schemas.v1.2.0.cybox.cybox_default_vocabularies.xsd Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of stix Show documentation
Show all versions of stix Show documentation
The Java bindings for STIX v.1.2.0.2
This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
cybox_default_vocabularies
2.1
01/22/2014
The following defines types for default controlled vocabularies used within CybOX. An individual vocabulary may be revised at any time. Revisions to vocabularies will result in the creation of new types with the new version number embedded in the name of those types. Vocabularies can be reference from CybOX elements through the use of xsi:Type. The individual elements where this may be done indicate the expected default vocabulary.
Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.
The ActionTypeVocab is the default CybOX vocabulary for Action Types, captured via the ActionType/Type element in CybOX Core.
ActionTypeEnum is a (non-exhaustive) enumeration of cyber observable action types.
Specifies the atomic action of accepting an object or value.
Specifies the atomic action of accessing an object.
Specifies the atomic action of adding an object.
Specifies the atomic action of issuing an alert.
Specifies the atomic action of allocating an object.
Specifies the atomic action of archiving an object or data.
Specifies the atomic action of assigning a value to an object.
Specifies the atomic action of auditing an object or data.
Specifies the atomic action of backing up an object or data.
Specifies the atomic action of binding two objects.
Specifies the atomic action of blocking access to an object or resource.
Specifies the atomic action of calling an object or resource.
Specifies the atomic action of changing an object.
Specifies the atomic action of checking an object.
Specifies the atomic action of cleaning an object, such as a file system.
Specifies the atomic action of clicking an object, as with a mouse.
Specifies the atomic action of closing an object, such as a window handle.
Specifies the atomic action of comparing two objects.
Specifies the atomic action of compressing an object.
Specifies the atomic action of configuring a resource.
Specifies the atomic action of connecting to an object, such as a service or resource.
Specifies the atomic action of controlling an object or data.
Specifies the atomic action of copying or duplicating an object or data EXCEPT in cases where the object is considered a thread or process as a whole.
Specifies the atomic action of creating an object or data.
Specifies the atomic action of decoding an object or data.
Specifies the atomic action of decompressing an object, such as an archive.
Specifies the atomic action of decrypting an object.
Specifies the atomic action of denying access to a object or resource.
Specifies the atomic action of depressing an object that has been pressed, such a button.
Specifies the atomic action of detecting an object.
Specifies the atomic action of disconnecting from a service or resource.
Specifies the atomic action of downloading an object or data.
Specifies the atomic action of drawing an object.
Specifies the atomic action of dropping an object, such as a connection.
Specifies the atomic action of encoding an object or data.
Specifies the atomic action of encrypting an object or data.
Specifies the atomic action of enumerating a list of objects.
Specifies the atomic action of executing an object, such as an executable file.
Specifies the atomic action of extracting an object.
Specifies the atomic action of filtering an object or data.
Specifies the atomic action of finding an object or data.
Specifies the atomic action of flushing an object or data, such as a cache.
Specifies the atomic action of forking, as with a process. Because this is usually associated with processes and threads and does not generalize to objects, it is DIFFERENT from Copy/Duplicate.
Specifies the atomic action of freeing an object.
Specifies the atomic action of getting a value from an object.
Specifies the atomic action of hooking an object to another object.
Specifies the atomic action of hiding an object.
Specifies the atomic action of impersonation, in which an object performs actions that assume the character or appearance of another object.
Specifies the atomic action of initializing an object.
Specifies the atomic action of injecting an object.
Specifies the atomic action of installing an object, such as an application, program, patch, or other resource.
Specifies the atomic action of interleaving an object, i.e. the action of arranging data in a non-contiguous way to increase performance.
Specifies the atomic action of joining one object to another object.
Specifies the atomic action of killing an object, as with a thread or program.
Specifies the atomic action of listening to an object, such as to a port on a network connection.
Specifies the atomic action of loading an object.
Specifies the atomic action of locking an object.
Specifies the atomic action of logging into an object, such as into a system or application.
Specifies the atomic action of logging out of an object, such as a system or application.
Specifies the atomic action of mapping an object to another object or data.
Specifies the atomic action of merging one object to another object.
Specifies the atomic action of modifying an object.
Specifies the atomic action of monitoring the state of an object.
Specifies the atomic action of moving an object.
Specifies the atomic action of opening an object.
Specifies the atomic action of packing an object.
Specifies the atomic action of pausing an object, such as a thread or process.
Specifies the atomic action of pressing an object, such as a button.
Specifies the atomic action of protecting an object.
Specifies the atomic action of placing an object in quarantine, that is, to store the object in an isolated area away from other objects it can operate on.
Specifies the atomic action of querying an object.
Specifies the atomic action of queueing an object.
Specifies the atomic action of raising an object.
Specifies the atomic action of reading an object.
Specifies the atomic action of receiving an object.
Specifies the atomic action of releasing an object.
Specifies the atomic action of renaming an object.
Specifies the atomic action of removing or deleting an object.
Specifies the atomic action of replicating an object.
Specifies the atomic action of restoring an object.
Specifies the atomic action of resuming an object, as with a process or thread.
Specifies the atomic action of reverting an object.
Specifies the atomic action of running an object, such as an application.
Specifies the atomic action of saving an object.
Specifies the atomic action of scanning for an object or data.
Specifies the atomic action of scheduling an object, such as an event.
Specifies the atomic action of searching for an object.
Specifies the atomic action of sending an object.
Specifies the atomic action of setting an object to a value.
Specifies the atomic action of shutting down an object.
Specifies the atomic action of putting to sleep an object.
Specifies the atomic action taking a snapshot of an object.
Specifies the atomic action of starting an object, such as a thread or process.
Specifies the atomic action of stopping an object, such as a thread or process.
Specifies the atomic action of suspending an object, such an account or privileges for an account.
Specifies the atomic action of synchronizing an object.
Specifies the atomic action of throwing an object, such as an exception in a programming language.
Specifies the atomic action of transmitting an object.
Specifies the atomic action of unblocking an object.
Specifies the atomic action of unhiding an object.
Specifies the atomic action of unhooking an object from another object, that is, to detach.
Specifies the atomic action of uninstalling an object.
