Heads up! These docs are for STIX 1.1, which is not the latest version (1.2). View the latest!

MeasureSourceTypeCybOX Common Schema

The MeasureSourceType is a type representing a description of a single cyber observation source.


Fields

Field Name Type Description
@classoptional SourceClassTypeEnum

The class field is optional and enables identification of the high-level class of this cyber observation source.

@source_typeoptional SourceTypeEnum

The source_type field is optional and enables identification of the broad type of this cyber observation source.

@nameoptional string

The name field is optional and enables the assignment of a relevant name to this Discovery Method.

@sighting_countoptional positiveInteger

The sighting_count field specifies how many different identical instances of a given Observable may have been seen/sighted by the observation source.

Information_Source_Type0..1 ControlledVocabularyStringType

The Information_Source_Type field is optional and utilizes a standardized controlled vocabulary to identify the type of information source leveraged for this cyber observation source.

This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is InformationSourceTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.

Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.

Tool_Type0..1 ControlledVocabularyStringType

The Tool_Type field is optional and (when tools are used) enables identification of the type of tool leveraged as part of this cyber observation source, via a standardized controlled vocabulary.

This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ToolTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.

Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.

Description0..1 StructuredTextType

The Description field is optional and enables a generalized but structured description of this syber observation source.

Contributors0..1 PersonnelType

The Contributors field is optional and enables description of the individual contributors involved in this cyber observation source.

Time0..1 TimeType

The Time field is optional and enables description of various time-related properties for this cyber observation source instance.

Observation_Location0..1 LocationType

The Observation_Location field specifies a relevant physical location for the observation measurement of the associated Observable.

This field is implemented through the xsi:type extension mechanism. The default type is CIQAddressInstanceType in the http://cybox.mitre.org/extensions/Identity#CIQAddress-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address/1.0/ciq_address_3.0.xsd.

Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field.

Tools0..1 ToolsInformationType

The Tools field is optional and enables description of the tools utilized for this cyber observation source.

Platform0..1 PlatformSpecificationType

The Platform field is optional and enables a formal, standardized specification of the platform for this cyber observation source.

System0..1 ObjectPropertiesType

The System field is optional and enables characterization of the system on which the mechanism of cyber observation executed. System should be an object of type SystemObj:SystemObjectType.

Instance0..1 ObjectPropertiesType

The Instance field is optional and enables characterization of the process instance in which the mechanism of cyber observation executed. Instance should be of type ProcessObj:ProcessObjectType.

Observable_Location0..1 LocationType

The Observable_Location field specifies a relevant physical location for the associated Observable.

This field is implemented through the xsi:type extension mechanism. The default type is CIQAddressInstanceType in the http://cybox.mitre.org/extensions/Identity#CIQAddress-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address/1.0/ciq_address_3.0.xsd.

Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field.