Showing:

Annotations
Attributes
Diagrams
Facets
Source
Used by
Main schema Win_Service_Object.xsd
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
Change to This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
Element WinServiceObj:Windows_Service
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
Windows_Service object is intended to characterize Windows services. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685141(v=vs.85).aspx
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Process_Object_xsd.tmp#ProcessObjectType_is_hidden Process_Object_xsd.tmp#ProcessObjectType_PID Process_Object_xsd.tmp#ProcessObjectType_Name Process_Object_xsd.tmp#ProcessObjectType_Creation_Time Process_Object_xsd.tmp#ProcessObjectType_Parent_PID Process_Object_xsd.tmp#ProcessObjectType_Child_PID_List Process_Object_xsd.tmp#ProcessObjectType_Image_Info Process_Object_xsd.tmp#ProcessObjectType_Argument_List Process_Object_xsd.tmp#ProcessObjectType_Environment_Variable_List Process_Object_xsd.tmp#ProcessObjectType_Kernel_Time Process_Object_xsd.tmp#ProcessObjectType_Port_List Process_Object_xsd.tmp#ProcessObjectType_Network_Connection_List Process_Object_xsd.tmp#ProcessObjectType_Start_Time Process_Object_xsd.tmp#ProcessObjectType_Status Process_Object_xsd.tmp#ProcessObjectType_Username Process_Object_xsd.tmp#ProcessObjectType_User_Time Process_Object_xsd.tmp#ProcessObjectType_Extracted_Features Process_Object_xsd.tmp#ProcessObjectType Win_Process_Object_xsd.tmp#WindowsProcessObjectType_aslr_enabled Win_Process_Object_xsd.tmp#WindowsProcessObjectType_dep_enabled Win_Process_Object_xsd.tmp#WindowsProcessObjectType_Handle_List Win_Process_Object_xsd.tmp#WindowsProcessObjectType_Priority Win_Process_Object_xsd.tmp#WindowsProcessObjectType_Section_List Win_Process_Object_xsd.tmp#WindowsProcessObjectType_Security_ID Win_Process_Object_xsd.tmp#WindowsProcessObjectType_Startup_Info Win_Process_Object_xsd.tmp#WindowsProcessObjectType_Security_Type Win_Process_Object_xsd.tmp#WindowsProcessObjectType_Window_Title Win_Process_Object_xsd.tmp#WindowsProcessObjectType Win_Service_Object_xsd.tmp#WindowsServiceObjectType_service_dll_signature_exists Win_Service_Object_xsd.tmp#WindowsServiceObjectType_service_dll_signature_verified Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Description_List Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Display_Name Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Group_Name Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_Name Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_DLL Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_DLL_Certificate_Issuer Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_DLL_Certificate_Subject Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_DLL_Hashes Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_DLL_Signature_Description Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Startup_Command_Line Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Startup_Type Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_Status Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_Type Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Started_As Win_Service_Object_xsd.tmp#WindowsServiceObjectType
Type WinServiceObj:WindowsServiceObjectType
Type hierarchy
Children ProcessObj:Argument_List, ProcessObj:Child_PID_List, ProcessObj:Creation_Time, ProcessObj:Environment_Variable_List, ProcessObj:Extracted_Features, ProcessObj:Image_Info, ProcessObj:Kernel_Time, ProcessObj:Name, ProcessObj:Network_Connection_List, ProcessObj:PID, ProcessObj:Parent_PID, ProcessObj:Port_List, ProcessObj:Start_Time, ProcessObj:Status, ProcessObj:User_Time, ProcessObj:Username, WinProcessObj:Handle_List, WinProcessObj:Priority, WinProcessObj:Section_List, WinProcessObj:Security_ID, WinProcessObj:Security_Type, WinProcessObj:Startup_Info, WinProcessObj:Window_Title, WinServiceObj:Description_List, WinServiceObj:Display_Name, WinServiceObj:Group_Name, WinServiceObj:Service_DLL, WinServiceObj:Service_DLL_Certificate_Issuer, WinServiceObj:Service_DLL_Certificate_Subject, WinServiceObj:Service_DLL_Hashes, WinServiceObj:Service_DLL_Signature_Description, WinServiceObj:Service_Name, WinServiceObj:Service_Status, WinServiceObj:Service_Type, WinServiceObj:Started_As, WinServiceObj:Startup_Command_Line, WinServiceObj:Startup_Type, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
aslr_enabled xs:boolean optional
The aslr_enabled field specifies whether Address Space Layout Randomization (ASLR) is enabled for the process.
