ObservablesTypeCybOX Core Schema

The ObservablesType is a type representing a collection of cyber observables.


Fields

Field Name Type Description
@cybox_major_versionrequired string

The cybox_major_version field specifies the major version of the CybOX language utilized for this set of Observables.

@cybox_minor_versionrequired string

The cybox_minor_version field specifies the minor version of the CybOX language utilized for this set of Observables.

@cybox_update_versionoptional string

The cybox_update_version field specifies the update version of the CybOX language utilized for this set of Observables. This field MUST be used when using an update version of CybOX.

Observable_Package_Source0..1 MeasureSourceType

The Observable_Package_Source field is optional and enables descriptive specification of how this package of Observables was identified and specified.

Observable1..n ObservableType
Pools0..1 PoolsType

The Pools construct enables the description of Events, Actions, Objects and Properties in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled elements. This reduces redundancy caused when identical observable elements occur multiple times within a set of defined Observables.