All Downloads are FREE. Search and download functionalities are using the official Maven repository.

schemas.v1.2.0.cybox.cybox_common.xsd Maven / Gradle / Ivy

There is a newer version: 1.2.0.2
Show newest version


	
		This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
		
			CybOX Common
			2.1
			01/22/2014
			The following specifies the fields and types that compose this defined CybOX Common Types.
			Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.
		
	
	
		
			The MeasureSourceType is a type representing a description of a single cyber observation source.
		
		
			
				
					The Information_Source_Type field is optional and utilizes a standardized controlled vocabulary to identify the type of information source leveraged for this cyber observation source.
					This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is InformationSourceTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
					Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
				
			
			
				
					The Tool_Type field is optional and (when tools are used) enables identification of the type of tool leveraged as part of this cyber observation source, via a standardized controlled vocabulary.
					This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ToolTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
					Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
				
			
			
				
					The Description field is optional and enables a generalized but structured description of this syber observation source.
				
			
			
				
					The Contributors field is optional and enables description of the individual contributors involved in this cyber observation source.
				
			
			
				
					The Time field is optional and enables description of various time-related properties for this cyber observation source instance.
				
			
			
				
					The Observation_Location field specifies a relevant physical location for the observation measurement of the associated Observable.
					This field is implemented through the xsi:type extension mechanism. The default type is CIQAddressInstanceType in the http://cybox.mitre.org/extensions/Identity#CIQAddress-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address/1.0/ciq_address_3.0.xsd.
					Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field.
				
			
			
				
					The Tools field is optional and enables description of the tools utilized for this cyber observation source.
				
			
			
				
					The Platform field is optional and enables a formal, standardized specification of the platform for this cyber observation source.
				
			
			
				
					The System field is optional and enables characterization of the system on which the mechanism of cyber observation executed. System should be an object of type SystemObj:SystemObjectType.
				
			
			
				
					The Instance field is optional and enables characterization of the process instance in which the mechanism of cyber observation executed. Instance should be of type ProcessObj:ProcessObjectType.
				
			
			
				
					The Observable_Location field specifies a relevant physical location for the associated Observable.
					This field is implemented through the xsi:type extension mechanism. The default type is CIQAddressInstanceType in the http://cybox.mitre.org/extensions/Identity#CIQAddress-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address/1.0/ciq_address_3.0.xsd.
					Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field.
				
			
		
		
			
				The class field is optional and enables identification of the high-level class of this cyber observation source.
			
		
		
			
				The source_type field is optional and enables identification of the broad type of this cyber observation source.
			
		
		
			
				The name field is optional and enables the assignment of a relevant name to this Discovery Method.
			
		
		
			
				The sighting_count field specifies how many different identical instances of a given Observable may have been seen/sighted by the observation source.
			
		
	
	
		
			The SourceClassTypeEnum is a (non-exhaustive) enumeration of cyber observation source classes.
		
		
			
				
					Describes a Network-based cyber observation.
				
			
			
				
					Describes a System-based cyber observation.
				
			
			
				
					Describes a Software-based cyber observation.
				
			
		
	
	
		
			The SourceTypeEnum is a (non-exhaustive) enumeration of cyber observation source types.
		
		
			
				
					Describes a cyber observation made using various tools, such as scanners, firewalls, gateways, protection systems, and detection systems. See ToolTypeEnum for a more complete list of tools that CybOX supports.
				
			
			
				
					Describes a cyber observation made from analysis methods, such as Static and Dynamic methods. See AnalysisMethodTypeEnum for a more complete list of methods that CybOX supports.
				
			
			
				
					Describes a cyber observation made using other information sources, such as logs, Device Driver APIs, and TPM output data. See InformationSourceTypeEnum for a more complete list of information sources that CybOX supports.
				
			
		
	
	
		
			The ContributorType represents a description of an individual who contributed as a source of cyber observation data.
		
		
			
				
					This field describes the role played by this contributor.
				
			
			
				
					This field contains the name of this contributor.
				
			
			
				
					This field contains the email of this contributor.
				
			
			
				
					This field contains a telephone number of this contributor.
				
			
			
				
					This field contains the organization name of this contributor.
				
			
			
				
					This field contains a description (bounding) of the timing of this contributor's involvement.
				
			
			
				
					This field contains information describing the location at which the contributory activity occured.
				
			
		
	
	
		
			The DateRangeType specifies a range of dates.
		
		
			
				
					This field contains the start date for this contributor's involvement. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
				
			
			
				
					This field contains the end date for this contributor's involvement. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
				
			
		
	
	
		
			The PersonnelType is an abstracted data type to standardize the description of sets of personnel.
		
		
			
				
					This field contains information describing the identify, resources and timing of involvement for a single contributor.
				
			
		
	
	
		
			The TimeType specifies various time properties for this construct.
		
		
			
				
					The Start_Time field is optional and describes the starting time for this construct. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
				
			
			
				
					The End_Time field is optional and describes the ending time for this construct. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
				
			
			
				
					The Produced_Time field is optional and describes the time that this construct was produced. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
				
			
			
				
					The Received_Time field is optional and describes the time that this construct was received. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
				
			
		
	
	
		
			The ToolSpecificDataType is an Abstract type placeholder within the CybOX schema enabling the inclusion of metadata for a specific type of tool through the use of a custom type defined as an extension of this base Abstract type.
		
	
	
		
			The ToolsInformationType represents a description of a set of automated tools.
		
		
			
				
					The Tool field is optional and enables description of a single tool utilized for this cyber observation source.
				
			
		
	
	
		
			The ToolInformationType is intended to characterize the properties of a hardware or software tool, including those related to instances of its use.
		
		
			
				
					This field contains the name of the tool leveraged.
				
			
			
				
					This field contains the type of the tool leveraged.
					This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for CybOX 2.0. Users may either define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a free string field. Additionally, locations where the ToolInformationType is used may define default vocabularies for this field.
				
