[an error occurred while processing this directive] CybOX - CybOX Version 2.0 (Official) 
CybOX

Cyber Observable eXpression

A Structured Language for Cyber Observables
CybOX Language — Version 2.1
Home > CybOX Language > CybOX Version 2.0 (Official)  

Version 2.0 (Archive)

This page provides information on the Version 2.0 release of the CybOX Language. All information about Version 2.0 is included in this centralized location. Join the CybOX Community to participate in the next version of CybOX.

Downloads

Includes downloads for the Version 2.0 core, common, and object-specific xml schemas, objects, and specifications.

CybOX Core and Common Downloads
File Name Version Schema Documentation
All Files 2.0 ZIP
All Files (offline) 2.0 ZIP
Core 2.0 XSD HTML
Common 2.0 XSD HTML
Default Vocabularies 2.0 XSD HTML
CybOX Object Downloads
File Name Version Schema Documentation
API Object 2.0 XSD HTML
Account Object 2.0 XSD HTML
Address Object 2.0 XSD HTML
Artifact Object 2.0 XSD HTML
Code Object 2.0 XSD HTML
Custom Object 1.0 XSD HTML
DNS Cache Object 2.0 XSD HTML
DNS Query Object 2.0 XSD HTML
DNS Record Object 2.0 XSD HTML
Device Object 2.0 XSD HTML
Disk Object 2.0 XSD HTML
Disk Partition Object 2.0 XSD HTML
Email Message Object 2.0 XSD HTML
File Object 2.0 XSD HTML
GUI Dialogbox Object 2.0 XSD HTML
GUI Object 2.0 XSD HTML
GUI Window Object 2.0 XSD HTML
HTTP Session Object 2.0 XSD HTML
Library Object 2.0 XSD HTML
Link Object 1.0 XSD HTML
Linux Package Object 2.0 XSD HTML
Memory Object 2.0 XSD HTML
Mutex Object 2.0 XSD HTML
Network Connection Object 2.0 XSD HTML
Network Flow Object 2.0 XSD HTML
Network Packet Object 2.0 XSD HTML
Network Route Entry Object 2.0 XSD HTML
Network Route Object 2.0 XSD HTML
Network Socket Object 2.0 XSD HTML
Network Subnet Object 2.0 XSD HTML
PDF File Object 1.0 XSD HTML
Pipe Object 2.0 XSD HTML
Port Object 2.0 XSD HTML
Process Object 2.0 XSD HTML
Product Object 2.0 XSD HTML
Semaphore Object 2.0 XSD HTML
Socket Address Object 2.0 XSD HTML
System Object 2.0 XSD HTML
URI Object 2.0 XSD HTML
Unix File Object 2.0 XSD HTML
Unix Network Route Entry Object 2.0 XSD HTML
Unix Pipe Object 2.0 XSD HTML
Unix Process Object 2.0 XSD HTML
Unix User Account Object 2.0 XSD HTML
Unix Volume Object 2.0 XSD HTML
User Account Object 2.0 XSD HTML
User Session Object 2.0 XSD HTML
Volume Object 2.0 XSD HTML
Whois Object 2.0 XSD HTML
Win Computer Account Object 2.0 XSD HTML
Win Critical Section Object 2.0 XSD HTML
Win Driver Object 2.0 XSD HTML
Win Event Log Object 2.0 XSD HTML
Win Event Object 2.0 XSD HTML
Win Executable File Object 2.0 XSD HTML
Win File Object 2.0 XSD HTML
Win Handle Object 2.0 XSD HTML
Win Kernel Hook Object 2.0 XSD HTML
Win Kernel Object 2.0 XSD HTML
Win Mailslot Object 2.0 XSD HTML
Win Memory Page Region Object 2.0 XSD HTML
Win Mutex Object 2.0 XSD HTML
Win Network Route Entry Object 2.0 XSD HTML
Win Network Share Object 2.0 XSD HTML
Win Pipe Object 2.0 XSD HTML
Win Prefetch Object 2.0 XSD HTML
Win Process Object 2.0 XSD HTML
Win Registry Key Object 2.0 XSD HTML
Win Semaphore Object 2.0 XSD HTML
Win Service Object 2.0 XSD HTML
Win System Object 2.0 XSD HTML
Win System Restore Object 2.0 XSD HTML
Win Task Object 2.0 XSD HTML
Win Thread Object 2.0 XSD HTML
Win User Account Object 2.0 XSD HTML
Win Volume Object 2.0 XSD HTML
Win Waitable Timer Object 2.0 XSD HTML
X509 Certificate Object 2.0 XSD HTML
CybOX Extension Downloads
Extension Name Extension Point Version Schema Documentation
CPE 2.3 Platform 1.0 XSD HTML

CybOX Data Dictionaries
Dictionary Name Download
Core, Common, and Vocabularies cybox_data_dictionary.xlsx
Objects cybox_objects_data_dictionary.xlsx
Extensions cybox_extensions_data_dictionary.xlsx
Back to top

Release Notes

The major highlights of Version 2.0 are listed below:

  • Significant changes to the CybOX Object model, easing implementation and extensibility
  • Moved many usages of enumerations and strings to controlled vocabularies with CybOX-provided defaults as well as extension mechanisms
  • Created PDF File Object, Custom Object, Link Object, and Socket Object
  • Refined the expression of Observable patterns through new pattern conditions and associated attributes

There are also full release notes available.

Samples

Sample content for Version 2.0 is actively being developed and released. The latest release was on April 8, 2013 and can be downloaded in a single zip file:

Timeline

PLANNING DRAFT(S) RELEASE CANDIDATE OFFICIAL
13 February 2013 08 April 2013

Status Reports

Status updates are included below. You may also review the CybOX Community Discussion Archives for discussions about Version 2.0.

[2013-04-08]
Version 2.0 of the CybOX Language is now available. This release includes a number of improvements, as listed in the Release Notes section above. Please send any comments or concerns about this release to the CybOX Community Discussion List, or directly to cybox@mitre.org.
[2013-02-13]
Version 2.0 of the CybOX Language is now actively under development. Community feedback and our own internal reviews have identified several important ways to simplify and improve the CybOX Language, but many of them will likely not be backwards compatible. Over the next few weeks, we will be posting specific proposals to the CybOX Community Discussion List for community review. If you are interested in being part of this conversation, we encourage you to join the CybOX Community Email Discussion List. We are also very much interested in any additional feedback that you might have on CybOX in general and your ongoing guidance as we mature the language. We look forward to working with the community to create the next version of the CybOX Language. Please direct your comments to the CybOX Community Discussion List, or you may contact us at cybox@mitre.org.
Back to top
Page Last Updated: October 02, 2013 

CybOX is sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.

Copyright © 2012 - 2015, The MITRE Corporation. CybOX and the CybOX logo are trademarks of The MITRE Corporation.

Contact cybox@mitre.org for more information.

Privacy policy

Terms of use

Contact us