SnortTestMechanismTypeSnort Test Mechanism Instance Schema

The SnortTestMechanismType specifies an instantial extension from the abstract TestMechanismType intended to support the inclusion of a Snort rule as a test mechanism content.

API support

Fields

Field Name	Type	Description
@idoptional	QName	Specifies a unique ID for this Test Mechanism.
@idrefoptional	QName	Specifies a reference to the ID of a Test Mechanism specified elsewhere. When idref is specified, the id attribute must not be specified, and any instance of this Test Mechanism should not hold content.
Efficacy0..1	StatementType	The Efficacy field provides an assertion of likely effectiveness of this TestMechanism to detect the targeted cyber Observables. The field includes a description of the asserted efficacy of this TestMechanism and a confidence held in the asserted efficacy of this TestMechanism to detect the targeted cyber Observables.
Producer0..1	InformationSourceType	The Producer field details the source of this entry.
Product_Name0..1	string	Name of the Snort-compatible tool that the rules were written again. If the tool has a CPE name, use of that name is suggested, otherwise a simple name like "Snort", "Suricata", or "Sourcefire" could be used.
Version0..1	string	The Version of Snort or Snort-compatible tool that the rules were written against.
Rule0..n	EncodedCDATAType	The Rule field encapsulates a Snort rule in its native format within a String field. The specification should be within a CDATA construct within the String field.
Event_Filter0..n	EncodedCDATAType	The Event_Filter field encapsulates a Snort event filter line in its native format within a String field. The specification should be within a CDATA construct within the String field.
Rate_Filter0..n	EncodedCDATAType	The Rate_Filter field encapsulates a Snort rate filter line in its native format within a String field. The specification should be within a CDATA construct within the String field.
Event_Suppression0..n	EncodedCDATAType	The Event_Suppression field encapsulates a Snort event suppression line in its native format within a String field. The specification should be within a CDATA construct within the String field.

Field Name

Type

Description

@idoptional

QName

Specifies a unique ID for this Test Mechanism.

@idrefoptional

QName

Specifies a reference to the ID of a Test Mechanism specified elsewhere.

When idref is specified, the id attribute must not be specified, and any instance of this Test Mechanism should not hold content.

Efficacy0..1

StatementType

The Efficacy field provides an assertion of likely effectiveness of this TestMechanism to detect the targeted cyber Observables. The field includes a description of the asserted efficacy of this TestMechanism and a confidence held in the asserted efficacy of this TestMechanism to detect the targeted cyber Observables.

Producer0..1

InformationSourceType

The Producer field details the source of this entry.

Product_Name0..1

string

Name of the Snort-compatible tool that the rules were written again. If the tool has a CPE name, use of that name is suggested, otherwise a simple name like "Snort", "Suricata", or "Sourcefire" could be used.

Version0..1

string

The Version of Snort or Snort-compatible tool that the rules were written against.

Rule0..n

EncodedCDATAType

The Rule field encapsulates a Snort rule in its native format within a String field. The specification should be within a CDATA construct within the String field.

Event_Filter0..n

EncodedCDATAType

The Event_Filter field encapsulates a Snort event filter line in its native format within a String field. The specification should be within a CDATA construct within the String field.

Rate_Filter0..n

EncodedCDATAType

The Rate_Filter field encapsulates a Snort rate filter line in its native format within a String field. The specification should be within a CDATA construct within the String field.

Event_Suppression0..n

EncodedCDATAType

The Event_Suppression field encapsulates a Snort event suppression line in its native format within a String field. The specification should be within a CDATA construct within the String field.