Showing:

Annotations
Attributes
Diagrams
Source
Used by
Main schema Win_Driver_Object.xsd
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
Element WinDriverObj:Windows_Driver
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Windows_Driver object is intended to characterize Windows device drivers.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_Device_Object_List Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_Driver_Init Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_Driver_Name Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_Driver_Object_Address Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_Driver_Start_IO Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_Driver_Unload Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_Image_Base Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_Image_Size Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_CLEANUP Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_CLOSE Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_CREATE Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_CREATE_MAILSLOT Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_CREATE_NAMED_PIPE Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_DEVICE_CHANGE Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_DEVICE_CONTROL Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_DIRECTORY_CONTROL Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_FILE_SYSTEM_CONTROL Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_FLUSH_BUFFERS Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_INTERNAL_DEVICE_CONTROL Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_LOCK_CONTROL Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_PNP Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_POWER Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_READ Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_QUERY_EA Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_QUERY_INFORMATION Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_QUERY_SECURITY Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_QUERY_QUOTA Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_QUERY_VOLUME_INFORMATION Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_SET_EA Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_SET_INFORMATION Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_SET_SECURITY Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_SET_QUOTA Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_SET_VOLUME_INFORMATION Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_SHUTDOWN Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_SYSTEM_CONTROL Win_Driver_Object_xsd.tmp#WindowsDriverObjectType_IRP_MJ_WRITE Win_Driver_Object_xsd.tmp#WindowsDriverObjectType
Type WinDriverObj:WindowsDriverObjectType
Type hierarchy
Children WinDriverObj:Device_Object_List, WinDriverObj:Driver_Init, WinDriverObj:Driver_Name, WinDriverObj:Driver_Object_Address, WinDriverObj:Driver_Start_IO, WinDriverObj:Driver_Unload, WinDriverObj:IRP_MJ_CLEANUP, WinDriverObj:IRP_MJ_CLOSE, WinDriverObj:IRP_MJ_CREATE, WinDriverObj:IRP_MJ_CREATE_MAILSLOT, WinDriverObj:IRP_MJ_CREATE_NAMED_PIPE, WinDriverObj:IRP_MJ_DEVICE_CHANGE, WinDriverObj:IRP_MJ_DEVICE_CONTROL, WinDriverObj:IRP_MJ_DIRECTORY_CONTROL, WinDriverObj:IRP_MJ_FILE_SYSTEM_CONTROL, WinDriverObj:IRP_MJ_FLUSH_BUFFERS, WinDriverObj:IRP_MJ_INTERNAL_DEVICE_CONTROL, WinDriverObj:IRP_MJ_LOCK_CONTROL, WinDriverObj:IRP_MJ_PNP, WinDriverObj:IRP_MJ_POWER, WinDriverObj:IRP_MJ_QUERY_EA, WinDriverObj:IRP_MJ_QUERY_INFORMATION, WinDriverObj:IRP_MJ_QUERY_QUOTA, WinDriverObj:IRP_MJ_QUERY_SECURITY, WinDriverObj:IRP_MJ_QUERY_VOLUME_INFORMATION, WinDriverObj:IRP_MJ_READ, WinDriverObj:IRP_MJ_SET_EA, WinDriverObj:IRP_MJ_SET_INFORMATION, WinDriverObj:IRP_MJ_SET_QUOTA, WinDriverObj:IRP_MJ_SET_SECURITY, WinDriverObj:IRP_MJ_SET_VOLUME_INFORMATION, WinDriverObj:IRP_MJ_SHUTDOWN, WinDriverObj:IRP_MJ_SYSTEM_CONTROL, WinDriverObj:IRP_MJ_WRITE, WinDriverObj:Image_Base, WinDriverObj:Image_Size, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
object_reference xs:QName optional
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
Source
<xs:element name="Windows_Driver" type="WinDriverObj:WindowsDriverObjectType" nillable="true">
  <xs:annotation>
    <xs:documentation>The Windows_Driver object is intended to characterize Windows device drivers.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:Device_Object_List
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Device_Object_List field specifies the device objects that were created by the driver.
