The ObservableType is a type representing a description of a single cyber observable.
The id field specifies a unique id for this Observable.
The idref field specifies a unique id reference to an Observable defined elsewhere.
The negate field, when set to true, indicates the absence (rather than the presence) of the given Observable in a CybOX pattern.
The Title field provides a mechanism to specify a short title or description for this Observable
The Description field provides a mechanism to specify a structured text description of this Observable.
Keywords enables capture of relevant keywords for this cyber observable.
The Observable_Source field is optional and enables descriptive specification of how this Observable was identified and specified.
The Object construct identifies and specificies the characteristics of a specific cyber-relevant object (e.g. a file, a registry key or a process).
The Event construct enables specification of a cyber observable event that is dynamic in nature with specific action(s) taken against specific cyber relevant objects (e.g. a file is deleted, a registry key is created or an HTTP Get Request is received).
The Observable_Composition construct enables specification of composite observables made up of logical constructions of atomic observables or other composite observables (e.g. Obs5 = (Obs1 OR Obs2) AND (Obs3 OR Obs4)).
Pattern_Fidelity contains elements that enable the characterization of the fidelity of this pattern to its purpose.