			
			
				
					This field contains general descriptive information for this tool.
				
			
			
				
					This field contains references to instances or additional information for this tool.
				
			
			
				
					This field contains information identifying the vendor organization for this tool.
				
			
			
				
					This field contains an appropriate version descriptor of this tool.
				
			
			
				
					This field contains an appropriate service pack descriptor for this tool.
				
			
			
				
					This is an abstract type provided to a flexible mechanism for enabling tool-specific data to be included.
				
			
			
				
					This field contains a hash value computed on the tool file content in order to verify its integrity.
				
			
			
				
					This field contains information describing the configuration and usage of the tool.
				
			
			
				
					This field contains information describing the execution environment of the tool.
				
			
			
				
					This field captures any errors generated during the run of the tool.
				
			
			
				
					This field captures other relevant metadata including tool-specific fields.
				
			
			
				
					This field contains the name of the compensation model used for the tool.
				
			
		
		
			
				The id field specifies a unique ID for this Tool.
			
		
		
			
				The idref field specifies reference to a unique ID for this Tool.
				When idref is specified, the id attribute must not be specified, and any instance of this type should not hold content unless an extension of the type allows it.
			
		
	
	
		
			The CompensationModelType characterizes the compensation model for a tool.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the expected type for the value of the specified property.
					
				
			
		
	
	
		
			The CompensationModelEnum is a (non-exhaustive) enumeration of compensation models for tools.
		
		
			
				
					Specifies that the tool is available for use at no monetary cost as the compensation model.
				
			
			
				
					Specifies that the tool is proprietary and offers a limited use license as the compensation model.
				
			
			
				
					Specifies that the tool is produced for sale or serves commercial purposes as the compensation model.
				
			
			
				
					Specifies that the tool uses automatically rendered advertisements as the compensation model.
				
			
		
	
	
		
			Used to indicate one or more references to tool instances and information.
		
		
			
				
					Contains one reference to information or instances of a given tool.
				
			
		
	
	
		
			Contains one reference to information or instances of a given tool.
		
		
			
				
					
						Indicates the nature of the referenced material (documentation, source, executable, etc.).
					
				
			
		
	
	
		
			The nature of referenced material regarding a tool.
		
		
			
				
					The reference is to documentation about the identified tool.
				
			
			
				
					The reference is to source code for the identified tool.
				
			
			
				
					The reference is to where an executable version of the tool can be downloaded.
				
			
			
				
					The reference is to the tool implemented as an online service.
				
			
			
				
					The reference is to material about the tool not covered by other values in this enumeration.
				
			
		
	
	
		
			The ToolConfigurationType characterizes the configuration for a tool used as a cyber observation source.
		
		
			
				
					This field describes the configuration settings of this tool instance.
				
			
			
				
					This field contains information describing the relevant dependencies for this tool.
				
			
			
				
					This field contains descriptions of the various relevant usage context assumptions for this tool .
				
			
			
				
					This field contains information describing relevant internationalization setting for this tool .
				
			
			
				
					This field contains information describing how this tool was built.
				
			
		
	
	
		
			The ConfigurationSettingsType is a modularized data type used to provide a consistent approach to describing configuration settings for a tool, application or other cyber object.
		
		
			
				
					This field contains a single configuration setting instance.
				
			
		
	
	
		
			The ConfigurationSettingType is a modularized data type used to provide a consistent approach to describing a particular configuration setting for a tool, application or other cyber object.
		
		
			
				
					This field contains the name of the configuration item referenced by this configuration setting instance.
				
			
			
				
					This field contains the value of this configuration setting instance.
				
			
			
				
					This field contains the type of the configuration item referenced in this configuration setting instance.
				
			
			
				
					This field contains a description of the configuration item referenced in this configuration setting instance.
				
			
		
	
	
		
			The DependenciesType contains information describing a set of dependencies for this tool.
		
		
			
				
					This field contains information describing a single dependency for this tool.
				
			
		
	
	
		
			The DependencyType contains information describing a single dependency for this tool.
		
		
			
				
					This field describes the type of this dependency instance.
				
			
			
				
					This field contains a description of this dependency instance.
				
			
		
	
	
		
			The UsageContextAssumptionsType contains descriptions of the various relevant usage context assumptions for this tool.
		
		
			
				
					This field contains a single usage context assumption for this tool.
				
			
		
	
	
		
			The InternationalizationSettingsType contains information describing relevant internationalization setting for this tool.
		
		
			
				
					This field contains a single internal string instance for this internationalization setting instance.
				
			
		
	
	
		
			The InternalStringsType contains a single internal string instance for this internationalization setting instance.
		
		
			
				
					This field contains the actual key of this internal string instance.
				
			
			
				
					This field contains the actual content of this internal string instance.
				
			
		
	
	
		
			The BuildInformationType contains information describing how this tool was built.
		
		
			
				
					This field contains an externally defined unique identifier of this build of this application instance.
				
			
			
				
					This field contains the project name of this build of this application instance.
				
			
			
				
					This field contains information identifying the utility used to build this application.
				
			
			
				
					This field contains the appropriate version descriptor of this build of this application instance.
				
			
			
				
					This field contains any relevant label for this build of this application instance.
				
			
			
				
					This field describes the compilers utilized during this build of this application.
				
			
			
				
					This field identifies the compilation date for the build of the tool. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
				
			
			
				
					This field describes how the build utility was configured for this build of this application.
				
			
			
				
					This field contains the actual build script for this build of this application instance.
				
			
			
				
					This field identifies the libraries incorporated into the build of the tool.
				
			
			
				
					This field contains a capture of the output log of the build process.
				
			
		
	
	
		
			The BuildUtilityType contains information identifying the utility used to build this application.
		
		
			
				
					This field contains the informally defined name of the utility used to build this application instance.
				