Specifies the atomic action of unloading an object.
Specifies the atomic action of unlocking an object.
Specifies the atomic action of unmapping an object from another object or data.
Specifies the atomic action of unpacking an object, such as an archive.
Specifies the atomic action of updating an object.
Specifies the atomic action of upgrading an object.
Specifies the atomic action of uploading an object.
Specifies the atomic action of wiping, destroying, or purging an object.
Specifies the atomic action of writing an object.
The ActionNameVocab is the default CybOX vocabulary for Action Types, captured via the ActionType/Name element in CybOX Core.
The ActionNameEnum type is an enumeration of defined action names.
Specifies the defined action of accepting a socket connection.
Specifies the defined action of adding a connection to an existing network share.
Specifies the defined action of adding a new network share.
Specifies the defined action of adding a new system call hook.
Specifies the defined action of adding a new user.
Specifies the defined action of adding a new Windows hook.
Specifies the defined action of adding a scheduled task.
Specifies the defined action of allocating virtual memory in a process.
Specifies the defined action of binding an address to a socket.
Specifies the defined action of changing the service configuration.
Specifies the defined action of checking for a remote debugger.
Specifies the defined action of closing a port.
Specifies the defined action of closing a registry key.
Specifies the defined action of closing a socket.
Specifies the defined action of configuring a service.
Specifies the defined action of connecting to an IP address.
Specifies the defined action of connecting to a named pipe.
Specifies the defined action of connecting to a network share.
Specifies the defined action of connecting to a socket.
Specifies the defined action of connecting to a URL.
Specifies the defined action of controlling a driver.
Specifies the defined action of controlling a service.
Specifies the defined action of copying a file.
Specifies the defined action of creating a dialog box.
Specifies the defined action of creating a new directory.
Specifies the defined action of creating an event.
Specifies the defined action of creating a file.
Specifies the defined action of creating an alternate data stream in a file.
Specifies the defined action of creating a new file mapping.
Specifies the defined action of creating a file symbolic link.
Specifies the defined action of creating a hidden file.
Specifies the defined action of creating a mailslot.
Specifies the defined action of creating a module.
Specifies the defined action of creating a mutex.
Specifies the defined action of creating a named pipe.
Specifies the defined action of creating a process.
Specifies the defined action of creating a process as user.
Specifies the defined action of creating a registry key.
Specifies the defined action of creating a registry key value.
Specifies the defined action of creating a remote thread in a process.
Specifies the defined action of creating a service.
Specifies the defined action of creating a socket.
Specifies the defined action of creating a symbolic link.
Specifies the defined action of creating a thread.
Specifies the defined action of creating a window.
Specifies the defined action of deleting a directory.
Specifies the defined action of deleting a file.
Specifies the defined action of deleting a named pipe.
Specifies the defined action of deleting a network share.
Specifies the defined action of deleting a registry key.
Specifies the defined action of deleting a registry key value.
Specifies the defined action of deleting a service.
Specifies the defined action of deleting a user.
Specifies the defined action of disconnecting from a named pipe.
Specifies the defined action of disconnecting from a network share.
Specifies the defined action of disconnecting from a socket.
Specifies the defined action of downloading a file.
Specifies the defined action of enumerating DLLs.
Specifies the defined action of enumerating network shares.
Specifies the defined action of enumerating protocols.
Specifies the defined action of enumerating registry key subkeys.
Specifies the defined action of enumerating registry key values.
Specifies the defined action of enumerating threads in a process.
Specifies the defined action of enumerating processes.
Specifies the defined action of enumerating services.
Specifies the defined action of enumerating system handles.
Specifies the defined action of enumerating threads.
Specifies the defined action of enumerating users.
Specifies the defined action of enumerating windows.
Specifies the defined action of finding a file.
Specifies the defined action of finding a window.
Specifies the defined action of flushing the Process Instruction Cache.
Specifies the defined action of freeing a library.
Specifies the defined action of freeing virtual memory from a process.
Specifies the defined action of getting the amount of free space available on a disk.
Specifies the defined action of getting the disk type.
Specifies the defined action of getting the elapsed system up-time.
Specifies the defined action of getting file attributes.
Specifies the defined action of getting the function address.
Specifies the defined action of getting system global flags.
Specifies the defined action of getting host by address.
Specifies the defined action of getting host by name.
Specifies the defined action of getting the host name.
Specifies the defined action of getting the library file name.
Specifies the defined action of getting the library handle.
Specifies the defined action of getting the NetBIOS name.
Specifies the defined action of getting the process's current directory.
Specifies the defined action of getting the process environment variable.
Specifies the defined action of getting the process startup information.
Specifies the defined action of getting the processes snapshot.
Specifies the defined action of getting the attributes of a registry key.
Specifies the defined action of getting the service status.
Specifies the defined action of getting the system global flags.
Specifies the defined action of getting the local time on a system.
Specifies the defined action of getting the system host name.
Specifies the defined action of getting the NetBIOS name of a system.
Specifies the defined action of getting the system network parameters.
Specifies the defined action of getting the system time.
Specifies the defined action of getting the thread context.
Specifies the defined action of getting the thread username.
Specifies the defined action of getting the attributes of a user.
Specifies the defined action of getting a username.
Specifies the defined action of getting a windows directory.
Specifies the defined action of getting a windows System directory.
Specifies the defined action of getting the Windows Temporary Files Directory.
Specifies the defined action of hiding a window.
Specifies the defined action of impersonating a process.
Specifies the defined action of impersonating a thread.
Specifies the defined action of injecting a memory page into a process.
Specifies the defined action of killing a process.
Specifies the defined action of killing a thread.
Specifies the defined action of killing a window.
Specifies the defined action of listening on a specific port.
Specifies the defined action of listening on a socket.
Specifies the defined action of loading and calling a driver.
Specifies the defined action of loading a driver.
Specifies the defined action of loading a library.
Specifies the defined action of loading a module.
Specifies the defined action of locking a file.
Specifies the defined action of logging on as a user.
Specifies the defined action of mapping a file.
Specifies the defined action of mapping a library.
Specifies the defined action of mapping a view of a file.
Specifies the defined action of modifying a file.
Specifies the defined action of modifying a named pipe.
