Cyber Observable eXpression

A Structured Language for Cyber Observables

CybOX Language — Version 2.1

Status Report
CybOX Version 2.1 is a minor release of the CybOX Language that can be utilized for practical operational use and integration into other standards efforts. Version 2.1 includes numerous updates such as: added capabilities for recording observable sightings and geolocation information; added capabilities and fields to CybOX Object Property types; added several new object schemas including Archive Object, Domain Object, and Image Object; addressed critical bug fixes to several objects; and updated schema annotations for correctness and consistency. View the complete Release Notes.

CybOX™ International in scope and free for public use, CybOX is a standardized schema for the specification, capture, characterization, and communication of events or stateful properties that are observable in the operational domain. A wide variety of high-level cyber security use cases rely on such information including: event management/logging, malware characterization, intrusion detection, incident response/management, attack pattern characterization, etc. CybOX provides a common mechanism (structure and content) for addressing cyber observables across and among this full range of use cases improving consistency, efficiency, interoperability, and overall situational awareness.

Page Last Updated: September 11, 2014