			
			
				
					This field identifies the build utility used to build this application.
				
			
		
	
	
		
			The CompilersType describes the compilers utilized during this build of this application.
		
		
			
				
					This field describes a single compiler utilized during this build of this application.
				
			
		
	
	
		
			The CompilerType describes a single compiler utilized during this build of this application.
		
		
			
				
					This field contains the informal description of this compiler instance.
				
			
			
				
					This field identifies this compiler instance.
				
			
		
	
	
		
			The CompilerInformalDescriptionType contains the informal description of this compiler instance.
		
		
			
				
					This field contains the name of the compiler.
				
			
			
				
					This field contains the version of the compiler.
				
			
		
	
	
		
			The BuildConfigurationType describes how the build utility was configured for this build of this application.
		
		
			
				
					This field contains the description of the configuration settings for this build of this application instance.
				
			
			
				
					This field contains the configuration settings for this build of this application instance.
				
			
		
	
	
		
			The LibrariesType identifies the libraries incorporated into the build of the tool.
		
		
			
				
					This field identifies a library incorporated into the build of the tool.
				
			
		
	
	
		
			The LibraryType identifies a single library incorporated into the build of the tool.
		
		
			
				This field identifies the name of the library.
			
		
		
			
				This field identifies the version of the library.
			
		
	
	
		
			The ExecutionEnvironmentType contains information describing the execution environment of the tool.
		
		
			
				
					This field contains information describing the system on which the tool was executed. System should be of type SystemObj:SystemObjectType.
				
			
			
				
					This field contains information describing the user account that executed the tool. User_Account_Info should be of type UserAccountObj:UserAccountObjectType.
				
			
			
				
					This field specifies the command line string used to run the tool.
				
			
			
				
					This field specifies when the tool was run. In order to avoid ambiguity, it is strongly suggest that all timestamps in this field include a specification of the timezone if it is known.
				
			
		
	
	
		
			The ErrorsType captures any errors generated during the run of the tool.
		
		
			
				
					This field captures a single type of error generated during the run of the tool.
				
			
		
	
	
		
			The ErrorType captures a single error generated during the run of the tool.
		
		
			
				
					This field specifies the type for this tool run error.
				
			
			
				
					This field specifies the count of instances for this error in the tool run.
				
			
			
				
					This field captures the actual error output for each instance of this type of error.
				
			
		
	
	
		
			The ErrorInstancesType captures the actual error output for each instance of this type of error.
		
		
			
				
					This field captures the actual error output for a single instance of this type of error.
				
			
		
	
	
		
			The ObjectPropertiesType is an Abstract type placeholder within the CybOX schema enabling the inclusion of contextually varying object properties descriptions. This Abstract type is leveraged as the extension base for all predefined CybOX object properties schemas. Through this extension mechanism any object instance data based on an object properties schema extended from ObjectPropertiesType (e.g. File_Object, Address_Object, etc.) can be directly integrated into any instance document where a field is defined as ObjectPropertiesType. For flexibility and extensibility purposes any user of CybOX can specify their own externally defined object properties schemas (outside of or derived from the set of predefined objects) extended from ObjectPropertiesType and utilize them as part of their CybOX content.
		
		
			
				
					The Custom_Properties construct is optional and enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.
				
			
		
		
			
				The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
			
		
	
	
		
			The CustomPropertiesType enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.
		
		
			
				
					The Property construct enables the specification of a single Object Property.
				
			
		
	
	
		
			The PropertyType is a type representing the specification of a single Object Property.
		
		
			
				
					
						The name field specifies a name for this property.
					
				
				
					
						A description of what this property represents.
					
				
			
		
	
	
		
			The BaseObjectPropertyType is a type representing a common typing foundation for the specification of a single Object Property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
				
			
		
	
	
		
			The IntegerObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Int. This type will be assigned to any property of a CybOX object that should contain content of type Integer and enables the use of relevant metadata for the property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			The StringObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type String. This type will be assigned to any property of a CybOX object that should contain content of type String and enables the use of relevant metadata for the property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			The NameObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Name. This type will be assigned to any property of a CybOX object that should contain content of type Name and enables the use of relevant metadata for the property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			This type is an intermediate type to allow for the addition of the precision attribute to DateObjectPropertyType. It should not be used directly.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			The DateObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Date. This type will be assigned to any property of a CybOX object that should contain content of type Date and enables the use of relevant metadata for the property. In order to avoid ambiguity, it is strongly suggested that any date representation in this field include a timezone if it is known. As with the rest of the field, this should be formatted per the xs:date specification.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
			For fields of this type using CybOX patterning, it is strongly suggested that the condition (pattern type) is limited to one of Equals, DoesNotEqual, GreaterThan, LessThan, GreaterThanOrEqual, LessThanOrEqual, ExclusiveBetween, or InclusiveBetween. The use of other conditions may lead to ambiguity or unexpected results. When evaluating data against a pattern, the evaluator should take into account the precision of the field (as given by the precision attribute) and any timezone information that is available to perform a data-aware comparison. The usage of simple string comparisons is discouraged due to ambiguities in how precision and timezone information is processed.
		
		
			
				
					
						The precision of the associated time. If omitted, the default is "day", meaning the full field value. Digits in the date that are required by the xs:date datatype but are beyond the specified precision should be zeroed out.
						When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
					
				
			
		
	
	
		
			This type is an intermediate type to allow for the addition of the precision attribute to DateTimeObjectPropertyType. It should not be used directly.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			The DateTimeObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type DateTime. This type will be assigned to any property of a CybOX object that should contain content of type DateTime and enables the use of relevant metadata for the property.  In order to avoid ambiguity, it is strongly suggested that any dateTime representation in this field include a timezone. As with the rest of the field, this should be formatted per the xs:dateTime specification.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
			For fields of this type using CybOX patterning, it is strongly suggested that the condition (pattern type) is limited to one of Equals, DoesNotEqual, GreaterThan, LessThan, GreaterThanOrEqual, LessThanOrEqual, ExclusiveBetween, or InclusiveBetween. The use of other conditions may lead to ambiguity or unexpected results. When evaluating data against a pattern, the evaluator should take into account the precision of the field (as given by the precision attribute) and any timezone information that is available to perform a data-aware comparison. The usage of simple string comparisons is discouraged due to ambiguities in how precision and timezone information is processed.
		
