The ActionNameVocab is the default CybOX vocabulary for Action Types, captured via the ActionType/Name element in CybOX Core.
| Item | Description |
|---|---|
| Accept Socket Connection | Specifies the defined action of accepting a socket connection. |
| Add Connection to Network Share | Specifies the defined action of adding a connection to an existing network share. |
| Add Network Share | Specifies the defined action of adding a new network share. |
| Add System Call Hook | Specifies the defined action of adding a new system call hook. |
| Add User | Specifies the defined action of adding a new user. |
| Add Windows Hook | Specifies the defined action of adding a new Windows hook. |
| Add Scheduled Task | Specifies the defined action of adding a scheduled task. |
| Allocate Virtual Memory in Process | Specifies the defined action of allocating virtual memory in a process. |
| Bind Address to Socket | Specifies the defined action of binding an address to a socket. |
| Change Service Configuration | Specifies the defined action of changing the service configuration. |
| Check for Remote Debugger | Specifies the defined action of checking for a remote debugger. |
| Close Port | Specifies the defined action of closing a port. |
| Close Registry Key | Specifies the defined action of closing a registry key. |
| Close Socket | Specifies the defined action of closing a socket. |
| Configure Service | Specifies the defined action of configuring a service. |
| Connect to IP | Specifies the defined action of connecting to an IP address. |
| Connect to Named Pipe | Specifies the defined action of connecting to a named pipe. |
| Connect to Network Share | Specifies the defined action of connecting to a network share. |
| Connect to Socket | Specifies the defined action of connecting to a socket. |
| Connect to URL | Specifies the defined action of connecting to a URL. |
| Control Driver | Specifies the defined action of controlling a driver. |
| Control Service | Specifies the defined action of controlling a service. |
| Copy File | Specifies the defined action of copying a file. |
| Create Dialog Box | Specifies the defined action of creating a dialog box. |
| Create Directory | Specifies the defined action of creating a new directory. |
| Create Event | Specifies the defined action of creating an event. |
| Create File | Specifies the defined action of creating a file. |
| Create File Alternate Data Stream | Specifies the defined action of creating an alternate data stream in a file. |
| Create File Mapping | Specifies the defined action of creating a new file mapping. |
| Create File Symbolic Link | Specifies the defined action of creating a file symbolic link. |
| Create Hidden File | Specifies the defined action of creating a hidden file. |
| Create Mailslot | Specifies the defined action of creating a mailslot. |
| Create Module | Specifies the defined action of creating a module. |
| Create Mutex | Specifies the defined action of creating a mutex. |
| Create Named Pipe | Specifies the defined action of creating a named pipe. |
| Create Process | Specifies the defined action of creating a process. |
| Create Process as User | Specifies the defined action of creating a process as user. |
| Create Registry Key | Specifies the defined action of creating a registry key. |
| Create Registry Key Value | Specifies the defined action of creating a registry key value. |
| Create Remote Thread in Process | Specifies the defined action of creating a remote thread in a process. |
| Create Service | Specifies the defined action of creating a service. |
| Create Socket | Specifies the defined action of creating a socket. |
| Create Symbolic Link | Specifies the defined action of creating a symbolic link. |
| Create Thread | Specifies the defined action of creating a thread. |
| Create Window | Specifies the defined action of creating a window. |
| Delete Directory | Specifies the defined action of deleting a directory. |
| Delete File | Specifies the defined action of deleting a file. |
| Delete Named Pipe | Specifies the defined action of deleting a named pipe. |
| Delete Network Share | Specifies the defined action of deleting a network share. |
| Delete Registry Key | Specifies the defined action of deleting a registry key. |
| Delete Registry Key Value | Specifies the defined action of deleting a registry key value. |
| Delete Service | Specifies the defined action of deleting a service. |
| Delete User | Specifies the defined action of deleting a user. |
| Disconnect from Named Pipe | Specifies the defined action of disconnecting from a named pipe. |