dep_enabled xs:boolean optional
The dep_enabled field specifies whether Data Execution Prevention (DEP) is enabled for the process.
is_hidden xs:boolean optional
The is_hidden field specifies whether the process is hidden or not.
object_reference xs:QName optional
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
service_dll_signature_exists xs:boolean optional
Indicates whether or not the DLL is signed.
service_dll_signature_verified xs:boolean optional
Indicates whether or not the DLL's signature was verified.
Source
<xs:element name="Windows_Service" type="WinServiceObj:WindowsServiceObjectType" nillable="true">
  <xs:annotation>
    <xs:documentation>Windows_Service object is intended to characterize Windows services. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685141(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:WindowsServiceObjectType / WinServiceObj:Description_List
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
A list of description items for this service.
Diagram
Diagram Win_Service_Object_xsd.tmp#ServiceDescriptionListType_Description Win_Service_Object_xsd.tmp#ServiceDescriptionListType
Type WinServiceObj:ServiceDescriptionListType
Children WinServiceObj:Description
Source
<xs:element name="Description_List" type="WinServiceObj:ServiceDescriptionListType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>A list of description items for this service.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:ServiceDescriptionListType / WinServiceObj:Description
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
A description of the service. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685156(v=vs.85).aspx
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Description" type="cyboxCommon:StringObjectPropertyType" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>A description of the service. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685156(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:WindowsServiceObjectType / WinServiceObj:Display_Name
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
The Display_Name field specifies the displayed name of the service in Windows GUI controls. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms683228(v=vs.85).aspx
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Display_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Display_Name field specifies the displayed name of the service in Windows GUI controls. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms683228(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:WindowsServiceObjectType / WinServiceObj:Group_Name
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
The Group_Name field specifies the name of the load ordering group of which this service is a member.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element minOccurs="0" name="Group_Name" type="cyboxCommon:StringObjectPropertyType">
  <xs:annotation>
    <xs:documentation>The Group_Name field specifies the name of the load ordering group of which this service is a member.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:WindowsServiceObjectType / WinServiceObj:Service_Name
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
The Name field specifies the name of the service. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms683229(v=vs.85).aspx
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Service_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Name field specifies the name of the service. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms683229(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:WindowsServiceObjectType / WinServiceObj:Service_DLL
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
The Service_DLL field specifies name of the DLL instantiated in the service.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Service_DLL" type="cyboxCommon:StringObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Service_DLL field specifies name of the DLL instantiated in the service.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:WindowsServiceObjectType / WinServiceObj:Service_DLL_Certificate_Issuer
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
The Certificate Authority (CA) that issued the certificate used to sign the service DLL.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Service_DLL_Certificate_Issuer" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Certificate Authority (CA) that issued the certificate used to sign the service DLL.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:WindowsServiceObjectType / WinServiceObj:Service_DLL_Certificate_Subject
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
The subject of the certifcate (the entity being authenticated).
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Service_DLL_Certificate_Subject" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The subject of the certifcate (the entity being authenticated).</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:WindowsServiceObjectType / WinServiceObj:Service_DLL_Hashes
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
Hashes for the Service DLL file.
