:documentation>DataTypeEnum is a (non-exhaustive) enumeration of data types.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="string"><xs:annotation><xs:documentation>Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="int"><xs:annotation><xs:documentation>Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="float"><xs:annotation><xs:documentation>Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="date"><xs:annotation><xs:documentation>Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="positiveInteger"><xs:annotation><xs:documentation>Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="unsignedInt"><xs:annotation><xs:documentation>Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="dateTime"><xs:annotation><xs:documentation>Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="time"><xs:annotation><xs:documentation>Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="boolean"><xs:annotation><xs:documentation>Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="name"><xs:annotation><xs:documentation>Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="long"><xs:annotation><xs:documentation>Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="unsignedLong"><xs:annotation><xs:documentation>Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="duration"><xs:annotation><xs:documentation>Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="double"><xs:annotation><xs:documentation>Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="nonNegativeInteger"><xs:annotation><xs:documentation>Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="hexBinary"><xs:annotation><xs:documentation>Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="anyURI"><xs:annotation><xs:documentation>Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="base64Binary"><xs:annotation><xs:documentation>Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="IPv4 Address"><xs:annotation><xs:documentation>Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="IPv6 Address"><xs:annotation><xs:documentation>Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Host Name"><xs:annotation><xs:documentation>Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="MAC Address"><xs:annotation><xs:documentation>Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Domain Name"><xs:annotation><xs:documentation>Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="URI"><xs:annotation><xs:documentation>Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="TimeZone"><xs:annotation><xs:documentation>Specifies a timezone in UTC notation (UTC+number).</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Octal"><xs:annotation><xs:documentation>Specifies arbitrary octal (base-8) encoded data.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Binary"><xs:annotation><xs:documentation>Specifies arbitrary binary encoded data.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="BinHex"><xs:annotation><xs:documentation>Specifies arbitrary data encoded in the Mac OS-originated BinHex format.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Subnet Mask"><xs:annotation><xs:documentation>Specifies a subnet mask in IPv4 or IPv6 notation.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="UUID/GUID"><xs:annotation><xs:documentation>Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Collection"><xs:annotation><xs:documentation>Specifies data represented as a container of multiple data of a shared elemental type.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="CVE ID"><xs:annotation><xs:documentation>Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="CWE ID"><xs:annotation><xs:documentation>Specifies a CWE ID, expressed as CWE- appended by an integer.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="CAPEC ID"><xs:annotation><xs:documentation>Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="CCE ID"><xs:annotation><xs:documentation>Specifies a CCE ID, expressed as CCE- appended by an integer.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="CPE Name"><xs:annotation><xs:documentation>Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Complex Type cyboxCommon:FuzzyHashValueType
Namespace
http://cybox.mitre.org/common-2
Annotations
The FuzzyHashValueType is used for characterizing the output of cryptograhic fuzzy hash functions outputting a single complex string based hash value.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="FuzzyHashValueType"><xs:annotation><xs:documentation>The FuzzyHashValueType is used for characterizing the output of cryptograhic fuzzy hash functions outputting a single complex string based hash value.</xs:documentation></xs:annotation><xs:complexContent><xs:extension base="cyboxCommon:StringObjectPropertyType"/></xs:complexContent></xs:complexType>
Complex Type cyboxCommon:StringObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The StringObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type String. This type will be assigned to any property of a CybOX object that should contain content of type String and enables the use of relevant metadata for the property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="StringObjectPropertyType"><xs:annotation><xs:documentation>The StringObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type String. This type will be assigned to any property of a CybOX object that should contain content of type String and enables the use of relevant metadata for the property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="string"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:FuzzyHashStructureType
Namespace
http://cybox.mitre.org/common-2
Annotations
The FuzzyHashStructureType is used for characterizing the internal components of a cryptograhic fuzzy hash algorithmic calculation.
<xs:complexType name="FuzzyHashStructureType"><xs:annotation><xs:documentation>The FuzzyHashStructureType is used for characterizing the internal components of a cryptograhic fuzzy hash algorithmic calculation.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Block_Size" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Block_Size field is optional and specifies the calculated block size for this fuzzy hash calculation.</xs:documentation></xs:annotation></xs:element><xs:element name="Block_Hash" type="cyboxCommon:FuzzyHashBlockType" minOccurs="0"><xs:annotation><xs:documentation>The Block_Hash field is optional and enables specification of the elemental components utilized for a fuzzy hash calculation on the hashed object utilizing Block_Size to calculate trigger points.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:IntegerObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The IntegerObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Int. This type will be assigned to any property of a CybOX object that should contain content of type Integer and enables the use of relevant metadata for the property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="IntegerObjectPropertyType"><xs:annotation><xs:documentation>The IntegerObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Int. This type will be assigned to any property of a CybOX object that should contain content of type Integer and enables the use of relevant metadata for the property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="int"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:FuzzyHashBlockType
Namespace
http://cybox.mitre.org/common-2
Annotations
The FuzzyHashBlockType is used for characterizing the internal components of a single block in a cryptograhic fuzzy hash algorithmic calculation.
<xs:complexType name="FuzzyHashBlockType"><xs:annotation><xs:documentation>The FuzzyHashBlockType is used for characterizing the internal components of a single block in a cryptograhic fuzzy hash algorithmic calculation.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Block_Hash_Value" type="cyboxCommon:HashValueType" minOccurs="0"><xs:annotation><xs:documentation>The Block_Hash_Value field is optional and specifies a fuzzy hash calculation result value for this Block.</xs:documentation></xs:annotation></xs:element><xs:element name="Segment_Count" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Segment_Count field is optional and specifies the number of segments identified and utilized within this fuzzy hash calculation.</xs:documentation></xs:annotation></xs:element><xs:element name="Segments" type="cyboxCommon:HashSegmentsType" minOccurs="0"><xs:annotation><xs:documentation>The Segments field is optional and specifies the set of segments identified and utilized within this fuzzy hash calculation.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:HashValueType
Namespace
http://cybox.mitre.org/common-2
Annotations
The HashValueType is used for specifying the resulting value from a hash calculation.
<xs:complexType name="HashValueType"><xs:annotation><xs:documentation>The HashValueType is used for specifying the resulting value from a hash calculation.</xs:documentation></xs:annotation><xs:choice><xs:element name="Simple_Hash_Value" type="cyboxCommon:SimpleHashValueType" minOccurs="0"><xs:annotation><xs:documentation>The Simple_Hash_Value field specifies a single result value of a basic cryptograhic hash function outputting a single hexbinary hash value.</xs:documentation></xs:annotation></xs:element><xs:element name="Fuzzy_Hash_Value" type="cyboxCommon:FuzzyHashValueType" minOccurs="0"><xs:annotation><xs:documentation>The Fuzzy_Hash_Value field specifies a single result value of a cryptograhic fuzzy hash function outputting a single complex string based hash value. (e.g. SSDEEP's Block1hash:Block2hash format).</xs:documentation></xs:annotation></xs:element></xs:choice></xs:complexType>
Complex Type cyboxCommon:HashSegmentsType
Namespace
http://cybox.mitre.org/common-2
Annotations
The HashSegmentsType is used for characterizing the internal components of a set of trigger point-delimited segments in a cryptographic fuzzy hash algorithmic calculation.
<xs:complexType name="HashSegmentsType"><xs:annotation><xs:documentation>The HashSegmentsType is used for characterizing the internal components of a set of trigger point-delimited segments in a cryptographic fuzzy hash algorithmic calculation.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Segment" type="cyboxCommon:HashSegmentType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Segment field is optional and specifies a single segment identified and utilized within this fuzzy hash calculation.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:HashSegmentType
Namespace
http://cybox.mitre.org/common-2
Annotations
The HashSegmentType is used for characterizing the internal components of a single trigger point-delimited segment in a cryptograhic fuzzy hash algorithmic calculation.
<xs:complexType name="HashSegmentType"><xs:annotation><xs:documentation>The HashSegmentType is used for characterizing the internal components of a single trigger point-delimited segment in a cryptograhic fuzzy hash algorithmic calculation.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Trigger_Point" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Trigger_point field is optional and specifies the offset within the hashed object of the trigger point for this segment.</xs:documentation></xs:annotation></xs:element><xs:element name="Segment_Hash" type="cyboxCommon:HashValueType" minOccurs="0"><xs:annotation><xs:documentation>The Segment_Hash field is optional and specifies a calculated hash value for this segment.</xs:documentation></xs:annotation></xs:element><xs:element name="Raw_Segment_Content" type="xs:anyType" minOccurs="0"><xs:annotation><xs:documentation>The Raw_Segment_Content field is optional and contains the raw content of this segment of the hashed object.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:ToolConfigurationType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ToolConfigurationType characterizes the configuration for a tool used as a cyber observation source.
<xs:complexType name="ToolConfigurationType"><xs:annotation><xs:documentation>The ToolConfigurationType characterizes the configuration for a tool used as a cyber observation source.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Configuration_Settings" type="cyboxCommon:ConfigurationSettingsType" minOccurs="0"><xs:annotation><xs:documentation>This field describes the configuration settings of this tool instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Dependencies" type="cyboxCommon:DependenciesType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing the relevant dependencies for this tool.</xs:documentation></xs:annotation></xs:element><xs:element name="Usage_Context_Assumptions" type="cyboxCommon:UsageContextAssumptionsType" minOccurs="0"><xs:annotation><xs:documentation>This field contains descriptions of the various relevant usage context assumptions for this tool .</xs:documentation></xs:annotation></xs:element><xs:element name="Internationalization_Settings" type="cyboxCommon:InternationalizationSettingsType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing relevant internationalization setting for this tool .</xs:documentation></xs:annotation></xs:element><xs:element name="Build_Information" type="cyboxCommon:BuildInformationType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing how this tool was built.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:ConfigurationSettingsType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ConfigurationSettingsType is a modularized data type used to provide a consistent approach to describing configuration settings for a tool, application or other cyber object.
<xs:complexType name="ConfigurationSettingsType"><xs:annotation><xs:documentation>The ConfigurationSettingsType is a modularized data type used to provide a consistent approach to describing configuration settings for a tool, application or other cyber object.</xs:documentation></xs:annotation><xs:sequence minOccurs="0"><xs:element name="Configuration_Setting" type="cyboxCommon:ConfigurationSettingType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field contains a single configuration setting instance.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:ConfigurationSettingType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ConfigurationSettingType is a modularized data type used to provide a consistent approach to describing a particular configuration setting for a tool, application or other cyber object.
<xs:complexType name="ConfigurationSettingType"><xs:annotation><xs:documentation>The ConfigurationSettingType is a modularized data type used to provide a consistent approach to describing a particular configuration setting for a tool, application or other cyber object.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Item_Name" type="xs:string"><xs:annotation><xs:documentation>This field contains the name of the configuration item referenced by this configuration setting instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Item_Value" type="xs:string"><xs:annotation><xs:documentation>This field contains the value of this configuration setting instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Item_Type" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the type of the configuration item referenced in this configuration setting instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Item_Description" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains a description of the configuration item referenced in this configuration setting instance.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:DependenciesType
Namespace
http://cybox.mitre.org/common-2
Annotations
The DependenciesType contains information describing a set of dependencies for this tool.