| Disconnect from Network Share | Specifies the defined action of disconnecting from a network share. |
| Disconnect from Socket | Specifies the defined action of disconnecting from a socket. |
| Download File | Specifies the defined action of downloading a file. |
| Enumerate DLLs | Specifies the defined action of enumerating DLLs. |
| Enumerate Network Shares | Specifies the defined action of enumerating network shares. |
| Enumerate Protocols | Specifies the defined action of enumerating protocols. |
| Enumerate Registry Key Subkeys | Specifies the defined action of enumerating registry key subkeys. |
| Enumerate Registry Key Values | Specifies the defined action of enumerating registry key values. |
| Enumerate Threads in Process | Specifies the defined action of enumerating threads in a process. |
| Enumerate Processes | Specifies the defined action of enumerating processes. |
| Enumerate Services | Specifies the defined action of enumerating services. |
| Enumerate System Handles | Specifies the defined action of enumerating system handles. |
| Enumerate Threads | Specifies the defined action of enumerating threads. |
| Enumerate Users | Specifies the defined action of enumerating users. |
| Enumerate Windows | Specifies the defined action of enumerating windows. |
| Find File | Specifies the defined action of finding a file. |
| Find Window | Specifies the defined action of finding a window. |
| Flush Process Instruction Cache | Specifies the defined action of flushing the Process Instruction Cache. |
| Free Library | Specifies the defined action of freeing a library. |
| Free Process Virtual Memory | Specifies the defined action of freeing virtual memory from a process. |
| Get Disk Free Space | Specifies the defined action of getting the amount of free space available on a disk. |
| Get Disk Type | Specifies the defined action of getting the disk type. |
| Get Elapsed System Up Time | Specifies the defined action of getting the elapsed system up-time. |
| Get File Attributes | Specifies the defined action of getting file attributes. |
| Get Function Address | Specifies the defined action of getting the function address. |
| Get System Global Flags | Specifies the defined action of getting system global flags. |
| Get Host By Address | Specifies the defined action of getting host by address. |
| Get Host By Name | Specifies the defined action of getting host by name. |
| Get Host Name | Specifies the defined action of getting the host name. |
| Get Library File Name | Specifies the defined action of getting the library file name. |
| Get Library Handle | Specifies the defined action of getting the library handle. |
| Get NetBIOS Name | Specifies the defined action of getting the NetBIOS name. |
| Get Process Current Directory | Specifies the defined action of getting the process's current directory. |
| Get Process Environment Variable | Specifies the defined action of getting the process environment variable. |
| Get Process Startup Information | Specifies the defined action of getting the process startup information. |
| Get Processes Snapshot | Specifies the defined action of getting the processes snapshot. |
| Get Registry Key Attributes | Specifies the defined action of getting the attributes of a registry key. |
| Get Service Status | Specifies the defined action of getting the service status. |
| Get System Global Flags | Specifies the defined action of getting the system global flags. |
| Get System Local Time | Specifies the defined action of getting the local time on a system. |
| Get System Host Name | Specifies the defined action of getting the system host name. |
| Get System NetBIOS Name | Specifies the defined action of getting the NetBIOS name of a system. |
| Get System Network Parameters | Specifies the defined action of getting the system network parameters. |
| Get System Time | Specifies the defined action of getting the system time. |
| Get Thread Context | Specifies the defined action of getting the thread context. |
| Get Thread Username | Specifies the defined action of getting the thread username. |
| Get User Attributes | Specifies the defined action of getting the attributes of a user. |
| Get Username | Specifies the defined action of getting a username. |
| Get Windows Directory | Specifies the defined action of getting a windows directory. |
| Get Windows System Directory | Specifies the defined action of getting a windows System directory. |
| Get Windows Temporary Files Directory | Specifies the defined action of getting the Windows Temporary Files Directory. |
| Hide Window | Specifies the defined action of hiding a window. |
| Impersonate Process | Specifies the defined action of impersonating a process. |