Specifies the defined action of modifying a process.
Specifies the defined action of modifying a service.
Specifies the defined action of modifying a registry key.
Specifies the defined action of modifying a registry key value.
Specifies the defined action of monitoring a registry key.
Specifies the defined action of moving a file.
Specifies the defined action of opening a file.
Specifies the defined action of opening a file mapping.
Specifies the defined action of opening a mutex.
Specifies the defined action of opening a port.
Specifies the defined action of opening a process.
Specifies the defined action of opening a registry key.
Specifies the defined action of opening a service.
Specifies the defined action of opening a service control manager.
Specifies the defined action of protecting virtual memory.
Specifies the defined action of querying disk attributes.
Specifies the defined action of querying DNS.
Specifies the defined action of querying process virtual memory.
Specifies the defined action of querying the Asynchronous Procedure Call (APC) in the context of a thread.
Specifies the defined action of reading a file.
Specifies the defined action of reading from a named pipe.
Specifies the defined action of reading from process memory.
Specifies the defined action of reading a registry key value.
Specifies the defined action of receiving data on a socket.
Specifies the defined action of receiving an email message.
Specifies the defined action of releasing a mutex.
Specifies the defined action of renaming a file.
Specifies the defined action of reverting a thread to its self.
Specifies the defined action of sending a control code to a file.
Specifies the defined action of sending a control code to a pipe.
Specifies the defined action of sending control code to a service.
Specifies the defined action of sending data on a socket.
Specifies the defined action of sending data to the address on a socket.
Specifies the defined action of sending a DNS query.
Specifies the defined action of sending an email message.
Specifies the defined action of sending an ICMP request.
Specifies the defined action of sending a reverse DNS query.
Specifies the defined action of setting file attributes.
Specifies the defined action of setting the NetBIOS name.
Specifies the defined action of setting the process current directory.
Specifies the defined action of setting the process environment variable.
Specifies the defined action of setting system global flags.
Specifies the defined action of setting the system host name.
Specifies the defined action of setting the system time.
Specifies the defined action of setting the thread context.
Specifies the defined action of showing a window.
Specifies the defined action of shutting down a system.
Specifies the defined action of sleeping a process.
Specifies the defined action of sleeping a system.
Specifies the defined action of starting a service.
Specifies the defined action of unloading a driver.
Specifies the defined action of unlocking a file.
Specifies the defined action of unmapping a file.
Specifies the defined action of unloading a module.
Specifies the defined action of uploading a file.
Specifies the defined action of writing to a file.
Specifies the defined action of writing to process virtual memory.
The ActionNameVocab is the default CybOX vocabulary for Action Types, captured via the ActionType/Name element in CybOX Core.
NOTE: As of CybOX Version 2.1, this version of the ActionNameVocab is deprecated. Please use ActionNameVocab-1.1 instead.
The ActionNameEnum type is an enumeration of defined action names.
Specifies the defined action of accepting a socket connection.
Specifies the defined action of adding a connection to an existing network share.
Specifies the defined action of adding a new network share.
Specifies the defined action of adding a new system call hook.
Specifies the defined action of adding a new user.
Specifies the defined action of adding a new Windows hook.
Specifies the defined action of adding a scheduled task.
Specifies the defined action of allocating virtual memory in a process.
Specifies the defined action of binding an address to a socket.
Specifies the defined action of changing the service configuration.
Specifies the defined action of checking for a remote debugger.
Specifies the defined action of closing a port.
Specifies the defined action of closing a registry key.
Specifies the defined action of closing a socket.
Specifies the defined action of configuring a service.
Specifies the defined action of connecting to an IP address.
Specifies the defined action of connecting to a named pipe.
Specifies the defined action of connecting to a network share.
Specifies the defined action of connecting to a socket.
Specifies the defined action of connecting to a URL.
Specifies the defined action of controlling a driver.
Specifies the defined action of controlling a service.
Specifies the defined action of copying a file.
Specifies the defined action of creating a dialog box.
Specifies the defined action of creating a new directory.
Specifies the defined action of creating an event.
Specifies the defined action of creating a file.
Specifies the defined action of creating an alternate data stream in a file.
Specifies the defined action of creating a new file mapping.
Specifies the defined action of creating a file symbolic link.
Specifies the defined action of creating a hidden file.
Specifies the defined action of creating a mailslot.
Specifies the defined action of creating a module.
Specifies the defined action of creating a mutex.
Specifies the defined action of creating a named pipe.
Specifies the defined action of creating a process.
Specifies the defined action of creating a process as user.
Specifies the defined action of creating a registry key.
Specifies the defined action of creating a registry key value.
Specifies the defined action of creating a remote thread in a process.
Specifies the defined action of creating a service.
Specifies the defined action of creating a socket.
Specifies the defined action of creating a symbolic link.
Specifies the defined action of creating a thread.
Specifies the defined action of creating a window.
Specifies the defined action of deleting a directory.
Specifies the defined action of deleting a file.
Specifies the defined action of deleting a named pipe.
Specifies the defined action of deleting a network share.
Specifies the defined action of deleting a registry key.
Specifies the defined action of deleting a registry key value.
Specifies the defined action of deleting a service.
Specifies the defined action of deleting a user.
Specifies the defined action of disconnecting from a named pipe.
Specifies the defined action of disconnecting from a network share.
Specifies the defined action of disconnecting from a socket.
Specifies the defined action of downloading a file.
Specifies the defined action of enumerating DLLs.
Specifies the defined action of enumerating network shares.
Specifies the defined action of enumerating protocols.
Specifies the defined action of enumerating registry key subkeys.
Specifies the defined action of enumerating registry key values.
Specifies the defined action of enumerating threads in a process.
Specifies the defined action of enumerating processes.
Specifies the defined action of enumerating services.
Specifies the defined action of enumerating system handles.
Specifies the defined action of enumerating threads.
Specifies the defined action of enumerating users.
Specifies the defined action of enumerating windows.
Specifies the defined action of finding a file.
Specifies the defined action of finding a window.
Specifies the defined action of flushing the Process Instruction Cache.
Specifies the defined action of freeing a library.
Specifies the defined action of freeing virtual memory from a process.