<xs:complexType name="DependenciesType"><xs:annotation><xs:documentation>The DependenciesType contains information describing a set of dependencies for this tool.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Dependency" type="cyboxCommon:DependencyType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field contains information describing a single dependency for this tool.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:DependencyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The DependencyType contains information describing a single dependency for this tool.
<xs:complexType name="DependencyType"><xs:annotation><xs:documentation>The DependencyType contains information describing a single dependency for this tool.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Dependency_Type" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field describes the type of this dependency instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Dependency_Description" type="cyboxCommon:StructuredTextType"><xs:annotation><xs:documentation>This field contains a description of this dependency instance.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:UsageContextAssumptionsType
Namespace
http://cybox.mitre.org/common-2
Annotations
The UsageContextAssumptionsType contains descriptions of the various relevant usage context assumptions for this tool.
<xs:complexType name="UsageContextAssumptionsType"><xs:annotation><xs:documentation>The UsageContextAssumptionsType contains descriptions of the various relevant usage context assumptions for this tool.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Usage_Context_Assumption" type="cyboxCommon:StructuredTextType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field contains a single usage context assumption for this tool.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:InternationalizationSettingsType
Namespace
http://cybox.mitre.org/common-2
Annotations
The InternationalizationSettingsType contains information describing relevant internationalization setting for this tool.
<xs:complexType name="InternationalizationSettingsType"><xs:annotation><xs:documentation>The InternationalizationSettingsType contains information describing relevant internationalization setting for this tool.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Internal_Strings" type="cyboxCommon:InternalStringsType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field contains a single internal string instance for this internationalization setting instance.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:InternalStringsType
Namespace
http://cybox.mitre.org/common-2
Annotations
The InternalStringsType contains a single internal string instance for this internationalization setting instance.
<xs:complexType name="InternalStringsType"><xs:annotation><xs:documentation>The InternalStringsType contains a single internal string instance for this internationalization setting instance.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Key" type="xs:string"><xs:annotation><xs:documentation>This field contains the actual key of this internal string instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Content" type="xs:string"><xs:annotation><xs:documentation>This field contains the actual content of this internal string instance.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:BuildInformationType
Namespace
http://cybox.mitre.org/common-2
Annotations
The BuildInformationType contains information describing how this tool was built.
<xs:complexType name="BuildInformationType"><xs:annotation><xs:documentation>The BuildInformationType contains information describing how this tool was built.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Build_ID" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains an externally defined unique identifier of this build of this application instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Build_Project" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the project name of this build of this application instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Build_Utility" type="cyboxCommon:BuildUtilityType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information identifying the utility used to build this application.</xs:documentation></xs:annotation></xs:element><xs:element name="Build_Version" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the appropriate version descriptor of this build of this application instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Build_Label" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains any relevant label for this build of this application instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Compilers" type="cyboxCommon:CompilersType" minOccurs="0"><xs:annotation><xs:documentation>This field describes the compilers utilized during this build of this application.</xs:documentation></xs:annotation></xs:element><xs:element name="Compilation_Date" type="cyboxCommon:DateTimeWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>This field identifies the compilation date for the build of the tool. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element><xs:element name="Build_Configuration" type="cyboxCommon:BuildConfigurationType" minOccurs="0"><xs:annotation><xs:documentation>This field describes how the build utility was configured for this build of this application.</xs:documentation></xs:annotation></xs:element><xs:element name="Build_Script" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the actual build script for this build of this application instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Libraries" type="cyboxCommon:LibrariesType" minOccurs="0"><xs:annotation><xs:documentation>This field identifies the libraries incorporated into the build of the tool.</xs:documentation></xs:annotation></xs:element><xs:element name="Build_Output_Log" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains a capture of the output log of the build process.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:BuildUtilityType
Namespace
http://cybox.mitre.org/common-2
Annotations
The BuildUtilityType contains information identifying the utility used to build this application.
<xs:complexType name="BuildUtilityType"><xs:annotation><xs:documentation>The BuildUtilityType contains information identifying the utility used to build this application.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Build_Utility_Name" type="xs:string"><xs:annotation><xs:documentation>This field contains the informally defined name of the utility used to build this application instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Build_Utility_Platform_Specification" type="cyboxCommon:PlatformSpecificationType"><xs:annotation><xs:documentation>This field identifies the build utility used to build this application.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:PlatformSpecificationType
Namespace
http://cybox.mitre.org/common-2
Annotations
PlatformSpecificationType is a modularized data type intended for providing a consistent approach to uniquely specifying the identity of a specific platform.
In addition to capturing basic information, this type is intended to be extended to enable the structured description of a platform instance using the XML Schema extension feature. The CybOX default extension uses the Common Platform Enumeration (CPE) Applicability Language schema to do so. The extension that defines this is captured in the CPE23PlatformSpecificationType in the http://cybox.mitre.org/extensions/platform#CPE2.3-1 namespace. This type is defined in the extensions/platform/cpe2.3.xsd file.
<xs:complexType name="PlatformSpecificationType"><xs:annotation><xs:documentation>PlatformSpecificationType is a modularized data type intended for providing a consistent approach to uniquely specifying the identity of a specific platform.</xs:documentation><xs:documentation>In addition to capturing basic information, this type is intended to be extended to enable the structured description of a platform instance using the XML Schema extension feature. The CybOX default extension uses the Common Platform Enumeration (CPE) Applicability Language schema to do so. The extension that defines this is captured in the CPE23PlatformSpecificationType in the http://cybox.mitre.org/extensions/platform#CPE2.3-1 namespace. This type is defined in the extensions/platform/cpe2.3.xsd file.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Description" type="cyboxCommon:StructuredTextType" minOccurs="0"><xs:annotation><xs:documentation>A prose description of the indicated platform.</xs:documentation></xs:annotation></xs:element><xs:element name="Identifier" type="cyboxCommon:PlatformIdentifierType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>Indicates a pre-defined name for the given platform using some naming scheme. For example, one could provide a CPE (Common Platform Enumeration) name using the CPE naming format.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:PlatformIdentifierType
Namespace
http://cybox.mitre.org/common-2
Annotations
Used to specify a name for a platform using a particular naming system and also allowing a reference pointing to more information about that naming scheme. For example, one could provide a CPE (Common Platform Enumeration) name using the CPE naming format. In this case, the system value could be "CPE" while the system_ref value could be "http://scap.nist.gov/specifications/cpe/".
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="PlatformIdentifierType"><xs:annotation><xs:documentation>Used to specify a name for a platform using a particular naming system and also allowing a reference pointing to more information about that naming scheme. For example, one could provide a CPE (Common Platform Enumeration) name using the CPE naming format. In this case, the system value could be "CPE" while the system_ref value could be "http://scap.nist.gov/specifications/cpe/".</xs:documentation></xs:annotation><xs:simpleContent><xs:extension base="cyboxCommon:StringObjectPropertyType"><xs:attribute name="system" type="xs:string"><xs:annotation><xs:documentation>Indicates the naming system from which the indicated name was drawn.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="system-ref" type="xs:anyURI"><xs:annotation><xs:documentation>A reference to information about the naming system from which the indicated name was drawn.</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:CompilersType
Namespace
http://cybox.mitre.org/common-2
Annotations
The CompilersType describes the compilers utilized during this build of this application.
<xs:complexType name="CompilersType"><xs:annotation><xs:documentation>The CompilersType describes the compilers utilized during this build of this application.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Compiler" type="cyboxCommon:CompilerType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field describes a single compiler utilized during this build of this application.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:CompilerType
Namespace
http://cybox.mitre.org/common-2
Annotations
The CompilerType describes a single compiler utilized during this build of this application.
<xs:complexType name="CompilerType"><xs:annotation><xs:documentation>The CompilerType describes a single compiler utilized during this build of this application.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Compiler_Informal_Description" type="cyboxCommon:CompilerInformalDescriptionType" minOccurs="0"><xs:annotation><xs:documentation>This field contains the informal description of this compiler instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Compiler_Platform_Specification" type="cyboxCommon:PlatformSpecificationType" minOccurs="0"><xs:annotation><xs:documentation>This field identifies this compiler instance.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:CompilerInformalDescriptionType
Namespace
http://cybox.mitre.org/common-2
Annotations
The CompilerInformalDescriptionType contains the informal description of this compiler instance.
<xs:complexType name="CompilerInformalDescriptionType"><xs:annotation><xs:documentation>The CompilerInformalDescriptionType contains the informal description of this compiler instance.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Compiler_Name" type="xs:string"><xs:annotation><xs:documentation>This field contains the name of the compiler.</xs:documentation></xs:annotation></xs:element><xs:element name="Compiler_Version" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the version of the compiler.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:BuildConfigurationType
Namespace
http://cybox.mitre.org/common-2
Annotations
The BuildConfigurationType describes how the build utility was configured for this build of this application.
<xs:complexType name="BuildConfigurationType"><xs:annotation><xs:documentation>The BuildConfigurationType describes how the build utility was configured for this build of this application.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Configuration_Setting_Description" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field contains the description of the configuration settings for this build of this application instance.</xs:documentation></xs:annotation></xs:element><xs:element name="Configuration_Settings" type="cyboxCommon:ConfigurationSettingsType"><xs:annotation><xs:documentation>This field contains the configuration settings for this build of this application instance.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:LibrariesType
Namespace
http://cybox.mitre.org/common-2
Annotations
The LibrariesType identifies the libraries incorporated into the build of the tool.
<xs:complexType name="LibrariesType"><xs:annotation><xs:documentation>The LibrariesType identifies the libraries incorporated into the build of the tool.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Library" type="cyboxCommon:LibraryType" minOccurs="0"><xs:annotation><xs:documentation>This field identifies a library incorporated into the build of the tool.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:LibraryType
Namespace
http://cybox.mitre.org/common-2
Annotations
The LibraryType identifies a single library incorporated into the build of the tool.
<xs:complexType name="LibraryType"><xs:annotation><xs:documentation>The LibraryType identifies a single library incorporated into the build of the tool.</xs:documentation></xs:annotation><xs:attribute name="name" type="xs:string"><xs:annotation><xs:documentation>This field identifies the name of the library.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="version" type="xs:string"><xs:annotation><xs:documentation>This field identifies the version of the library.</xs:documentation></xs:annotation></xs:attribute></xs:complexType>
Complex Type cyboxCommon:ExecutionEnvironmentType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ExecutionEnvironmentType contains information describing the execution environment of the tool.