| Impersonate Thread | Specifies the defined action of impersonating a thread. |
| Inject Memory Page | Specifies the defined action of injecting a memory page into a process. |
| Kill Process | Specifies the defined action of killing a process. |
| Kill Thread | Specifies the defined action of killing a thread. |
| Kill Window | Specifies the defined action of killing a window. |
| Listen on Port | Specifies the defined action of listening on a specific port. |
| Listen on Socket | Specifies the defined action of listening on a socket. |
| Load and Call Driver | Specifies the defined action of loading and calling a driver. |
| Load Driver | Specifies the defined action of loading a driver. |
| Load Library | Specifies the defined action of loading a library. |
| Load Module | Specifies the defined action of loading a module. |
| Lock File | Specifies the defined action of locking a file. |
| Logon as User | Specifies the defined action of logging on as a user. |
| Map File | Specifies the defined action of mapping a file. |
| Map Library | Specifies the defined action of mapping a library. |
| Map View of File | Specifies the defined action of mapping a view of a file. |
| Modify File | Specifies the defined action of modifying a file. |
| Modify Named Pipe | Specifies the defined action of modifying a named pipe. |
| Modify Process | Specifies the defined action of modifying a process. |
| Modify Service | Specifies the defined action of modifying a service. |
| Modify Registry Key | Specifies the defined action of modifying a registry key. |
| Modify Registry Key Value | Specifies the defined action of modifying a registry key value. |
| Monitor Registry Key | Specifies the defined action of monitoring a registry key. |
| Move File | Specifies the defined action of moving a file. |
| Open File | Specifies the defined action of opening a file. |
| Open File Mapping | Specifies the defined action of opening a file mapping. |
| Open Mutex | Specifies the defined action of opening a mutex. |
| Open Port | Specifies the defined action of opening a port. |
| Open Process | Specifies the defined action of opening a process. |
| Open Registry Key | Specifies the defined action of opening a registry key. |
| Open Service | Specifies the defined action of opening a service. |
| Open Service Control Manager | Specifies the defined action of opening a service control manager. |
| Protect Virtual Memory | Specifies the defined action of protecting virtual memory. |
| Query Disk Attributes | Specifies the defined action of querying disk attributes. |
| Query DNS | Specifies the defined action of querying DNS. |
| Query Process Virtual Memory | Specifies the defined action of querying process virtual memory. |
| Queue APC in Thread | Specifies the defined action of querying the Asynchronous Procedure Call (APC) in the context of a thread. |
| Read File | Specifies the defined action of reading a file. |
| Read From Named Pipe | Specifies the defined action of reading from a named pipe. |
| Read From Process Memory | Specifies the defined action of reading from process memory. |
| Read Registry Key Value | Specifies the defined action of reading a registry key value. |
| Receive Data on Socket | Specifies the defined action of receiving data on a socket. |
| Receive Email Message | Specifies the defined action of receiving an email message. |
| Release Mutex | Specifies the defined action of releasing a mutex. |
| Rename File | Specifies the defined action of renaming a file. |
| Revert Thread to Self | Specifies the defined action of reverting a thread to its self. |
| Send Control Code to File | Specifies the defined action of sending a control code to a file. |
| Send Control Code to Pipe | Specifies the defined action of sending a control code to a pipe. |
| Send Control Code to Service | Specifies the defined action of sending control code to a service. |
| Send Data on Socket | Specifies the defined action of sending data on a socket. |
| Send Data to Address on Socket | Specifies the defined action of sending data to the address on a socket. |
| Send DNS Query | Specifies the defined action of sending a DNS query. |
| Send Email Message | Specifies the defined action of sending an email message. |
| Send ICMP Request | Specifies the defined action of sending an ICMP request. |
| Send Reverse DNS Query | Specifies the defined action of sending a reverse DNS query. |
| Set File Attributes | Specifies the defined action of setting file attributes. |
| Set NetBIOS Name | Specifies the defined action of setting the NetBIOS name. |