Specifies the defined action of getting the amount of free space available on a disk.
Specifies the defined action of getting the disk type.
Specifies the defined action of getting the elapsed system up-time.
Specifies the defined action of getting file attributes.
Specifies the defined action of getting the function address.
Specifies the defined action of getting system global flags.
Specifies the defined action of getting host by address.
Specifies the defined action of getting host by name.
Specifies the defined action of getting the host name.
Specifies the defined action of getting the library file name.
Specifies the defined action of getting the library handle.
Specifies the defined action of getting the NetBIOS name.
Specifies the defined action of getting the process's current directory.
Specifies the defined action of getting the process environment variable.
Specifies the defined action of getting the process startup information.
Specifies the defined action of getting the processes snapshot.
Specifies the defined action of getting the attributes of a registry key.
Specifies the defined action of getting the service status.
Specifies the defined action of getting the system global flags.
Specifies the defined action of getting the local time on a system.
Specifies the defined action of getting the system host name.
Specifies the defined action of getting the NetBIOS name of a system.
Specifies the defined action of getting the system network parameters.
Specifies the defined action of getting the system time.
Specifies the defined action of getting the thread context.
Specifies the defined action of getting the thread username.
Specifies the defined action of getting the attributes of a user.
Specifies the defined action of getting a username.
Specifies the defined action of getting a windows directory.
Specifies the defined action of getting a windows System directory.
Specifies the defined action of getting the Windows Temporary Files Directory.
Specifies the defined action of hiding a window.
Specifies the defined action of impersonating a process.
Specifies the defined action of impersonating a thread.
Specifies the defined action of injecting a memory page into a process.
Specifies the defined action of killing a process.
Specifies the defined action of killing a thread.
Specifies the defined action of killing a window.
Specifies the defined action of listening on a specific port.
Specifies the defined action of listening on a socket.
Specifies the defined action of loading and calling a driver.
Specifies the defined action of loading a driver.
Specifies the defined action of loading a library.
Specifies the defined action of loading a module.
Specifies the defined action of locking a file.
Specifies the defined action of logging on as a user.
Specifies the defined action of mapping a file.
Specifies the defined action of mapping a library.
Specifies the defined action of mapping a view of a file.
Specifies the defined action of modifying a file.
Specifies the defined action of modifying a named pipe.
Specifies the defined action of modifying a process.
Specifies the defined action of modifying a service.
Specifies the defined action of modifying a registry key.
Specifies the defined action of modifying a registry key value.
Specifies the defined action of monitoring a registry key.
Specifies the defined action of moving a file.
Specifies the defined action of opening a file.
Specifies the defined action of opening a file mapping.
Specifies the defined action of opening a mutex.
Specifies the defined action of opening a port.
Specifies the defined action of opening a process.
Specifies the defined action of opening a registry key.
Specifies the defined action of opening a service.
Specifies the defined action of opening a service control manager.
Specifies the defined action of protecting virtual memory.
Specifies the defined action of querying disk attributes.
Specifies the defined action of querying DNS.
Specifies the defined action of querying process virtual memory.
Specifies the defined action of querying the Asynchronous Procedure Call (APC) in the context of a thread.
Specifies the defined action of reading a file.
Specifies the defined action of reading from a named pipe.
Specifies the defined action of reading from process memory.
Specifies the defined action of reading a registry key value.
Specifies the defined action of receiving data on a socket.
Specifies the defined action of releasing a mutex.
Specifies the defined action of renaming a file.
Specifies the defined action of reverting a thread to its self.
Specifies the defined action of sending a control code to a file.
Specifies the defined action of sending a control code to a pipe.
Specifies the defined action of sending control code to a service.
Specifies the defined action of sending data on a socket.
Specifies the defined action of sending data to the address on a socket.
Specifies the defined action of sending a DNS query.
Specifies the defined action of sending an email message.
Specifies the defined action of sending an ICMP request.
Specifies the defined action of sending a reverse DNS query.
Specifies the defined action of setting file attributes.
Specifies the defined action of setting the NetBIOS name.
Specifies the defined action of setting the process current directory.
Specifies the defined action of setting the process environment variable.
Specifies the defined action of setting system global flags.
Specifies the defined action of setting the system host name.
Specifies the defined action of setting the system time.
Specifies the defined action of setting the thread context.
Specifies the defined action of showing a window.
Specifies the defined action of shutting down a system.
Specifies the defined action of sleeping a process.
Specifies the defined action of sleeping a system.
Specifies the defined action of starting a service.
Specifies the defined action of unloading a driver.
Specifies the defined action of unlocking a file.
Specifies the defined action of unmapping a file.
Specifies the defined action of unloading a module.
Specifies the defined action of uploading a file.
Specifies the defined action of writing to a file.
Specifies the defined action of writing to process virtual memory.
The ActionArgumentNameVocab is the default CybOX vocabulary for Action Argument Names, captured via the ActionArgumentType/Argument_Name element in CybOX Core.
The ActionArgumentNameEnum type is an enumeration of defined argument names.
Specifies an argument called API.
Specifies an argument called Application Name.
Specifies an argument called Database Name.
Specifies an argument called Privilege Name.
Specifies an argument called Proxy Name.
Specifies an argument called Proxy Bypass.
Specifies an argument called Creation Flags.
Specifies an argument called Flags.
Specifies an argument called Access Mode.
Specifies an argument called Share Mode.
Specifies an argument called Callback Address.
Specifies an argument called Source Address.
Specifies an argument called Destination Address.
Specifies an argument called Base Address.
Specifies an argument called Starting Address.
Specifies an argument called Size (bytes).
Specifies an argument called Number of Bytes Per Send.
Specifies an argument called Control Parameter.
Specifies an argument called Host Name.
Specifies an argument called Function Name.
Specifies an argument called Function Address.
Specifies an argument called Options.
Specifies an argument called Transfer Flags.
Specifies an argument called Control Code.
Specifies an argument called APC Mode.
Specifies an argument called APC Address.
Specifies an argument called Base Address.
Specifies an argument called Protection.
Specifies an argument called Target PID.
Specifies an argument called Mapping Offset.
Specifies an argument called File Information Class.
