The MeasureSourceType is a type representing a description of a single cyber observation source.
| Field Name | Type | Description |
|---|---|---|
| @classoptional | SourceClassTypeEnum |
The class field is optional and enables identification of the high-level class of this cyber observation source. |
| @source_typeoptional | SourceTypeEnum |
The source_type field is optional and enables identification of the broad type of this cyber observation source. |
| @nameoptional | string |
The name field is optional and enables the assignment of a relevant name to this Discovery Method. |
| @sighting_countoptional | positiveInteger |
The sighting_count field specifies how many different identical instances of a given Observable may have been seen/sighted by the observation source. |
| Information_Source_Type0..1 | ControlledVocabularyStringType |
The Information_Source_Type field is optional and utilizes a standardized controlled vocabulary to identify the type of information source leveraged for this cyber observation source. This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is InformationSourceTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd. Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field. |
| Tool_Type0..1 | ControlledVocabularyStringType |
The Tool_Type field is optional and (when tools are used) enables identification of the type of tool leveraged as part of this cyber observation source, via a standardized controlled vocabulary. This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ToolTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd. Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field. |
| Description0..1 | StructuredTextType |
The Description field is optional and enables a generalized but structured description of this syber observation source. |
| Contributors0..1 | PersonnelType |
The Contributors field is optional and enables description of the individual contributors involved in this cyber observation source. |
| Time0..1 | TimeType |
The Time field is optional and enables description of various time-related properties for this cyber observation source instance. |
| Observation_Location0..1 | LocationType |
The Observation_Location field specifies a relevant physical location for the observation measurement of the associated Observable. This field is implemented through the xsi:type extension mechanism. The default type is CIQAddressInstanceType in the http://cybox.mitre.org/extensions/Identity#CIQAddress-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address/1.0/ciq_address_3.0.xsd. Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field. |
| Tools0..1 | ToolsInformationType |
The Tools field is optional and enables description of the tools utilized for this cyber observation source. |
| Platform0..1 | PlatformSpecificationType |
The Platform field is optional and enables a formal, standardized specification of the platform for this cyber observation source. |
| System0..1 | ObjectPropertiesType |
The System field is optional and enables characterization of the system on which the mechanism of cyber observation executed. System should be an object of type SystemObj:SystemObjectType. |
| Instance0..1 | ObjectPropertiesType |
The Instance field is optional and enables characterization of the process instance in which the mechanism of cyber observation executed. Instance should be of type ProcessObj:ProcessObjectType. |
| Observable_Location0..1 | LocationType |
The Observable_Location field specifies a relevant physical location for the associated Observable. This field is implemented through the xsi:type extension mechanism. The default type is CIQAddressInstanceType in the http://cybox.mitre.org/extensions/Identity#CIQAddress-1 namespace. This type is defined in the extensions/location/ciq_address_3.0.xsd file or at the URL http://cybox.mitre.org/XMLSchema/extensions/location/ciq_address/1.0/ciq_address_3.0.xsd. Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field. |