<xs:complexType name="ExecutionEnvironmentType"><xs:annotation><xs:documentation>The ExecutionEnvironmentType contains information describing the execution environment of the tool.</xs:documentation></xs:annotation><xs:sequence><xs:element name="System" type="cyboxCommon:ObjectPropertiesType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing the system on which the tool was executed. System should be of type SystemObj:SystemObjectType.</xs:documentation></xs:annotation></xs:element><xs:element name="User_Account_Info" type="cyboxCommon:ObjectPropertiesType" minOccurs="0"><xs:annotation><xs:documentation>This field contains information describing the user account that executed the tool. User_Account_Info should be of type UserAccountObj:UserAccountObjectType.</xs:documentation></xs:annotation></xs:element><xs:element name="Command_Line" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field specifies the command line string used to run the tool.</xs:documentation></xs:annotation></xs:element><xs:element name="Start_Time" type="cyboxCommon:DateTimeWithPrecisionType" minOccurs="0"><xs:annotation><xs:documentation>This field specifies when the tool was run. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:ObjectPropertiesType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ObjectPropertiesType is an Abstract type placeholder within the CybOX schema enabling the inclusion of contextually varying object properties descriptions. This Abstract type is leveraged as the extension base for all predefined CybOX object properties schemas. Through this extension mechanism any object instance data based on an object properties schema extended from ObjectPropertiesType (e.g. File_Object, Address_Object, etc.) can be directly integrated into any instance document where a field is defined as ObjectPropertiesType. For flexibility and extensibility purposes any user of CybOX can specify their own externally defined object properties schemas (outside of or derived from the set of predefined objects) extended from ObjectPropertiesType and utilize them as part of their CybOX content.
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
<xs:complexType name="ObjectPropertiesType" abstract="true"><xs:annotation><xs:documentation>The ObjectPropertiesType is an Abstract type placeholder within the CybOX schema enabling the inclusion of contextually varying object properties descriptions. This Abstract type is leveraged as the extension base for all predefined CybOX object properties schemas. Through this extension mechanism any object instance data based on an object properties schema extended from ObjectPropertiesType (e.g. File_Object, Address_Object, etc.) can be directly integrated into any instance document where a field is defined as ObjectPropertiesType. For flexibility and extensibility purposes any user of CybOX can specify their own externally defined object properties schemas (outside of or derived from the set of predefined objects) extended from ObjectPropertiesType and utilize them as part of their CybOX content.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Custom_Properties" type="cyboxCommon:CustomPropertiesType" minOccurs="0"><xs:annotation><xs:documentation>The Custom_Properties construct is optional and enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.</xs:documentation></xs:annotation></xs:element></xs:sequence><xs:attribute name="object_reference" type="xs:QName"><xs:annotation><xs:documentation>The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.</xs:documentation></xs:annotation></xs:attribute></xs:complexType>
Complex Type cyboxCommon:CustomPropertiesType
Namespace
http://cybox.mitre.org/common-2
Annotations
The CustomPropertiesType enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.
<xs:complexType name="CustomPropertiesType"><xs:annotation><xs:documentation>The CustomPropertiesType enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Property" type="cyboxCommon:PropertyType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Property construct enables the specification of a single Object Property.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:PropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The PropertyType is a type representing the specification of a single Object Property.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="PropertyType"><xs:annotation><xs:documentation>The PropertyType is a type representing the specification of a single Object Property.</xs:documentation></xs:annotation><xs:simpleContent><xs:extension base="cyboxCommon:BaseObjectPropertyType"><xs:attribute name="name" type="xs:string"><xs:annotation><xs:documentation>The name field specifies a name for this property.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="description" type="xs:string"><xs:annotation><xs:documentation>A description of what this property represents.</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:ErrorsType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ErrorsType captures any errors generated during the run of the tool.
<xs:complexType name="ErrorsType"><xs:annotation><xs:documentation>The ErrorsType captures any errors generated during the run of the tool.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Error" type="cyboxCommon:ErrorType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field captures a single type of error generated during the run of the tool.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:ErrorType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ErrorType captures a single error generated during the run of the tool.
<xs:complexType name="ErrorType"><xs:annotation><xs:documentation>The ErrorType captures a single error generated during the run of the tool.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Error_Type" type="xs:string"><xs:annotation><xs:documentation>This field specifies the type for this tool run error.</xs:documentation></xs:annotation></xs:element><xs:element name="Error_Count" type="xs:integer" minOccurs="0"><xs:annotation><xs:documentation>This field specifies the count of instances for this error in the tool run.</xs:documentation></xs:annotation></xs:element><xs:element name="Error_Instances" type="cyboxCommon:ErrorInstancesType" minOccurs="0"><xs:annotation><xs:documentation>This field captures the actual error output for each instance of this type of error.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:ErrorInstancesType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ErrorInstancesType captures the actual error output for each instance of this type of error.
<xs:complexType name="ErrorInstancesType"><xs:annotation><xs:documentation>The ErrorInstancesType captures the actual error output for each instance of this type of error.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Error_Instance" type="xs:string" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field captures the actual error output for a single instance of this type of error.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:MetadataType
Namespace
http://cybox.mitre.org/common-2
Annotations
The MetadataType is intended as mechanism to capture any non-context-specific metadata.
This field specifies the type of name of a single metadata field.
Source
<xs:complexType name="MetadataType"><xs:annotation><xs:documentation>The MetadataType is intended as mechanism to capture any non-context-specific metadata.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Value" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>This field specifies the value of name of a single metadata field.</xs:documentation></xs:annotation></xs:element><xs:element name="SubDatum" type="cyboxCommon:MetadataType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field uses recursion of the MetadataType specify subdatum structures for this metadata field.</xs:documentation></xs:annotation></xs:element></xs:sequence><xs:attribute name="type" type="xs:string"><xs:annotation><xs:documentation>This field specifies the type of name of a single metadata field.</xs:documentation></xs:annotation></xs:attribute></xs:complexType>
Complex Type cyboxCommon:CompensationModelType
Namespace
http://cybox.mitre.org/common-2
Annotations
The CompensationModelType characterizes the compensation model for a tool.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="CompensationModelType"><xs:annotation><xs:documentation>The CompensationModelType characterizes the compensation model for a tool.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="cyboxCommon:CompensationModelEnum xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string"><xs:annotation><xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Simple Type cyboxCommon:SourceClassTypeEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
The SourceClassTypeEnum is a (non-exhaustive) enumeration of cyber observation source classes.
<xs:simpleType name="SourceClassTypeEnum"><xs:annotation><xs:documentation>The SourceClassTypeEnum is a (non-exhaustive) enumeration of cyber observation source classes.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="Network"><xs:annotation><xs:documentation>Describes a Network-based cyber observation.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="System"><xs:annotation><xs:documentation>Describes a System-based cyber observation.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Software"><xs:annotation><xs:documentation>Describes a Software-based cyber observation.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Simple Type cyboxCommon:SourceTypeEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
The SourceTypeEnum is a (non-exhaustive) enumeration of cyber observation source types.
Diagram
Type
restriction of xs:string
Facets
enumeration
Tool
Describes a cyber observation made using various tools, such as scanners, firewalls, gateways, protection systems, and detection systems. See ToolTypeEnum for a more complete list of tools that CybOX supports.
enumeration
Analysis
Describes a cyber observation made from analysis methods, such as Static and Dynamic methods. See AnalysisMethodTypeEnum for a more complete list of methods that CybOX supports.
enumeration
Information Source
Describes a cyber observation made using other information sources, such as logs, Device Driver APIs, and TPM output data. See InformationSourceTypeEnum for a more complete list of information sources that CybOX supports.
<xs:simpleType name="SourceTypeEnum"><xs:annotation><xs:documentation>The SourceTypeEnum is a (non-exhaustive) enumeration of cyber observation source types.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="Tool"><xs:annotation><xs:documentation>Describes a cyber observation made using various tools, such as scanners, firewalls, gateways, protection systems, and detection systems. See ToolTypeEnum for a more complete list of tools that CybOX supports.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Analysis"><xs:annotation><xs:documentation>Describes a cyber observation made from analysis methods, such as Static and Dynamic methods. See AnalysisMethodTypeEnum for a more complete list of methods that CybOX supports.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Information Source"><xs:annotation><xs:documentation>Describes a cyber observation made using other information sources, such as logs, Device Driver APIs, and TPM output data. See InformationSourceTypeEnum for a more complete list of information sources that CybOX supports.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Complex Type cyboxCommon:DataSegmentType
Namespace
http://cybox.mitre.org/common-2
Annotations
The DataSegmentType is intended to provide a relatively abstract way of characterizing data segments that may be written/read/transmitted or otherwise utilized in actions or behaviors.
The id field specifies a unique id for this data segment.
Source
<xs:complexType name="DataSegmentType"><xs:annotation><xs:documentation>The DataSegmentType is intended to provide a relatively abstract way of characterizing data segments that may be written/read/transmitted or otherwise utilized in actions or behaviors.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Data_Format" type="cyboxCommon:DataFormatEnum" minOccurs="0"><xs:annotation><xs:documentation>The Data_Format field refers to the type of data contained in the Data_Segment element.</xs:documentation></xs:annotation></xs:element><xs:element name="Data_Size" type="cyboxCommon:DataSizeType" minOccurs="0"><xs:annotation><xs:documentation>The Data_Size field contains the size of the data contained in this element.</xs:documentation></xs:annotation></xs:element><xs:element name="Byte_Order" type="cyboxCommon:EndiannessType" minOccurs="0"><xs:annotation><xs:documentation>The Byte_Order field specifies the endianness of the unpacked (e.g., decoded, unencrypted, etc.) data stored within the Data_Segment field.</xs:documentation></xs:annotation></xs:element><xs:element name="Data_Segment" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Data_Segment field contains the actual segment of data being characterized.</xs:documentation></xs:annotation></xs:element><xs:element name="Offset" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Offset field allows for the specification of where to start searching for the specified data segment in an object, in bytes.</xs:documentation></xs:annotation></xs:element><xs:element name="Search_Distance" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Search_Distance field specifies how far into an object should be ignored, in bytes, before starting to search for the specified data segment relative to the end of the previous data segment.</xs:documentation></xs:annotation></xs:element><xs:element name="Search_Within" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Search_Within field specifies that at most N bytes are between data segments in related objects.</xs:documentation></xs:annotation></xs:element></xs:sequence><xs:attribute name="id" type="xs:QName"><xs:annotation><xs:documentation>The id field specifies a unique id for this data segment.</xs:documentation></xs:annotation></xs:attribute></xs:complexType>
Simple Type cyboxCommon:DataFormatEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
The DataFormatEnum is a (non-exhaustive) enumeration of data formats.
Diagram
Type
restriction of xs:string
Facets
enumeration
Binary
Specifies binary data.
enumeration
Hexadecimal
Specifies hexadecimal data.
enumeration
Text
Specifies text.
enumeration
Other
Specifies any other type of data from the ones listed.