		
			
				
					
						The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.
						When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
					
				
			
		
	
	
		
			The FloatObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Float. This type will be assigned to any property of a CybOX object that should contain content of type Float and enables the use of relevant metadata for the property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			The DoubleObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Double. This type will be assigned to any property of a CybOX object that should contain content of type Double and enables the use of relevant metadata for the property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			The UnsignedLongObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type UnsignedLong. This type will be assigned to any property of a CybOX object that should contain content of type UnsignedLong and enables the use of relevant metadata for the property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			The UnsignedIntegerObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type UnsignedInt. This type will be assigned to any property of a CybOX object that should contain content of type UnsignedInteger and enables the use of relevant metadata for the property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			The PositiveIntegerObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type PositveInteger. This type will be assigned to any property of a CybOX object that should contain content of type PositiveInteger and enables the use of relevant metadata for the property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			The HexBinaryObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type HexBinary. This type will be assigned to any property of a CybOX object that should contain content of type HexBinary and enables the use of relevant metadata for the property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			The LongObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type Long. This type will be assigned to any property of a CybOX object that should contain content of type Long and enables the use of relevant metadata for the property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			The NonNegativeIntegerObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type nonNegativeInteger. This type will be assigned to any property of a CybOX object that should contain content of type NonNegativeInteger and enables the use of relevant metadata for the property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the expected type for the value of the specified property.
					
				
			
		
	
	
		
			The AnyURIObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type anyURI. This type will be assigned to any property of a CybOX object that should contain content of type AnyURI and enables the use of relevant metadata for the property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			The DurationObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type duration. This type will be assigned to any property of a CybOX object that should contain content of type Duration and enables the use of relevant metadata for the property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			This type is an intermediate type to allow for the addition of the precision attribute to TimeObjectPropertyType. It should not be used directly.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			The TimeObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type time. This type will be assigned to any property of a CybOX object that should contain content of type Time and enables the use of relevant metadata for the property.  In order to avoid ambiguity, it is strongly suggested that any time representation in this field include a specification of the timezone if it is known. As with the rest of the field, this should be formatted per the xs:time specification.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
			For fields of this type using CybOX patterning, it is strongly suggested that the condition (pattern type) is limited to one of Equals, DoesNotEqual, GreaterThan, LessThan, GreaterThanOrEqual, LessThanOrEqual, ExclusiveBetween, or InclusiveBetween. The use of other conditions may lead to ambiguity or unexpected results. When evaluating data against a pattern, the evaluator should take into account the precision of the field (as given by the precision attribute) and any timezone information that is available to perform a data-aware comparison. The usage of simple string comparisons is discouraged due to ambiguities in how precision and timezone information is processed.
		
		
			
				
					
						The precision of the associated time. If omitted, the default is "second", meaning the full field value (including fractional seconds). Digits in the time that are required by the xs:time datatype but are beyond the specified precision should be zeroed out.
						When used in conjunction with CybOX patterning, the pattern should only be evaluated against the target up to the given precision.
					
				
			
		
	
	
		
			The Base64BinaryObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type base64Binary. This type will be assigned to any property of a CybOX object that should contain content of type Base64Binary and enables the use of relevant metadata for the property.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.
					
				
			
		
	
	
		
			The ObjectPropertyGroup is a simple field group aggregating a set of fields for Object Properties.
		
		
			
				The id field specifies a unique ID for this Object Property.
			
		
		
			
				The idref field specifies a unique ID reference for this Object Property.
				When idref is specified, the id attribute must not be specified, and any instance of this property should not hold content unless an extension of the property allows it.
			
		
		
			
				This attribute is optional and specifies the expected type for the value of the specified property.
			
		
		
			
				This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
			
		
		
			
				This field is optional and conveys whether the associated Object property has been obfuscated.
			
		
		
			
				This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
			
		
		
			
				This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
			
		
		
			
				This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
			
		
		
			
				This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
			
		
		
			
				This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
			
		
		
			
				This field is optional and specifies the encoding of the string when it is/was observed. This may be different from the encoding used to represent the string within this element.
				It is strongly recommended that character set names should be taken from the IANA character set registry (https://www.iana.org/assignments/character-sets/character-sets.xhtml).
				This field is intended to be applicable only to fields which contain string values.
			
		
	
	
		
			The PatternFieldGroup is a simple field group aggregating a set of fields for application of patterns.
		
		
			
				This field is optional and defines the relevant condition to apply to the value.
			
		
		
			
				The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive.
			
		
		
			
				This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
			
		
		
			
				The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##".
			
		
		
			
				Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
			
		
		
			
				This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
			
		
		
			
				This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
				Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification.
				Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
			
		
		
			
				This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
			
		
		
			
				This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
			
		
	
	
		
			ConditionTypeEnum is a (non-exhaustive) enumeration of condition types.
		
		
			
				
					Specifies the equality or = condition.
				
			
			
				
					Specifies the "does not equal" or != condition.
				
			
			
				
					Specifies the "contains" condition.
				
			
			
				
					Specifies the "does not contain" condition.
				
			
			
				
					Specifies the "starts with" condition.
				
			
			
				
					Specifies the "ends with" condition.
				
			
			
				
					Specifies the "greater than" condition.
				
			
			
				
					Specifies the "greater than or equal to" condition.
				
			
			
				
					Specifies the "less than" condition.
				
			
			
				
					Specifies the "less than or equal" condition.
				