Diagram
Diagram Win_Driver_Object_xsd.tmp#DeviceObjectListType_Device_Object_Struct Win_Driver_Object_xsd.tmp#DeviceObjectListType
Type WinDriverObj:DeviceObjectListType
Children WinDriverObj:Device_Object_Struct
Source
<xs:element name="Device_Object_List" type="WinDriverObj:DeviceObjectListType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Device_Object_List field specifies the device objects that were created by the driver.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:DeviceObjectListType / WinDriverObj:Device_Object_Struct
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Device_Object _Struct field specifies a single device object utilizing the Windows Driver Device Object Struct.
Diagram
Diagram Win_Driver_Object_xsd.tmp#DeviceObjectStructType_Attached_Device_Name Win_Driver_Object_xsd.tmp#DeviceObjectStructType_Attached_Device_Object Win_Driver_Object_xsd.tmp#DeviceObjectStructType_Attached_To_Device_Name Win_Driver_Object_xsd.tmp#DeviceObjectStructType_Attached_To_Device_Object Win_Driver_Object_xsd.tmp#DeviceObjectStructType_Attached_To_Driver_Object Win_Driver_Object_xsd.tmp#DeviceObjectStructType_Attached_To_Driver_Name Win_Driver_Object_xsd.tmp#DeviceObjectStructType_Device_Name Win_Driver_Object_xsd.tmp#DeviceObjectStructType_Device_Object Win_Driver_Object_xsd.tmp#DeviceObjectStructType
Type WinDriverObj:DeviceObjectStructType
Children WinDriverObj:Attached_Device_Name, WinDriverObj:Attached_Device_Object, WinDriverObj:Attached_To_Device_Name, WinDriverObj:Attached_To_Device_Object, WinDriverObj:Attached_To_Driver_Name, WinDriverObj:Attached_To_Driver_Object, WinDriverObj:Device_Name, WinDriverObj:Device_Object
Source
<xs:element name="Device_Object_Struct" type="WinDriverObj:DeviceObjectStructType" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Device_Object _Struct field specifies a single device object utilizing the Windows Driver Device Object Struct.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:DeviceObjectStructType / WinDriverObj:Attached_Device_Name
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Attached_Device_Name field specifies the name of another device object that was attached to this one. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff543147(v=vs.85).aspx
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Attached_Device_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Attached_Device_Name field specifies the name of another device object that was attached to this one. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff543147(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:DeviceObjectStructType / WinDriverObj:Attached_Device_Object
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Attached_Device_Object field specifies a pointer to another device object that was attached to this one. Typically this is a filter driver. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff543147(v=vs.85).aspx
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Attached_Device_Object" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Attached_Device_Object field specifies a pointer to another device object that was attached to this one. Typically this is a filter driver. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff543147(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:DeviceObjectStructType / WinDriverObj:Attached_To_Device_Name
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Attached_To_Device_Name field specifies the name of another device object that this one was attached to.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Attached_To_Device_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Attached_To_Device_Name field specifies the name of another device object that this one was attached to.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:DeviceObjectStructType / WinDriverObj:Attached_To_Device_Object
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Attached_To_Device_Object field specifies a pointer to another device object that this one was attached to.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Attached_To_Device_Object" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Attached_To_Device_Object field specifies a pointer to another device object that this one was attached to.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:DeviceObjectStructType / WinDriverObj:Attached_To_Driver_Object
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Attached_To_Driver_Object field specifies a pointer to the driver to which this device object was attached.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Attached_To_Driver_Object" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Attached_To_Driver_Object field specifies a pointer to the driver to which this device object was attached.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:DeviceObjectStructType / WinDriverObj:Attached_To_Driver_Name
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Attached_To_Driver_Name field specifies the name of the driver to which this device object was attached.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Attached_To_Driver_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Attached_To_Driver_Name field specifies the name of the driver to which this device object was attached.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:DeviceObjectStructType / WinDriverObj:Device_Name
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Device_Name field specifies the name of the device object.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Device_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Device_Name field specifies the name of the device object.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:DeviceObjectStructType / WinDriverObj:Device_Object