| Set Process Current Directory | Specifies the defined action of setting the process current directory. |
| Set Process Environment Variable | Specifies the defined action of setting the process environment variable. |
| Set System Global Flags | Specifies the defined action of setting system global flags. |
| Set System Host Name | Specifies the defined action of setting the system host name. |
| Set System Time | Specifies the defined action of setting the system time. |
| Set Thread Context | Specifies the defined action of setting the thread context. |
| Show Window | Specifies the defined action of showing a window. |
| Shutdown System | Specifies the defined action of shutting down a system. |
| Sleep Process | Specifies the defined action of sleeping a process. |
| Sleep System | Specifies the defined action of sleeping a system. |
| Start Service | Specifies the defined action of starting a service. |
| Unload Driver | Specifies the defined action of unloading a driver. |
| Unlock File | Specifies the defined action of unlocking a file. |
| Unmap File | Specifies the defined action of unmapping a file. |
| Unload Module | Specifies the defined action of unloading a module. |
| Upload File | Specifies the defined action of uploading a file. |
| Write to File | Specifies the defined action of writing to a file. |
| Write to Process Virtual Memory | Specifies the defined action of writing to process virtual memory. |
| Field Name | Type | Description |
|---|---|---|
| @conditionoptional | ConditionTypeEnum |
This field is optional and defines the relevant condition to apply to the value. |
| @is_case_sensitiveoptional | boolean |
The is_case_sensitive field is optional and should be used when specifying the case-sensitivity of a pattern which uses an Equals, DoesNotEqual, Contains, DoesNotContain, StartsWith, EndsWith, or FitsPattern condition. The default value for this field is "true" which indicates that pattern evaluations are to be considered case-sensitive. |
| @apply_conditionoptional | ConditionApplicationEnum |
This field indicates how a condition should be applied when the field body contains a list of values. (Its value is moot if the field value contains only a single value - both possible values for this field would have the same behavior.) If this field is set to ANY, then a pattern is considered to be matched if the provided condition successfully evaluates for any of the values in the field body. If the field is set to ALL, then the patern only matches if the provided condition successfully evaluates for every value in the field body. |
| @delimiteroptional | string |
The delimiter field specifies the delimiter used when defining lists of values. The default value is "##comma##". |
| @bit_maskoptional | hexBinary |
Used to specify a bit_mask in conjunction with one of the defined binary conditions (bitwiseAnd, bitwiseOr, and bitwiseXor). This bitmask is then uses as one operand in the indicated bitwise computation. |
| @pattern_typeoptional | PatternTypeEnum |
This field is optional and defines the type of pattern used if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'. |
| @regex_syntaxoptional | string |
This field is optional and defines the syntax format used for a regular expression, if one is specified for the field value. This is applicable only if the Condition field is set to 'FitsPattern'. Setting this attribute with an empty value (e.g., "") or omitting it entirely notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities, character classes, escapes, and other lexical tokens defined by the CybOX Language Specification. Setting this attribute with a non-empty value notifies CybOX consumers and pattern evaluators that the corresponding regular expression utilizes capabilities not defined by the CybOX Language Specification. The regular expression must be evaluated through a compatible regular expression engine in this case. |
| @has_changedoptional | boolean |
This field is optional and conveys a targeted observation pattern of whether the associated field value has changed. This field would be leveraged within a pattern observable triggering on whether the value of a single field value has changed. |
| @trendoptional | boolean |
This field is optional and conveys a targeted observation pattern of the nature of any trend in the associated field value. This field would be leveraged within a pattern observable triggering on the matching of a specified trend in the value of a single specified field. |
| @vocab_nameoptional | string |
The vocab_name field specifies the name of the controlled vocabulary. |
| @vocab_referenceoptional | anyURI |
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file. |