• Home
• org.mitre
• stix
• 1.2.0.2
• source code
• STIX_Indicator_Snort.xml

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

schemas.v1.2.0.samples.STIX_Indicator_Snort.xml Maven / Gradle / Ivy

<!--
	STIX Indicator w/ Snort Example
	
	Copyright (c) 2015, The MITRE Corporation. All rights reserved. 
    The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html.
    
	This example demonstrates a simple usage of STIX to represent indicators with a Snort test mechanism. This demonstrates the ability of STIX indicators to represent external test mechanisms within an indicator.
	
	It demonstrates the use of:
	
	   * STIX Indicators
	   * STIX TestMechanisms
	   * Extensions (Snort)
	   * Controlled vocabularies
	
	Created by Mark Davidson
-->
<stix:STIX_Package
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:stix="http://stix.mitre.org/stix-1"
    xmlns:indicator="http://stix.mitre.org/Indicator-2"
    xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
    xmlns:testMechSnort="http://stix.mitre.org/extensions/TestMechanism#Snort-1"
    xmlns:example="http://example.com/"
    xsi:schemaLocation=
    "http://stix.mitre.org/stix-1 ../stix_core.xsd
    http://stix.mitre.org/Indicator-2 ../indicator.xsd
    http://stix.mitre.org/default_vocabularies-1 ../stix_default_vocabularies.xsd
    http://stix.mitre.org/extensions/TestMechanism#Snort-1 ../extensions/test_mechanism/snort_test_mechanism.xsd"
    id="example:STIXPackage-0935d61b-69a4-4e64-8c4c-d9ce885f7fcc"
    version="1.2"
    >
    <stix:Indicators>
        <stix:Indicator xsi:type="indicator:IndicatorType" id="example:Indicator-ad560917-6ede-4abb-a4aa-994568a2abf4" timestamp="2015-05-15T09:00:00.000000Z">
            <indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">Exfiltration</indicator:Type>
            <indicator:Description>
                Indicator that contains a SNORT signature. 
                This snort signature detects &apos;exfiltration attempts&apos; 
                to the 192.168.1.0/24 subnet.
            </indicator:Description>
            <indicator:Test_Mechanisms>
                <indicator:Test_Mechanism id="example:TestMechanism-5f5fde43-ee30-4582-afaa-238a672f70b1" 
                                          xsi:type="testMechSnort:SnortTestMechanismType">
                    <!-- From http://manual.snort.org/node29.html -->
                    <testMechSnort:Rule><![CDATA[log udp any any -> 192.168.1.0/24 1:1024]]></testMechSnort:Rule>
                </indicator:Test_Mechanism>
            </indicator:Test_Mechanisms>
        </stix:Indicator>
    </stix:Indicators>
</stix:STIX_Package>