Heads up! These docs are for STIX 1.1, which is not the latest version (1.2). View the latest!

YaraTestMechanismTypeYARA Test Mechanism Instance Schema

The YaraTestMechanismType specifies an instantial extension from the abstract TestMechanismType intended to support the inclusion of a YARA rule as a test mechanism content.


Fields

Field Name Type Description
@idoptional QName

Specifies a unique ID for this Test Mechanism.

@idrefoptional QName

Specifies a reference to the ID of a Test Mechanism specified elsewhere.

When idref is specified, the id attribute must not be specified, and any instance of this Test Mechanism should not hold content.

Efficacy0..1 StatementType

The Efficacy field provides an assertion of likely effectiveness of this TestMechanism to detect the targeted cyber Observables. The field includes a description of the asserted efficacy of this TestMechanism and a confidence held in the asserted efficacy of this TestMechanism to detect the targeted cyber Observables.

Producer0..1 InformationSourceType

The Producer field details the source of this entry.

Version0..1 string

The Version of YARA that the rule was written against.

Rule0..1 EncodedCDATAType

The Rule field encapsulates a YARA rule in its native format within a String field. The specification should be within a CDATA construct within the String field.