<xs:simpleType name="DataFormatEnum"><xs:annotation><xs:documentation>The DataFormatEnum is a (non-exhaustive) enumeration of data formats.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="Binary"><xs:annotation><xs:documentation>Specifies binary data.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Hexadecimal"><xs:annotation><xs:documentation>Specifies hexadecimal data.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Text"><xs:annotation><xs:documentation>Specifies text.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Other"><xs:annotation><xs:documentation>Specifies any other type of data from the ones listed.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Complex Type cyboxCommon:DataSizeType
Namespace
http://cybox.mitre.org/common-2
Annotations
The DataSizeType specifies the size of the data segment.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
This field represents the Units used in the object size element.
Source
<xs:complexType name="DataSizeType"><xs:annotation><xs:documentation>The DataSizeType specifies the size of the data segment.</xs:documentation></xs:annotation><xs:simpleContent><xs:extension base="cyboxCommon:StringObjectPropertyType"><xs:attribute name="units" type="cyboxCommon:DataSizeUnitsEnum" use="required"><xs:annotation><xs:documentation>This field represents the Units used in the object size element.</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:simpleContent></xs:complexType>
Simple Type cyboxCommon:DataSizeUnitsEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
The DataSizeUnitsEnum is a (non-exhaustive) enumeration of data size units.
<xs:simpleType name="DataSizeUnitsEnum"><xs:annotation><xs:documentation>The DataSizeUnitsEnum is a (non-exhaustive) enumeration of data size units.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="Bytes"><xs:annotation><xs:documentation>Specifies an object size in Bytes.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Kilobytes"><xs:annotation><xs:documentation>Specifies an object size in Kilobytes.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Megabytes"><xs:annotation><xs:documentation>Specifies an object size in Megabytes.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Complex Type cyboxCommon:EndiannessType
Namespace
http://cybox.mitre.org/common-2
Annotations
The EndiannessType specifies names for byte ordering methods.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="EndiannessType"><xs:annotation><xs:documentation>The EndiannessType specifies names for byte ordering methods.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="cyboxCommon:EndiannessTypeEnum xs:string"/></xs:simpleType><xs:attribute fixed="string" name="datatype" type="cyboxCommon:DatatypeEnum" use="optional"><xs:annotation><xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Simple Type cyboxCommon:CompensationModelEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
The CompensationModelEnum is a (non-exhaustive) enumeration of compensation models for tools.
Diagram
Type
restriction of xs:string
Facets
enumeration
Freeware
Specifies that the tool is available for use at no monetary cost as the compensation model.
enumeration
Shareware
Specifies that the tool is proprietary and offers a limited use license as the compensation model.
enumeration
Commercial
Specifies that the tool is produced for sale or serves commercial purposes as the compensation model.
enumeration
Adware
Specifies that the tool uses automatically rendered advertisements as the compensation model.
Source
<xs:simpleType name="CompensationModelEnum"><xs:annotation><xs:documentation>The CompensationModelEnum is a (non-exhaustive) enumeration of compensation models for tools.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="Freeware"><xs:annotation><xs:documentation>Specifies that the tool is available for use at no monetary cost as the compensation model.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Shareware"><xs:annotation><xs:documentation>Specifies that the tool is proprietary and offers a limited use license as the compensation model.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Commercial"><xs:annotation><xs:documentation>Specifies that the tool is produced for sale or serves commercial purposes as the compensation model.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Adware"><xs:annotation><xs:documentation>Specifies that the tool uses automatically rendered advertisements as the compensation model.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Complex Type cyboxCommon:NameObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The NameObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Name. This type will be assigned to any property of a CybOX object that should contain content of type Name and enables the use of relevant metadata for the property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="NameObjectPropertyType"><xs:annotation><xs:documentation>The NameObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Name. This type will be assigned to any property of a CybOX object that should contain content of type Name and enables the use of relevant metadata for the property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="name"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:DateObjectPropertyRestrictionType
Namespace
http://cybox.mitre.org/common-2
Annotations
This type is an intermediate type to allow for the addition of the precision attribute to DateObjectPropertyType. It should not be used directly.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="DateObjectPropertyRestrictionType"><xs:annotation><xs:documentation>This type is an intermediate type to allow for the addition of the precision attribute to DateObjectPropertyType. It should not be used directly.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="date"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:DateObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The DateObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Date. This type will be assigned to any property of a CybOX object that should contain content of type Date and enables the use of relevant metadata for the property. In order to avoid ambiguity, it is strongly suggested that any date representation in this field include a timezone if it is known. As with the rest of the field, this should be formatted per the xs:date specification.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
For fields of this type using CybOX patterning, it is strongly suggested that the condition (pattern type) is limited to one of Equals, DoesNotEqual, GreaterThan, LessThan, GreaterThanOrEqual, LessThanOrEqual, ExclusiveBetween, or InclusiveBetween. The use of other conditions may lead to ambiguity or unexpected results. When evaluating data against a pattern, the evaluator should take into account the precision of the field (as given by the precision attribute) and any timezone information that is available to perform a data-aware comparison. The usage of simple string comparisons is discouraged due to ambiguities in how precision and timezone information is processed.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
The precision of the associated time. If omitted, the default is "day", meaning the full field value. Digits in the date that are required by the xs:date datatype but are beyond the specified precision should be zeroed out.
When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="DateObjectPropertyType"><xs:annotation><xs:documentation>The DateObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Date. This type will be assigned to any property of a CybOX object that should contain content of type Date and enables the use of relevant metadata for the property. In order to avoid ambiguity, it is strongly suggested that any date representation in this field include a timezone if it is known. As with the rest of the field, this should be formatted per the xs:date specification.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation><xs:documentation>For fields of this type using CybOX patterning, it is strongly suggested that the condition (pattern type) is limited to one of Equals, DoesNotEqual, GreaterThan, LessThan, GreaterThanOrEqual, LessThanOrEqual, ExclusiveBetween, or InclusiveBetween. The use of other conditions may lead to ambiguity or unexpected results. When evaluating data against a pattern, the evaluator should take into account the precision of the field (as given by the precision attribute) and any timezone information that is available to perform a data-aware comparison. The usage of simple string comparisons is discouraged due to ambiguities in how precision and timezone information is processed.</xs:documentation></xs:annotation><xs:simpleContent><xs:extension base="cyboxCommon:DateObjectPropertyRestrictionType"><xs:attribute name="precision" type="cyboxCommon:DatePrecisionEnum" default="day"><xs:annotation><xs:documentation>The precision of the associated time. If omitted, the default is "day", meaning the full field value. Digits in the date that are required by the xs:date datatype but are beyond the specified precision should be zeroed out.</xs:documentation><xs:documentation>When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:DateTimeObjectPropertyRestrictionType
Namespace
http://cybox.mitre.org/common-2
Annotations
This type is an intermediate type to allow for the addition of the precision attribute to DateTimeObjectPropertyType. It should not be used directly.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="DateTimeObjectPropertyRestrictionType" abstract="true"><xs:annotation><xs:documentation>This type is an intermediate type to allow for the addition of the precision attribute to DateTimeObjectPropertyType. It should not be used directly.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="dateTime"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:DateTimeObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The DateTimeObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type DateTime. This type will be assigned to any property of a CybOX object that should contain content of type DateTime and enables the use of relevant metadata for the property. In order to avoid ambiguity, it is strongly suggested that any dateTime representation in this field include a timezone. As with the rest of the field, this should be formatted per the xs:dateTime specification.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
For fields of this type using CybOX patterning, it is strongly suggested that the condition (pattern type) is limited to one of Equals, DoesNotEqual, GreaterThan, LessThan, GreaterThanOrEqual, LessThanOrEqual, ExclusiveBetween, or InclusiveBetween. The use of other conditions may lead to ambiguity or unexpected results. When evaluating data against a pattern, the evaluator should take into account the precision of the field (as given by the precision attribute) and any timezone information that is available to perform a data-aware comparison. The usage of simple string comparisons is discouraged due to ambiguities in how precision and timezone information is processed.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.
When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="DateTimeObjectPropertyType"><xs:annotation><xs:documentation>The DateTimeObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type DateTime. This type will be assigned to any property of a CybOX object that should contain content of type DateTime and enables the use of relevant metadata for the property. In order to avoid ambiguity, it is strongly suggested that any dateTime representation in this field include a timezone. As with the rest of the field, this should be formatted per the xs:dateTime specification.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation><xs:documentation>For fields of this type using CybOX patterning, it is strongly suggested that the condition (pattern type) is limited to one of Equals, DoesNotEqual, GreaterThan, LessThan, GreaterThanOrEqual, LessThanOrEqual, ExclusiveBetween, or InclusiveBetween. The use of other conditions may lead to ambiguity or unexpected results. When evaluating data against a pattern, the evaluator should take into account the precision of the field (as given by the precision attribute) and any timezone information that is available to perform a data-aware comparison. The usage of simple string comparisons is discouraged due to ambiguities in how precision and timezone information is processed.</xs:documentation></xs:annotation><xs:simpleContent><xs:extension base="cyboxCommon:DateTimeObjectPropertyRestrictionType"><xs:attribute name="precision" type="cyboxCommon:DateTimePrecisionEnum" default="second"><xs:annotation><xs:documentation>The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.</xs:documentation><xs:documentation>When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:FloatObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The FloatObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Float. This type will be assigned to any property of a CybOX object that should contain content of type Float and enables the use of relevant metadata for the property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="FloatObjectPropertyType"><xs:annotation><xs:documentation>The FloatObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Float. This type will be assigned to any property of a CybOX object that should contain content of type Float and enables the use of relevant metadata for the property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="float"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:DoubleObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The DoubleObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Double. This type will be assigned to any property of a CybOX object that should contain content of type Double and enables the use of relevant metadata for the property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="DoubleObjectPropertyType"><xs:annotation><xs:documentation>The DoubleObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Double. This type will be assigned to any property of a CybOX object that should contain content of type Double and enables the use of relevant metadata for the property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="double"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:UnsignedLongObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The UnsignedLongObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type UnsignedLong. This type will be assigned to any property of a CybOX object that should contain content of type UnsignedLong and enables the use of relevant metadata for the property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="UnsignedLongObjectPropertyType"><xs:annotation><xs:documentation>The UnsignedLongObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type UnsignedLong. This type will be assigned to any property of a CybOX object that should contain content of type UnsignedLong and enables the use of relevant metadata for the property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="unsignedLong"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:UnsignedIntegerObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The UnsignedIntegerObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type UnsignedInt. This type will be assigned to any property of a CybOX object that should contain content of type UnsignedInteger and enables the use of relevant metadata for the property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="UnsignedIntegerObjectPropertyType"><xs:annotation><xs:documentation>The UnsignedIntegerObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type UnsignedInt. This type will be assigned to any property of a CybOX object that should contain content of type UnsignedInteger and enables the use of relevant metadata for the property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="unsignedInt"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:PositiveIntegerObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The PositiveIntegerObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type PositveInteger. This type will be assigned to any property of a CybOX object that should contain content of type PositiveInteger and enables the use of relevant metadata for the property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="PositiveIntegerObjectPropertyType"><xs:annotation><xs:documentation>The PositiveIntegerObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type PositveInteger. This type will be assigned to any property of a CybOX object that should contain content of type PositiveInteger and enables the use of relevant metadata for the property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="positiveInteger"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:LongObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The LongObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Long. This type will be assigned to any property of a CybOX object that should contain content of type Long and enables the use of relevant metadata for the property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="LongObjectPropertyType"><xs:annotation><xs:documentation>The LongObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Long. This type will be assigned to any property of a CybOX object that should contain content of type Long and enables the use of relevant metadata for the property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="long"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:NonNegativeIntegerObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The NonNegativeIntegerObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type nonNegativeInteger. This type will be assigned to any property of a CybOX object that should contain content of type NonNegativeInteger and enables the use of relevant metadata for the property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="NonNegativeIntegerObjectPropertyType"><xs:annotation><xs:documentation>The NonNegativeIntegerObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type nonNegativeInteger. This type will be assigned to any property of a CybOX object that should contain content of type NonNegativeInteger and enables the use of relevant metadata for the property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="nonNegativeInteger"><xs:annotation><xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:AnyURIObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The AnyURIObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type anyURI. This type will be assigned to any property of a CybOX object that should contain content of type AnyURI and enables the use of relevant metadata for the property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="AnyURIObjectPropertyType"><xs:annotation><xs:documentation>The AnyURIObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type anyURI. This type will be assigned to any property of a CybOX object that should contain content of type AnyURI and enables the use of relevant metadata for the property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="anyURI"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:DurationObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The DurationObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type duration. This type will be assigned to any property of a CybOX object that should contain content of type Duration and enables the use of relevant metadata for the property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="DurationObjectPropertyType"><xs:annotation><xs:documentation>The DurationObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type duration. This type will be assigned to any property of a CybOX object that should contain content of type Duration and enables the use of relevant metadata for the property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="duration"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:TimeObjectPropertyRestrictionType
Namespace
http://cybox.mitre.org/common-2
Annotations
This type is an intermediate type to allow for the addition of the precision attribute to TimeObjectPropertyType. It should not be used directly.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="TimeObjectPropertyRestrictionType" abstract="true"><xs:annotation><xs:documentation>This type is an intermediate type to allow for the addition of the precision attribute to TimeObjectPropertyType. It should not be used directly.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="time"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:TimeObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The TimeObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type time. This type will be assigned to any property of a CybOX object that should contain content of type Time and enables the use of relevant metadata for the property. In order to avoid ambiguity, it is strongly suggested that any time representation in this field include a specification of the timezone if it is known. As with the rest of the field, this should be formatted per the xs:time specification.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
For fields of this type using CybOX patterning, it is strongly suggested that the condition (pattern type) is limited to one of Equals, DoesNotEqual, GreaterThan, LessThan, GreaterThanOrEqual, LessThanOrEqual, ExclusiveBetween, or InclusiveBetween. The use of other conditions may lead to ambiguity or unexpected results. When evaluating data against a pattern, the evaluator should take into account the precision of the field (as given by the precision attribute) and any timezone information that is available to perform a data-aware comparison. The usage of simple string comparisons is discouraged due to ambiguities in how precision and timezone information is processed.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the time that are required by the xs:time datatype but are beyond the specified precision should be zeroed out.
