The Observables element represents a collection of cyber observables.
The ObservablesType is a complex type representing a collection of cyber observables.
The Observable element represents a description of a single cyber observable.
The Pools element enables the description of Events, Actions, Objects and Attributes in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled elements. This reduces redundancy caused when identical observable elements occur multiple times within a set of defined Observables.
The Event_Pool element enables the description of CybOX Events in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled Event elements. This reduces redundancy caused when identical Events occur multiple times within a set of defined Observables.
The Action_Pool element enables the description of CybOX Actions in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled Action elements. This reduces redundancy caused when identical Actions occur multiple times within a set of defined Observables.
The Object_Pool element enables the description of CybOX Objects in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled Object elements. This reduces redundancy caused when identical Objects occur multiple times within a set of defined Observables.
The Attribute_Pool element enables the description of CybOX Attributes in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled Attributes elements. This reduces redundancy caused when identical Attributes occur multiple times within a set of defined Observables.
The ObservableType is a complex type representing a description of a single cyber observable.
The Description element provides a mechanism to specify a structured text description of this Observable.
The Keywords element enables capture of relevant keywords for this cyber observable.
The Stateful Measure element enables specification of a cyber observable property that is statically stateful in nature (e.g. a registry key holding a certain value, a specific mutex existing or a file having a specific MD5 hash).
The Event element enables specification of a cyber observable event that is dynamic in nature with specific action(s) taken against specific cyber relevant objects (e.g. a file is deleted, a registry key is created or an HTTP Get Request is received).
The Observable element represents a description of a single cyber observable.
The Noisiness element is optional and enables simple characterization of how noisy this Observable typically could be. In other words, how likely is it to generate false positives.
The Ease_of_Obfuscation element is optional and enables simple characterization of how easy it would be for an attacker to obfuscate the observability of this Observable.
The Obfuscation_Techniques element is optional and enables the description of potential techniques an attacker could leverage to obfuscate the observability of this Observable.
The Obfuscation_Technique element is optional and enables the description of a single potential technique an attacker could leverage to obfuscate the observability of this Observable.
The Description element captures a structured text description of the obfuscation technique.
The Observables element is optional and enables description of potential cyber observables that could indicate the use of this particular obfuscation technique.
The ID attribute specifies a unique ID for this Observable.
The IDREF attribute specifies refernce to a unique ID for this Observable..
The Operator attribute enables the specification of complex compositional cyber observables by providing logical operators for defining interrelationships between constituent cyber observables defined utilizing the recursive Observable element.
OperatorTypeEnum is a (non-exhaustive) enumeration of operators.
MeasureSourceType is a complex type representing a description of a single cyber observation source for a cyber observable instance or a cyber observable pattern.
The Platform element is optional and enables a formal, standardized specification of the platform for this cyber observation srouce.
The Tools element is optional and enables description of the tools utilized for this cyber observation source.
The Tool element is optional and enables description of a single tool utilized for this cyber observation source.
The Contributors element is optional and enables description of the individual contributors involved in this cyber observation source.
The Time element is optional and enables description of various time-related attributes for this cyber observation source instance.
The Start_Time element is optional and describes the starting time for this cyber observation source instance.
The End_Time element is optional and describes the ending time for this cyber observation source instance.
The Produced_Time element is optional and describes the time that this cyber observation source instance was produced.
The Received_Time element is optional and describes the time that this cyber observation source instance was received.
The Class attribute is optional and enables identification of the high-level class of this cyber observation source.
The SourceType attribute is optional and enables identification of the broad type of this cyber observation source.
The ToolType attribute is optional and (when tools are used) enables identification of the type of tool leveraged as part of this cyber observation source.
The AnalysisType attribute is optional and (when analysis is used) enables identification of the type of analysis utilized as part of this cyber observation source.
The AnalysisMethod attribute is optional and (when analysis is used) enables identification of the method of analysis utilized as part of this cyber observation source.
The InformationSourceType attribute is optional and enables identification of the type of information source leveraged for this cyber observation source.
The Name attribute is optional and enables the assignment of a relevant name to a this Discovery Method.
SourceClassTypeEnum is a (non-exhaustive) enumeration of cyber observation source classes.
SourceTypeEnum is a (non-exhaustive) enumeration of cyber observation source types.
ToolTypeEnum is a (non-exhaustive) enumeration of cyber observation source tool types.
AnalysisMethodTypeEnum is a (non-exhaustive) enumeration of cyber observation source analysis methods.