			
			
				
					The pattern is met if the given value lies between the values indicated in the field value body, inclusive of the bounding values themselves. The field value body MUST contain at least 2 values to be valid. If the field value body contains more than 2 values, then only the greatest and least values are considered. (I.e., If the body contains "2,4,6", then an InclusiveBetween condition would be satisfied if the observed value fell between 2 and 6, inclusive. Since this is an inclusive range, an observed value of 2 or 6 would fit the pattern in this example.) As such, always treat the InclusiveBetween condition as applying to a single range for the purpose of evaluating the apply_condition attribute.
				
			
			
				
					The pattern is met if the given value lies between the values indicated in the field value body, exclusive of the bounding values themselves. The field value body MUST contain at least 2 values to be valid. If the field value body contains more than 2 values, then only the greatest and least values are considered. (I.e., If the body contains "2,4,6", then an InclusiveBetween condition would be satisfied if the observed value fell between 2 and 6, exclusive. Since this is an exclusive range, an observed value of 2 or 6 would not fit the pattern in this example.) As such, always treat the ExclusiveBetween condition as applying to a single range for the purpose of evaluating the apply_condition attribute.
				
			
			
				
					Specifies the condition that a value fits a given pattern.
				
			
			
				
					Specifies the condition of bitwise AND. Specifically, when applying this pattern, a given value is bitwise-ANDed with the bit_mask attribute value (which must be present). If the result is identical to the value provided in the body of this field value, the pattern is considered fulfilled.
				
			
			
				
					Specifies the condition of bitwise OR. Specifically, when applying this pattern, a given value is bitwise-ORed with the bit_mask attribute value (which must be present). If the result is identical to the value provided in the body of this field value, the pattern is considered fulfilled.
				
			
			
				
					Specifies the condition of bitwise XOR. Specifically, when applying this pattern, a given value is bitwise-XORed with the bit_mask attribute value (which must be present). If the result is identical to the value provided in the body of this field value, the pattern is considered fulfilled.
				
			
		
	
	
		
			Used to indicate how a condition should be applied to a list of values.
		
		
			
				
					Indicates that a pattern holds if the given condition can be successfully applied to any of the field values.
				
			
			
				
					Indicates that a pattern holds only if the given condition can be successfully applied to all of the field values.
				
			
			
				
					Indicates that a pattern holds only if the given condition can be successfully applied to none of the field values.
				
			
		
	
	
		
			DataTypeEnum is a (non-exhaustive) enumeration of data types.
		
		
			
				
					Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
				
			
			
				
					Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
				
			
			
				
					Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
				
			
			
				
					Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
				
			
			
				
					Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
				
			
			
				
					Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
				
			
			
				
					Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
				
			
			
				
					Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
				
			
			
				
					Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
				
			
			
				
					Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
				
			
			
				
					Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
				
			
			
				
					Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
				
			
			
				
					Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
				
			
			
				
					Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
				
			
			
				
					Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
				
			
			
				
					Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
				
			
			
				
					Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
				
			
			
				
					Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
				
			
			
				
					Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
				
			
			
				
					Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
				
			
			
				
					Specifies a host name. For compatibility reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
				
			
			
				
					Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
				
			
			
				
					Specifies a domain name, which is represented by a series of labels concatenated with dots conforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
				
			
			
				
					Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
				
			
			
				
					Specifies a timezone in UTC notation (UTC+number).
				
			
			
				
					Specifies arbitrary octal (base-8) encoded data.
				
			
			
				
					Specifies arbitrary binary encoded data.
				
			
			
				
					Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
				
			
			
				
					Specifies a subnet mask in IPv4 or IPv6 notation.
				
			
			
				
					Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html.
				
			
			
				
					Specifies data represented as a container of multiple data of a shared elemental type.
				
			
			
				
					Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
				
			
			
				
					Specifies a CWE ID, expressed as CWE- appended by an integer.
				
			
			
				
					Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
				
			
			
				
					Specifies a CCE ID, expressed as CCE- appended by an integer.
				
			
			
				
					Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
				
			
		
	
	
		
			The PatternTypeEnum type is a non-exhaustive enumeration of potentially relevant pattern types.
		
		
			
				
					Specifies the regular expression pattern type.
				
			
			
				
					Specifies the binary (bit operations) pattern type.
				
			
			
				
					Specifies the XPath 1.0 expression pattern type.
				
			
		
	
	
		
			The LocationType is used to express geographic location information.
			This type is extended through the xsi:type mechanism. The default type is CIQAddress3.0InstanceType in the http://cybox.mitre.org/extensions/Address#CIQAddress3.0-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address_3.0/1.0/ciq_address_3.0.xsd.	
			Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field of this type.
		
		
			
				
					The Name field allows for expression of an location through a simple name.
				
			
		
		
			
				Specifies a unique ID for this Location.
			
		
		
			
				Specifies a reference to a unique ID defined elsewhere.
			
		
	
	
		
			The ExtractedFeaturesType is a type representing a description of features extracted from an object such as a file.
		
		
			
				
					This field enables description of a set of static strings extracted from a raw cyber object.
				
			
			
				
					This field enables description of a set of references to external resources imported by a raw cyber object.
				
			
			
				
					This field enables description of a set of references to functions called by a raw cyber object.
				
			
			
				
					This field enables description of a set of code snippets extracted from a raw cyber object.
				
			
		
	
	
		
			The ExtractedStringsType type is intended as container for strings extracted from CybOX objects.
		
		
			
				
					This field enables description of a single static string extracted from a raw cyber object.
				
			
		
	
	
		
			The ExtractedStringType type is intended as container a single string extracted from a CybOX object.
		
		
			
				
					The Encoding field refers to the encoding method used for the string extracted from the CybOX object, via a standardized controlled vocabulary.
					This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is CharacterEncodingVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
					Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
				
			
			
				
					The String_Value field specifies the actual value of the string extracted from the CybOX object, if it is capable of being represented in the encoding scheme used in the document (most commonly UTF-8).
				
