Heads up! These docs are for STIX 1.1, which is not the latest version (1.2). View the latest!

EventPoolTypeCybOX Core Schema

The EventPoolType enables the description of CybOX Events in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled Event elements. This reduces redundancy caused when identical Events occur multiple times within a set of defined Observables.


Fields

Field Name Type Description
Event1..n EventType

The Event construct enables specification of a cyber observable event that is dynamic in nature with specific action(s) taken against specific cyber relevant objects (e.g. a file is deleted, a registry key is created or an HTTP Get Request is received).