Diagram
Diagram cybox_common_xsd.tmp#HashListType_Hash cybox_common_xsd.tmp#HashListType
Type cyboxCommon:HashListType
Children cyboxCommon:Hash
Source
<xs:element name="Service_DLL_Hashes" type="cyboxCommon:HashListType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>Hashes for the Service DLL file.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:WindowsServiceObjectType / WinServiceObj:Service_DLL_Signature_Description
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
The Service_DLL_Signature_Description field provides a description of the digital signature for the service DLL.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Service_DLL_Signature_Description" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Service_DLL_Signature_Description field provides a description of the digital signature for the service DLL.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:WindowsServiceObjectType / WinServiceObj:Startup_Command_Line
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
The Startup_Command_Line field specifies the full command line used to start the service.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Startup_Command_Line" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The Startup_Command_Line field specifies the full command line used to start the service.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:WindowsServiceObjectType / WinServiceObj:Startup_Type
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
Service start options. See http://msdn.microsoft.com/en-us/library/windows/desktop/ms682450(v=vs.85).aspx
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType Win_Service_Object_xsd.tmp#ServiceModeType_datatype Win_Service_Object_xsd.tmp#ServiceModeType
Type WinServiceObj:ServiceModeType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Startup_Type" type="WinServiceObj:ServiceModeType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>Service start options. See http://msdn.microsoft.com/en-us/library/windows/desktop/ms682450(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:WindowsServiceObjectType / WinServiceObj:Service_Status
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
Status information for a service. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685996(v=vs.85).aspx
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType Win_Service_Object_xsd.tmp#ServiceStatusType_datatype Win_Service_Object_xsd.tmp#ServiceStatusType
Type WinServiceObj:ServiceStatusType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Service_Status" type="WinServiceObj:ServiceStatusType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>Status information for a service. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685996(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:WindowsServiceObjectType / WinServiceObj:Service_Type
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
The Type field specifies the type of the service.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType Win_Service_Object_xsd.tmp#ServiceType_datatype Win_Service_Object_xsd.tmp#ServiceType
Type WinServiceObj:ServiceType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element name="Service_Type" type="WinServiceObj:ServiceType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Type field specifies the type of the service.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinServiceObj:WindowsServiceObjectType / WinServiceObj:Started_As
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
The Started_As field specifies the name of the account under which the service was started.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType cybox_common_xsd.tmp#StringObjectPropertyType_datatype cybox_common_xsd.tmp#StringObjectPropertyType
Type cyboxCommon:StringObjectPropertyType
Type hierarchy
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:element minOccurs="0" name="Started_As" type="cyboxCommon:StringObjectPropertyType">
  <xs:annotation>
    <xs:documentation>The Started_As field specifies the name of the account under which the service was started.</xs:documentation>
  </xs:annotation>
</xs:element>
Complex Type WinServiceObj:WindowsServiceObjectType
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
The WindowsServiceObjectType type is intended to characterize Windows services.
Diagram
Diagram cybox_common_xsd.tmp#ObjectPropertiesType_object_reference cybox_common_xsd.tmp#ObjectPropertiesType_Custom_Properties cybox_common_xsd.tmp#ObjectPropertiesType Process_Object_xsd.tmp#ProcessObjectType_is_hidden Process_Object_xsd.tmp#ProcessObjectType_PID Process_Object_xsd.tmp#ProcessObjectType_Name Process_Object_xsd.tmp#ProcessObjectType_Creation_Time Process_Object_xsd.tmp#ProcessObjectType_Parent_PID Process_Object_xsd.tmp#ProcessObjectType_Child_PID_List Process_Object_xsd.tmp#ProcessObjectType_Image_Info Process_Object_xsd.tmp#ProcessObjectType_Argument_List Process_Object_xsd.tmp#ProcessObjectType_Environment_Variable_List Process_Object_xsd.tmp#ProcessObjectType_Kernel_Time Process_Object_xsd.tmp#ProcessObjectType_Port_List Process_Object_xsd.tmp#ProcessObjectType_Network_Connection_List Process_Object_xsd.tmp#ProcessObjectType_Start_Time Process_Object_xsd.tmp#ProcessObjectType_Status Process_Object_xsd.tmp#ProcessObjectType_Username Process_Object_xsd.tmp#ProcessObjectType_User_Time Process_Object_xsd.tmp#ProcessObjectType_Extracted_Features Process_Object_xsd.tmp#ProcessObjectType Win_Process_Object_xsd.tmp#WindowsProcessObjectType_aslr_enabled Win_Process_Object_xsd.tmp#WindowsProcessObjectType_dep_enabled Win_Process_Object_xsd.tmp#WindowsProcessObjectType_Handle_List Win_Process_Object_xsd.tmp#WindowsProcessObjectType_Priority Win_Process_Object_xsd.tmp#WindowsProcessObjectType_Section_List Win_Process_Object_xsd.tmp#WindowsProcessObjectType_Security_ID Win_Process_Object_xsd.tmp#WindowsProcessObjectType_Startup_Info Win_Process_Object_xsd.tmp#WindowsProcessObjectType_Security_Type Win_Process_Object_xsd.tmp#WindowsProcessObjectType_Window_Title Win_Process_Object_xsd.tmp#WindowsProcessObjectType Win_Service_Object_xsd.tmp#WindowsServiceObjectType_service_dll_signature_exists Win_Service_Object_xsd.tmp#WindowsServiceObjectType_service_dll_signature_verified Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Description_List Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Display_Name Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Group_Name Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_Name Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_DLL Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_DLL_Certificate_Issuer Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_DLL_Certificate_Subject Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_DLL_Hashes Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_DLL_Signature_Description Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Startup_Command_Line Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Startup_Type Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_Status Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Service_Type Win_Service_Object_xsd.tmp#WindowsServiceObjectType_Started_As