			
			
				
					The Byte_String_Value field specifies the raw, byte-string representation of the string extracted from the CybOX object, in hexadecimal format.
				
			
			
				
					The Hashes field is used to include any hash values computed using the string extracted from the CybOX object as input.
				
			
			
				
					The Address field specifies the location or offset of the specified string in the CybOX objects.
				
			
			
				
					The Length field specifies the length, in characters, of the string extracted from the CybOX object.
				
			
			
				
					The Language field specifies the language the string is written in, e.g. English. For consistency, we strongly recommend using the ISO 639-2 language code, if available. Please see http://www.loc.gov/standards/iso639-2/php/code_list.php for a list of ISO 639-2 codes.
				
			
			
				
					The English_Translation field specifies the English translation of the string, if it is not written in English.
				
			
		
	
	
		
			The ImportsType is intended to represent an extracted list of imports specified within a CybOX object.
		
		
			
				
					This field enables description of a single reference to an external resource imported by a raw cyber object.
				
			
		
	
	
		
			The FunctionsType is intended to represent an extracted list of functions leveraged within a CybOX object.
		
		
			
				
					This field enables description of a single reference to a function called by a raw cyber object.
				
			
		
	
	
		
			The CodeSnippetsType is intended to represent an set of code snippets extracted from within a CybOX object.
		
		
			
				
					This field enables description of a single code snippet extracted from a raw cyber object. Code_Snippet should be of CodeObj:CodeObjectType.
				
			
		
	
	
		
			The ByteRunsType is used for representing a list of byte runs from within a raw object.
		
		
			
				
					The Byte_Run field contains a single byte run from the raw object.
				
			
		
	
	
		
			The ByteRunType is used for representing a single byte run from within a raw object.
		
		
			
				
					The Offset field specifies the offset of the beginning of the byte run as measured from the beginning of the object.
				
			
			
				
					The Byte_Order field specifies the endianness of the unpacked (e.g., unencoded, unencrypted, etc.) data contained within the Byte_Run_Data field.
				
			
			
				
					The File_System_Offset field is relevant only for byte runs of files in forensic analysis.It specifies the offset of the beginning of the byte run as measured from the beginning of the relevant file system.
				
			
			
				
					The Image_Offset field is provided for forensic analysis purposes and specifies the offset of the beginning of the byte run as measured from the beginning of the relevant forensic image.
				
			
			
				
					The Length field specifies the number of bytes in the byte run.
				
			
			
				
					The Hashes field contains computed hash values for this the data in this byte run.
				
			
			
				
					The Byte_Run_Data field contains a raw dump of the byte run data, typically enclosed within an XML CDATA section.
				
			
		
	
	
		
			The HashListType type is used for representing a list of hash values.
		
		
			
				
					The Hash field specifies a single calculated hash value.
				
			
		
	
	
		
			The HashValueType is used for specifying the resulting value from a hash calculation.
		
		
			
				
					The Simple_Hash_Value field specifies a single result value of a basic cryptograhic hash function outputting a single hexbinary hash value.
				
			
			
				
					The Fuzzy_Hash_Value field specifies a single result value of a cryptograhic fuzzy hash function outputting a single complex string based hash value. (e.g. SSDEEP's Block1hash:Block2hash format).
				
			
		
	
	
		
			The SimpleHashValueType is used for characterizing the output of basic cryptograhic hash functions outputting a single hexbinary hash value.
		
		
			
		
	
	
		
			The FuzzyHashValueType is used for characterizing the output of cryptograhic fuzzy hash functions outputting a single complex string based hash value.
		
		
			
		
	
	
		
			The FuzzyHashStructureType is used for characterizing the internal components of a cryptograhic fuzzy hash algorithmic calculation.
		
		
			
				
					The Block_Size field is optional and specifies the calculated block size for this fuzzy hash calculation.
				
			
			
				
					The Block_Hash field is optional and enables specification of the elemental components utilized for a fuzzy hash calculation on the hashed object utilizing Block_Size to calculate trigger points.
				
			
		
	
	
		
			The FuzzyHashBlockType is used for characterizing the internal components of a single block in a cryptograhic fuzzy hash algorithmic calculation.
		
		
			
				
					The Block_Hash_Value field is optional and specifies a fuzzy hash calculation result value for this Block.
				
			
			
				
					The Segment_Count field is optional and specifies the number of segments identified and utilized within this fuzzy hash calculation.
				
			
			
				
					The Segments field is optional and specifies the set of segments identified and utilized within this fuzzy hash calculation.
				
			
		
	
	
		
			The HashSegmentsType is used for characterizing the internal components of a set of trigger point-delimited segments in a cryptographic fuzzy hash algorithmic calculation.
		
		
			
				
					The Segment field is optional and specifies a single segment identified and utilized within this fuzzy hash calculation.
				
			
		
	
	
		
			The HashSegmentType is used for characterizing the internal components of a single trigger point-delimited segment in a cryptograhic fuzzy hash algorithmic calculation.
		
		
			
				
					The Trigger_point field is optional and specifies the offset within the hashed object of the trigger point for this segment.
				
			
			
				
					The Segment_Hash field is optional and specifies a calculated hash value for this segment.
				
			
			
				
					The Raw_Segment_Content field is optional and contains the raw content of this segment of the hashed object.
				
			
		
	
	
		
			The HashType type is intended to characterize hash values.
		
		
			
				
					The Type field utilizes a standardized controlled vocabulary to capture the type of hash used in the Simple_Hash_Value or Fuzzy_Hash_Value elements.
					This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is HashNameVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
					Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
				
			
			
				
					
						The Simple_Hash_Value field specifies a single result value of a basic cryptograhic hash function outputting a single hexbinary hash value.
					
