The YaraTestMechanismType specifies an instantial extension from the abstract TestMechanismType intended to support the inclusion of a YARA rule as a test mechanism content.
| Field Name | Type | Description |
|---|---|---|
| @idoptional | QName |
Specifies a unique ID for this Test Mechanism. |
| @idrefoptional | QName |
Specifies a reference to the ID of a Test Mechanism specified elsewhere. |
| Efficacy0..1 | StatementType |
The Efficacy field provides an assertion of likely effectiveness of this TestMechanism to detect the targeted cyber Observables. The field includes a description of the asserted efficacy of this TestMechanism and a confidence held in the asserted efficacy of this TestMechanism to detect the targeted cyber Observables. |
| Producer0..1 | InformationSourceType |
The Producer field details the source of this entry. |
| Version0..1 | string |
The Version of YARA that the rule was written against. |
| Rule0..1 | EncodedCDATAType |
The Rule field encapsulates a YARA rule in its native format within a String field. The specification should be within a CDATA construct within the String field. |