When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="TimeObjectPropertyType"><xs:annotation><xs:documentation>The TimeObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type time. This type will be assigned to any property of a CybOX object that should contain content of type Time and enables the use of relevant metadata for the property. In order to avoid ambiguity, it is strongly suggested that any time representation in this field include a specification of the timezone if it is known. As with the rest of the field, this should be formatted per the xs:time specification.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation><xs:documentation>For fields of this type using CybOX patterning, it is strongly suggested that the condition (pattern type) is limited to one of Equals, DoesNotEqual, GreaterThan, LessThan, GreaterThanOrEqual, LessThanOrEqual, ExclusiveBetween, or InclusiveBetween. The use of other conditions may lead to ambiguity or unexpected results. When evaluating data against a pattern, the evaluator should take into account the precision of the field (as given by the precision attribute) and any timezone information that is available to perform a data-aware comparison. The usage of simple string comparisons is discouraged due to ambiguities in how precision and timezone information is processed.</xs:documentation></xs:annotation><xs:simpleContent><xs:extension base="cyboxCommon:TimeObjectPropertyRestrictionType"><xs:attribute name="precision" type="cyboxCommon:TimePrecisionEnum" default="second"><xs:annotation><xs:documentation>The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the time that are required by the xs:time datatype but are beyond the specified precision should be zeroed out.</xs:documentation><xs:documentation>When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:simpleContent></xs:complexType>
Simple Type cyboxCommon:TimePrecisionEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
Possible values for representing time precision.
Diagram
Type
restriction of xs:string
Facets
enumeration
hour
Time is precise to the given hour.
enumeration
minute
Time is precise to the given minute.
enumeration
second
Time is precise to the given second (including fractional seconds).
<xs:simpleType name="TimePrecisionEnum"><xs:annotation><xs:documentation>Possible values for representing time precision.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="hour"><xs:annotation><xs:documentation>Time is precise to the given hour.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="minute"><xs:annotation><xs:documentation>Time is precise to the given minute.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="second"><xs:annotation><xs:documentation>Time is precise to the given second (including fractional seconds).</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Complex Type cyboxCommon:Base64BinaryObjectPropertyType
Namespace
http://cybox.mitre.org/common-2
Annotations
The Base64BinaryObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type base64Binary. This type will be assigned to any property of a CybOX object that should contain content of type Base64Binary and enables the use of relevant metadata for the property.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="Base64BinaryObjectPropertyType"><xs:annotation><xs:documentation>The Base64BinaryObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type base64Binary. This type will be assigned to any property of a CybOX object that should contain content of type Base64Binary and enables the use of relevant metadata for the property.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="base64Binary"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Complex Type cyboxCommon:ExtractedFeaturesType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ExtractedFeaturesType is a type representing a description of features extracted from an object such as a file.
<xs:complexType name="ExtractedFeaturesType"><xs:annotation><xs:documentation>The ExtractedFeaturesType is a type representing a description of features extracted from an object such as a file.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Strings" type="cyboxCommon:ExtractedStringsType" minOccurs="0"><xs:annotation><xs:documentation>This field enables description of a set of static strings extracted from a raw cyber object.</xs:documentation></xs:annotation></xs:element><xs:element name="Imports" type="cyboxCommon:ImportsType" minOccurs="0"><xs:annotation><xs:documentation>This field enables description of a set of references to external resources imported by a raw cyber object.</xs:documentation></xs:annotation></xs:element><xs:element name="Functions" type="cyboxCommon:FunctionsType" minOccurs="0"><xs:annotation><xs:documentation>This field enables description of a set of references to functions called by a raw cyber object.</xs:documentation></xs:annotation></xs:element><xs:element name="Code_Snippets" type="cyboxCommon:CodeSnippetsType" minOccurs="0"><xs:annotation><xs:documentation>This field enables description of a set of code snippets extracted from a raw cyber object.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:ExtractedStringsType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ExtractedStringsType type is intended as container for strings extracted from CybOX objects.
<xs:complexType name="ExtractedStringsType"><xs:annotation><xs:documentation>The ExtractedStringsType type is intended as container for strings extracted from CybOX objects.</xs:documentation></xs:annotation><xs:sequence><xs:element name="String" type="cyboxCommon:ExtractedStringType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field enables description of a single static string extracted from a raw cyber object.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:ExtractedStringType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ExtractedStringType type is intended as container a single string extracted from a CybOX object.
<xs:complexType name="ExtractedStringType"><xs:annotation><xs:documentation>The ExtractedStringType type is intended as container a single string extracted from a CybOX object.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Encoding" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0"><xs:annotation><xs:documentation>The Encoding field refers to the encoding method used for the string extracted from the CybOX object, via a standardized controlled vocabulary.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is CharacterEncodingVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.</xs:documentation><xs:documentation>Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.</xs:documentation></xs:annotation></xs:element><xs:element name="String_Value" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The String_Value field specifies the actual value of the string extracted from the CybOX object, if it is capable of being represented in the encoding scheme used in the document (most commonly UTF-8).</xs:documentation></xs:annotation></xs:element><xs:element name="Byte_String_Value" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Byte_String_Value field specifies the raw, byte-string representation of the string extracted from the CybOX object, in hexadecimal format.</xs:documentation></xs:annotation></xs:element><xs:element name="Hashes" type="cyboxCommon:HashListType" minOccurs="0"><xs:annotation><xs:documentation>The Hashes field is used to include any hash values computed using the string extracted from the CybOX object as input.</xs:documentation></xs:annotation></xs:element><xs:element name="Address" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Address field specifies the location or offset of the specified string in the CybOX objects.</xs:documentation></xs:annotation></xs:element><xs:element name="Length" type="cyboxCommon:PositiveIntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Length field specifies the length, in characters, of the string extracted from the CybOX object.</xs:documentation></xs:annotation></xs:element><xs:element name="Language" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Language field specifies the language the string is written in, e.g. English. For consistency, we strongly recommend using the ISO 639-2 language code, if available. Please see http://www.loc.gov/standards/iso639-2/php/code_list.php for a list of ISO 639-2 codes.</xs:documentation></xs:annotation></xs:element><xs:element name="English_Translation" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The English_Translation field specifies the English translation of the string, if it is not written in English.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:ImportsType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ImportsType is intended to represent an extracted list of imports specified within a CybOX object.
<xs:complexType name="ImportsType"><xs:annotation><xs:documentation>The ImportsType is intended to represent an extracted list of imports specified within a CybOX object.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Import" type="cyboxCommon:StringObjectPropertyType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field enables description of a single reference to an external resource imported by a raw cyber object.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:FunctionsType
Namespace
http://cybox.mitre.org/common-2
Annotations
The FunctionsType is intended to represent an extracted list of functions leveraged within a CybOX object.
<xs:complexType name="FunctionsType"><xs:annotation><xs:documentation>The FunctionsType is intended to represent an extracted list of functions leveraged within a CybOX object.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Function" type="cyboxCommon:StringObjectPropertyType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field enables description of a single reference to a function called by a raw cyber object.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:CodeSnippetsType
Namespace
http://cybox.mitre.org/common-2
Annotations
The CodeSnippetsType is intended to represent an set of code snippets extracted from within a CybOX object.
<xs:complexType name="CodeSnippetsType"><xs:annotation><xs:documentation>The CodeSnippetsType is intended to represent an set of code snippets extracted from within a CybOX object.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Code_Snippet" type="cyboxCommon:ObjectPropertiesType" maxOccurs="unbounded"><xs:annotation><xs:documentation>This field enables description of a single code snippet extracted from a raw cyber object. Code_Snippet should be of CodeObj:CodeObjectType.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:ByteRunsType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ByteRunsType is used for representing a list of byte runs from within a raw object.