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Device_Object field specifies a pointer to the driver object for the caller.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Device_Object" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Device_Object field specifies a pointer to the driver object for the caller.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:Driver_Init
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Driver_Init field specifies the entry point for the driver's DriverEntry routine. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff544174(v=vs.85).aspx
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Driver_Init" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Driver_Init field specifies the entry point for the driver's DriverEntry routine. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff544174(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:Driver_Name
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Driver_Name field specifies the name of the driver.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Driver_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Driver_Name field specifies the name of the driver.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:Driver_Object_Address
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Driver_Object_Address field specifies the address to the driver's driver object, which contains the storage for the entry point to many of the driver's standard routines. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff548034(v=vs.85).aspx
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#HexBinaryObjectPropertyType_datatype cybox_common_xsd.tmp#HexBinaryObjectPropertyType
Type cyboxCommon:HexBinaryObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum hexBinary optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Driver_Object_Address" type="cyboxCommon:HexBinaryObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Driver_Object_Address field specifies the address to the driver's driver object, which contains the storage for the entry point to many of the driver's standard routines. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff548034(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:Driver_Start_IO
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Driver_Start_IO field specifies the entry point for the driver's StartIO routine. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff544174(v=vs.85).aspx
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#HexBinaryObjectPropertyType_datatype cybox_common_xsd.tmp#HexBinaryObjectPropertyType
Type cyboxCommon:HexBinaryObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum hexBinary optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Driver_Start_IO" type="cyboxCommon:HexBinaryObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Driver_Start_IO field specifies the entry point for the driver's StartIO routine. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff544174(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:Driver_Unload
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Driver_Unload field specifies the entry point for the driver's unload routine. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff544174(v=vs.85).aspx
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#HexBinaryObjectPropertyType_datatype cybox_common_xsd.tmp#HexBinaryObjectPropertyType
Type cyboxCommon:HexBinaryObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum hexBinary optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Driver_Unload" type="cyboxCommon:HexBinaryObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Driver_Unload field specifies the entry point for the driver's unload routine. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff544174(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:Image_Base
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Image_Base field specifies the preferred address of the first byte of the driver's image when it is loaded into memory.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#HexBinaryObjectPropertyType_datatype cybox_common_xsd.tmp#HexBinaryObjectPropertyType
Type cyboxCommon:HexBinaryObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum hexBinary optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Image_Base" type="cyboxCommon:HexBinaryObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Image_Base field specifies the preferred address of the first byte of the driver's image when it is loaded into memory.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:Image_Size
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The Image_Size field specifies the size of the driver's image, in bytes.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#HexBinaryObjectPropertyType_datatype cybox_common_xsd.tmp#HexBinaryObjectPropertyType
Type cyboxCommon:HexBinaryObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum hexBinary optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Image_Size" type="cyboxCommon:HexBinaryObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Image_Size field specifies the size of the driver's image, in bytes.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:IRP_MJ_CLEANUP
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The IRP_MJ_CLEANUP field represents a count of the number of times the CLEANUP function code was processed by the driver.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="IRP_MJ_CLEANUP" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The IRP_MJ_CLEANUP field represents a count of the number of times the CLEANUP function code was processed by the driver.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:IRP_MJ_CLOSE
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The IRP_MJ_CLOSE field represents a count of the number of times the CLOSE function code was processed by the driver.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="IRP_MJ_CLOSE" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The IRP_MJ_CLOSE field represents a count of the number of times the CLOSE function code was processed by the driver.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:IRP_MJ_CREATE