InformationSourceTypeEnum is a (non-exhaustive) enumeration of cyber observation information source types.
ToolInformationType is a complex type representing a description of a single automated tool.
This field contains information identifying the vendor organization for this tool.
This field contains the name of the tool leveraged.
This field contains an appropriate version descriptor of this tool.
This field contains an appropriate service pack descriptor for this tool.
This field contains a hash value computed on the tool file content in order to verify its integrity.
This field contains information describing the configuration and usage of the tool.
This field describes the configuration settings of this tool instance.
This field contains information describing the relevant dependencies for this tool.
This field contains information describing a single dependency for this tool.
This field describes the type of this dependency instance.
This field contains a description of this dependency instance.
This field contains descriptions of the various relevant usage context assumptions for this tool .
This field contains a single usage context assumption for this tool.
This field contains information describing relevant internationalization setting for this tool .
This field contains a single internal string instance for this internationalization setting instance.
This field contains the actual key of this internal string instance.
This field contains the actual content of this internal string instance.
This field contains information describing how this tool was built.
This field contains a unique identifier of this build of this application instance.
This field contains the project name of this build of this application instance.
This field contains information identifying the utility used to build this application.
This field contains the informally defined name of the utility used to build this application instance.
This field contains the CPE specification data to formally define the build utility used to build this application.
This field contains the appropriate version descriptor of this build of this application instance.
This field contains any relevant label for this build of this application instance.
This field describes the compilers utilized during this build of this application.
This field describes a single compiler utilized during this build of this application.
This field contains the informal description of this compiler instance.
This field contains the CPE specification data to formally define this compiler instance.
This field describes how the build utility was configured for this build of this application.
This field contains the description of the configuration settings for this build of this application instance.
This field contains the configuration settings for this build of this application instance.
This field contains the actual build script for this build of this application instance.
This field contains a capture of the output log of the build process.
This field captures any errors generated during the run of the tool.
This field captures a single type of error generated during the run of the tool.
This field specifies the the type for this tool run error.
This field specifies the count of instances for this error in the tool run.
This field captures the actual error output for each instance of this type of error.
This field captures the actual error output for a single instance of this type of error.
This field captures other relevant metadata including tool-specific fields.
The ID attribute specifies a unique ID for this Tool.
The IDREF attribute specifies reference to a unique ID for this Tool.
Configuration_SettingsType is a modularized data type used throughout the SAFES schema to provide a consistent approach to describing configuration settings for a piece of the piece of software such as the application components (framework, web server, application server, etc.) or a software assurance analysis tool.
This field contains a single configuration setting instance.
This field contains the name of the configuration item referenced by this configuration setting instance.
This field contains the value of this configuration setting instance.
This field contains the type of the configuration item referenced in this configuration setting instance.
This field contains a description of the configuration item referenced in this configuration setting instance.
CPESpecificationType is a modularized data type to provide a consistent approach to uniquesly specifying the identity of a specific platform using the Common Platform Enumeration (CPE) naming standard. http://cpe.mitre.org/
This field contains the plain language descriptive title of the relevant platform.
This field holds a shortform descriptor for the language that the Title field is expressed in. Attempting to install the relevant ISO 2- and 3-letter codes as the enumerated possible values is probably never going to be a realistic possibility. See RFC 3066 at http://www.ietf.org/rfc/rfc3066.txt and the IANA registry at http://www.iana.org/assignments/lang-tag-apps.htm for further information. The union allows for the 'un-declaration' of xml:lang with the empty string.
This field aggregates the descriptive metadata for this CPE Name instance.
This date/time represents the last time that any CPE property has been modified.
This field contains the internal NVD status of a CPE.
This field contains the NVD specific unique identifier for a CPE. This is provided as a long-term identifier that can be used to map different versions of CPE syntax to a CPE with the same meaning. This is not a replacement of a CPEName. Use of a CPEName is still the standard ID naming scheme for CPE 2.x.
This field contains the XML CPE metadata namespace descriptor for the CPE namespace relevant to this CPE Name use.
This field contains the CPE Name value for the relevant platform. A CPE Name is a percent-encoded URI with each name starting with the prefix (the URI scheme name) "cpe:". The remainder of the name consists of colon separated values representing the CPE part, vendor, product, version, update, edition and language (i.e. cpe:/ {part} : {vendor} : {product} : {version} : {update} : {edition} : {language}).
This field contains the XML namespace descriptor for the CPE namespace relevant to this CPE Name use.