				
				
					
						The Fuzzy_Hash_Value field specifies a single result value of a cryptograhic fuzzy hash function outputting a single complex string based hash value. (e.g. SSDEEP's Block1hash:Block2hash format).
					
				
			
			
				
					The Fuzzy_Hash_Structure field is optional and enables the characterization of the key internal components of a fuzzy hash calculation with a given block size.
				
			
		
	
	
		
			The StructuredTextType is a type representing a generalized structure for capturing structured or unstructured textual information such as descriptions of things.
		
		
			
				
					
						Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interfering with XML validation of the CybOX document. If this attribute is absent, the implication is that no markup is being used.
					
				
			
		
	
	
		
			The DataSegmentType is intended to provide a relatively abstract way of characterizing data segments that may be written/read/transmitted or otherwise utilized in actions or behaviors.
		
		
			
				
					The Data_Format field refers to the type of data contained in the Data_Segment element.
				
			
			
				
					The Data_Size field contains the size of the data contained in this element.
				
			
			
				
					The Byte_Order field specifies the endianness of the unpacked (e.g., decoded, unencrypted, etc.) data stored within the Data_Segment field.
				
			
			
				
					The Data_Segment field contains the actual segment of data being characterized.
				
			
			
				
					The Offset field allows for the specification of where to start searching for the specified data segment in an object, in bytes.
				
			
			
				
					The Search_Distance field specifies how far into an object should be ignored, in bytes, before starting to search for the specified data segment relative to the end of the previous data segment.
				
			
			
				
					The Search_Within field specifies that at most N bytes are between data segments in related objects.
				
			
		
		
			
				The id field specifies a unique id for this data segment.
			
		
	
	
		
			The DataFormatEnum is a (non-exhaustive) enumeration of data formats.
		
		
			
				
					Specifies binary data.
				
			
			
				
					Specifies hexadecimal data.
				
			
			
				
					Specifies text.
				
			
			
				
					Specifies any other type of data from the ones listed.
				
			
		
	
	
		
			The DataSizeType specifies the size of the data segment.
		
		
			
				
					
						This field represents the Units used in the object size element.
					
				
			
		
	
	
		
			The DataSizeUnitsEnum is a (non-exhaustive) enumeration of data size units.
		
		
			
				
					Specifies an object size in Bytes.
				
			
			
				
					Specifies an object size in Kilobytes.
				
			
			
				
					Specifies an object size in Megabytes.
				
			
		
	
	
		
			PlatformSpecificationType is a modularized data type intended for providing a consistent approach to uniquely specifying the identity of a specific platform.
			In addition to capturing basic information, this type is intended to be extended to enable the structured description of a platform instance using the XML Schema extension feature. The CybOX default extension uses the Common Platform Enumeration (CPE) Applicability Language schema to do so. The extension that defines this is captured in the CPE23PlatformSpecificationType in the http://cybox.mitre.org/extensions/platform#CPE2.3-1 namespace. This type is defined in the extensions/platform/cpe2.3.xsd file.
		
		
			
				
					A prose description of the indicated platform.
				
			
			
				
					Indicates a pre-defined name for the given platform using some naming scheme. For example, one could provide a CPE (Common Platform Enumeration) name using the CPE naming format.
				
			
		
	
	
		
			Used to specify a name for a platform using a particular naming system and also allowing a reference pointing to more information about that naming scheme. For example, one could provide a CPE (Common Platform Enumeration) name using the CPE naming format. In this case, the system value could be "CPE" while the system_ref value could be "http://scap.nist.gov/specifications/cpe/".
		
		
			
				
					
						Indicates the naming system from which the indicated name was drawn.
					
				
				
					
						A reference to information about the naming system from which the indicated name was drawn.
					
				
			
		
	
	
		
			The MetadataType is intended as mechanism to capture any non-context-specific metadata.
		
		
			
				
					This field specifies the value of name of a single metadata field.
				
			
			
				
					This field uses recursion of the MetadataType specify subdatum structures for this metadata field.
				
			
		
		
			
				This field specifies the type of name of a single metadata field.
			
		
	
	
		
			The EnvironmentVariableListType type is used for representing a list of environment variables.
		
		
			
				
					The Environment_Variable field is used for representing environment variables using a name/value pair.
				
			
		
	
	
		
			The EnvironmentVariableType type is used for representing environment variables using a name/value pair.
		
		
			
				
					The Name field specifies the name of the environment variable.
				
			
			
				
					The Value field specifies the value of the environment variable.
				
			
		
	
	
		
			The DigitalSignaturesType is used for representing a list of digital signatures.
		
		
			
				
					The Digital_Signature field is optional and captures a single digital signature for this Object.
				
			
		
	
	
		
			The DigitalSignatureInfoType type is used as a way to represent some of the basic information about a digital signature.
		
		
			
				
					The certificate issuer of the digital signature.
				
			
			
				
					The certificate subject of the digital signature.
				
			
			
				
					A description of the digital signature.
				
			
		
		
			
				Specifies whether the digital signature exists.
			
		
		
			
				Specifies if the digital signature is verified.
			
		
	
	
		
			The PatternableFieldType is a grouping of attributes applicable to defining patterns on a specific field.
		
		
			
				
			
		
	
	
		
			The ControlledVocabularyStringType is used as the basis for defining controlled vocabularies.
		
		
			
				
					
						The vocab_name field specifies the name of the controlled vocabulary.
					
				
				
					
						The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.
					
				
			
		
	
	
		
			This type is used as a replacement for the standard xs:date type but allows for the representation of the precision of the date. If the precision is given, consumers must ignore the portions of this field that is more precise than the given precision. Producers should zero-out (fill with zeros) digits in the date that are required by the xs:date datatype but are beyond the specified precision.
			In order to avoid ambiguity, it is strongly suggested that all dates include a specification of the timezone if it is known.
		
		
			
				
					
						The precision of the associated date. If omitted, the default is "day", meaning the full field value.
					