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The IRP_MJ_CREATE field represents a count of the number of times the CREATE function code was processed by the driver.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="IRP_MJ_CREATE" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The IRP_MJ_CREATE field represents a count of the number of times the CREATE function code was processed by the driver.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:IRP_MJ_CREATE_MAILSLOT
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The IRP_MJ_CREATE_MAILSLOT field represents a count of the number of times the CREATE_MAILSLOT function code was processed by the driver.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="IRP_MJ_CREATE_MAILSLOT" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The IRP_MJ_CREATE_MAILSLOT field represents a count of the number of times the CREATE_MAILSLOT function code was processed by the driver.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:IRP_MJ_CREATE_NAMED_PIPE
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The IRP_MJ_CREATE_NAMED_PIPE field represents a count of the number of times the CREATE_NAMED_PIPE function code was processed by the driver.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="IRP_MJ_CREATE_NAMED_PIPE" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The IRP_MJ_CREATE_NAMED_PIPE field represents a count of the number of times the CREATE_NAMED_PIPE function code was processed by the driver.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:IRP_MJ_DEVICE_CHANGE
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The IRP_MJ_DEVICE_CHANGE field represents a count of the number of times the DEVICE_CHANGE function code was processed by the driver.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="IRP_MJ_DEVICE_CHANGE" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The IRP_MJ_DEVICE_CHANGE field represents a count of the number of times the DEVICE_CHANGE function code was processed by the driver.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:IRP_MJ_DEVICE_CONTROL
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The IRP_MJ_DEVICE_CONTROL field represents a count of the number of times the DEVICE_CONTROL function code was processed by the driver.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="IRP_MJ_DEVICE_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The IRP_MJ_DEVICE_CONTROL field represents a count of the number of times the DEVICE_CONTROL function code was processed by the driver.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:IRP_MJ_DIRECTORY_CONTROL
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The IRP_MJ_DIRECTORY_CONTROL field represents a count of the number of times the DIRECTORY_CONTROL function code was processed by the driver.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="IRP_MJ_DIRECTORY_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The IRP_MJ_DIRECTORY_CONTROL field represents a count of the number of times the DIRECTORY_CONTROL function code was processed by the driver.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:IRP_MJ_FILE_SYSTEM_CONTROL
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The IRP_MJ_FILE_SYSTEM_CONTROL field represents a count of the number of times the FILE_SYSTEM_CONTROL function code was processed by the driver.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="IRP_MJ_FILE_SYSTEM_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The IRP_MJ_FILE_SYSTEM_CONTROL field represents a count of the number of times the FILE_SYSTEM_CONTROL function code was processed by the driver.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:IRP_MJ_FLUSH_BUFFERS
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The IRP_MJ_FLUSH_BUFFERS field represents a count of the number of times the FLUSH_BUFFERS function code was processed by the driver.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="IRP_MJ_FLUSH_BUFFERS" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The IRP_MJ_FLUSH_BUFFERS field represents a count of the number of times the FLUSH_BUFFERS function code was processed by the driver.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:IRP_MJ_INTERNAL_DEVICE_CONTROL
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The IRP_MJ_INTERNAL_DEVICE_CONTROL field represents a count of the number of times the INTERNAL_DEVICE_CONTROL function code was processed by the driver.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="IRP_MJ_INTERNAL_DEVICE_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The IRP_MJ_INTERNAL_DEVICE_CONTROL field represents a count of the number of times the INTERNAL_DEVICE_CONTROL function code was processed by the driver.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:IRP_MJ_LOCK_CONTROL
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The IRP_MJ_LOCK_CONROL field represents a count of the number of times the LOCK_CONROL function code was processed by the driver.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="IRP_MJ_LOCK_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The IRP_MJ_LOCK_CONROL field represents a count of the number of times the LOCK_CONROL function code was processed by the driver.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinDriverObj:WindowsDriverObjectType / WinDriverObj:IRP_MJ_PNP
Namespace http://cybox.mitre.org/objects#WinDriverObject-2
Annotations
The IRP_MJ_PNP field represents a count of the number of times the PNP function code was processed by the driver.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#UnsignedLongObjectPropertyType_datatype cybox_common_xsd.tmp#UnsignedLongObjectPropertyType
Type cyboxCommon:UnsignedLongObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum unsignedLong optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional