Cyber Observable eXpression

Version 1.0 (Archive)

This page provides information on the Version 1.0 release of the CybOX Language. All information about Version 1.0 is included in this centralized location. Join the CybOX Community to participate in the next version of CybOX.

Specifications

Please submit any comments or questions about the current versions of the CybOX Language Specification document(s) to cybox-discussion-list@lists.mitre.org. You may also submit comments directly to cybox@mitre.org.

NOTE: The specifications remain v1.0 (Draft) versions and will be updated soon to align with v1.0 of the schema.

Core

• CybOX Language v1.0 Core Specification 04-13-2012 (PDF, 920 KB)

Defined Objects

• CybOX Language v1.0 Defined Objects Specification 04-13-2012 (PDF, 1.51 MB)

In addition, all currently available specifications associated with a particular schema are posted in the Specifications columns in the Downloads section, below.

Downloads

Includes downloads for the Version 1.0 core, common, and object-specific xml schemas, objects, and specifications.

Release Notes

The major highlights of Version 1.0 are listed below:

• CybOX Version 1.0 Release Notes 11-09-2012 (PDF, 289 KB)
• Difference Reports from Previous Version 11-09-2012 (ZIP, 61.7 KB)

Examples

Example content for Version 1.0 is included below, as available.

Simple Examples

1. Single URL
2. Observable pattern for a file with one of a set of three MD5 hashes
3. File with basic information including multiple hashes
4. Create File Action
5. Simple Email
6. Simple email with simple file attachment
7. Observable pattern for a URL matching one of three values utilizing IsInSet
8. Observable pattern for a URL matching one of three values utilizing logical OR composition
9. Observable pattern for a URL matching one of three values utilizing logical OR composition and Object pooling

Complex Examples

1. Iran-Oil example as only static observable Stateful Measures
2. Observable pattern for a file with one of a set of three MD5 hashes

Timeline

Status Reports

Status updates are included below. You may also review the CybOX Community Discussion Archives for discussions about Version 1.0.

[2012-11-09]

Version 1.0 of the CybOX Language is now available. Version 1.0 is a stabilization of the Version 1.0 (Draft) release intended as an initial major version of the CybOX Language that can be utilized for practical operational use and integration into other standards efforts. This release includes several refinements, simplifications, fixes and additions in response to stakeholder feedback on Version 1.0 (Draft) from initial use and review. This release consists primarily of updates to the schemas from Version 1.0 (Draft) and six new defined object schemas along with updated Python bindings compliant with the new schemas. The formal language specifications for the core language content and defined objects content will be updated within the coming month to be aligned with the details of the Version 1.0 schemas. A detailed list of changes is available in the Release Notes section below.

CybOX is sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.

Copyright © 2012 - 2015, The MITRE Corporation. CybOX and the CybOX logo are trademarks of The MITRE Corporation.

Contact cybox@mitre.org for more information.

Privacy policy

Terms of use

Contact us