CybOX 2.1 (Archive)

Important Notice: CybOX has been integrated into Version 2.0 of Structured Threat Information eXpression (STIX™).

Release Notes

Note: All files linked to below are hosted on the CybOX Legacy Site, and will redirect there.

The major highlights of Version 2.1 are listed below:

  • Added support for associating geolocation information with Observables, Objects, Actions, and Events.
  • Added support for capturing Observable sightings.
  • Added new Archive File Object, ARP Cache Entry Object, Autonomous System (AS) Object, Domain Object, Hostname Object, Image Object, SMS Object, URL History Object, Windows Hook Object, and Windows Filemapping Object.
  • Expanded Base Object Property attributes to provide richer patterning and authoring capabilities.
  • There are also full release notes available.

CybOX Core and Common Downloads

File Name Version Schema Documentation
All Files 2.1 ZIP n/a
All Files (offline) 2.1 ZIP n/a
Core 2.1 XSD HTML
Common 2.1 XSD HTML
Default Vocabularies 2.1 XSD HTML

CybOX Object Downloads

File Name Version Schema Documentation
API Object 2.1 XSD HTML
ARP Cache Object 1.0 XSD HTML
AS Object 1.0 XSD HTML
Account Object 2.1 XSD HTML
Address Object 2.1 XSD HTML
Archive File Object 1.0 XSD HTML
Artifact Object 2.1 XSD HTML
Code Object 2.1 XSD HTML
Custom Object 1.1 XSD HTML
DNS Cache Object 2.1 XSD HTML
DNS Query Object 2.1 XSD HTML
DNS Record Object 2.1 XSD HTML
Device Object 2.1 XSD HTML
Disk Object 2.1 XSD HTML
Disk Partition Object 2.1 XSD HTML
Domain Name Object 1.0 XSD HTML
Email Message Object 2.1 XSD HTML
File Object 2.1 XSD HTML
GUI Dialogbox Object 2.1 XSD HTML
GUI Object 2.1 XSD HTML
GUI Window Object 2.1 XSD HTML
HTTP Session Object 2.1 XSD HTML
Hostname Object 1.0 XSD HTML
Image File Object 1.0 XSD HTML
Library Object 2.1 XSD HTML
Link Object 1.1 XSD HTML
Linux Package Object 2.1 XSD HTML
Memory Object 2.1 XSD HTML
Mutex Object 2.1 XSD HTML
Network Connection Object 2.1 XSD HTML
Network Flow Object 2.1 XSD HTML
Network Packet Object 2.1 XSD HTML
Network Route Entry Object 2.1 XSD HTML
Network Route Object 2.1 XSD HTML
Network Socket Object 2.1 XSD HTML
Network Subnet Object 2.1 XSD HTML
PDF File Object 1.1 XSD HTML
Pipe Object 2.1 XSD HTML
Port Object 2.1 XSD HTML
Process Object 2.1 XSD HTML
Product Object 2.1 XSD HTML
SMS Message Object 1.0 XSD HTML
Semaphore Object 2.1 XSD HTML
Socket Address Object 1.1 XSD HTML
System Object 2.1 XSD HTML
URI Object 2.1 XSD HTML
URL History Object 1.0 XSD HTML
Unix File Object 2.1 XSD HTML
Unix Network Route Entry Object 2.1 XSD HTML
Unix Pipe Object 2.1 XSD HTML
Unix Process Object 2.1 XSD HTML
Unix User Account Object 2.1 XSD HTML
Unix Volume Object 2.1 XSD HTML
User Account Object 2.1 XSD HTML
User Session Object 2.1 XSD HTML
Volume Object 2.1 XSD HTML
Whois Object 2.1 XSD HTML
Win Computer Account Object 2.1 XSD HTML
Win Critical Section Object 2.1 XSD HTML
Win Driver Object 3.0 XSD HTML
Win Event Log Object 2.1 XSD HTML
Win Event Object 2.1 XSD HTML
Win Executable File Object 2.1 XSD HTML
Win File Object 2.1 XSD HTML
Win Filemapping Object 1.0 XSD HTML
Win Handle Object 2.1 XSD HTML
Win Hook Object 1.0 XSD HTML
Win Kernel Hook Object 2.1 XSD HTML
Win Kernel Object 2.1 XSD HTML
Win Mailslot Object 2.1 XSD HTML
Win Memory Page Region Object 2.1 XSD HTML
Win Mutex Object 2.1 XSD HTML
Win Network Route Entry Object 2.1 XSD HTML
Win Network Share Object 2.1 XSD HTML
Win Pipe Object 2.1 XSD HTML
Win Prefetch Object 2.1 XSD HTML
Win Process Object 2.1 XSD HTML
Win Registry Key Object 2.1 XSD HTML
Win Semaphore Object 2.1 XSD HTML
Win Service Object 2.1 XSD HTML
Win System Object 2.1 XSD HTML
Win System Restore Object 2.1 XSD HTML
Win Task Object 2.1 XSD HTML
Win Thread Object 2.1 XSD HTML
Win User Account Object 2.1 XSD HTML
Win Volume Object 2.1 XSD HTML
Win Waitable Timer Object 2.1 XSD HTML
X509 Certificate Object 2.1 XSD HTML

CybOX Extension Downloads

Extension Name Extension Point Version Schema Documentation
CIQ Version 3.0 Address Location 1.0 XSD HTML
CPE 2.3 Platform 1.1 XSD HTML

CybOX Data Dictionaries