Type extension of WinProcessObj:WindowsProcessObjectType
Type hierarchy
Used by
Children ProcessObj:Argument_List, ProcessObj:Child_PID_List, ProcessObj:Creation_Time, ProcessObj:Environment_Variable_List, ProcessObj:Extracted_Features, ProcessObj:Image_Info, ProcessObj:Kernel_Time, ProcessObj:Name, ProcessObj:Network_Connection_List, ProcessObj:PID, ProcessObj:Parent_PID, ProcessObj:Port_List, ProcessObj:Start_Time, ProcessObj:Status, ProcessObj:User_Time, ProcessObj:Username, WinProcessObj:Handle_List, WinProcessObj:Priority, WinProcessObj:Section_List, WinProcessObj:Security_ID, WinProcessObj:Security_Type, WinProcessObj:Startup_Info, WinProcessObj:Window_Title, WinServiceObj:Description_List, WinServiceObj:Display_Name, WinServiceObj:Group_Name, WinServiceObj:Service_DLL, WinServiceObj:Service_DLL_Certificate_Issuer, WinServiceObj:Service_DLL_Certificate_Subject, WinServiceObj:Service_DLL_Hashes, WinServiceObj:Service_DLL_Signature_Description, WinServiceObj:Service_Name, WinServiceObj:Service_Status, WinServiceObj:Service_Type, WinServiceObj:Started_As, WinServiceObj:Startup_Command_Line, WinServiceObj:Startup_Type, cyboxCommon:Custom_Properties
Attributes
QName Type Use Annotation
aslr_enabled xs:boolean optional
The aslr_enabled field specifies whether Address Space Layout Randomization (ASLR) is enabled for the process.
dep_enabled xs:boolean optional
The dep_enabled field specifies whether Data Execution Prevention (DEP) is enabled for the process.
is_hidden xs:boolean optional
The is_hidden field specifies whether the process is hidden or not.
object_reference xs:QName optional
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
service_dll_signature_exists xs:boolean optional
Indicates whether or not the DLL is signed.
service_dll_signature_verified xs:boolean optional
Indicates whether or not the DLL's signature was verified.
Source
<xs:complexType name="WindowsServiceObjectType" mixed="false">
  <xs:annotation>
    <xs:documentation>The WindowsServiceObjectType type is intended to characterize Windows services.</xs:documentation>
  </xs:annotation>
  <xs:complexContent>
    <xs:extension base="WinProcessObj:WindowsProcessObjectType">
      <xs:sequence>
        <xs:element name="Description_List" type="WinServiceObj:ServiceDescriptionListType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>A list of description items for this service.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Display_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Display_Name field specifies the displayed name of the service in Windows GUI controls. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms683228(v=vs.85).aspx</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element minOccurs="0" name="Group_Name" type="cyboxCommon:StringObjectPropertyType">
          <xs:annotation>
            <xs:documentation>The Group_Name field specifies the name of the load ordering group of which this service is a member.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Service_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Name field specifies the name of the service. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms683229(v=vs.85).aspx</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Service_DLL" type="cyboxCommon:StringObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Service_DLL field specifies name of the DLL instantiated in the service.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Service_DLL_Certificate_Issuer" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Certificate Authority (CA) that issued the certificate used to sign the service DLL.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Service_DLL_Certificate_Subject" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The subject of the certifcate (the entity being authenticated).</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Service_DLL_Hashes" type="cyboxCommon:HashListType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>Hashes for the Service DLL file.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Service_DLL_Signature_Description" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Service_DLL_Signature_Description field provides a description of the digital signature for the service DLL.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Startup_Command_Line" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The Startup_Command_Line field specifies the full command line used to start the service.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Startup_Type" type="WinServiceObj:ServiceModeType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>Service start options. See http://msdn.microsoft.com/en-us/library/windows/desktop/ms682450(v=vs.85).aspx</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Service_Status" type="WinServiceObj:ServiceStatusType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>Status information for a service. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685996(v=vs.85).aspx</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Service_Type" type="WinServiceObj:ServiceType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Type field specifies the type of the service.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element minOccurs="0" name="Started_As" type="cyboxCommon:StringObjectPropertyType">
          <xs:annotation>
            <xs:documentation>The Started_As field specifies the name of the account under which the service was started.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
      <xs:attribute name="service_dll_signature_exists" type="xs:boolean">
        <xs:annotation>
          <xs:documentation>Indicates whether or not the DLL is signed.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
      <xs:attribute name="service_dll_signature_verified" type="xs:boolean">
        <xs:annotation>
          <xs:documentation>Indicates whether or not the DLL's signature was verified.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Complex Type WinServiceObj:ServiceDescriptionListType
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
A collection of service descriptions.