				
			
		
	
	
		
			This type is used as a replacement for the standard xs:dateTime type but allows for the representation of the precision of the dateTime.  If the precision is given, consumers must ignore the portions of this field that is more precise than the given precision. Producers should zero-out (fill with zeros) digits in the dateTime that are required by the xs:dateTime datatype but are beyond the specified precision.
			In order to avoid ambiguity, it is strongly suggested that all dateTimes include a specification of the timezone if it is known.
		
		
			
				
					
						The precision of the associated dateTime. If omitted, the default is "second", meaning the full field value (including fractional seconds).
					
				
			
		
	
	
		
			Possible values for representing date precision.
		
		
			
				
					Date is precise to the given year.
				
			
			
				
					Date is precise to the given month.
				
			
			
				
					Date is precise to the given day.
				
			
		
	
	
		
			Possible values for representing time precision.
		
		
			
				
					Time is precise to the given hour.
				
			
			
				
					Time is precise to the given minute.
				
			
			
				
					Time is precise to the given second (including fractional seconds).
				
			
		
	
	
		
			Possible values for representing time precision.
		
		
	
	
		
			SIDType specifies Windows Security ID (SID) types via a union of the SIDTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
			Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the expected type for the value of the specified property.
					
				
			
		
	
	
		
			The SIDTypeEnum type is an enumeration of Windows Security ID (SID) types. These correspond to the values specified by the SID_NAME_USE enumeration--see http://msdn.microsoft.com/en-us/library/windows/desktop/aa379601(v=vs.85).aspx for more information.
		
		
			
				
					Indicates a SID of type User.
				
			
			
				
					Indicates a SID of type Group.
				
			
			
				
					Indicates a SID of type Domain.
				
			
			
				
					Indicates a SID of type Alias.
				
			
			
				
					Indicates a SID for a well-known group.
				
			
			
				
					Indicates a SID for a deleted account.
				
			
			
				
					Indicates an invalid SID.
				
			
			
				
					Indicates a SID of unknown type.
				
			
			
				
					Indicates a SID for a computer.
				
			
			
				
					Indicates a mandatory integrity label SID.
				
			
		
	
	
		
			Layer4ProtocolType specifies Layer 4 protocol types, via a union of the Layer4ProtocolEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the expected type for the value of the specified property.
					
				
			
		
	
	
		
			Layer4ProtocolEnum is a non-exhaustive enumeration of Layer 4 (transport) layer protocols.
		
		
			
				
					Specifies the Transmission Control Protocol.
				
			
			
				
					Specifies the User Datagram Protocol.
				
			
			
				
					Specifies the Authentication Header protocol.
				
			
			
				
					Specifies the Encapsulating Security Payload protocol.
				
			
			
				
					Specifies the Generic Routing Encapsulation protocol.
				
			
			
				
					Specifies the Internet Link protocol.
				
			
			
				
					Specifies the Stream Control Transmission Protocol.
				
			
			
				
					Specifies the Siemens Sinec H1 protocol.
				
			
			
				
					Specifies the Sequenced Packet Exchange protocol.
				
			
			
				
					Specifies the Datagram Congestion Control Protocol.
				
			
		
	
	
		
			The EndiannessType specifies names for byte ordering methods.
		
		
			
				
					
				
				
					
						This attribute is optional and specifies the expected type for the value of the specified property.
					
				
			
		
	
	
		
			The EndiannessTypeEnum is a non-exhaustive eumeration of byte ordering methods.
		
		
			
				
					The Big-endian value specifies a big-endian byte ordering.
				
			
			
				
					The Little-endian value specifies a little-endian byte ordering.
				
			
			
				
					The Middle-endian value specifies a middle-endian byte ordering.
				
			
		
	
	
		
			CipherType specifies encryption algorithms, via a union of the CipherEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
		
		
			
				
					
				
			
		
	
	
		
			CipherEnum is a non-exhaustive enumeration of encryption algorithms.
		
		
			
				
					Specifies the Triple Data Encryption Standard (DES) algorithm.
				
			
			
				
					Specifies the Advanced Encryption Standard (AES) algorithm.
				
			
			
				
					Specifies the Blowfish algorithm.
				
			
			
				
					Specifies the CAST-128 algorithm.
				
			
			
				
					Specifies the CAST-256 algorithm.
				
			
			
				
					Specifies the Data Encryption Standard (DES) algorithm.
				
			
			
				
					Specifies the International Data Encryption Algorithm (IDEA).
				
			
			
				
					Specifies the Rijndael algorithm.
				
			
			
				
					Specifies the RC5 algorithm.
				
			
			
				
					Specifies the Skipjack algorithm.
				
			
		
	
	
		
			The RegionalRegistryType specifies a Regional Internet Registry (RIR) for a given WHOIS entry. RIRs defined by the RegionalRegistryTypeEnum may be used, as well as those specified by a free form text string.
		
		
			
				
					
				
			
		
	
	
		
			The RegionalRegistryTypeEnum is an enumeration of Regional Internet Registries (RIRs) names, represented via their respective acronyms.
		
		
			
				
					AfriNIC stands for African Network Information Centre, and is the RIR for Africa.
				
			
			
				
					ARIN stands for American Registry for Internet Numbers, and is the RIR for the United States, Canada, several parts of the Caribbean Region, and Antarctica.
				
			
			
				
					APNIC stands for Asia-Pacific Network Information Centre, and is the RIR for Asia, Australia, New Zealand, and neighboring countries.
				
			
			
				
					LACNIC stands for Latin American and Caribbean Network Information Centre, and is the RIR for Latin America and parts of the Caribbean region.
				
			
			
				
					RIPE NCC stands for Réseaux IP Européens Network Coordination Centre, and is the RIR for Europe, Russia, the Middle East, and Central Asia.
				
			
		
	





© 2015 - 2024 Weber Informatics LLC | Privacy Policy