The StatefulMeasureType is a complex type representing a cyber observable property that is statically stateful in nature (e.g. a registry key holding a certain value, a specific mutex existing or a file having a specific MD5 hash).
The Description element provides a mechanism to specify a structured text description of this Stateful Measure.
The Object element identifies and specificies the characteristics of a specific cyber-relevant object (e.g. a file, a registry key or a process).
The Name attribute is optional and enables the assignment of a relevant name to a specific Stateful Measure.
The Event element enables specification of a cyber observable event that is dynamic in nature with specific action(s) taken against specific cyber relevant objects (e.g. a file is deleted, a registry key is created or an HTTP Get Request is received).
The EventType is a complex type representing a cyber observable event that is dynamic in nature with specific action(s) taken against specific cyber relevant objects (e.g. a file is deleted, a registry key is created or an HTTP Get Request is received).
The Description element provides a mechanism to specify a structured text description of this Event.
The Producer-Observer element is optional and enables descriptive specification of how this Event was observed (in the case of a Cyber Observable Event instance) or could potentially be observed (in the case of a Cyber Observable Event pattern).
The Actions element enables description/specification of one or more cyber observable actions.
The Action element enables description/specification of a single cyber observable action.
This Event element is included recursively to enable description/specification of composite Events.
The ID attribute specifies a unique ID for this Event.
The IDREF attribute specifies refernce to a unique ID for this Event.
The Type attribute specifies what kind of Event this is.
EventTypeEnum is a (non-exhaustive) enumeration of cyber observable event types.
The Action element enables description/specification of a single cyber observable action.
The ActionType is a complex type representing a single cyber observable action.
The Action_Name element is optional and identifies/characterizes the specific action performed.
The Defined_Name element is optional and utilizes a standardized defined name to identify/characterize the specific action performed. Wherever possible, standardized defined action names should be utilized.
The Undefined_Name element is optional and utilizes a non-standardized undefined name to identify/characterize the specific action performed.
The Description element contains a textual description of the action.
The Action_Aliases element is optional and enables identification of other potentially used names for this Action.
The Action_Alias element is optional and enables identification of a single other potentially used name for this Action.
The Action_Arguments element is optional and enables the specification of relevant arguments/parameters for this Action.
The Action_Argument element is optional and enables the specification of a single relevant argument/parameter for this Action.
The Argument_Name-Defined element is optional and utilizes a standardized defined name to identify/characterize the specific action argument utilized. Wherever possible, standardized defined argument names should be utilized.
The Argument_Name-Undefined element is optional and utilizes a non-standardized undefined name to identify/characterize the specific action argument utilized.
The Argument_Value attribute specifies the value for this action argument/parameter.
The Discovery_Method element is optional and enables descriptive specification of how this Action was observed (in the case of a Cyber Observable Action instance) or could potentially be observed (in the case of a Cyber Observable Action pattern).
The Associated_Objects element is optional and enables the description/specification of cyber Objects relevant (either initiating or affected by) this Action.
The Associated_Object element enables the description of cyber Objects associated with this Action. This could include Objects that initiated the action, are the target Objects affected by the Action, are utilized by the Action or are the returned result of the Action.
The Relationships element is optional and enables description of other cyber observable actions that are related to this Action.
The Relationship element is optional and enables description of a single other cyber observable action that is related to this Action.
The ID attribute specifies a unique ID for this Action.
The IDREF attribute specifies refernce to a unique ID for this Action.
The Type attribute specifies the basic type of action performed.
The ordinal_position attribute is intended to reference the ordinal position of the action with within a series of actions.
The Action_Status attribute enables description of the status of the action being described.
The Context attribute is optional and enables simple characterization of the broad operational context in which the Action is relevant
The NetworkProtocol attribute is optional and (where the Context is Network) enables the description of the relevant network protocol involved in the Action.
The timestamp attribute represents the local or relative time at which the action occurred or was observed.
The "any" attribute enables the capture of custom attributes describing this Action.
ActionStatusTypeEnum is a (non-exhaustive) enumeration of cyber observable action status types.
ActionTypeEnum is a (non-exhaustive) enumeration of cyber observable action types.
ActionReferenceType is intended to serve as a method for linking to actions.
The action_id attribute refers to the ID of the action being referenced.
ActionContextTypeEnum is a (non-exhaustive) enumeration of cyber observable action contexts.
NetworkProtocolEnum is a (non-exhaustive) enumeration of network protocols.
