Showing:

Annotations
Attributes
Diagrams
Facets
Source
Used by
Imported schema DNS_Query_Object.xsd
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
Element DNSQueryObj:DNSQueryObjectType / DNSQueryObj:Question
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The Question field specifies the DNS question component of the DNS query.
Diagram
Diagram DNS_Query_Object_xsd.tmp#DNSQuestionType_QName DNS_Query_Object_xsd.tmp#DNSQuestionType_QType DNS_Query_Object_xsd.tmp#DNSQuestionType_QClass DNS_Query_Object_xsd.tmp#DNSQuestionType
Type DNSQueryObj:DNSQuestionType
Children DNSQueryObj:QClass, DNSQueryObj:QName, DNSQueryObj:QType
Source
<xs:element name="Question" type="DNSQueryObj:DNSQuestionType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Question field specifies the DNS question component of the DNS query.</xs:documentation>
  </xs:annotation>
</xs:element>
Element DNSQueryObj:DNSQuestionType / DNSQueryObj:QName
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The QName field specifies the domain name being queried.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType URI_Object_xsd.tmp#URIObjectType_type URI_Object_xsd.tmp#URIObjectType_Value URI_Object_xsd.tmp#URIObjectType
Type URIObj:URIObjectType
Type hierarchy
Children URIObj:Value, cyboxCommon:Custom_Properties
Attributes
QName Type Fixed Use Annotation
object_reference xs:QName optional
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
type URIObj:URITypeEnum URL optional
The type field specifies the type of URI that is being defined.
Source
<xs:element name="QName" type="URIObj:URIObjectType">
  <xs:annotation>
    <xs:documentation>The QName field specifies the domain name being queried.</xs:documentation>
  </xs:annotation>
</xs:element>
Element DNSQueryObj:DNSQuestionType / DNSQueryObj:QType
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The QType specifies the type of DNS query performed, in terms of the requested DNS record type.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType DNS_Query_Object_xsd.tmp#DNSRecordType_datatype DNS_Query_Object_xsd.tmp#DNSRecordType
Type DNSQueryObj:DNSRecordType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element minOccurs="0" name="QType" type="DNSQueryObj:DNSRecordType">
  <xs:annotation>
    <xs:documentation>The QType specifies the type of DNS query performed, in terms of the requested DNS record type.</xs:documentation>
  </xs:annotation>
</xs:element>
Element DNSQueryObj:DNSQuestionType / DNSQueryObj:QClass
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The QClass field specifies the class of resource records being requested.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element minOccurs="0" name="QClass" type="cyboxCommon:StringObjectPropertyType">
  <xs:annotation>
    <xs:documentation>The QClass field specifies the class of resource records being requested.</xs:documentation>
  </xs:annotation>
</xs:element>
Element DNSQueryObj:DNSQueryObjectType / DNSQueryObj:Answer_Resource_Records
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The Answers field specifies any Answers resource records that were returned for the DNS query.
Diagram
Diagram DNS_Query_Object_xsd.tmp#DNSResourceRecordsType_Resource_Record DNS_Query_Object_xsd.tmp#DNSResourceRecordsType
Type DNSQueryObj:DNSResourceRecordsType
Children DNSQueryObj:Resource_Record
Source
<xs:element name="Answer_Resource_Records" minOccurs="0" type="DNSQueryObj:DNSResourceRecordsType">
  <xs:annotation>
    <xs:documentation>The Answers field specifies any Answers resource records that were returned for the DNS query.</xs:documentation>
  </xs:annotation>
</xs:element>
Element DNSQueryObj:DNSResourceRecordsType / DNSQueryObj:Resource_Record
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The Answer field specifies a single DNS resource record returned as part of a DNS query.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType DNS_Record_Object_xsd.tmp#DNSRecordObjectType_Description DNS_Record_Object_xsd.tmp#DNSRecordObjectType_Domain_Name DNS_Record_Object_xsd.tmp#DNSRecordObjectType_IP_Address DNS_Record_Object_xsd.tmp#DNSRecordObjectType_Address_Class DNS_Record_Object_xsd.tmp#DNSRecordObjectType_Entry_Type DNS_Record_Object_xsd.tmp#DNSRecordObjectType_Record_Name DNS_Record_Object_xsd.tmp#DNSRecordObjectType_Record_Type DNS_Record_Object_xsd.tmp#DNSRecordObjectType_TTL DNS_Record_Object_xsd.tmp#DNSRecordObjectType_Flags DNS_Record_Object_xsd.tmp#DNSRecordObjectType_Data_Length DNS_Record_Object_xsd.tmp#DNSRecordObjectType_Record_Data DNS_Record_Object_xsd.tmp#DNSRecordObjectType
Type DNSRecordObj:DNSRecordObjectType
Type hierarchy
Children DNSRecordObj:Address_Class, DNSRecordObj:Data_Length, DNSRecordObj:Description, DNSRecordObj:Domain_Name, DNSRecordObj:Entry_Type, DNSRecordObj:Flags, DNSRecordObj:IP_Address, DNSRecordObj:Record_Data, DNSRecordObj:Record_Name, DNSRecordObj:Record_Type, DNSRecordObj:TTL, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
<xs:element name="Resource_Record" type="DNSRecordObj:DNSRecordObjectType" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Answer field specifies a single DNS resource record returned as part of a DNS query.</xs:documentation>
  </xs:annotation>
</xs:element>
Element DNSQueryObj:DNSQueryObjectType / DNSQueryObj:Authority_Resource_Records
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The Authority_Resource_Records field specifies any Authority resource records that were returned for the DNS query.
