The ObservableType is a type representing a description of a single cyber observable.
| Field Name | Type | Description |
|---|---|---|
| @idoptional | QName |
The id field specifies a unique id for this Observable. |
| @idrefoptional | QName |
The idref field specifies a unique id reference to an Observable defined elsewhere. |
| @negateoptional | boolean |
The negate field, when set to true, indicates the absence (rather than the presence) of the given Observable in a CybOX pattern. |
| Title0..1 | string |
The Title field provides a mechanism to specify a short title or description for this Observable |
| Description0..1 | StructuredTextType |
The Description field provides a mechanism to specify a structured text description of this Observable. |
| Keywords0..1 | KeywordsType |
Keywords enables capture of relevant keywords for this cyber observable. |
| Observable_Source0..1 | MeasureSourceType |
The Observable_Source field is optional and enables descriptive specification of how this Observable was identified and specified. |
| Object0..1 | ObjectType |
The Object construct identifies and specificies the characteristics of a specific cyber-relevant object (e.g. a file, a registry key or a process). |
| Event0..1 | EventType |
The Event construct enables specification of a cyber observable event that is dynamic in nature with specific action(s) taken against specific cyber relevant objects (e.g. a file is deleted, a registry key is created or an HTTP Get Request is received). |
| Observable_Composition0..1 | ObservableCompositionType |
The Observable_Composition construct enables specification of composite observables made up of logical constructions of atomic observables or other composite observables (e.g. Obs5 = (Obs1 OR Obs2) AND (Obs3 OR Obs4)). |
| Pattern_Fidelity0..1 | PatternFidelityType |
Pattern_Fidelity contains elements that enable the characterization of the fidelity of this pattern to its purpose. |