The DefinedActionNameEnum type is an enumeration of defined action names.
The DefinedArgumentNameEnum type is an enumeration of defined argument names.
The AssociatedObjectType is a complex type representing the characterization of a cyber observable Object associated with a given cyber observable Action.
The Action-Pertinent_Object_Attributes element is optional and identifies which of the Attributes of this Object are specifically pertinent to this Action.
The Attribute element identifies a single Object Attribute that is specifically pertinent to this Action.
The Name attribute specifies the field name for the pertinent Object Attribute.
The XPath attribute specifies the XPath expression identifying the pertinent attribute within the Defined_Object schema for this object type.
The AssociationType attribute specifies the kind of association this Object holds for this Action.
The ActionRelationshipType is a complex type characterizing a relationship between a specified cyber observable action and another cyber observable action.
The Action_Reference element captures references to other Actions.
The type attribute describes the nature of the relationship between this Action and the related Action.
RelationshipTypeEnum is a (non-exhaustive) enumeration of types of relationships between cyber observable elements.
The Object element identifies and specificies the characteristics of a specific cyber-relevant object (e.g. a file, a registry key or a process).
The ObjectType is a complex type representing the characteristics of a specific cyber-relevant object (e.g. a file, a registry key or a process).
The Defined_Object element is an abstract placeholder for various predefined Object type schemas (e.g. File, Process or System) that can be instantiated in its place through extension of the DefinedObjectType. This mechanism enables the specification of a broad range of Object types with consistent Object Attribute naming and structure. The set of Defined_Object schemas are maintained independent of the core CybOX schema.
The Custom_Attributes element is optional and enables the specification of a set of custom Object Attributes that may not be defined in existing Defined_Object schemas.
The Attribute element enables the specification of a single Object Attribute.
The Related_Objects element is optional and enables the identification and/or specification of Objects with relevant relationships with this Object.
The Related_Object element is optional and enables the identification and/or specification of a single Object with a relevant relationship with this Object.
The Defined_Effect element is an abstract placeholder for various predefined Object Effect types (e.g. DataReadEffect, ValuesEnumeratedEffect or StateChangeEffect) that can be instantiated in its place through extension of the DefinedEffectType. This mechanism enables the specification of a broad range of types of potential complex action effects on Objects. The set of Defined_Effect types (extending the DefeinedEffectType) are maintained as part of the core CybOX schema.
The Discovery_Method element is optional and enables descriptive specification of how this Object was observed (in the case of a Cyber Observable Object instance) or could potentially be observed (in the case of a Cyber Observable Object pattern).
The ID attribute specifies a unique ID for this Object.
The IDREF attribute specifies reference to a unique ID for this Object.
The Type attribute specifies what kind of object this is.
The Object_State attribute enables description of the current state of the object.
The "any" attribute enables the capture of custom attributes describing this Object.
ObjectTypeEnum is a (non-exhaustive) enumeration of cyber observable object types.
ObjectStateTypeEnum is a (non-exhaustive) enumeration of cyber observable object states.
The "any" attribute enables the capture of custom attributes describing this Defined Object specification.
The Relationship attribute specifies the nature of the relationship between this Object and the Related_Object.
ObjectRelationshipEnum is a (non-exhaustive) enumeration of interobject relationships.
The EffectTye attribute specifies the nature of the Defined Effect instantiated in the place of the Defined_Effect element.
EffectTypeEnum is a (non-exhaustive) enumeration of effect types.
The StateChangeEffectType is intended as a generic way of characterizing the effects of actions upon objects where the some state of the object is changed.
The Old_State element specifies the object and its attributes as they were before the state change effect occurred.
The New_State element specifies the object and its attributes as they are after the state change effect occurred.
The DataReadEffectType type is intended to characterize the effects of actions upon objects where some data is read, such as from a file or a pipe.
The Data element specifies the data that was read from the object by the action.
The DataWrittenEffectType type is intended to characterize the effects of actions upon objects where some data is written, such as to a file or a pipe.
The Data element specifies the data that was written to the object by the action.
The DataSentEffectType type is intended to characterize the effects of actions upon objects where some data is sent, such as a byte sequence on a socket.
The Data element specifies the data that was sent on the object, or from the object, by the action.
The DataReceivedEffectType type is intended to characterize the effects of actions upon objects where some data is received, such as a byte sequence on a socket.
The Data element specifies the data that was received on the object, or from the object, by the action.