Diagram
Diagram DNS_Query_Object_xsd.tmp#DNSResourceRecordsType_Resource_Record DNS_Query_Object_xsd.tmp#DNSResourceRecordsType
Type DNSQueryObj:DNSResourceRecordsType
Children DNSQueryObj:Resource_Record
Source
<xs:element minOccurs="0" name="Authority_Resource_Records" type="DNSQueryObj:DNSResourceRecordsType">
  <xs:annotation>
    <xs:documentation>The Authority_Resource_Records field specifies any Authority resource records that were returned for the DNS query.</xs:documentation>
  </xs:annotation>
</xs:element>
Element DNSQueryObj:DNSQueryObjectType / DNSQueryObj:Additional_Records
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The Authority_Resource_Records field specifies any Additional resource records that were returned for the DNS query.
Diagram
Diagram DNS_Query_Object_xsd.tmp#DNSResourceRecordsType_Resource_Record DNS_Query_Object_xsd.tmp#DNSResourceRecordsType
Type DNSQueryObj:DNSResourceRecordsType
Children DNSQueryObj:Resource_Record
Source
<xs:element name="Additional_Records" minOccurs="0" type="DNSQueryObj:DNSResourceRecordsType">
  <xs:annotation>
    <xs:documentation>The Authority_Resource_Records field specifies any Additional resource records that were returned for the DNS query.</xs:documentation>
  </xs:annotation>
</xs:element>
Element DNSQueryObj:DNSQueryObjectType / DNSQueryObj:Date_Ran
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The Date_Ran field specifies the date and time that the DNS query was run.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#DateTimeObjectPropertyType_datatype cybox_common_xsd.tmp#DateTimeObjectPropertyType
Type cyboxCommon:DateTimeObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum dateTime optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element minOccurs="0" name="Date_Ran" type="cyboxCommon:DateTimeObjectPropertyType">
  <xs:annotation>
    <xs:documentation>The Date_Ran field specifies the date and time that the DNS query was run.</xs:documentation>
  </xs:annotation>
</xs:element>
Element DNSQueryObj:DNSQueryObjectType / DNSQueryObj:Service_Used
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The Service_Used field specifies the service used to run the DNS Query.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element minOccurs="0" name="Service_Used" type="cyboxCommon:StringObjectPropertyType">
  <xs:annotation>
    <xs:documentation>The Service_Used field specifies the service used to run the DNS Query.</xs:documentation>
  </xs:annotation>
</xs:element>
Element DNSQueryObj:DNS_Query
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The DNS_Query object is intended to represent a single DNS query.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType DNS_Query_Object_xsd.tmp#DNSQueryObjectType_successful DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Question DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Answer_Resource_Records DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Authority_Resource_Records DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Additional_Records DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Date_Ran DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Service_Used DNS_Query_Object_xsd.tmp#DNSQueryObjectType
Type DNSQueryObj:DNSQueryObjectType
Type hierarchy
Children DNSQueryObj:Additional_Records, DNSQueryObj:Answer_Resource_Records, DNSQueryObj:Authority_Resource_Records, DNSQueryObj:Date_Ran, DNSQueryObj:Question, DNSQueryObj:Service_Used, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
successful xs:boolean optional
The successful field specifies whether or not the DNS Query was successful.
