From 4f906eb15af431c12c36c8683f9bcd60d39c364e Mon Sep 17 00:00:00 2001 From: Greg Back Date: Wed, 21 Mar 2018 09:57:40 -0500 Subject: [PATCH 1/4] Handle 'NoneType' nodes. Fix #6 --- stixmarx/xml.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/stixmarx/xml.py b/stixmarx/xml.py index a09fa2e..1d5518d 100644 --- a/stixmarx/xml.py +++ b/stixmarx/xml.py @@ -148,6 +148,8 @@ def localname(node): Returns: A string XML localname. """ + if node is None: + return None if is_attribute(node): return etree.QName(node.attrname).localname else: From 766263b66929ed32f1e9aec828738f64de62ad97 Mon Sep 17 00:00:00 2001 From: Emmanuelle Vargas-Gonzalez Date: Wed, 21 Mar 2018 12:15:44 -0400 Subject: [PATCH 2/4] Fix setting stix_version --- stixmarx/test/parser_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stixmarx/test/parser_test.py b/stixmarx/test/parser_test.py index 9ea6bba..d71e578 100644 --- a/stixmarx/test/parser_test.py +++ b/stixmarx/test/parser_test.py @@ -15,7 +15,7 @@ # so we just modify the XML based on the version of python-stix installed. if stix.__version__ >= "1.2.0.0": stix_version = "1.2" -elif stix.__version__ >= "1.1.1.7": +else: stix_version = "1.1.1" XML_GLOBAL = """ From 3de1422badb4bdf9d7cfa4d12cc8df71807fa2c3 Mon Sep 17 00:00:00 2001 From: Emmanuelle Vargas-Gonzalez Date: Wed, 21 Mar 2018 13:05:24 -0400 Subject: [PATCH 3/4] Add field mappings for newer releases --- stixmarx/fields/cybox/cybox21016.py | 3882 +++++++++++++++++++++++++++ stixmarx/fields/stix/stix11110.py | 1182 ++++++++ stixmarx/fields/stix/stix1204.py | 1242 +++++++++ stixmarx/fields/stix/stix1205.py | 1248 +++++++++ 4 files changed, 7554 insertions(+) create mode 100644 stixmarx/fields/cybox/cybox21016.py create mode 100644 stixmarx/fields/stix/stix11110.py create mode 100644 stixmarx/fields/stix/stix1204.py create mode 100644 stixmarx/fields/stix/stix1205.py diff --git a/stixmarx/fields/cybox/cybox21016.py b/stixmarx/fields/cybox/cybox21016.py new file mode 100644 index 0000000..3346388 --- /dev/null +++ b/stixmarx/fields/cybox/cybox21016.py @@ -0,0 +1,3882 @@ +# Copyright (c) 2018, The MITRE Corporation. All rights reserved. +# See LICENSE.txt for complete terms. + +# This is an auto-generated file. +# cybox - 2.1.0.16 + +__date__ = "2018-03-21 12:24:23.443000" + + +# Maps Python instance attribute names to XML instance field names for +# Python API classes. +_FIELDS = { + "cybox.common.byterun.ByteRun": { + "byte_order": "Byte_Order", + "byte_run_data": "Byte_Run_Data", + "file_system_offset": "File_System_Offset", + "hashes": "Hashes", + "image_offset": "Image_Offset", + "length": "Length", + "offset": "Offset", + }, + "cybox.common.byterun.ByteRuns": { + "byte_run": "Byte_Run", + }, + "cybox.common.contributor.Contributor": { + "contribution_location": "Contribution_Location", + "date": "Date", + "email": "Email", + "name": "Name", + "organization": "Organization", + "phone": "Phone", + "role": "Role", + }, + "cybox.common.contributor.Personnel": { + "contributor": "Contributor", + }, + "cybox.common.data_segment.DataSegment": { + "byte_order": "Byte_Order", + "data_format": "Data_Format", + "data_segment": "Data_Segment", + "data_size": "Data_Size", + "id_": "@id", + "offset": "Offset", + "search_distance": "Search_Distance", + "search_within": "Search_Within", + }, + "cybox.common.data_segment.DataSize": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "units": "@units", + "value": "text()", + }, + "cybox.common.daterange.DateRange": { + "end_date": "End_Date", + "start_date": "Start_Date", + }, + "cybox.common.datetimewithprecision.DateTimeWithPrecision": { + "precision": "@precision", + "value": "text()", + }, + "cybox.common.datetimewithprecision.DateWithPrecision": { + "precision": "@precision", + "value": "text()", + }, + "cybox.common.digitalsignature.DigitalSignature": { + "certificate_issuer": "Certificate_Issuer", + "certificate_subject": "Certificate_Subject", + "signature_description": "Signature_Description", + "signature_exists": "@signature_exists", + "signature_verified": "@signature_verified", + }, + "cybox.common.digitalsignature.DigitalSignatureList": { + "digital_signature": "Digital_Signature", + }, + "cybox.common.environment_variable.EnvironmentVariable": { + "name": "Name", + "value": "Value", + }, + "cybox.common.environment_variable.EnvironmentVariableList": { + "environment_variable": "Environment_Variable", + }, + "cybox.common.extracted_features.CodeSnippets": { + "code_snippet": "Code_Snippet", + }, + "cybox.common.extracted_features.ExtractedFeatures": { + "code_snippets": "Code_Snippets", + "functions": "Functions", + "imports": "Imports", + "strings": "Strings", + }, + "cybox.common.extracted_features.Functions": { + "function": "Function", + }, + "cybox.common.extracted_features.Imports": { + "import_": "Import", + }, + "cybox.common.extracted_string.ExtractedString": { + "address": "Address", + "byte_string_value": "Byte_String_Value", + "encoding": "Encoding", + "english_translation": "English_Translation", + "hashes": "Hashes", + "language": "Language", + "length": "Length", + "string_value": "String_Value", + }, + "cybox.common.extracted_string.ExtractedStrings": { + "extracted_string": "String", + }, + "cybox.common.hashes.Hash": { + "fuzzy_hash_value": "Fuzzy_Hash_Value", + "simple_hash_value": "Simple_Hash_Value", + "type_": "Type", + }, + "cybox.common.hashes.HashList": { + "hashes": "Hash", + }, + "cybox.common.measuresource.MeasureSource": { + "class_": "@class", + "contributors": "Contributors", + "description": "Description", + "information_source_type": "Information_Source_Type", + "instance": "Instance", + "name": "@name", + "platform": "Platform", + "sighting_count": "@sighting_count", + "source_type": "@source_type", + "system": "System", + "time": "Time", + "tool_type": "Tool_Type", + "tools": "Tools", + }, + "cybox.common.object_properties.CustomProperties": { + "property_": "Property", + }, + "cybox.common.object_properties.ObjectProperties": { + "custom_properties": "Custom_Properties", + "object_reference": "@object_reference", + }, + "cybox.common.object_properties.Property": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "description": "@description", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "name": "@name", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.platform_specification.PlatformIdentifier": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "system": "@system", + "system_ref": "@system_ref", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.platform_specification.PlatformSpecification": { + "description": "Description", + "identifiers": "Identifier", + }, + "cybox.common.properties.AnyURI": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.Base64Binary": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.BaseProperty": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.Date": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "precision": "@precision", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.DateTime": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "precision": "@precision", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.Double": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.Duration": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.Float": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.HexBinary": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.Integer": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.Long": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.Name": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.NonNegativeInteger": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.PositiveInteger": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.String": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.Time": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "precision": "@precision", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.UnsignedInteger": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties.UnsignedLong": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties._FloatBase": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties._IntegerBase": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.properties._LongBase": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.common.structured_text.StructuredText": { + "structuring_format": "@structuring_format", + "value": "text()", + }, + "cybox.common.time.Time": { + "end_time": "End_Time", + "produced_time": "Produced_Time", + "received_time": "Received_Time", + "start_time": "Start_Time", + }, + "cybox.common.tools.ToolInformation": { + "description": "Description", + "id_": "@id", + "idref": "@idref", + "name": "Name", + "service_pack": "Service_Pack", + "tool_hashes": "Tool_Hashes", + "type_": "Type", + "vendor": "Vendor", + "version": "Version", + }, + "cybox.common.tools.ToolInformationList": { + "tool": "Tool", + }, + "cybox.common.vocabs.ActionArgumentName": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "cybox.common.vocabs.ActionName": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "cybox.common.vocabs.ActionObjectAssociationType": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "cybox.common.vocabs.ActionRelationshipType": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "cybox.common.vocabs.ActionType": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "cybox.common.vocabs.CharacterEncoding": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "cybox.common.vocabs.EventType": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "cybox.common.vocabs.HashName": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "cybox.common.vocabs.InformationSourceType": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "cybox.common.vocabs.ObjectRelationship": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "cybox.common.vocabs.ObjectState": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "cybox.common.vocabs.ToolType": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "cybox.common.vocabs.VocabString": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "cybox.core.action.Action": { + "action_aliases": "Action_Aliases", + "action_arguments": "Action_Arguments", + "action_status": "@action_status", + "associated_objects": "Associated_Objects", + "context": "@context", + "description": "Description", + "discovery_method": "Discovery_Method", + "frequency": "Frequency", + "id_": "@id", + "idref": "@idref", + "name": "Name", + "ordinal_position": "@ordinal_position", + "relationships": "Relationships", + "timestamp": "@timestamp", + "type_": "Type", + }, + "cybox.core.action.ActionAliases": { + "action_alias": "Action_Alias", + }, + "cybox.core.action.ActionArgument": { + "argument_name": "Argument_Name", + "argument_value": "Argument_Value", + }, + "cybox.core.action.ActionArguments": { + "action_argument": "Action_Argument", + }, + "cybox.core.action.ActionRelationship": { + "action_references": "Action_Reference", + "type": "Type", + }, + "cybox.core.action.ActionRelationships": { + "relationship": "Relationship", + }, + "cybox.core.action.Actions": { + "action": "Action", + }, + "cybox.core.action.AssociatedObjects": { + "associated_object": "Associated_Object", + }, + "cybox.core.action_reference.ActionReference": { + "action_id": "@action_id", + }, + "cybox.core.associated_object.AssociatedObject": { + "association_type": "Association_Type", + "description": "Description", + "domain_specific_object_properties": "Domain_Specific_Object_Properties", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "properties": "Properties", + "related_objects": "Related_Objects", + "state": "State", + }, + "cybox.core.event.Event": { + "actions": "Actions", + "description": "Description", + "event": "Event", + "frequency": "Frequency", + "id_": "@id", + "idref": "@idref", + "observation_method": "Observation_Method", + "type_": "Type", + }, + "cybox.core.frequency.Frequency": { + "rate": "@rate", + "scale": "@scale", + "trend": "@trend", + "units": "@units", + }, + "cybox.core.object.Object": { + "description": "Description", + "domain_specific_object_properties": "Domain_Specific_Object_Properties", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "properties": "Properties", + "related_objects": "Related_Objects", + "state": "State", + }, + "cybox.core.object.RelatedObject": { + "description": "Description", + "domain_specific_object_properties": "Domain_Specific_Object_Properties", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "properties": "Properties", + "related_objects": "Related_Objects", + "relationship": "Relationship", + "state": "State", + }, + "cybox.core.object.RelatedObjects": { + "related_object": "Related_Object", + }, + "cybox.core.observable.Keywords": { + "keyword": "Keyword", + }, + "cybox.core.observable.Observable": { + "description": "Description", + "event": "Event", + "id_": "@id", + "idref": "@idref", + "keywords": "Keywords", + "object_": "Object", + "observable_composition": "Observable_Composition", + "observable_source": "Observable_Source", + "pattern_fidelity": "Pattern_Fidelity", + "sighting_count": "@sighting_count", + "title": "Title", + }, + "cybox.core.observable.ObservableComposition": { + "observables": "Observable", + "operator": "@operator", + }, + "cybox.core.observable.Observables": { + "observable_package_source": "Observable_Package_Source", + "observables": "Observable", + }, + "cybox.core.pattern_fidelity.ObfuscationTechnique": { + "description": "Description", + "observables": "Observables", + }, + "cybox.core.pattern_fidelity.ObfuscationTechniques": { + "obfuscation_technique": "Obfuscation_Technique", + }, + "cybox.core.pattern_fidelity.PatternFidelity": { + "ease_of_evasion": "Ease_of_Evasion", + "evasion_techniques": "Evasion_Techniques", + "noisiness": "Noisiness", + }, + "cybox.objects.account_object.Account": { + "authentication": "Authentication", + "creation_date": "Creation_Date", + "custom_properties": "Custom_Properties", + "description": "Description", + "disabled": "@disabled", + "domain": "Domain", + "last_accessed_time": "Last_Accessed_Time", + "locked_out": "@locked_out", + "modified_date": "Modified_Date", + "object_reference": "@object_reference", + }, + "cybox.objects.account_object.Authentication": { + "authentication_data": "Authentication_Data", + "authentication_token_protection_mechanism": "Authentication_Token_Protection_Mechanism", + "authentication_type": "Authentication_Type", + "structured_authentication_mechanism": "Structured_Authentication_Mechanism", + }, + "cybox.objects.account_object.StructuredAuthenticationMechanism": { + "description": "Description", + }, + "cybox.objects.address_object.Address": { + "address_value": "Address_Value", + "category": "@category", + "custom_properties": "Custom_Properties", + "is_destination": "@is_destination", + "is_source": "@is_source", + "is_spoofed": "@is_spoofed", + "object_reference": "@object_reference", + "vlan_name": "VLAN_Name", + "vlan_num": "VLAN_Num", + }, + "cybox.objects.address