The YaraTestMechanismType specifies an instantial extension from the abstract TestMechanismType intended to support the inclusion of a YARA rule as a test mechanism content.
Field Name | Type | Description |
---|---|---|
@idoptional | QName |
Specifies a unique ID for this Test Mechanism. |
@idrefoptional | QName |
Specifies a reference to the ID of a Test Mechanism specified elsewhere. When idref is specified, the id attribute must not be specified, and any instance of this Test Mechanism should not hold content. |
Efficacy0..1 | StatementType |
The Efficacy field provides an assertion of likely effectiveness of this TestMechanism to detect the targeted cyber Observables. The field includes a description of the asserted efficacy of this TestMechanism and a confidence held in the asserted efficacy of this TestMechanism to detect the targeted cyber Observables. |
Producer0..1 | InformationSourceType |
The Producer field details the source of this entry. |
Version0..1 | string |
The Version of YARA that the rule was written against. |
Rule0..1 | EncodedCDATAType |
The Rule field encapsulates a YARA rule in its native format within a String field. The specification should be within a CDATA construct within the String field. |