Specifies an argument called Function Ordinal.
Specifies an argument called Function Name.
Specifies an argument called Hook Type.
Specifies an argument called Request Size.
Specifies an argument called Requested Version.
Specifies an argument called Service Type.
Specifies an argument called Service State.
Specifies an argument called Service Name.
Specifies an argument called Hostname.
Specifies an argument called Shutdown Flag.
Specifies an argument called Sleep Time (ms).
Specifies an argument called Delay Time (ms).
Specifies an argument called Code Address.
Specifies an argument called Parameter Address.
Specifies an argument called Server.
Specifies an argument called Reason.
Specifies an argument called System Metric Index.
Specifies an argument called Initial Owner.
Specifies an argument called Initial Owner.
Specifies an argument called Username.
Specifies an argument called Password.
Specifies an argument called Command.
The ActionObjectAssocationVocab is the default CybOX vocabulary for Action-Object association types, captured via the AssociatedObjectType/Association_Type element in CybOX Core.
ActionObjectAssociationTypeEnum is a (non-exhaustive) enumeration of types of action-object associations.
Specifies that the associated object initiated the action.
Specifies that the associated object was affected by the action.
Specifies that the associated object was utilized by the action.
Specifies that the associated object was the result of the action.
The ActionObjectAssocationVocab is the default CybOX vocabulary for Action-Action relationships, captured via the ActionRelationshipType/Type element in the CybOX Core.
The ActionRelationshipTypeEnum is an enumeration of types of relationships between actions.
Specifies that this action is preceded by the related action.
Specifies that this action is followed by the related action.
Specifies that this entity (e.g. Action) is equivalent to the associated entity.
Specifies that this action is simply related to the related action in some way.
Specifies that this action is dependent on the related action.
Specifies that this action was initiated by the related action.
Specifies that this action initiated the related action.
The EventTypeVocab is the default CybOX vocabulary for Event types, captured via the EventType/Type element in the CybOX Core.
EventTypeEnum is a (non-exhaustive) enumeration of cyber observable event types.
Specifies the class of events dealing with file operations.
Specifies the class of events dealing with registry operations.
Specifies the class of events dealing with memory operations.
Specifies the class of events dealing with process management.
Specifies the class of events dealing with thread management.
Specifies the class of events dealing with service management.
Specifies the class of events dealing with session management.
Specifies the class of events dealing with API calls.
Specifies the class of events dealing with port scanning.
Specifies the class of events dealing with IP Operations.
Specifies the class of events dealing with DNS Lookup operations.
Specifies the class of events dealing with thread management.
Specifies the class of events dealing with thread management.
Specifies the class of events dealing with configuration management.
Specifies the class of events dealing with user/password management.
Specifies the class of events dealing with account operations at the application layer.
Specifies the class of events dealing with HTTP traffic.
Specifies the class of events dealing with Application Layer traffic.
Specifies the class of events dealing with packet traffic.
Specifies the class of events dealing with data flow.
Specifies the class of events dealing with anomaly events.
Specifies the class of events dealing with Technical compliance.
Specifies the class of events dealing with procedural compliance.
Specifies the class of events dealing with the GUI/Kernel-based Virtual Machine (KVM).
Specifies the class of events dealing with Autorun.
Specifies the class of events dealing with USB and/or Media detection.
Specifies the class of events dealing with the SQL language.
Specifies the class of events dealing with the Dynamic Host Configuration Protocol (DHCP).
Specifies the class of events dealing with redirection.
Specifies the class of events dealing with authentication operations.
Specifies the class of events dealing with authorization via Access Control Lists (ACL).
Specifies the class of events dealing with privilege operations.
Specifies the class of events dealing with basic system operations.
Specifies the class of events dealing with signature detection.
Specifies the class of events dealing with auto-update operations.
Specifies the class of events dealing with application logic.
Specifies the class of events dealing with e-mail operations.
The EventTypeVocab is the default CybOX vocabulary for Event types, captured via the EventType/Type element in the CybOX Core.
NOTE: As of CybOX Version 2.0.1, this version of the EventTypeVocab is deprecated. Please use EventTypeVocab-1.0.1 instead.
true
EventTypeEnum is a (non-exhaustive) enumeration of cyber observable event types.
NOTE: As of CybOX Version 2.0.1, this version of the EventTypeEnum is deprecated. Please use EventTypeEnum-1.0.1 instead.
true
Specifies the class of events dealing with file operations.
Specifies the class of events dealing with registry operations.
Specifies the class of events dealing with memory operations.
Specifies the class of events dealing with process management.
Specifies the class of events dealing with thread management.
Specifies the class of events dealing with service management.
Specifies the class of events dealing with session management.
Specifies the class of events dealing with API calls.
Specifies the class of events dealing with port scanning.
Specifies the class of events dealing with IP Operations.
Specifies the class of events dealing with DNS Lookup operations.
Specifies the class of events dealing with thread management.
Specifies the class of events dealing with thread management.
Specifies the class of events dealing with configuration management.
Specifies the class of events dealing with user/password management.
Specifies the class of events dealing with account operations at the application layer.
Specifies the class of events dealing with HTTP traffic.
Specifies the class of events dealing with Application Layer traffic.
Specifies the class of events dealing with packet traffic.
Specifies the class of events dealing with data flow.
Specifies the class of events dealing with anomoly events.
Specifies the class of events dealing with Technical compliance.
Specifies the class of events dealing with procedural compliance.
Specifies the class of events dealing with the GUI/Kernel-based Virtual Machine (KVM).
Specifies the class of events dealing with Autorun.
Specifies the class of events dealing with USB and/or Media detection.
Specifies the class of events dealing with the SQL language.
Specifies the class of events dealing with the Dynamic Host Configuration Protocol (DHCP).
Specifies the class of events dealing with redirection.
Specifies the class of events dealing with authentication operations.
Specifies the class of events dealing with authorization via Access Control Lists (ACL).
Specifies the class of events dealing with privilege operations.
Specifies the class of events dealing with basic system operations.
Specifies the class of events dealing with signature detection.
Specifies the class of events dealing with auto-update operations.
Specifies the class of events dealing with application logic.
Specifies the class of events dealing with e-mail operations.
The ObjectRelationshipVocab is the default CybOX vocabulary for Object-Object relationships, captured via the RelatedObjectType/Relationship element in CybOX Core.
NOTE: As of CybOX Version 2.1, this version of the ObjectRelationshipVocab is deprecated. Please use ObjectRelationshipVocab-1.1 instead.
ObjectRelationshipEnum is a (non-exhaustive) enumeration of inter-object relationships.
Specifies that this object created the related object.
Specifies that this object was created by the related object.
Specifies that this object deleted the related object.
Specifies that this object was deleted by the related object.
Specifies that this object modified the properties of the related object.
Specifies that the properties of this object were modified by the related object.
Specifies that this object was read from the related object.
Specifies that this object was read from by the related object.
Specifies that this object wrote to the related object.
Specifies that this object was written to by the related object.
Specifies that this object was downloaded from the related object.
Specifies that this object downloaded the related object.
Specifies that this object downloaded the related object.
Specifies that this object was downloaded by the related object.
Specifies that this object uploaded the related object.
Specifies that this object was uploaded by the related object.
Specifies that this object was uploaded to the related object.
Specifies that this object received the related object via upload.
Specifies that this object was uploaded from the related object.
Specifies that this object sent the related object via upload.
Specifies that this object suspended the related object.
Specifies that this object was suspended by the related object.
Specifies that this object paused the related object.
Specifies that this object was paused by the related object.
Specifies that this object resumed the related object.
Specifies that this object was resumed by the related object.
Specifies that this object opened the related object.
Specifies that this object was opened by the related object.
Specifies that this object closed the related object.
Specifies that this object was closed by the related object.
Specifies that this object was copied from the related object.
Specifies that this object was copied to the related object.
Specifies that this object copied the related object.
Specifies that this object was copied by the related object.
Specifies that this object was moved from the related object.
Specifies that this object was moved to the related object.
Specifies that this object moved the related object.
Specifies that this object was moved by the related object.
Specifies that this object searched for the related object.
Specifies that this object was searched for by the related object.
Specifies that this object allocated the related object.
Specifies that this object was allocated by the related object.
Specifies that this object was initialized to the related object.
Specifies that this object was initialized by the related object.
Specifies that this object sent the related object.
Specifies that this object was sent by the related object.
Specifies that this object was sent to the related object.
Specifies that this object was received from the related object.
Specifies that this object received the related object.
Specifies that this object was received by the related object.
Specifies that this object was mapped into the related object.
Specifies that this object was mapped by the related object.
Specifies that the object queried properties of the related object.
Specifies that the properties of this object were queried by the related object.
Specifies that the object enumerated values of the related object.
Specifies that the values of the object were enumerated by the related object.
Specifies that this object bound the related object.
Specifies that this object was bound by the related object.
Specifies that this object freed the related object.
Specifies that this object was freed by the related object.
Specifies that this object killed the related object.
Specifies that this object was killed by the related object.
Specifies that this object encrypted the related object.
Specifies that this object was encrypted by the related object.
Specifies that this object was encrypted to the related object.
Specifies that this object was encrypted from the related object.
Specifies that this object decrypted the related object.
Specifies that this object was decrypted by the related object.
Specifies that this object packed the related object.
Specifies that this object was packed by the related object.
Specifies that this object unpacked the related object.
Specifies that this object was unpacked by the related object.
Specifies that this object was packed from the related object.
Specifies that this object was packed into the related object.
Specifies that this object encoded the related object.
Specifies that this object was encoded by the related object.
Specifies that this object decoded the related object.
Specifies that this object was decoded by the related object.
Specifies that this object was compressed from the related object.
Specifies that this object was compressed into the related object.
Specifies that this object compressed the related object.
Specifies that this object was compressed by the related object.
Specifies that this object decompressed the related object.
Specifies that this object was decompressed by the related object.
Specifies that this object joined the related object.
Specifies that this object was joined by the related object.
Specifies that this object merged the related object.
Specifies that this object was merged by the related object.
Specifies that this object locked the related object.
Specifies that this object was locked by the related object.
Specifies that this object unlocked the related object.
Specifies that this object was unlocked by the related object.
Specifies that this object hooked the related object.
Specifies that this object was hooked by the related object.
Specifies that this object unhooked the related object.
Specifies that this object was unhooked by the related object.
Specifies that this object monitored the related object.
Specifies that this object was monitored by the related object.
Specifies that this object listened on the related object.
Specifies that this object was listened on by the related object.
Specifies that this object was renamed from the related object.
Specifies that this object was renamed to the related object.
Specifies that this object renamed the related object.
Specifies that this object was renamed by the related object.
Specifies that this object injected into the related object.
Specifies that this object injected as the related object.
Specifies that this object injected the related object.
Specifies that this object was injected by the related object.
Specifies that this object was deleted from the related object.
Specifies that this object previously contained the related object.
Specifies that this object loaded into the related object.
Specifies that this object was loaded from the related object.
Specifies that this object was set to the related object.
Specifies that this object was set from the related object.
Specifies that this object was resolved to the related object.
Specifies that this object is related to the related object.
Specifies that this object dropped the related object.
Specifies that this object was dropped by the related object.
Specifies that this object contains the related object.
Specifies that this object is contained within the related object.
Specifies that this object was extracted from the related object.
Specifies that this object installed the related object.
Specifies that this object was installed by the related object.
Specifies that this object connected to the related object.
Specifies that this object was connected to from the related object.
Specifies that this object is a sub-domain of the related object.
Specifies that this object is a supra-domain of the related object.
Specifies that this object is the root domain of the related object.
Specifies that this object is an FQDN of the related object.
Specifies that this object is a parent of the related object.
Specifies that this object is a child of the related object.
Specifies that this object describes the properties of the related object. This is most applicable in cases where the related object is an Artifact Object and this object is a non-Artifact Object.
Specifies that the related object describes the properties of this object. This is most applicable in cases where the related object is a non-Artifact Object and this object is an Artifact Object.
The ObjectRelationshipVocab is the default CybOX vocabulary for Object-Object relationships, captured via the RelatedObjectType/Relationship element in CybOX Core.
ObjectRelationshipEnum is a (non-exhaustive) enumeration of inter-object relationships.