<xs:complexType name="ByteRunsType"><xs:annotation><xs:documentation>The ByteRunsType is used for representing a list of byte runs from within a raw object.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Byte_Run" type="cyboxCommon:ByteRunType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Byte_Run field contains a single byte run from the raw object.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:ByteRunType
Namespace
http://cybox.mitre.org/common-2
Annotations
The ByteRunType is used for representing a single byte run from within a raw object.
<xs:complexType name="ByteRunType"><xs:annotation><xs:documentation>The ByteRunType is used for representing a single byte run from within a raw object.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Offset" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Offset field specifies the offset of the beginning of the byte run as measured from the beginning of the object.</xs:documentation></xs:annotation></xs:element><xs:element name="Byte_Order" type="cyboxCommon:EndiannessType" minOccurs="0"><xs:annotation><xs:documentation>The Byte_Order field specifies the endianness of the unpacked (e.g., unencoded, unencrypted, etc.) data contained within the Byte_Run_Data field.</xs:documentation></xs:annotation></xs:element><xs:element name="File_System_Offset" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The File_System_Offset field is relevant only for byte runs of files in forensic analysis.It specifies the offset of the beginning of the byte run as measured from the beginning of the relevant file system.</xs:documentation></xs:annotation></xs:element><xs:element name="Image_Offset" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Image_Offset field is provided for forensic analysis purposes and specifies the offset of the beginning of the byte run as measured from the beginning of the relevant forensic image.</xs:documentation></xs:annotation></xs:element><xs:element name="Length" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Length field specifies the number of bytes in the byte run.</xs:documentation></xs:annotation></xs:element><xs:element name="Hashes" type="cyboxCommon:HashListType" minOccurs="0"><xs:annotation><xs:documentation>The Hashes field contains computed hash values for this the data in this byte run.</xs:documentation></xs:annotation></xs:element><xs:element name="Byte_Run_Data" type="xs:anyType" minOccurs="0"><xs:annotation><xs:documentation>The Byte_Run_Data field contains a raw dump of the byte run data, typically enclosed within an XML CDATA section.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:EnvironmentVariableListType
Namespace
http://cybox.mitre.org/common-2
Annotations
The EnvironmentVariableListType type is used for representing a list of environment variables.
<xs:complexType name="EnvironmentVariableListType"><xs:annotation><xs:documentation>The EnvironmentVariableListType type is used for representing a list of environment variables.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Environment_Variable" type="cyboxCommon:EnvironmentVariableType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Environment_Variable field is used for representing environment variables using a name/value pair.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:EnvironmentVariableType
Namespace
http://cybox.mitre.org/common-2
Annotations
The EnvironmentVariableType type is used for representing environment variables using a name/value pair.
<xs:complexType name="EnvironmentVariableType"><xs:annotation><xs:documentation>The EnvironmentVariableType type is used for representing environment variables using a name/value pair.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Name" type="cyboxCommon:StringObjectPropertyType"><xs:annotation><xs:documentation>The Name field specifies the name of the environment variable.</xs:documentation></xs:annotation></xs:element><xs:element name="Value" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The Value field specifies the value of the environment variable.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:DigitalSignaturesType
Namespace
http://cybox.mitre.org/common-2
Annotations
The DigitalSignaturesType is used for representing a list of digital signatures.
<xs:complexType name="DigitalSignaturesType"><xs:annotation><xs:documentation>The DigitalSignaturesType is used for representing a list of digital signatures.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Digital_Signature" type="cyboxCommon:DigitalSignatureInfoType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Digital_Signature field is optional and captures a single digital signature for this Object.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Complex Type cyboxCommon:DigitalSignatureInfoType
Namespace
http://cybox.mitre.org/common-2
Annotations
The DigitalSignatureInfoType type is used as a way to represent some of the basic information about a digital signature.
<xs:complexType name="DigitalSignatureInfoType"><xs:annotation><xs:documentation>The DigitalSignatureInfoType type is used as a way to represent some of the basic information about a digital signature.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Certificate_Issuer" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The certificate issuer of the digital signature.</xs:documentation></xs:annotation></xs:element><xs:element name="Certificate_Subject" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>The certificate subject of the digital signature.</xs:documentation></xs:annotation></xs:element><xs:element name="Signature_Description" type="cyboxCommon:StringObjectPropertyType" minOccurs="0"><xs:annotation><xs:documentation>A description of the digital signature.</xs:documentation></xs:annotation></xs:element></xs:sequence><xs:attribute name="signature_exists" type="xs:boolean"><xs:annotation><xs:documentation>Specifies whether the digital signature exists.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="signature_verified" type="xs:boolean"><xs:annotation><xs:documentation>Specifies if the digital signature is verified.</xs:documentation></xs:annotation></xs:attribute></xs:complexType>
Complex Type cyboxCommon:SIDType
Namespace
http://cybox.mitre.org/common-2
Annotations
SIDType specifies Windows Security ID (SID) types via a union of the SIDTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="SIDType"><xs:annotation><xs:documentation>SIDType specifies Windows Security ID (SID) types via a union of the SIDTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation><xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="cyboxCommon:SIDTypeEnum xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string"><xs:annotation><xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Simple Type cyboxCommon:SIDTypeEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
The SIDTypeEnum type is an enumeration of Windows Security ID (SID) types. These correspond to the values specified by the SID_NAME_USE enumeration--see http://msdn.microsoft.com/en-us/library/windows/desktop/aa379601(v=vs.85).aspx for more information.
Diagram
Type
restriction of xs:string
Facets
enumeration
SidTypeUser
Indicates a SID of type User.
enumeration
SidTypeGroup
Indicates a SID of type Group.
enumeration
SidTypeDomain
Indicates a SID of type Domain.
enumeration
SidTypeAlias
Indicates a SID of type Alias.
enumeration
SidTypeWellKnownGroup
Indicates a SID for a well-known group.
enumeration
SidTypeDeletedAccount
Indicates a SID for a deleted account.
enumeration
SidTypeInvalid
Indicates an invalid SID.
enumeration
SidTypeUnknown
Indicates a SID of unknown type.
enumeration
SidTypeComputer
Indicates a SID for a computer.
enumeration
SidTypeLabel
Indicates a mandatory integrity label SID.
Source
<xs:simpleType name="SIDTypeEnum"><xs:annotation><xs:documentation>The SIDTypeEnum type is an enumeration of Windows Security ID (SID) types. These correspond to the values specified by the SID_NAME_USE enumeration--see http://msdn.microsoft.com/en-us/library/windows/desktop/aa379601(v=vs.85).aspx for more information.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="SidTypeUser"><xs:annotation><xs:documentation>Indicates a SID of type User.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="SidTypeGroup"><xs:annotation><xs:documentation>Indicates a SID of type Group.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="SidTypeDomain"><xs:annotation><xs:documentation>Indicates a SID of type Domain.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="SidTypeAlias"><xs:annotation><xs:documentation>Indicates a SID of type Alias.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="SidTypeWellKnownGroup"><xs:annotation><xs:documentation>Indicates a SID for a well-known group.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="SidTypeDeletedAccount"><xs:annotation><xs:documentation>Indicates a SID for a deleted account.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="SidTypeInvalid"><xs:annotation><xs:documentation>Indicates an invalid SID.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="SidTypeUnknown"><xs:annotation><xs:documentation>Indicates a SID of unknown type.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="SidTypeComputer"><xs:annotation><xs:documentation>Indicates a SID for a computer.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="SidTypeLabel"><xs:annotation><xs:documentation>Indicates a mandatory integrity label SID.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Complex Type cyboxCommon:Layer4ProtocolType
Namespace
http://cybox.mitre.org/common-2
Annotations
Layer4ProtocolType specifies Layer 4 protocol types, via a union of the Layer4ProtocolEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="Layer4ProtocolType"><xs:annotation><xs:documentation>Layer4ProtocolType specifies Layer 4 protocol types, via a union of the Layer4ProtocolEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="cyboxCommon:Layer4ProtocolEnum xs:string"/></xs:simpleType><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string"><xs:annotation><xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation></xs:annotation></xs:attribute></xs:restriction></xs:simpleContent></xs:complexType>
Simple Type cyboxCommon:Layer4ProtocolEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
Layer4ProtocolEnum is a non-exhaustive enumeration of Layer 4 (transport) layer protocols.
Diagram
Type
restriction of xs:string
Facets
enumeration
TCP
Specifies the Transmission Control Protocol.
enumeration
UDP
Specifies the User Datagram Protocol.
enumeration
AH
Specifies the Authentication Header protocol.
enumeration
ESP
Specifies the Encapsulating Security Payload protocol.
enumeration
GRE
Specifies the Generic Routing Encapsulation protocol.
enumeration
IL
Specifies the Internet Link protocol.
enumeration
SCTP
Specifies the Stream Control Transmission Protocol.
enumeration
Sinec H1
Specifies the Siemens Sinec H1 protocol.
enumeration
SPX
Specifies the Sequenced Packet Exchange protocol.
enumeration
DCCP
Specifies the Datagram Congestion Control Protocol.
Source
<xs:simpleType name="Layer4ProtocolEnum"><xs:annotation><xs:documentation>Layer4ProtocolEnum is a non-exhaustive enumeration of Layer 4 (transport) layer protocols.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="TCP"><xs:annotation><xs:documentation>Specifies the Transmission Control Protocol.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="UDP"><xs:annotation><xs:documentation>Specifies the User Datagram Protocol.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="AH"><xs:annotation><xs:documentation>Specifies the Authentication Header protocol.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="ESP"><xs:annotation><xs:documentation>Specifies the Encapsulating Security Payload protocol.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="GRE"><xs:annotation><xs:documentation>Specifies the Generic Routing Encapsulation protocol.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="IL"><xs:annotation><xs:documentation>Specifies the Internet Link protocol.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="SCTP"><xs:annotation><xs:documentation>Specifies the Stream Control Transmission Protocol.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Sinec H1"><xs:annotation><xs:documentation>Specifies the Siemens Sinec H1 protocol.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="SPX"><xs:annotation><xs:documentation>Specifies the Sequenced Packet Exchange protocol.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="DCCP"><xs:annotation><xs:documentation>Specifies the Datagram Congestion Control Protocol.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Simple Type cyboxCommon:EndiannessTypeEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
The EndiannessTypeEnum is a non-exhaustive eumeration of byte ordering methods.
Diagram
Type
restriction of xs:string
Facets
enumeration
Big-endian
The Big-endian value specifies a big-endian byte ordering.
enumeration
Little-endian
The Little-endian value specifies a little-endian byte ordering.
enumeration
Middle-endian
The Middle-endian value specifies a middle-endian byte ordering.
Source
<xs:simpleType name="EndiannessTypeEnum"><xs:annotation><xs:documentation>The EndiannessTypeEnum is a non-exhaustive eumeration of byte ordering methods.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="Big-endian"><xs:annotation><xs:documentation>The Big-endian value specifies a big-endian byte ordering.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Little-endian"><xs:annotation><xs:documentation>The Little-endian value specifies a little-endian byte ordering.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Middle-endian"><xs:annotation><xs:documentation>The Middle-endian value specifies a middle-endian byte ordering.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Complex Type cyboxCommon:CipherType
Namespace
http://cybox.mitre.org/common-2
Annotations
CipherType specifies encryption algorithms, via a union of the CipherEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="CipherType"><xs:annotation><xs:documentation>CipherType specifies encryption algorithms, via a union of the CipherEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="cyboxCommon:CipherEnum xs:string"/></xs:simpleType></xs:restriction></xs:simpleContent></xs:complexType>
Simple Type cyboxCommon:CipherEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
CipherEnum is a non-exhaustive enumeration of encryption algorithms.
Diagram
Type
restriction of xs:string
Facets
enumeration
3DES
Specifies the Triple Data Encryption Standard (DES) algorithm.
enumeration
AES
Specifies the Advanced Encryption Standard (AES) algorithm.
enumeration
Blowfish
Specifies the Blowfish algorithm.
enumeration
CAST-128
Specifies the CAST-128 algorithm.
enumeration
CAST-256
Specifies the CAST-256 algorithm.
enumeration
DES
Specifies the Data Encryption Standard (DES) algorithm.
enumeration
IDEA
Specifies the International Data Encryption Algorithm (IDEA).
enumeration
Rijndael
Specifies the Rijndael algorithm.
enumeration
RC5
Specifies the RC5 algorithm.
enumeration
Skipjack
Specifies the Skipjack algorithm.
Source
<xs:simpleType name="CipherEnum"><xs:annotation><xs:documentation>CipherEnum is a non-exhaustive enumeration of encryption algorithms.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="3DES"><xs:annotation><xs:documentation>Specifies the Triple Data Encryption Standard (DES) algorithm.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="AES"><xs:annotation><xs:documentation>Specifies the Advanced Encryption Standard (AES) algorithm.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Blowfish"><xs:annotation><xs:documentation>Specifies the Blowfish algorithm.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="CAST-128"><xs:annotation><xs:documentation>Specifies the CAST-128 algorithm.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="CAST-256"><xs:annotation><xs:documentation>Specifies the CAST-256 algorithm.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="DES"><xs:annotation><xs:documentation>Specifies the Data Encryption Standard (DES) algorithm.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="IDEA"><xs:annotation><xs:documentation>Specifies the International Data Encryption Algorithm (IDEA).</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Rijndael"><xs:annotation><xs:documentation>Specifies the Rijndael algorithm.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="RC5"><xs:annotation><xs:documentation>Specifies the RC5 algorithm.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="Skipjack"><xs:annotation><xs:documentation>Specifies the Skipjack algorithm.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Complex Type cyboxCommon:RegionalRegistryType
Namespace
http://cybox.mitre.org/common-2
Annotations
The RegionalRegistryType specifies a Regional Internet Registry (RIR) for a given WHOIS entry. RIRs defined by the RegionalRegistryTypeEnum may be used, as well as those specified by a free form text string.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="RegionalRegistryType"><xs:annotation><xs:documentation>The RegionalRegistryType specifies a Regional Internet Registry (RIR) for a given WHOIS entry. RIRs defined by the RegionalRegistryTypeEnum may be used, as well as those specified by a free form text string.</xs:documentation></xs:annotation><xs:simpleContent><xs:restriction base="cyboxCommon:BaseObjectPropertyType"><xs:simpleType><xs:union memberTypes="cyboxCommon:RegionalRegistryTypeEnum xs:string"/></xs:simpleType></xs:restriction></xs:simpleContent></xs:complexType>
Simple Type cyboxCommon:RegionalRegistryTypeEnum
Namespace
http://cybox.mitre.org/common-2
Annotations
The RegionalRegistryTypeEnum is an enumeration of Regional Internet Registries (RIRs) names, represented via their respective acronyms.
Diagram
Type
restriction of xs:string
Facets
enumeration
AfriNIC
AfriNIC stands for African Network Information Centre, and is the RIR for Africa.
enumeration
ARIN
ARIN stands for American Registry for Internet Numbers, and is the RIR for the United States, Canada, several parts of the Caribbean Region, and Antarctica.
enumeration
APNIC
APNIC stands for Asia-Pacific Network Information Centre, and is the RIR for Asia, Australia, New Zealand, and neighboring countries.
enumeration
LACNIC
LACNIC stands for Latin American and Caribbean Network Information Centre, and is the RIR for Latin America and parts of the Caribbean region.
enumeration
RIPE NCC
RIPE NCC stands for Réseaux IP Européens Network Coordination Centre, and is the RIR for Europe, Russia, the Middle East, and Central Asia.
Source
<xs:simpleType name="RegionalRegistryTypeEnum"><xs:annotation><xs:documentation>The RegionalRegistryTypeEnum is an enumeration of Regional Internet Registries (RIRs) names, represented via their respective acronyms.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="AfriNIC"><xs:annotation><xs:documentation>AfriNIC stands for African Network Information Centre, and is the RIR for Africa.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="ARIN"><xs:annotation><xs:documentation>ARIN stands for American Registry for Internet Numbers, and is the RIR for the United States, Canada, several parts of the Caribbean Region, and Antarctica.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="APNIC"><xs:annotation><xs:documentation>APNIC stands for Asia-Pacific Network Information Centre, and is the RIR for Asia, Australia, New Zealand, and neighboring countries.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="LACNIC"><xs:annotation><xs:documentation>LACNIC stands for Latin American and Caribbean Network Information Centre, and is the RIR for Latin America and parts of the Caribbean region.</xs:documentation></xs:annotation></xs:enumeration><xs:enumeration value="RIPE NCC"><xs:annotation><xs:documentation>RIPE NCC stands for Réseaux IP Européens Network Coordination Centre, and is the RIR for Europe, Russia, the Middle East, and Central Asia.</xs:documentation></xs:annotation></xs:enumeration></xs:restriction></xs:simpleType>
Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interfering with XML validation of the CybOX document. If this attribute is absent, the implication is that no markup is being used.
<xs:attribute name="structuring_format" type="xs:string" use="optional"><xs:annotation><xs:documentation>Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interfering with XML validation of the CybOX document. If this attribute is absent, the implication is that no markup is being used.</xs:documentation></xs:annotation></xs:attribute>
Specifies the "greater than or equal to" condition.
enumeration
LessThan
Specifies the "less than" condition.
enumeration
LessThanOrEqual
Specifies the "less than or equal" condition.
enumeration
InclusiveBetween
The pattern is met if the given value lies between the values indicated in the field value body, inclusive of the bounding values themselves. The field value body MUST contain at least 2 values to be valid. If the field value body contains more than 2 values, then only the greatest and least values are considered. (I.e., If the body contains "2,4,6", then an InclusiveBetween condition would be satisfied if the observed value fell between 2 and 6, inclusive. Since this is an inclusive range, an observed value of 2 or 6 would fit the pattern in this example.) As such, always treat the InclusiveBetween condition as applying to a single range for the purpose of evaluating the apply_condition attribute.
enumeration
ExclusiveBetween
The pattern is met if the given value lies between the values indicated in the field value body, exclusive of the bounding values themselves. The field value body MUST contain at least 2 values to be valid. If the field value body contains more than 2 values, then only the greatest and least values are considered. (I.e., If the body contains "2,4,6", then an InclusiveBetween condition would be satisfied if the observed value fell between 2 and 6, exclusive. Since this is an exclusive range, an observed value of 2 or 6 would not fit the pattern in this example.) As such, always treat the ExclusiveBetween condition as applying to a single range for the purpose of evaluating the apply_condition attribute.
enumeration
FitsPattern
Specifies the condition that a value fits a given pattern.
enumeration
BitwiseAnd
Specifies the condition of bitwise AND. Specifically, when applying this pattern, a given value is bitwise-ANDed with the bit_mask attribute value (which must be present). If the result is identical to the value provided in the body of this field value, the pattern is considered fulfilled.
enumeration
BitwiseOr
Specifies the condition of bitwise OR. Specifically, when applying this pattern, a given value is bitwise-ORed with the bit_mask attribute value (which must be present). If the result is identical to the value provided in the body of this field value, the pattern is considered fulfilled.
enumeration
BitwiseXor
Specifies the condition of bitwise XOR. Specifically, when applying this pattern, a given value is bitwise-XORed with the bit_mask attribute value (which must be present). If the result is identical to the value provided in the body of this field value, the pattern is considered fulfilled.
<xs:attribute name="condition" type="cyboxCommon:ConditionTypeEnum"><xs:annotation><xs:documentation>This field is optional and defines the relevant condition to apply to the value.</xs:documentation></xs:annotation></xs:attribute>
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
<xs:attribute name="is_case_sensitive" type="xs:boolean" default="true"><xs:annotation><xs:documentation>The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.</xs:documentation></xs:annotation></xs:attribute>
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
<xs:attribute name="apply_condition" type="cyboxCommon:ConditionApplicationEnum" default="ANY"><xs:annotation><xs:documentation>This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="delimiter" type="xs:string" default="##comma##"><xs:annotation><xs:documentation>The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".</xs:documentation></xs:annotation></xs:attribute>
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
<xs:attribute name="bit_mask" type="xs:hexBinary"><xs:annotation><xs:documentation>Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.</xs:documentation></xs:annotation></xs:attribute>
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
<xs:attribute name="pattern_type" type="cyboxCommon:PatternTypeEnum"><xs:annotation><xs:documentation>This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.</xs:documentation></xs:annotation></xs:attribute>
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
<xs:attribute name="regex_syntax" type="xs:string"><xs:annotation><xs:documentation>This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.</xs:documentation><xs:documentation>Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.</xs:documentation><xs:documentation>Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.</xs:documentation></xs:annotation></xs:attribute>
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
<xs:attribute name="has_changed" type="xs:boolean"><xs:annotation><xs:documentation>This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.</xs:documentation></xs:annotation></xs:attribute>
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
<xs:attribute name="trend" type="xs:boolean"><xs:annotation><xs:documentation>This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="vocab_name" type="xs:string" use="optional"><xs:annotation><xs:documentation>The vocab_name field specifies the name of the controlled vocabulary.</xs:documentation></xs:annotation></xs:attribute>
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.