Source
<xs:element name="DNS_Query" type="DNSQueryObj:DNSQueryObjectType">
  <xs:annotation>
    <xs:documentation>The DNS_Query object is intended to represent a single DNS query.</xs:documentation>
  </xs:annotation>
</xs:element>
Complex Type DNSQueryObj:DNSQueryObjectType
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The DNSQueryType is intended to characterize a single DNS query and its components.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType DNS_Query_Object_xsd.tmp#DNSQueryObjectType_successful DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Question DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Answer_Resource_Records DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Authority_Resource_Records DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Additional_Records DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Date_Ran DNS_Query_Object_xsd.tmp#DNSQueryObjectType_Service_Used
Type extension of cyboxCommon:ObjectPropertiesType
Type hierarchy
Used by
Children DNSQueryObj:Additional_Records, DNSQueryObj:Answer_Resource_Records, DNSQueryObj:Authority_Resource_Records, DNSQueryObj:Date_Ran, DNSQueryObj:Question, DNSQueryObj:Service_Used, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
successful xs:boolean optional
The successful field specifies whether or not the DNS Query was successful.
Source
<xs:complexType name="DNSQueryObjectType">
  <xs:annotation>
    <xs:documentation>The DNSQueryType is intended to characterize a single DNS query and its components.</xs:documentation>
  </xs:annotation>
  <xs:complexContent>
    <xs:extension base="cyboxCommon:ObjectPropertiesType">
      <xs:sequence>
        <xs:element name="Question" type="DNSQueryObj:DNSQuestionType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Question field specifies the DNS question component of the DNS query.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Answer_Resource_Records" minOccurs="0" type="DNSQueryObj:DNSResourceRecordsType">
          <xs:annotation>
            <xs:documentation>The Answers field specifies any Answers resource records that were returned for the DNS query.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element minOccurs="0" name="Authority_Resource_Records" type="DNSQueryObj:DNSResourceRecordsType">
          <xs:annotation>
            <xs:documentation>The Authority_Resource_Records field specifies any Authority resource records that were returned for the DNS query.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Additional_Records" minOccurs="0" type="DNSQueryObj:DNSResourceRecordsType">
          <xs:annotation>
            <xs:documentation>The Authority_Resource_Records field specifies any Additional resource records that were returned for the DNS query.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element minOccurs="0" name="Date_Ran" type="cyboxCommon:DateTimeObjectPropertyType">
          <xs:annotation>
            <xs:documentation>The Date_Ran field specifies the date and time that the DNS query was run.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element minOccurs="0" name="Service_Used" type="cyboxCommon:StringObjectPropertyType">
          <xs:annotation>
            <xs:documentation>The Service_Used field specifies the service used to run the DNS Query.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
      <xs:attribute name="successful" type="xs:boolean">
        <xs:annotation>
          <xs:documentation>The successful field specifies whether or not the DNS Query was successful.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Complex Type DNSQueryObj:DNSQuestionType
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The DNSQuestionType specifies the components of a DNS Question, including the domain name queried, type, and class.
Diagram
Diagram DNS_Query_Object_xsd.tmp#DNSQuestionType_QName DNS_Query_Object_xsd.tmp#DNSQuestionType_QType DNS_Query_Object_xsd.tmp#DNSQuestionType_QClass
Used by
Children DNSQueryObj:QClass, DNSQueryObj:QName, DNSQueryObj:QType
Source
<xs:complexType name="DNSQuestionType">
  <xs:annotation>
    <xs:documentation>The DNSQuestionType specifies the components of a DNS Question, including the domain name queried, type, and class.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element name="QName" type="URIObj:URIObjectType">
      <xs:annotation>
        <xs:documentation>The QName field specifies the domain name being queried.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element minOccurs="0" name="QType" type="DNSQueryObj:DNSRecordType">
      <xs:annotation>
        <xs:documentation>The QType specifies the type of DNS query performed, in terms of the requested DNS record type.</xs:documentation>
      </xs:annotation>
    </xs:element>
    <xs:element minOccurs="0" name="QClass" type="cyboxCommon:StringObjectPropertyType">
      <xs:annotation>
        <xs:documentation>The QClass field specifies the class of resource records being requested.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Complex Type DNSQueryObj:DNSRecordType
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
DNSRecordType specifies DNS record types, via a union of the DNSRecordTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType DNS_Query_Object_xsd.tmp#DNSRecordType_datatype
Type restriction of cyboxCommon:BaseObjectPropertyType
Type hierarchy
Used by
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="DNSRecordType">
  <xs:annotation>
    <xs:documentation>DNSRecordType specifies DNS record types, via a union of the DNSRecordTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="cyboxCommon:BaseObjectPropertyType">
      <xs:simpleType>
        <xs:union memberTypes="DNSQueryObj:DNSRecordTypeEnum xs:string"/>
      </xs:simpleType>
      <xs:attribute fixed="string" name="datatype" type="cyboxCommon:DatatypeEnum" use="optional">
        <xs:annotation>
          <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Complex Type DNSQueryObj:DNSResourceRecordsType
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The DNSAnswersType encompasses one or more resource records returned for a DNS query.
