CybOX

Cyber Observable eXpression

A Structured Language for Cyber Observables
Home > CybOX Language > Examples  

Example Content

Observable pattern for a URL matching one of three values utilizing logical OR composition and Object pooling

<?xml version="1.0" encoding="UTF-8"?>
<cybox:Observables xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:cybox="http://cybox.mitre.org/cybox_v1" xmlns:common="http://cybox.mitre.org/Common_v1"
    xmlns:URIObj="http://cybox.mitre.org/objects#URIObject"
    xsi:schemaLocation="http://cybox.mitre.org/cybox_v1 
        http://cybox.mitre.org/XMLSchema/cybox_core_v1.0(draft).xsd
        http://cybox.mitre.org/objects#URIObject
        http://cybox.mitre.org/XMLSchema/objects/URI/URI_Object_1.1.xsd"
    cybox_major_version="1" cybox_minor_version="0(draft)">
    <cybox:Observable id="cybox:Obs4">
        <!-- Observable for any single URL matching one of the URLs defined in Sample1, Sample 2 or Sample3 utilizing Object Pools-->
        <cybox:Observable_Composition operator="OR">
            <cybox:Observable id="cybox:Obs1">
                <cybox:Stateful_Measure>
                    <cybox:Object idref="cybox:A1" type="URI"/>
                </cybox:Stateful_Measure>
            </cybox:Observable>
            <cybox:Observable id="cybox:Obs2">
                <cybox:Stateful_Measure>
                    <cybox:Object idref="cybox:A2" type="URI"/>
                </cybox:Stateful_Measure>
            </cybox:Observable>
            <cybox:Observable id="cybox:Obs3">
                <cybox:Stateful_Measure>
                    <cybox:Object idref="cybox:A3" type="URI"/>
                </cybox:Stateful_Measure>
            </cybox:Observable>
        </cybox:Observable_Composition>
    </cybox:Observable>
    <cybox:Pools>
        <cybox:Object_Pool>
            <cybox:Object id="cybox:A1" type="URI">
                <cybox:Defined_Object xsi:type="URIObj:URIObjectType">
                    <URIObj:Value condition="Equals" datatype="AnyURI"
                        >www.sample1.com/index.html</URIObj:Value>
                </cybox:Defined_Object>
            </cybox:Object>
            <cybox:Object id="cybox:A2" type="URI">
                <cybox:Defined_Object xsi:type="URIObj:URIObjectType">
                    <URIObj:Value condition="Equals" datatype="AnyURI"
                        >sample2.com/login.html</URIObj:Value>
                </cybox:Defined_Object>
            </cybox:Object>
            <cybox:Object id="cybox:A3" type="URI">
                <cybox:Defined_Object xsi:type="URIObj:URIObjectType">
                    <URIObj:Value condition="Equals" datatype="AnyURI"
                        >dev.sample3.com/index/kb.html</URIObj:Value>
                </cybox:Defined_Object>
            </cybox:Object>
        </cybox:Object_Pool>
    </cybox:Pools>
</cybox:Observables>
Back to top
Page Last Updated: November 19, 2012

CybOX is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.

This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration.
Copyright © 2011 -2013, The MITRE Corporation. CybOX and the CybOX logo are trademarks of The MITRE Corporation.

Contact cybox@mitre.org for more information.

Privacy policy

Terms of use

Contact us