<xs:attribute name="vocab_reference" type="xs:anyURI" use="optional"><xs:annotation><xs:documentation>The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="precision" type="cyboxCommon:DatePrecisionEnum" default="day"><xs:annotation><xs:documentation>The precision of the associated date. If omitted, the default is "day", meaning the full field value.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="precision" type="cyboxCommon:DateTimePrecisionEnum" default="second"><xs:annotation><xs:documentation>The precision of the associated dateTime. If omitted, the default is "second", meaning the full field value (including fractional seconds).</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="id" type="xs:QName"><xs:annotation><xs:documentation>Specifies a unique ID for this Location.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="idref" type="xs:QName"><xs:annotation><xs:documentation>Specifies a reference to a unique ID defined elsewhere.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="reference_type" type="cyboxCommon:ToolReferenceTypeEnum"><xs:annotation><xs:documentation>Indicates the nature of the referenced material (documentation, source, executable, etc.).</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="id" type="xs:QName"><xs:annotation><xs:documentation>The id field specifies a unique ID for this Object Property.</xs:documentation></xs:annotation></xs:attribute>
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
<xs:attribute name="idref" type="xs:QName"><xs:annotation><xs:documentation>The idref field specifies a unique ID reference for this Object Property.</xs:documentation><xs:documentation>When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.</xs:documentation></xs:annotation></xs:attribute>
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="string"><xs:annotation><xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation></xs:annotation></xs:attribute>
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
<xs:attribute name="appears_random" type="xs:boolean"><xs:annotation><xs:documentation>This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="is_obfuscated" type="xs:boolean"><xs:annotation><xs:documentation>This field is optional and conveys whether the associated Object property has been obfuscated.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="obfuscation_algorithm_ref" type="xs:anyURI"><xs:annotation><xs:documentation>This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.</xs:documentation></xs:annotation></xs:attribute>
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
<xs:attribute name="is_defanged" type="xs:boolean"><xs:annotation><xs:documentation>This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).</xs:documentation></xs:annotation></xs:attribute>
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
<xs:attribute name="defanging_algorithm_ref" type="xs:anyURI"><xs:annotation><xs:documentation>This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="refanging_transform_type" type="xs:string"><xs:annotation><xs:documentation>This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.</xs:documentation></xs:annotation></xs:attribute>
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
<xs:attribute name="refanging_transform" type="xs:string"><xs:annotation><xs:documentation>This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.</xs:documentation></xs:annotation></xs:attribute>
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
<xs:attribute name="observed_encoding" type="xs:string"><xs:annotation><xs:documentation>This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.</xs:documentation><xs:documentation>It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).</xs:documentation><xs:documentation>This field is intended to be applicable only to fields which contain string values.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="hexBinary"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="string"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="int"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="system" type="xs:string"><xs:annotation><xs:documentation>Indicates the naming system from which the indicated name was drawn.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="system-ref" type="xs:anyURI"><xs:annotation><xs:documentation>A reference to information about the naming system from which the indicated name was drawn.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="name" type="xs:string"><xs:annotation><xs:documentation>This field identifies the name of the library.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="version" type="xs:string"><xs:annotation><xs:documentation>This field identifies the version of the library.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="name" type="xs:string"><xs:annotation><xs:documentation>The name field specifies a name for this property.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="description" type="xs:string"><xs:annotation><xs:documentation>A description of what this property represents.</xs:documentation></xs:annotation></xs:attribute>
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
<xs:attribute name="object_reference" type="xs:QName"><xs:annotation><xs:documentation>The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="type" type="xs:string"><xs:annotation><xs:documentation>This field specifies the type of name of a single metadata field.</xs:documentation></xs:annotation></xs:attribute>
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string"><xs:annotation><xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="id" type="xs:QName"><xs:annotation><xs:documentation>The id field specifies a unique ID for this Tool.</xs:documentation></xs:annotation></xs:attribute>
The idref field specifies reference to a unique ID for this Tool.
When idref is specified, the id attribute must not be specified, and any instance of this type should not hold content unless an extension of the type allows it.
<xs:attribute name="idref" type="xs:QName"><xs:annotation><xs:documentation>The idref field specifies reference to a unique ID for this Tool.</xs:documentation><xs:documentation>When idref is specified, the id attribute must not be specified, and any instance of this type should not hold content unless an extension of the type allows it.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="class" type="cyboxCommon:SourceClassTypeEnum"><xs:annotation><xs:documentation>The class field is optional and enables identification of the high-level class of this cyber observation source.</xs:documentation></xs:annotation></xs:attribute>
Describes a cyber observation made using various tools, such as scanners, firewalls, gateways, protection systems, and detection systems. See ToolTypeEnum for a more complete list of tools that CybOX supports.
enumeration
Analysis
Describes a cyber observation made from analysis methods, such as Static and Dynamic methods. See AnalysisMethodTypeEnum for a more complete list of methods that CybOX supports.
enumeration
Information Source
Describes a cyber observation made using other information sources, such as logs, Device Driver APIs, and TPM output data. See InformationSourceTypeEnum for a more complete list of information sources that CybOX supports.
<xs:attribute name="source_type" type="cyboxCommon:SourceTypeEnum"><xs:annotation><xs:documentation>The source_type field is optional and enables identification of the broad type of this cyber observation source.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="name" type="xs:string"><xs:annotation><xs:documentation>The name field is optional and enables the assignment of a relevant name to this Discovery Method.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="sighting_count" type="xs:positiveInteger"><xs:annotation><xs:documentation>The sighting_count field specifies how many different identical instances of a given Observable may have been seen/sighted by the observation source.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="units" type="cyboxCommon:DataSizeUnitsEnum" use="required"><xs:annotation><xs:documentation>This field represents the Units used in the object size element.</xs:documentation></xs:annotation></xs:attribute>
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute fixed="string" name="datatype" type="cyboxCommon:DatatypeEnum" use="optional"><xs:annotation><xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="id" type="xs:QName"><xs:annotation><xs:documentation>The id field specifies a unique id for this data segment.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="name"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="date"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
The precision of the associated time. If omitted, the default is "day", meaning the full field value. Digits in the date that are required by the xs:date datatype but are beyond the specified precision should be zeroed out.
When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
<xs:attribute name="precision" type="cyboxCommon:DatePrecisionEnum" default="day"><xs:annotation><xs:documentation>The precision of the associated time. If omitted, the default is "day", meaning the full field value. Digits in the date that are required by the xs:date datatype but are beyond the specified precision should be zeroed out.</xs:documentation><xs:documentation>When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="dateTime"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.
When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
<xs:attribute name="precision" type="cyboxCommon:DateTimePrecisionEnum" default="second"><xs:annotation><xs:documentation>The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.</xs:documentation><xs:documentation>When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="float"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="double"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="unsignedLong"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="unsignedInt"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="positiveInteger"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="long"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="nonNegativeInteger"><xs:annotation><xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="anyURI"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="duration"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="time"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the time that are required by the xs:time datatype but are beyond the specified precision should be zeroed out.
When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
<xs:attribute name="precision" type="cyboxCommon:TimePrecisionEnum" default="second"><xs:annotation><xs:documentation>The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the time that are required by the xs:time datatype but are beyond the specified precision should be zeroed out.</xs:documentation><xs:documentation>When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.</xs:documentation></xs:annotation></xs:attribute>
This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="base64Binary"><xs:annotation><xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="signature_exists" type="xs:boolean"><xs:annotation><xs:documentation>Specifies whether the digital signature exists.</xs:documentation></xs:annotation></xs:attribute>
<xs:attribute name="signature_verified" type="xs:boolean"><xs:annotation><xs:documentation>Specifies if the digital signature is verified.</xs:documentation></xs:annotation></xs:attribute>
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string"><xs:annotation><xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation></xs:annotation></xs:attribute>
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration
int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration
float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration
date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration
positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration
unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration
dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration
time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration
boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration
name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration
long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration
unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration
duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration
double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration
nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration
hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration
anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration
base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration
IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration
IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration
Host Name
Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration
MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration
Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration
URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration
TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration
Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration
Binary
Specifies arbitrary binary encoded data.
enumeration
BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration
Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration
UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
enumeration
Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration
CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration
CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration
CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration
CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration
CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string"><xs:annotation><xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation></xs:annotation></xs:attribute>
Attribute Group cyboxCommon:PatternFieldGroup
Namespace
http://cybox.mitre.org/common-2
Annotations
The PatternFieldGroup is a simple field group aggregating a set of fields for application of patterns.
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:attributeGroup name="PatternFieldGroup"><xs:annotation><xs:documentation>The PatternFieldGroup is a simple field group aggregating a set of fields for application of patterns.</xs:documentation></xs:annotation><xs:attribute name="condition" type="cyboxCommon:ConditionTypeEnum"><xs:annotation><xs:documentation>This field is optional and defines the relevant condition to apply to the value.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="is_case_sensitive" type="xs:boolean" default="true"><xs:annotation><xs:documentation>The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="apply_condition" type="cyboxCommon:ConditionApplicationEnum" default="ANY"><xs:annotation><xs:documentation>This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="delimiter" type="xs:string" default="##comma##"><xs:annotation><xs:documentation>The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="bit_mask" type="xs:hexBinary"><xs:annotation><xs:documentation>Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="pattern_type" type="cyboxCommon:PatternTypeEnum"><xs:annotation><xs:documentation>This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="regex_syntax" type="xs:string"><xs:annotation><xs:documentation>This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.</xs:documentation><xs:documentation>Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.</xs:documentation><xs:documentation>Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="has_changed" type="xs:boolean"><xs:annotation><xs:documentation>This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="trend" type="xs:boolean"><xs:annotation><xs:documentation>This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.</xs:documentation></xs:annotation></xs:attribute></xs:attributeGroup>
Attribute Group cyboxCommon:BaseObjectPropertyGroup
Namespace
http://cybox.mitre.org/common-2
Annotations
The ObjectPropertyGroup is a simple field group aggregating a set of fields for Object Properties.
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
The idref field specifies a unique ID reference for this Object Property.
When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
This field is intended to be applicable only to fields which contain string values.
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
Source
<xs:attributeGroup name="BaseObjectPropertyGroup"><xs:annotation><xs:documentation>The ObjectPropertyGroup is a simple field group aggregating a set of fields for Object Properties.</xs:documentation></xs:annotation><xs:attribute name="id" type="xs:QName"><xs:annotation><xs:documentation>The id field specifies a unique ID for this Object Property.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="idref" type="xs:QName"><xs:annotation><xs:documentation>The idref field specifies a unique ID reference for this Object Property.</xs:documentation><xs:documentation>When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="string"><xs:annotation><xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="appears_random" type="xs:boolean"><xs:annotation><xs:documentation>This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="is_obfuscated" type="xs:boolean"><xs:annotation><xs:documentation>This field is optional and conveys whether the associated Object property has been obfuscated.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="obfuscation_algorithm_ref" type="xs:anyURI"><xs:annotation><xs:documentation>This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="is_defanged" type="xs:boolean"><xs:annotation><xs:documentation>This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="defanging_algorithm_ref" type="xs:anyURI"><xs:annotation><xs:documentation>This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="refanging_transform_type" type="xs:string"><xs:annotation><xs:documentation>This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="refanging_transform" type="xs:string"><xs:annotation><xs:documentation>This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.</xs:documentation></xs:annotation></xs:attribute><xs:attribute name="observed_encoding" type="xs:string"><xs:annotation><xs:documentation>This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.</xs:documentation><xs:documentation>It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).</xs:documentation><xs:documentation>This field is intended to be applicable only to fields which contain string values.</xs:documentation></xs:annotation></xs:attribute></xs:attributeGroup>