The ValuesEnumeratedEffectType type is intended to characterize the effects of actions upon objects where some values of the object are enumerated, such as the values of a registry key.
The Values element specifies the values that were enumerated as a result of the action on the object.
The PropertiesEnumeratedEffectType type is intended to characterize the effects of actions upon objects where some properties of the object are enumerated, such as the startup parameters for a process.
The Properties element specifies the properties that were enumerated as a result of the action on the object.
The PropertyReadEffectType type is intended to characterize the effects of actions upon objects where some specific property is read from an object, such as the current running state of a process.
The Name element specifies the Name of the property being read.
The Value element specifies the value of the property being read.
The SendControlCodeEffectType is intended to characterize the effects of actions upon objects where some control code, or other control-oriented communication signal, is sent to the object. For example, an action may send a control code to change the running state of a process.
The Control_Code element specifies the actual control code that was sent to the object.
The Attribute element enables the specification of a single Object Attribute.
The AttibuteType is a complext type representing the specification of a single Object Attribute.
AttributeTypeEnum is a (non-exhaustive) enumeration of attribute types.
The BaseObjectAttibuteType is a complex type representing a common typing foundation for the specification of a single Object Attribute.
The IntObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type Int.
This attribute is optional and specifies the expected type for the value of the specified element.
The StringObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type String.
This attribute is optional and specifies the expected type for the value of the specified element.
The NameObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type Name.
This attribute is optional and specifies the expected type for the value of the specified element.
The DateObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type Date.
This attribute is optional and specifies the expected type for the value of the specified element.
The DateTimeObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type DateTime.
This attribute is optional and specifies the expected type for the value of the specified element.
The FloatObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type Float.
This attribute is optional and specifies the expected type for the value of the specified element.
The DoubleObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type Double.
This attribute is optional and specifies the expected type for the value of the specified element.
The UnsignedLongObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type UnsignedLong.
This attribute is optional and specifies the expected type for the value of the specified element.
The UnsignedIntObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type UnsignedInt.
This attribute is optional and specifies the expected type for the value of the specified element.
The PositiveIntegerObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type PositveInteger.
This attribute is optional and specifies the expected type for the value of the specified element.
The HexBinaryObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type hexBinary.
This attribute is optional and specifies the expected type for the value of the specified element.
The LongObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type long.
This attribute is optional and specifies the expected type for the value of the specified element.
The NonNegativeIntegerObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type nonNegativeInteger.
This attribute is optional and specifies the expected type for the value of the specified element.
The AnyURIObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type anyURI.
This attribute is optional and specifies the expected type for the value of the specified element.
The DurationObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type duration.
This attribute is optional and specifies the expected type for the value of the specified element.
The TimeObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type time.
This attribute is optional and specifies the expected type for the value of the specified element.
The Base64BinaryObjectAttributeType is a complex type (extended from BaseObjectAttributeType) representing the specification of a single Object attribute whose core value is of type base64Binary.
This attribute is optional and specifies the expected type for the value of the specified element.
The ObjectAttributeGroup is a simple attribute group aggregating a set of attributes for Object Attributes.
The ID attribute specifies a unique ID for this Object Attribute.
The IDREF attribute specifies a unique ID reference for this Object Attribute.
This attribute is optional and specifies the expected type for the value of the specified element.
This attribute is optional and defines the relevant condition to apply to the value of this Object Attribute.
This attribute is optional and defines the type of pattern used if one is specified for the Object Attribute. This is applicable only if the Condition attribute is set to 'FitsPattern'.
This attribute is optional and defines the syntax format used for a regular expression, if one is specified for the Object Attribute. This is applicable only if the Condition attribute is set to 'FitsPattern'.
This attribute is optional and defines the starting range for the element. This is applicable only if the Condition attribute is set to 'IsInRange' or 'IsNotInRange'.
This attribute is optional and defines the ending range for the element. This is applicable only if the Condition attribute is set to 'IsInRange' or 'IsNotInRange'.
This attribute is optional and defines a set of values, using commas as delimiters, that the element may have. Ex: value1,value2,value3.
ConditionTypeEnum is a (non-exhaustive) enumeration of condition types.
DataTypeEnum is a (non-exhaustive) enumeration of data types.
The EmptyStringType simple type is a restriction of the built-in string simpleType. The only allowed string is the empty string with a length of zero. This type is used by certain elements to allow empty content when non-string data is accepted.