Diagram
Diagram Win_Service_Object_xsd.tmp#ServiceDescriptionListType_Description
Used by
Children WinServiceObj:Description
Source
<xs:complexType name="ServiceDescriptionListType">
  <xs:annotation>
    <xs:documentation>A collection of service descriptions.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element name="Description" type="cyboxCommon:StringObjectPropertyType" maxOccurs="unbounded">
      <xs:annotation>
        <xs:documentation>A description of the service. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685156(v=vs.85).aspx</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Complex Type WinServiceObj:ServiceModeType
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
ServiceModeType specifies Windows service modes via a union of the ServiceModeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType Win_Service_Object_xsd.tmp#ServiceModeType_datatype
Type restriction of cyboxCommon:BaseObjectPropertyType
Type hierarchy
Used by
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="ServiceModeType">
  <xs:annotation>
    <xs:documentation>ServiceModeType specifies Windows service modes via a union of the ServiceModeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="cyboxCommon:BaseObjectPropertyType">
      <xs:simpleType>
        <xs:union memberTypes="WinServiceObj:ServiceModeEnum xs:string"/>
      </xs:simpleType>
      <xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string">
        <xs:annotation>
          <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Complex Type WinServiceObj:ServiceStatusType
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
ServiceModeType specifies Windows service states via a union of the ServiceStatusEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType Win_Service_Object_xsd.tmp#ServiceStatusType_datatype
Type restriction of cyboxCommon:BaseObjectPropertyType
Type hierarchy
Used by
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="ServiceStatusType">
  <xs:annotation>
    <xs:documentation>ServiceModeType specifies Windows service states via a union of the ServiceStatusEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="cyboxCommon:BaseObjectPropertyType">
      <xs:simpleType>
        <xs:union memberTypes="WinServiceObj:ServiceStatusEnum xs:string"/>
      </xs:simpleType>
      <xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
        <xs:annotation>
          <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Complex Type WinServiceObj:ServiceType
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
ServiceType specifies Windows service types via a union of the ServiceTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
Diagram
Diagram cybox_common_xsd.tmp#BaseObjectPropertyGroup cybox_common_xsd.tmp#PatternFieldGroup cybox_common_xsd.tmp#BaseObjectPropertyType Win_Service_Object_xsd.tmp#ServiceType_datatype
Type restriction of cyboxCommon:BaseObjectPropertyType
Type hierarchy
Used by
Attributes
QName Type Fixed Default Use Annotation
appears_random xs:boolean optional
This field is optional and conveys whether the associated object property value appears to somewhat random in nature. An object property with this field set to TRUE need not provide any further information including a value. If more is known about the particular variation of randomness, a regex value could be provided to outline what is known of the structure.
apply_condition cyboxCommon:ConditionApplicationEnum ANY optional
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body.
bit_mask xs:hexBinary optional
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation.
condition cyboxCommon:ConditionTypeEnum optional
This field is optional and defines the relevant condition to apply to the value.
datatype cyboxCommon:DatatypeEnum string optional
This attribute is optional and specifies the expected type for the value of the specified property.
defanging_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to defang (representation changed to prevent malicious effects of handling/processing) this Object property.