Specifies that this object created the related object.
Specifies that this object was created by the related object.
Specifies that this object deleted the related object.
Specifies that this object was deleted by the related object.
Specifies that this object modified the properties of the related object.
Specifies that the properties of this object were modified by the related object.
Specifies that this object was read from the related object.
Specifies that this object was read from by the related object.
Specifies that this object wrote to the related object.
Specifies that this object was written to by the related object.
Specifies that this object was downloaded from the related object.
Specifies that this object downloaded the related object.
Specifies that this object downloaded the related object.
Specifies that this object was downloaded by the related object.
Specifies that this object uploaded the related object.
Specifies that this object was uploaded by the related object.
Specifies that this object was uploaded to the related object.
Specifies that this object received the related object via upload.
Specifies that this object was uploaded from the related object.
Specifies that this object sent the related object via upload.
Specifies that this object suspended the related object.
Specifies that this object was suspended by the related object.
Specifies that this object paused the related object.
Specifies that this object was paused by the related object.
Specifies that this object resumed the related object.
Specifies that this object was resumed by the related object.
Specifies that this object opened the related object.
Specifies that this object was opened by the related object.
Specifies that this object closed the related object.
Specifies that this object was closed by the related object.
Specifies that this object was copied from the related object.
Specifies that this object was copied to the related object.
Specifies that this object copied the related object.
Specifies that this object was copied by the related object.
Specifies that this object was moved from the related object.
Specifies that this object was moved to the related object.
Specifies that this object moved the related object.
Specifies that this object was moved by the related object.
Specifies that this object searched for the related object.
Specifies that this object was searched for by the related object.
Specifies that this object allocated the related object.
Specifies that this object was allocated by the related object.
Specifies that this object was initialized to the related object.
Specifies that this object was initialized by the related object.
Specifies that this object sent the related object.
Specifies that this object was sent by the related object.
Specifies that this object was sent to the related object.
Specifies that this object was received from the related object.
Specifies that this object received the related object.
Specifies that this object was received by the related object.
Specifies that this object was mapped into the related object.
Specifies that this object was mapped by the related object.
Specifies that the object queried properties of the related object.
Specifies that the properties of this object were queried by the related object.
Specifies that the object enumerated values of the related object.
Specifies that the values of the object were enumerated by the related object.
Specifies that this object bound the related object.
Specifies that this object was bound by the related object.
Specifies that this object freed the related object.
Specifies that this object was freed by the related object.
Specifies that this object killed the related object.
Specifies that this object was killed by the related object.
Specifies that this object encrypted the related object.
Specifies that this object was encrypted by the related object.
Specifies that this object was encrypted to the related object.
Specifies that this object was encrypted from the related object.
Specifies that this object decrypted the related object.
Specifies that this object was decrypted by the related object.
Specifies that this object packed the related object.
Specifies that this object was packed by the related object.
Specifies that this object unpacked the related object.
Specifies that this object was unpacked by the related object.
Specifies that this object was packed from the related object.
Specifies that this object was packed into the related object.
Specifies that this object encoded the related object.
Specifies that this object was encoded by the related object.
Specifies that this object decoded the related object.
Specifies that this object was decoded by the related object.
Specifies that this object was compressed from the related object.
Specifies that this object was compressed into the related object.
Specifies that this object compressed the related object.
Specifies that this object was compressed by the related object.
Specifies that this object decompressed the related object.
Specifies that this object was decompressed by the related object.
Specifies that this object joined the related object.
Specifies that this object was joined by the related object.
Specifies that this object merged the related object.
Specifies that this object was merged by the related object.
Specifies that this object locked the related object.
Specifies that this object was locked by the related object.
Specifies that this object unlocked the related object.
Specifies that this object was unlocked by the related object.
Specifies that this object hooked the related object.
Specifies that this object was hooked by the related object.
Specifies that this object unhooked the related object.
Specifies that this object was unhooked by the related object.
Specifies that this object monitored the related object.
Specifies that this object was monitored by the related object.
Specifies that this object listened on the related object.
Specifies that this object was listened on by the related object.
Specifies that this object was renamed from the related object.
Specifies that this object was renamed to the related object.
Specifies that this object renamed the related object.
Specifies that this object was renamed by the related object.
Specifies that this object injected into the related object.
Specifies that this object injected as the related object.
Specifies that this object injected the related object.
Specifies that this object was injected by the related object.
Specifies that this object was deleted from the related object.
Specifies that this object previously contained the related object.
Specifies that this object loaded into the related object.
Specifies that this object was loaded from the related object.
Specifies that this object was set to the related object.
Specifies that this object was set from the related object.
Specifies that this object was resolved to the related object.
Specifies that this object is related to the related object.
Specifies that this object dropped the related object.
Specifies that this object was dropped by the related object.
Specifies that this object contains the related object.
Specifies that this object is contained within the related object.
Specifies that this object was extracted from the related object.
Specifies that this object installed the related object.
Specifies that this object was installed by the related object.
Specifies that this object connected to the related object.
Specifies that this object was connected to from the related object.
Specifies that this object is a sub-domain of the related object.
Specifies that this object is a supra-domain of the related object.
Specifies that this object is the root domain of the related object.
Specifies that this object is an FQDN of the related object.
Specifies that this object is a parent of the related object.
Specifies that this object is a child of the related object.
Specifies that this object describes the properties of the related object. This is most applicable in cases where the related object is an Artifact Object and this object is a non-Artifact Object.
Specifies that the related object describes the properties of this object. This is most applicable in cases where the related object is a non-Artifact Object and this object is an Artifact Object.
Specifies that this object used the related object.
Specifies that this object was used by the related object.
Specifies that this object redirects to the related object.
The ObjectStateVocab is the default CybOX vocabulary for Object states, captured via the ObjectType/State element in CybOX Core.
ObjectStateEnum is a (non-exhaustive) enumeration of cyber observable object states.
Specifies that the object exists.
Specifies that the object does not exist.
Specifies that the object is open.
Specifies that the object is closed.
Specifies that the object is active.
Specifies that the object is inactive.
Specifies that the object is locked.
Specifies that the object is unlocked.