Diagram
Diagram DNS_Query_Object_xsd.tmp#DNSResourceRecordsType_Resource_Record
Used by
Children DNSQueryObj:Resource_Record
Source
<xs:complexType name="DNSResourceRecordsType">
  <xs:annotation>
    <xs:documentation>The DNSAnswersType encompasses one or more resource records returned for a DNS query.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element name="Resource_Record" type="DNSRecordObj:DNSRecordObjectType" maxOccurs="unbounded">
      <xs:annotation>
        <xs:documentation>The Answer field specifies a single DNS resource record returned as part of a DNS query.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Simple Type DNSQueryObj:DNSRecordTypeEnum
Namespace http://cybox.mitre.org/objects#DNSQueryObject-2
Annotations
The DNSRecordTypeEnum is a non-exhaustive enumeration of DNS Record Type names.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration A
enumeration AAAA
enumeration AFSDB
enumeration APL
enumeration CERT
enumeration CNAME
enumeration DHCID
enumeration DLV
enumeration DNAME
enumeration DNSKEY
enumeration DS
enumeration HIP
enumeration IPSECKEY
enumeration KEY
enumeration KX
enumeration LOC
enumeration MX
enumeration NAPTR
enumeration NS
enumeration NSEC
enumeration NSEC3
enumeration NSEC3PARAM
enumeration PTR
enumeration RRSIG
enumeration RP
enumeration SIG
enumeration SOA
enumeration SPF
enumeration SRV
enumeration SSHFP
enumeration TA
enumeration TKEY
enumeration TSIG
enumeration TXT
Source
<xs:simpleType name="DNSRecordTypeEnum">
  <xs:annotation>
    <xs:documentation>The DNSRecordTypeEnum is a non-exhaustive enumeration of DNS Record Type names.</xs:documentation>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="A"/>
    <xs:enumeration value="AAAA"/>
    <xs:enumeration value="AFSDB"/>
    <xs:enumeration value="APL"/>
    <xs:enumeration value="CERT"/>
    <xs:enumeration value="CNAME"/>
    <xs:enumeration value="DHCID"/>
    <xs:enumeration value="DLV"/>
    <xs:enumeration value="DNAME"/>
    <xs:enumeration value="DNSKEY"/>
    <xs:enumeration value="DS"/>
    <xs:enumeration value="HIP"/>
    <xs:enumeration value="IPSECKEY"/>
    <xs:enumeration value="KEY"/>
    <xs:enumeration value="KX"/>
    <xs:enumeration value="LOC"/>
    <xs:enumeration value="MX"/>
    <xs:enumeration value="NAPTR"/>
    <xs:enumeration value="NS"/>
    <xs:enumeration value="NSEC"/>
    <xs:enumeration value="NSEC3"/>
    <xs:enumeration value="NSEC3PARAM"/>
    <xs:enumeration value="PTR"/>
    <xs:enumeration value="RRSIG"/>
    <xs:enumeration value="RP"/>
    <xs:enumeration value="SIG"/>
    <xs:enumeration value="SOA"/>
    <xs:enumeration value="SPF"/>
    <xs:enumeration value="SRV"/>
    <xs:enumeration value="SSHFP"/>
    <xs:enumeration value="TA"/>
    <xs:enumeration value="TKEY"/>
    <xs:enumeration value="TSIG"/>
    <xs:enumeration value="TXT"/>
  </xs:restriction>
</xs:simpleType>
Attribute DNSQueryObj:DNSRecordType / @datatype
Namespace No namespace
Annotations
This attribute is optional and specifies the expected type for the value of the specified property.
Type cyboxCommon:DatatypeEnum
Facets
enumeration string
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration Host Name
Specifies a host name. For compatability reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots comforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration Binary
Specifies arbitrary binary encoded data.
enumeration BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html
enumeration Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
Used by
Source
<xs:attribute fixed="string" name="datatype" type="cyboxCommon:DatatypeEnum" use="optional">
  <xs:annotation>
    <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute DNSQueryObj:DNSQueryObjectType / @successful
Namespace No namespace
Annotations
The successful field specifies whether or not the DNS Query was successful.
Type xs:boolean
Used by
Source
<xs:attribute name="successful" type="xs:boolean">
  <xs:annotation>
    <xs:documentation>The successful field specifies whether or not the DNS Query was successful.</xs:documentation>
  </xs:annotation>
</xs:attribute>