has_changed xs:boolean optional
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed.
id xs:QName optional
The id field specifies a unique ID for this Object Property.
idref xs:QName optional
The idref field specifies a unique ID reference for this Object Property.
is_defanged xs:boolean optional
This field is optional and conveys whether the associated Object property has been defanged (representation changed to prevent malicious effects of handling/processing).
is_obfuscated xs:boolean optional
This field is optional and conveys whether the associated Object property has been obfuscated.
obfuscation_algorithm_ref xs:anyURI optional
This field is optional and conveys a reference to a description of the algorithm used to obfuscate this Object property.
pattern_type cyboxCommon:PatternTypeEnum optional
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
refanging_transform xs:string optional
This field is optional and specifies an automated transform that can be applied to the Object property content in order to refang it to its original format.
refanging_transform_type xs:string optional
This field is optional and specifies the type (e.g. RegEx) of refanging transform specified in the optional accompanying refangingTransform property.
regex_syntax xs:string optional
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'.
					
Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. 
					
Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not definied by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case.
trend xs:boolean optional
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field.
Source
<xs:complexType name="ServiceType">
  <xs:annotation>
    <xs:documentation>ServiceType specifies Windows service types via a union of the ServiceTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="cyboxCommon:BaseObjectPropertyType">
      <xs:simpleType>
        <xs:union memberTypes="WinServiceObj:ServiceTypeEnum xs:string"/>
      </xs:simpleType>
      <xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
        <xs:annotation>
          <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type WinServiceObj:ServiceModeEnum
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
The ServiceModeEnum type is an enumeration of service modes. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682450(v=vs.85).aspx
Diagram
Diagram
Type list of restriction of xs:string
Source
<xs:simpleType name="ServiceModeEnum">
  <xs:annotation>
    <xs:documentation>The ServiceModeEnum type is an enumeration of service modes. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682450(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
  <xs:list>
    <xs:simpleType>
      <xs:restriction base="xs:string">
        <xs:enumeration value="SERVICE_AUTO_START">
          <xs:annotation>
            <xs:documentation>A service started automatically by the service control manager during system startup.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
        <xs:enumeration value="SERVICE_BOOT_START">
          <xs:annotation>
            <xs:documentation>A device driver started by the system loader. This value is valid only for driver services.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
        <xs:enumeration value="SERVICE_DEMAND_START">
          <xs:annotation>
            <xs:documentation>A service started by the service control manager when a process calls the StartService function.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
        <xs:enumeration value="SERVICE_DISABLED">
          <xs:annotation>
            <xs:documentation>A service that cannot be started. Attempts to start the service result in the error code ERROR_SERVICE_DISABLED.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
        <xs:enumeration value="SERVICE_SYSTEM_START">
          <xs:annotation>
            <xs:documentation>A device driver started by the IoInitSystem function. This value is valid only for driver services.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
      </xs:restriction>
    </xs:simpleType>
  </xs:list>
</xs:simpleType>
Simple Type WinServiceObj:ServiceStatusEnum
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
The ServiceStatusEnum type is an enumeration of potential service states. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685996(v=vs.85).aspx
Diagram
Diagram
Type list of restriction of xs:string
Source
<xs:simpleType name="ServiceStatusEnum">
  <xs:annotation>
    <xs:documentation>The ServiceStatusEnum type is an enumeration of potential service states. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685996(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
  <xs:list>
    <xs:simpleType>
      <xs:restriction base="xs:string">
        <xs:enumeration value="SERVICE_CONTINUE_PENDING">
          <xs:annotation>
            <xs:documentation>The service continue is pending.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
        <xs:enumeration value="SERVICE_PAUSE_PENDING">
          <xs:annotation>
            <xs:documentation>The service pause is pending.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
        <xs:enumeration value="SERVICE_PAUSED">
          <xs:annotation>
            <xs:documentation>The service is paused.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
        <xs:enumeration value="SERVICE_RUNNING">
          <xs:annotation>
            <xs:documentation>The service is running.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
        <xs:enumeration value="SERVICE_START_PENDING">
          <xs:annotation>
            <xs:documentation>The service is starting.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
        <xs:enumeration value="SERVICE_STOP_PENDING">
          <xs:annotation>
            <xs:documentation>The service is stopping.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
        <xs:enumeration value="SERVICE_STOPPED">
          <xs:annotation>
            <xs:documentation>The service is not running.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
      </xs:restriction>
    </xs:simpleType>
  </xs:list>
</xs:simpleType>
Simple Type WinServiceObj:ServiceTypeEnum
Namespace http://cybox.mitre.org/objects#WinServiceObject-2
Annotations
The ServiceTypeEnum type is an enumeration of service types. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685996(v=vs.85).aspx
Diagram
Diagram
Type list of restriction of xs:string
Source
<xs:simpleType name="ServiceTypeEnum">
  <xs:annotation>
    <xs:documentation>The ServiceTypeEnum type is an enumeration of service types. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685996(v=vs.85).aspx</xs:documentation>
  </xs:annotation>
  <xs:list>
    <xs:simpleType>
      <xs:restriction base="xs:string">
        <xs:enumeration value="SERVICE_KERNEL_DRIVER">
          <xs:annotation>
            <xs:documentation>The service is a device driver.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
        <xs:enumeration value="SERVICE_FILE_SYSTEM_DRIVER">
          <xs:annotation>
            <xs:documentation>The service is a file system driver.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
        <xs:enumeration value="SERVICE_WIN32_OWN_PROCESS">
          <xs:annotation>
            <xs:documentation>The service runs in its own process.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
        <xs:enumeration value="SERVICE_WIN32_SHARE_PROCESS">
          <xs:annotation>
            <xs:documentation>The service shares a process with other services.</xs:documentation>
          </xs:annotation>
        </xs:enumeration>
      </xs:restriction>
    </xs:simpleType>
  </xs:list>
</xs:simpleType>
Attribute WinServiceObj:ServiceModeType / @datatype
Namespace No namespace
Annotations
This attribute is optional and specifies the expected type for the value of the specified property.
Type cyboxCommon:DatatypeEnum
Facets
enumeration string
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration Host Name
Specifies a host name. For compatability reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots comforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration Binary
Specifies arbitrary binary encoded data.
enumeration BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html
enumeration Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
Used by
Source
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string">
  <xs:annotation>
    <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute WinServiceObj:ServiceStatusType / @datatype
Namespace No namespace
Annotations
This attribute is optional and specifies the expected type for the value of the specified property.
Type cyboxCommon:DatatypeEnum
Facets
enumeration string
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration Host Name
Specifies a host name. For compatability reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots comforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration Binary
Specifies arbitrary binary encoded data.
enumeration BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html
enumeration Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
Used by
Source
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
  <xs:annotation>
    <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute WinServiceObj:ServiceType / @datatype
Namespace No namespace
Annotations
This attribute is optional and specifies the expected type for the value of the specified property.
Type cyboxCommon:DatatypeEnum
Facets
enumeration string
Specifies the string datatype as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#string for more information.
enumeration int
Specifies the int datatype as it applies to the W3C standard for int. See http://www.w3.org/TR/xmlschema-2/#int for more information.
enumeration float
Specifies the float datatype as it apples to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#float for more information.
enumeration date
Specifies a date, which is usually in the form yyyy-mm--dd as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#date for more information.
enumeration positiveInteger
Specifies a positive integer in the infinite set {1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#positiveInteger for more information.
enumeration unsignedInt
Specifies an unsigned integer, which is a nonnegative integer in the set {0,1,2,...,4294967295} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedInt for more information.
enumeration dateTime
Specifies a date in full format including both date and time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#dateTime for more information.
enumeration time
Specifies a time as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#time for more information.
enumeration boolean
Specifies a boolean value in the set {true,false,1,0} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#boolean for more information.
enumeration name
Specifies a name (which represents XML Names) as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#Name and http://www.w3.org/TR/2000/WD-xml-2e-20000814#dt-name for more information.
enumeration long
Specifies a long integer, which is an integer whose maximum value is 9223372036854775807 and minimum value is -9223372036854775808 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#long for more information.
enumeration unsignedLong
Specifies an unsigned long integer, which is an integer whose maximum value is 18446744073709551615 and minimum value is 0 as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#unsignedLong for more information.