Specifies that the object has started.
Specifies that the object has stopped.
The CharacterEncodingVocab is the default CybOX vocabulary for character encoding, used in the ExtractedStringType/Encoding element in CybOX Common.
CharacterEncodingEnum is a (non-exhaustive) enumeration of character encodings.
Specifies the American Standard Code for Information Interchange (ASCII) character encoding scheme.
Specifies the UCS Transformation Format-8 bit (UTF-8) character encoding scheme.
Specifies the UCS Transformation Format-16 bit (UTF-16) character encoding scheme.
Specifies the UCS Transformation Format-32 bit (UTF-32) character encoding scheme.
Specifies the Windows-1250 character encoding scheme, for Central European languages.
Specifies the Windows-1251 character encoding scheme, for Cyrillic alphabets.
Specifies the Windows-1252 character encoding scheme, for Western languages.
Specifies the Windows-1253 character encoding scheme, for Greek.
Specifies the Windows-1254 character encoding scheme, for Turkish.
Specifies the Windows-1255 character encoding scheme, for Hebrew.
Specifies the Windows-1256 character encoding scheme, for Arabic.
Specifies the Windows-1257 character encoding scheme, for Baltic languages.
Specifies the Windows-1258 character encoding scheme, for Vietnamese.
The InformationSourceTypeVocab is the default CybOX vocabulary for information source types, used in the MeasureSourceType/Information_Source_Type element in CybOX Common.
The InformationSourceTypeEnum is a (non-exhaustive) enumeration of cyber observation information source types.
The Comm Logs value specifies a cyber observation coming from communications logs.
The Application Logs value specifies a cyber observation coming from application logs.
The Web Logs value specifies a cyber observation coming from web logs.
The DBMS Log value specifies a cyber observation coming from the Database Management System log.
The OS/Device Driver APIs value specifies a cyber observation coming from OS/Device Driver APIs.
The Frameworks value specifies a cyber observation coming from Frameworks.
The VM Hypervisor value specifies a cyber observation coming from the VM hypervisor data.
The TPM value specifies a cyber observation made using TPM output data.
The Application Framework value specifies a cyber observation coming from an application framework.
The Help Desk value specifies a cyber observation coming from an human or automated help desk.
The Incident Management value specifies a cyber observation made using information provided by Incident Management services.
The IAVM value specifies a cyber observation made using information provided by Information Assurance Vulnerability Management mechanisms.
The HashNameVocab is the default CybOX vocabulary for hashing algorithm names, used in the HashType/Type element in CybOX Common.
HashNameEnum is a (non-exhaustive) enumeration of hashing algorithm names.
The MD5 value specifies the MD5 hashing algorithm.
The MD6 value specifies the MD6 hashing algorithm.
The SHA1 value specifies the SHA1 hashing algorithm.
The SHA24 value specifies the SHA224 hashing algorithm.
The SHA256 value specifies the SHA256 hashing algorithm.
The SHA384 value specifies the SHA384 hashing algorithm.
The SHA512 value specifies the SHA512 hashing algorithm.
The SSDEEP value specifies the SSDEEP hashing algorithm.
The ToolTypeVocab is the default CybOX vocabulary for tool types, used in the MeasureSourceType/Tools/Tool/Type element in CybOX Common.
The ToolTypeEnum is a (non-exhaustive) enumeration of cyber observation source tool types.
The NIDS value specifies the Network Intrusion Detection System tool.
The NIPS value specifies the Network Intrusion Protection System tool.
The HIDS value specifies the Host-based Intrusion Detection System tool.
The HIPS value specifies the Host-based Intrusion Protection System tool.
The Firewall value specifies a cyber observation made using a firewall.
The Router value specifies a cyber observation made using a router.
The Proxy value specifies a cyber observation made using a network proxy.
The Gateway value specifies a cyber observation made using a network gateway.
The SNMP/MIBs value specifies a cyber observation made using the Simple Network Management Protocol or via the Management Information Bases.
The A/V value specifies a cyber observation made using Anti-Virus tools and/or software.
The DBMS value specifies a cyber observation made using a Database Management System monitor.
The Vulnerability Scanner value specifies a cyber observation made using a vulnerability scanner.
The Configuration Scanner value specifies a cyber observation made using a configuration scanner.
The Asset Scanner value specifies a cyber observation made using an asset scanner.
The SIM value specifies a cyber observation made using Security Information Management tools.
The SEM value specifies a cyber observation made using Security Event Management tools.
The ToolTypeVocab is the default CybOX vocabulary for tool types, used in the MeasureSourceType/Tools/Tool/Type element in CybOX Common.
The ToolTypeEnum is a (non-exhaustive) enumeration of cyber observation source tool types.
The NIDS value specifies a Network Intrusion Detection System tool.
The NIPS value specifies a Network Intrusion Protection System tool.
The HIDS value specifies a Host-based Intrusion Detection System tool.
The HIPS value specifies a Host-based Intrusion Protection System tool.
The Firewall value specifies a software or hardware firewall.
The Router value specifies a software or hardware router.
The Proxy value specifies a cyber observation made using a software or hardware network proxy.
The Gateway value specifies a cyber observation made using a software or hardware network gateway.
The SNMP/MIBs value specifies a Simple Network Management Protocol or Management Information Base tool.
The AV value specifies Anti-Virus tools and/or software.
The DBMS value specifies a Database Management System monitor tool.
The Vulnerability Scanner value specifies a vulnerability scanner tool.
The Configuration Scanner value specifies a configuration scanner tool.
The Asset Scanner value specifies an asset scanner tool.
The SIM value specifies a Security Information Management tool.
The SEM value specifies a Security Event Management tool.
The Digital Forensics value specifies a digital forensics tool.
The Static Malware Analysis value specifies a static malware Analysis tool.
The Dynamic Malware Analysis value specifies a dynamic malware Analysis tool.
The System Configuration Management value specifies a system configuration management tool.
The Network Configuration Management value specifies a network configuration management tool.
The Packet Capture and Analysis value specifies a packet capture and analysis tool.
The Network Flow Capture and Analysis value specifies a network flow capture and analysis tool.
The Intelligence Service Platform value specifies an intelligence service platform tool.