The PatternTypeEnum type is a non-exhaustive enumeration of potentially relevant pattern types.
The RegexSyntaxEnum type is a non-exhaustive enumeration of Regular Expression (Regex) syntaxes.
The RangeValueType simple type is a union of datatypes applicable for use in specifiying a value range.
The StructuredTextType is a complex type representing a generalized structure for capturing structured textual information such as descriptions of things.
Block is a Structured_Text element consisting of one of Text_Title, Text, Code_Example_Language, or Code followed by another Block element. Structured_Text elements help define whitespace and text segments.
Presentation Element: This element is used to definebold-faced title for a subsequent block of text.
Presentation Element: This element is used to define a paragraph of text.
Presentation Element: This element is used to identify the programming language being used in the following block of Code
Presentation Element: This element is used to define a line of code.
Presentation Element: This element is used to define an image.
This element provides the location of the image file.
This element provides a title for the image.
Block is a Structured_Text element consisting of one of Text_Title,
Text, Code_Example_Language, or Code followed by another Block element.
Structured_Text elements help define whitespace and text segments.
Block is a Structured_Text element consisting of one of Text_Title,Text, Code_Example_Language, or Code followed by another Block element. Structured_Text elements help define whitespace and text segments.
This attribute identifies the nature of the content containedwithin the Block.
The References_List_Type contains one or more Reference elements, each
of which provide further reading and insight into the item. This should be filled
out as appropriate.
Each Reference subelement should provide a single source from which more information and deeper insight can be obtained, such as a research paper or an excerpt from a publication. Multiple Reference subelements can exist. The sole attribute of this element is the id. The id is optional and translates to a preceding footnote below the context notes if the author of the entry wants to cite a reference. Not all subelements need to be completed, since some are designed for web references and others are designed for book references. The fields Reference_Author and Reference_Title should be filled out for all references if possible. Reference_Section and Reference_Date can be included for either book references or online references. Reference_Edition, Reference_Publication, Reference_Publisher, and Reference_PubDate are intended for book references,
however they can be included where appropriate for other types of references. Reference_Link is intended for web references, however it can be included for book references as well if applicable.
The ReferenceType is a complex type representing a single reference to a source of information.
This element identifies an individual author of the material being referenced. It is not required, but may be repeated sequentially in order to identify multiple authors for a single piece of material.
This element identifies the title of the material beingreferenced. It is not required if the material does not have a title.
This element is intended to provide a means of identifying the exact location of the material inside of the publication source, such as the relevant pages of a research paper, the appropriate chapters from a book, etc. This is useful for both book references and internet references.
This element identifies the edition of the material being
referenced in the event that multiple editions of the material exist. This will usually only be useful for book references.
This element identifies the publication source of the reference material, if one exists.
This element identifies the publisher of the reference material, if one exists.
This element identifies the date when the reference was included in the entry. This provides the reader with a time line for when the material in the reference, usually the link, was valid. The date should be of the format YYYY-MM-DD.
This field describes the date when the reference was published YYYY.
This element should hold the URL for the material being referenced, if one exists. This should always be used for web references, and may optionally be used for book and other publication references.
The id attribute is optional and is used as a mechanism forciting text in the entry. If an id is provided, it is placed between brackets and precedes this reference and the matching id should be used inside of the text for the attack pattern itself where this reference is applicable. All reference ids assigned within an entry must be unique.
The LanguageType is a simple type representing the specification of a relevant programming language.
The FrequencyType is a simple type representing the characterization of how frequently a given event/condition occurs.
DataType is intended to provide a relatively abstract way of characterizing data segments that may be written/read/transmitted or otherwise utilized in actions or behaviors.
The Data_Size element contains the size of the data contained in this element.
This attribute represents the Units used in the object size element. Possible values are: Bytes, Kilobytes, Megabytes.
The Data_Segment element contains the actual segment of data being characterized.
The format attribute refers to the type of data contained in this element. Possible values: Binary, Hexadecimal, Text, Other.
PersonnelType is an abstracted data type to standardize the description of sets of personnel.
This field contains information describing the identify, resources and timing of involvement for a single contributor.
This field describes the role played by this contributor.
This field contains the name of this contributor.
This field contains the email of this contributor.
This field contains a telephone number of this contributor.
This field contains the organization name of this contributor.
This field contains a description (bounding) of the timing of this contributor's involvement.
This field contains the start date for this contributor's involvement.
This field contains the end date for this contributor's involvement.
This field contains information describing the location at which the contributory activity occured.