enumeration duration
Specifies a length of time in the extended format PnYn MnDTnH nMnS, where nY represents the number of years, nM the number of months, nD the number of days, 'T' is the date/time separator, nH the number of hours, nM the number of minutes and nS the number of seconds, as it applies to the W3 standard. See http://www.w3.org/TR/xmlschema-2/#duration for more information.
enumeration double
Specifies a decimal of datatype double as it is patterned after the IEEE double-precision 64-bit floating point type (IEEE 754-1985) and as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#double for more information.
enumeration nonNegativeInteger
Specifies a non-negative integer in the infinite set {0,1,2,...} as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger for more information.
enumeration hexBinary
Specifies arbitrary hex-encoded binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#hexBinary for more information.
enumeration anyURI
Specifies a Uniform Resource Identifier Reference (URI) as it applies to the W3C standard and to RFC 2396, as amended by RFC 2732. See http://www.w3.org/TR/xmlschema-2/#anyURI for more information.
enumeration base64Binary
Specifies base64-encoded arbitrary binary data as it applies to the W3C standard. See http://www.w3.org/TR/xmlschema-2/#base64Binary for more information.
enumeration IPv4 Address
Specifies an IPV4 address in dotted decimal form. CIDR notation is also accepted.
enumeration IPv6 Address
Specifies an IPV6 address, which is represented by eight groups of 16-bit hexadecimal values separated by colons (:) in the form a:b:c:d:e:f:g:h. CIDR notation is also accepted.
enumeration Host Name
Specifies a host name. For compatability reasons, this could be any string. Even so, it is best to use the proper notation for the given host type. For example, web hostnames should be written as fully qualified hostnames in practice.
enumeration MAC Address
Specifies a MAC address, which is represented by six groups of 2 hexdecimal digits, separated by hyphens (-) or colons (:) in transmission order.
enumeration Domain Name
Specifies a domain name, which is represented by a series of labels concatenated with dots comforming to the rules in RFC 1035, RFC 1123, and RFC 2181.
enumeration URI
Specifies a Uniform Resource Identifier, which identifies a name or resource and can act as a URL or URN.
enumeration TimeZone
Specifies a timezone in UTC notation (UTC+number).
enumeration Octal
Specifies arbitrary octal (base-8) encoded data.
enumeration Binary
Specifies arbitrary binary encoded data.
enumeration BinHex
Specifies arbitrary data encoded in the Mac OS-originated BinHex format.
enumeration Subnet Mask
Specifies a subnet mask in IPv4 or IPv6 notation.
enumeration UUID/GUID
Specifies a globally/universally unique ID represented as a 32-character hexadecimal string. See ISO/IEC 11578:1996 Information technology -- Open Systems Interconnection -- Remote Procedure Call - http://www.iso.ch/cate/d2229.html
enumeration Collection
Specifies data represented as a container of multiple data of a shared elemental type.
enumeration CVE ID
Specifies a CVE ID, expressed as CVE- appended by a four-digit integer, a - and another four-digit integer, as in CVE-2012-1234.
enumeration CWE ID
Specifies a CWE ID, expressed as CWE- appended by an integer.
enumeration CAPEC ID
Specifies a CAPEC ID, expressed as CAPEC- appended by an integer.
enumeration CCE ID
Specifies a CCE ID, expressed as CCE- appended by an integer.
enumeration CPE Name
Specifies a CPE Name. See http://cpe.mitre.org/specification/archive/version2.0/cpe-specification_2.0.pdf for more information.
Used by
Source
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
  <xs:annotation>
    <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute WinServiceObj:WindowsServiceObjectType / @service_dll_signature_exists
Namespace No namespace
Annotations
Indicates whether or not the DLL is signed.
Type xs:boolean
Used by
Source
<xs:attribute name="service_dll_signature_exists" type="xs:boolean">
  <xs:annotation>
    <xs:documentation>Indicates whether or not the DLL is signed.</xs:documentation>
  </xs:annotation>
</xs:attribute>
Attribute WinServiceObj:WindowsServiceObjectType / @service_dll_signature_verified
Namespace No namespace
Annotations
Indicates whether or not the DLL's signature was verified.
Type xs:boolean
Used by
Source
<xs:attribute name="service_dll_signature_verified" type="xs:boolean">
  <xs:annotation>
    <xs:documentation>Indicates whether or not the DLL's signature was verified.</xs:documentation>
  </xs:annotation>
</xs:attribute>