_object.EmailAddress": { + "address_value": "Address_Value", + "category": "@category", + "custom_properties": "Custom_Properties", + "is_destination": "@is_destination", + "is_source": "@is_source", + "is_spoofed": "@is_spoofed", + "object_reference": "@object_reference", + "vlan_name": "VLAN_Name", + "vlan_num": "VLAN_Num", + }, + "cybox.objects.api_object.API": { + "address": "Address", + "custom_properties": "Custom_Properties", + "description": "Description", + "function_name": "Function_Name", + "normalized_function_name": "Normalized_Function_Name", + "object_reference": "@object_reference", + "platform": "Platform", + }, + "cybox.objects.archive_file_object.ArchiveFile": { + "accessed_time": "Accessed_Time", + "archive_format": "Archive_Format", + "archived_file": "Archived_File", + "byte_runs": "Byte_Runs", + "comment": "Comment", + "compression_comment": "Compression_Comment", + "compression_method": "Compression_Method", + "compression_version": "Compression_Version", + "created_time": "Created_Time", + "custom_properties": "Custom_Properties", + "decryption_key": "Decryption_Key", + "device_path": "Device_Path", + "digital_signatures": "Digital_Signatures", + "encryption_algorithm": "Encryption_Algorithm", + "extracted_features": "Extracted_Features", + "file_attributes_list": "File_Attributes_List", + "file_count": "File_Count", + "file_extension": "File_Extension", + "file_format": "File_Format", + "file_name": "File_Name", + "file_path": "File_Path", + "full_path": "Full_Path", + "hashes": "Hashes", + "is_masqueraded": "@is_masqueraded", + "is_packed": "@is_packed", + "magic_number": "Magic_Number", + "modified_time": "Modified_Time", + "object_reference": "@object_reference", + "packer_list": "Packer_List", + "peak_entropy": "Peak_Entropy", + "permissions": "Permissions", + "size_in_bytes": "Size_In_Bytes", + "sym_links": "Sym_Links", + "user_owner": "User_Owner", + "version": "Version", + }, + "cybox.objects.arp_cache_object.ARPCache": { + "arp_cache_entry": "ARP_Cache_Entry", + "custom_properties": "Custom_Properties", + "object_reference": "@object_reference", + }, + "cybox.objects.arp_cache_object.ARPCacheEntry": { + "ip_address": "IP_Address", + "network_interface": "Network_Interface", + "physical_address": "Physical_Address", + "type_": "Type", + }, + "cybox.objects.artifact_object.Artifact": { + "content_type": "@content_type", + "content_type_version": "@content_type_version", + "custom_properties": "Custom_Properties", + "hashes": "Hashes", + "object_reference": "@object_reference", + "raw_artifact": "Raw_Artifact", + "raw_artifact_reference": "Raw_Artifact_Reference", + "suspected_malicious": "@suspected_malicious", + "type_": "@type", + }, + "cybox.objects.artifact_object.Base64Encoding": { + "algorithm": "@algorithm", + "character_set": "@character_set", + "custom_character_set_ref": "@custom_character_set_ref", + }, + "cybox.objects.artifact_object.Bz2Compression": { + "compression_mechanism": "@compression_mechanism", + "compression_mechanism_ref": "@compression_mechanism_ref", + }, + "cybox.objects.artifact_object.Compression": { + "compression_mechanism": "@compression_mechanism", + "compression_mechanism_ref": "@compression_mechanism_ref", + }, + "cybox.objects.artifact_object.Encoding": { + "algorithm": "@algorithm", + "character_set": "@character_set", + "custom_character_set_ref": "@custom_character_set_ref", + }, + "cybox.objects.artifact_object.Encryption": { + "encryption_key": "@encryption_key", + "encryption_key_ref": "@encryption_key_ref", + "encryption_mechanism": "@encryption_mechanism", + "encryption_mechanism_ref": "@encryption_mechanism_ref", + }, + "cybox.objects.artifact_object.PasswordProtectedZipEncryption": { + "encryption_key": "@encryption_key", + "encryption_key_ref": "@encryption_key_ref", + "encryption_mechanism": "@encryption_mechanism", + "encryption_mechanism_ref": "@encryption_mechanism_ref", + }, + "cybox.objects.artifact_object.RawArtifact": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "byte_order": "@byte_order", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.objects.artifact_object.XOREncryption": { + "encryption_key": "@encryption_key", + "encryption_key_ref": "@encryption_key_ref", + "encryption_mechanism": "@encryption_mechanism", + "encryption_mechanism_ref": "@encryption_mechanism_ref", + }, + "cybox.objects.artifact_object.ZlibCompression": { + "compression_mechanism": "@compression_mechanism", + "compression_mechanism_ref": "@compression_mechanism_ref", + }, + "cybox.objects.as_object.AutonomousSystem": { + "custom_properties": "Custom_Properties", + "handle": "Handle", + "name": "Name", + "number": "Number", + "object_reference": "@object_reference", + "regional_internet_registry": "Regional_Internet_Registry", + }, + "cybox.objects.code_object.Code": { + "code_language": "Code_Language", + "code_segment": "Code_Segment", + "code_segment_xor": "Code_Segment_XOR", + "custom_properties": "Custom_Properties", + "description": "Description", + "digital_signatures": "Digital_Signatures", + "discovery_method": "Discovery_Method", + "extracted_features": "Extracted_Features", + "object_reference": "@object_reference", + "processor_family": "Processor_Family", + "purpose": "Purpose", + "start_address": "Start_Address", + "targeted_platforms": "Targeted_Platforms", + "type_": "Type", + }, + "cybox.objects.code_object.CodeSegmentXOR": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "xor_pattern": "@xor_pattern", + }, + "cybox.objects.code_object.TargetedPlatforms": { + "targeted_platform": "Targeted_Platform", + }, + "cybox.objects.custom_object.Custom": { + "custom_name": "@custom_name", + "custom_properties": "Custom_Properties", + "description": "Description", + "object_reference": "@object_reference", + }, + "cybox.objects.device_object.Device": { + "custom_properties": "Custom_Properties", + "description": "Description", + "device_type": "Device_Type", + "firmware_version": "Firmware_Version", + "manufacturer": "Manufacturer", + "model": "Model", + "object_reference": "@object_reference", + "serial_number": "Serial_Number", + }, + "cybox.objects.disk_object.Disk": { + "custom_properties": "Custom_Properties", + "disk_name": "Disk_Name", + "disk_size": "Disk_Size", + "free_space": "Free_Space", + "object_reference": "@object_reference", + "partition_list": "Partition_List", + "type_": "Type", + }, + "cybox.objects.disk_object.PartitionList": { + "partition": "Partition", + }, + "cybox.objects.disk_partition_object.DiskPartition": { + "created": "Created", + "custom_properties": "Custom_Properties", + "device_name": "Device_Name", + "mount_point": "Mount_Point", + "object_reference": "@object_reference", + "partition_id": "Partition_ID", + "partition_length": "Partition_Length", + "partition_offset": "Partition_Offset", + "space_left": "Space_Left", + "space_used": "Space_Used", + "total_space": "Total_Space", + "type_": "Type", + }, + "cybox.objects.dns_cache_object.DNSCache": { + "custom_properties": "Custom_Properties", + "dns_cache_entry": "DNS_Cache_Entry", + "object_reference": "@object_reference", + }, + "cybox.objects.dns_cache_object.DNSCacheEntry": { + "dns_entry": "DNS_Entry", + "ttl": "TTL", + }, + "cybox.objects.dns_query_object.DNSQuery": { + "additional_records": "Additional_Records", + "answer_resource_records": "Answer_Resource_Records", + "authority_resource_records": "Authority_Resource_Records", + "custom_properties": "Custom_Properties", + "date_ran": "Date_Ran", + "object_reference": "@object_reference", + "question": "Question", + "service_used": "Service_Used", + "successful": "@successful", + "transaction_id": "Transaction_ID", + }, + "cybox.objects.dns_query_object.DNSQuestion": { + "qclass": "QClass", + "qname": "QName", + "qtype": "QType", + }, + "cybox.objects.dns_query_object.DNSResourceRecords": { + "resource_record": "Resource_Record", + }, + "cybox.objects.dns_record_object.DNSRecord": { + "address_class": "Address_Class", + "custom_properties": "Custom_Properties", + "data_length": "Data_Length", + "description": "Description", + "domain_name": "Domain_Name", + "entry_type": "Entry_Type", + "flags": "Flags", + "ip_address": "IP_Address", + "object_reference": "@object_reference", + "queried_date": "Queried_Date", + "record_data": "Record_Data", + "record_name": "Record_Name", + "record_type": "Record_Type", + "ttl": "TTL", + }, + "cybox.objects.domain_name_object.DomainName": { + "custom_properties": "Custom_Properties", + "object_reference": "@object_reference", + "type_": "@type", + "value": "Value", + }, + "cybox.objects.email_message_object.AttachmentReference": { + "object_reference": "@object_reference", + }, + "cybox.objects.email_message_object.Attachments": { + "file": "File", + }, + "cybox.objects.email_message_object.EmailHeader": { + "bcc": "BCC", + "boundary": "Boundary", + "cc": "CC", + "content_type": "Content_Type", + "date": "Date", + "errors_to": "Errors_To", + "from_": "From", + "in_reply_to": "In_Reply_To", + "message_id": "Message_ID", + "mime_version": "MIME_Version", + "precedence": "Precedence", + "received_lines": "Received_Lines", + "reply_to": "Reply_To", + "sender": "Sender", + "subject": "Subject", + "to": "To", + "user_agent": "User_Agent", + "x_mailer": "X_Mailer", + "x_originating_ip": "X_Originating_IP", + "x_priority": "X_Priority", + }, + "cybox.objects.email_message_object.EmailMessage": { + "attachments": "Attachments", + "custom_properties": "Custom_Properties", + "email_server": "Email_Server", + "header": "Header", + "links": "Links", + "object_reference": "@object_reference", + "raw_body": "Raw_Body", + "raw_header": "Raw_Header", + }, + "cybox.objects.email_message_object.EmailRecipients": { + "recipient": "Recipient", + }, + "cybox.objects.email_message_object.LinkReference": { + "object_reference": "@object_reference", + }, + "cybox.objects.email_message_object.Links": { + "link": "Link", + }, + "cybox.objects.email_message_object.ReceivedLine": { + "by": "By", + "for_": "For", + "from_": "From", + "id_": "ID", + "timestamp": "Timestamp", + "via": "Via", + "with_": "With", + }, + "cybox.objects.email_message_object.ReceivedLineList": { + "received": "Received", + }, + "cybox.objects.file_object.EPJumpCode": { + "depth": "Depth", + "opcodes": "Opcodes", + }, + "cybox.objects.file_object.EntryPointSignature": { + "name": "Name", + "type_": "Type", + }, + "cybox.objects.file_object.EntryPointSignatureList": { + "entry_point_signature": "Entry_Point_Signature", + }, + "cybox.objects.file_object.File": { + "accessed_time": "Accessed_Time", + "byte_runs": "Byte_Runs", + "compression_comment": "Compression_Comment", + "compression_method": "Compression_Method", + "compression_version": "Compression_Version", + "created_time": "Created_Time", + "custom_properties": "Custom_Properties", + "decryption_key": "Decryption_Key", + "device_path": "Device_Path", + "digital_signatures": "Digital_Signatures", + "encryption_algorithm": "Encryption_Algorithm", + "extracted_features": "Extracted_Features", + "file_attributes_list": "File_Attributes_List", + "file_extension": "File_Extension", + "file_format": "File_Format", + "file_name": "File_Name", + "file_path": "File_Path", + "full_path": "Full_Path", + "hashes": "Hashes", + "is_masqueraded": "@is_masqueraded", + "is_packed": "@is_packed", + "magic_number": "Magic_Number", + "modified_time": "Modified_Time", + "object_reference": "@object_reference", + "packer_list": "Packer_List", + "peak_entropy": "Peak_Entropy", + "permissions": "Permissions", + "size_in_bytes": "Size_In_Bytes", + "sym_links": "Sym_Links", + "user_owner": "User_Owner", + }, + "cybox.objects.file_object.FilePath": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "fully_qualified": "@fully_qualified", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.objects.file_object.Packer": { + "detected_entrypoint_signatures": "Detected_Entrypoint_Signatures", + "entry_point": "Entry_Point", + "ep_jump_codes": "EP_Jump_Codes", + "name": "Name", + "signature": "Signature", + "type_": "Type", + "version": "Version", + }, + "cybox.objects.file_object.PackerList": { + "packer": "Packer", + }, + "cybox.objects.file_object.SymLinksList": { + "sym_link": "Sym_Link", + }, + "cybox.objects.gui_dialogbox_object.GUIDialogbox": { + "box_caption": "Box_Caption", + "box_text": "Box_Text", + "custom_properties": "Custom_Properties", + "height": "Height", + "object_reference": "@object_reference", + "width": "Width", + }, + "cybox.objects.gui_object.GUI": { + "custom_properties": "Custom_Properties", + "height": "Height", + "object_reference": "@object_reference", + "width": "Width", + }, + "cybox.objects.gui_window_object.GUIWindow": { + "custom_properties": "Custom_Properties", + "height": "Height", + "object_reference": "@object_reference", + "owner_window": "Owner_Window", + "parent_window": "Parent_Window", + "width": "Width", + "window_display_name": "Window_Display_Name", + }, + "cybox.objects.hostname_object.Hostname": { + "custom_properties": "Custom_Properties", + "hostname_value": "Hostname_Value", + "is_domain_name": "@is_domain_name", + "naming_system": "Naming_System", + "object_reference": "@object_reference", + }, + "cybox.objects.http_session_object.HTTPClientRequest": { + "http_message_body": "HTTP_Message_Body", + "http_request_header": "HTTP_Request_Header", + "http_request_line": "HTTP_Request_Line", + }, + "cybox.objects.http_session_object.HTTPMessage": { + "length": "Length", + "message_body": "Message_Body", + }, + "cybox.objects.http_session_object.HTTPRequestHeader": { + "parsed_header": "Parsed_Header", + "raw_header": "Raw_Header", + }, + "cybox.objects.http_session_object.HTTPRequestHeaderFields": { + "accept": "Accept", + "accept_charset": "Accept_Charset", + "accept_datetime": "Accept_Datetime", + "accept_encoding": "Accept_Encoding", + "accept_language": "Accept_Language", + "authorization": "Authorization", + "cache_control": "Cache_Control", + "connection": "Connection", + "content_length": "Content_Length", + "content_md5": "Content_MD5", + "content_type": "Content_Type", + "cookie": "Cookie", + "date": "Date", + "dnt": "DNT", + "expect": "Expect", + "from_": "From", + "host": "Host", + "if_match": "If_Match", + "if_modified_since": "If_Modified_Since", + "if_none_match": "If_None_Match", + "if_range": "If_Range", + "if_unmodified_since": "If_Unmodified_Since", + "max_forwards": "Max_Forwards", + "pragma": "Pragma", + "proxy_authorization": "Proxy_Authorization", + "range_": "Range", + "referer": "Referer", + "te": "TE", + "user_agent": "User_Agent", + "via": "Via", + "warning": "Warning", + "x_att_deviceid": "X_ATT_DeviceId", + "x_forwarded_for": "X_Forwarded_For", + "x_forwarded_proto": "X_Forwarded_Proto", + "x_requested_with": "X_Requested_With", + "x_wap_profile": "X_Wap_Profile", + }, + "cybox.objects.http_session_object.HTTPRequestLine": { + "http_method": "HTTP_Method", + "value": "Value", + "version": "Version", + }, + "cybox.objects.http_session_object.HTTPRequestResponse": { + "http_client_request": "HTTP_Client_Request", + "http_provisional_server_response": "HTTP_Provisional_Server_Response", + "http_server_response": "HTTP_Server_Response", + "ordinal_position": "@ordinal_position", + }, + "cybox.objects.http_session_object.HTTPResponseHeader": { + "parsed_header": "Parsed_Header", + "raw_header": "Raw_Header", + }, + "cybox.objects.http_session_object.HTTPResponseHeaderFields": { + "accept_ranges": "Accept_Ranges", + "access_control_allow_origin": "Access_Control_Allow_Origin", + "age": "Age", + "cache_control": "Cache_Control", + "connection": "Connection", + "content_disposition": "Content_Disposition", + "content_encoding": "Content_Encoding", + "content_language": "Content_Language", + "content_length": "Content_Length", + "content_location": "Content_Location", + "content_md5": "Content_MD5", + "content_range": "Content_Range", + "content_type": "Content_Type", + "date": "Date", + "etag": "ETag", + "expires": "Expires", + "last_modified": "Last_Modified", + "link": "Link", + "location": "Location", + "p3p": "P3P", + "pragma": "Pragma", + "proxy_authenticate": "Proxy_Authenticate", + "refresh": "Refresh", + "retry_after": "Retry_After", + "server": "Server", + "set_cookie": "Set_Cookie", + "strict_transport_security": "Strict_Transport_Security", + "trailer": "Trailer", + "transfer_encoding": "Transfer_Encoding", + "vary": "Vary", + "via": "Via", + "warning": "Warning", + "www_authenticate": "WWW_Authenticate", + "x_content_type_options": "X_Content_Type_Options", + "x_frame_options": "X_Frame_Options", + "x_powered_by": "X_Powered_By", + "x_ua_compatible": "X_UA_Compatible", + "x_xss_protection": "X_XSS_Protection", + }, + "cybox.objects.http_session_object.HTTPServerResponse": { + "http_message_body": "HTTP_Message_Body", + "http_response_header": "HTTP_Response_Header", + "http_status_line": "HTTP_Status_Line", + }, + "cybox.objects.http_session_object.HTTPSession": { + "custom_properties": "Custom_Properties", + "http_request_response": "HTTP_Request_Response", + "object_reference": "@object_reference", + }, + "cybox.objects.http_session_object.HTTPStatusLine": { + "reason_phrase": "Reason_Phrase", + "status_code": "Status_Code", + "version": "Version", + }, + "cybox.objects.http_session_object.HostField": { + "domain_name": "Domain_Name", + "port": "Port", + }, + "cybox.objects.image_file_object.ImageFile": { + "accessed_time": "Accessed_Time", + "bits_per_pixel": "Bits_Per_Pixel", + "byte_runs": "Byte_Runs", + "compression_algorithm": "Compression_Algorithm", + "compression_comment": "Compression_Comment", + "compression_method": "Compression_Method", + "compression_version": "Compression_Version", + "created_time": "Created_Time", + "custom_properties": "Custom_Properties", + "decryption_key": "Decryption_Key", + "device_path": "Device_Path", + "digital_signatures": "Digital_Signatures", + "encryption_algorithm": "Encryption_Algorithm", + "extracted_features": "Extracted_Features", + "file_attributes_list": "File_Attributes_List", + "file_extension": "File_Extension", + "file_format": "File_Format", + "file_name": "File_Name", + "file_path": "File_Path", + "full_path": "Full_Path", + "hashes": "Hashes", + "image_file_format": "Image_File_Format", + "image_height": "Image_Height", + "image_is_compressed": "@image_is_compressed", + "image_width": "Image_Width", + "is_masqueraded": "@is_masqueraded", + "is_packed": "@is_packed", + "magic_number": "Magic_Number", + "modified_time": "Modified_Time", + "object_reference": "@object_reference", + "packer_list": "Packer_List", + "peak_entropy": "Peak_Entropy", + "permissions": "Permissions", + "size_in_bytes": "Size_In_Bytes", + "sym_links": "Sym_Links", + "user_owner": "User_Owner", + }, + "cybox.objects.library_object.Library": { + "base_address": "Base_Address", + "custom_properties": "Custom_Properties", + "extracted_features": "Extracted_Features", + "name": "Name", + "object_reference": "@object_reference", + "path": "Path", + "size": "Size", + "type_": "Type", + "version": "Version", + }, + "cybox.objects.link_object.Link": { + "custom_properties": "Custom_Properties", + "object_reference": "@object_reference", + "type_": "@type", + "url_label": "URL_Label", + "value": "Value", + }, + "cybox.objects.linux_package_object.LinuxPackage": { + "architecture": "Architecture", + "category": "Category", + "custom_properties": "Custom_Properties", + "description": "Description", + "epoch": "Epoch", + "evr": "EVR", + "name": "Name", + "object_reference": "@object_reference", + "release": "Release", + "vendor": "Vendor", + "version": "Version", + }, + "cybox.objects.linux_package_object.LinuxPackageArchitecture": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "cybox.objects.memory_object.Memory": { + "block_type": "Block_Type", + "custom_properties": "Custom_Properties", + "extracted_features": "Extracted_Features", + "hashes": "Hashes", + "is_injected": "@is_injected", + "is_mapped": "@is_mapped", + "is_protected": "@is_protected", + "is_volatile": "@is_volatile", + "memory_source": "Memory_Source", + "name": "Name", + "object_reference": "@object_reference", + "region_end_address": "Region_End_Address", + "region_size": "Region_Size", + "region_start_address": "Region_Start_Address", + }, + "cybox.objects.mutex_object.Mutex": { + "custom_properties": "Custom_Properties", + "name": "Name", + "named": "@named", + "object_reference": "@object_reference", + }, + "cybox.objects.network_connection_object.Layer7Connections": { + "dns_query": "DNS_Query", + "http_session": "HTTP_Session", + }, + "cybox.objects.network_connection_object.NetworkConnection": { + "creation_time": "Creation_Time", + "custom_properties": "Custom_Properties", + "destination_socket_address": "Destination_Socket_Address", + "destination_tcp_state": "Destination_TCP_State", + "layer3_protocol": "Layer3_Protocol", + "layer4_protocol": "Layer4_Protocol", + "layer7_connections": "Layer7_Connections", + "layer7_protocol": "Layer7_Protocol", + "object_reference": "@object_reference", + "source_socket_address": "Source_Socket_Address", + "source_tcp_state": "Source_TCP_State", + "tls_used": "@tls_used", + }, + "cybox.objects.network_packet_object.ARP": { + "hardware_addr_size": "Hardware_Addr_Size", + "hardware_addr_type": "Hardware_Addr_Type", + "op_type": "Op_Type", + "proto_addr_size": "Proto_Addr_Size", + "proto_addr_type": "Proto_Addr_Type", + "recip_hardware_addr": "Recip_Hardware_Addr", + "recip_protocol_addr": "Recip_Protocol_Addr", + "sender_hardware_addr": "Sender_Hardware_Addr", + "sender_protocol_addr": "Sender_Protocol_Addr", + }, + "cybox.objects.network_packet_object.AuthenticationHeader": { + "authentication_data": "Authentication_Data", + "header_ext_len": "Header_Ext_Len", + "next_header": "Next_Header", + "security_parameters_index": "Security_Parameters_Index", + "sequence_number": "Sequence_Number", + }, + "cybox.objects.network_packet_object.DestinationOptions": { + "header_ext_len": "Header_Ext_Len", + "next_header": "Next_Header", + "option_data": "Option_Data", + }, + "cybox.objects.network_packet_object.EncapsulatingSecurityPayload": { + "authentication_data": "Authentication_Data", + "next_header": "Next_Header", + "padding": "Padding", + "padding_len": "Padding_Len", + "payload_data": "Payload_Data", + "security_parameters_index": "Security_Parameters_Index", + "sequence_number": "Sequence_Number", + }, + "cybox.objects.network_packet_object.EthernetHeader": { + "checksum": "Checksum", + "destination_mac_addr": "Destination_MAC_Addr", + "source_mac_addr": "Source_MAC_Addr", + "type_or_length": "Type_Or_Length", + }, + "cybox.objects.network_packet_object.EthernetInterface": { + "ethernet_header": "Ethernet_Header", + }, + "cybox.objects.network_packet_object.Fragment": { + "fragment": "Fragment", + "fragment_header": "Fragment_Header", + }, + "cybox.objects.network_packet_object.FragmentHeader": { + "fragment_offset": "Fragment_Offset", + "identification": "Identification", + "m_flag": "M_Flag", + "next_header": "Next_Header", + }, + "cybox.objects.network_packet_object.FragmentationRequired": { + "fragmentation_required": "Fragmentation_Required", + "next_hop_mtu": "Next_Hop_MTU", + }, + "cybox.objects.network_packet_object.HopByHopOptions": { + "header_ext_len": "Header_Ext_Len", + "next_header": "Next_Header", + "option_data": "Option_Data", + }, + "cybox.objects.network_packet_object.ICMPv4AddressMaskReply": { + "address_mask": "Address_Mask", + "address_mask_reply": "Address_Mask_Reply", + }, + "cybox.objects.network_packet_object.ICMPv4AddressMaskRequest": { + "address_mask": "Address_Mask", + "address_mask_request": "Address_Mask_Request", + }, + "cybox.objects.network_packet_object.ICMPv4DestinationUnreachable": { + "communication_administratively_prohibited": "Communication_Administratively_Prohibited", + "destination_host_unknown": "Destination_Host_Unknown", + "destination_host_unreachable": "Destination_Host_Unreachable", + "destination_network_unknown": "Destination_Network_Unknown", + "destination_network_unreachable": "Destination_Network_Unreachable", + "destination_port_unreachable": "Destination_Port_Unreachable", + "destination_protocol_unreachable": "Destination_Protocol_Unreachable", + "fragmentation_required": "Fragmentation_Required", + "host_administratively_prohibited": "Host_Administratively_Prohibited", + "host_precedence_violation": "Host_Precedence_Violation", + "host_unreachable_for_tos": "Host_Unreachable_For_TOS", + "network_administratively_prohibited": "Network_Administratively_Prohibited", + "network_unreachable_for_tos": "Network_Unreachable_For_TOS", + "precedence_cutoff_in_effect": "Precedence_Cutoff_In_Effect", + "source_host_isolated": "Source_Host_Isolated", + "source_route_failed": "Source_Route_Failed", + }, + "cybox.objects.network_packet_object.ICMPv4EchoReply": { + "data": "Data", + "echo_reply": "Echo_Reply", + }, + "cybox.objects.network_packet_object.ICMPv4EchoRequest": { + "data": "Data", + "echo_request": "Echo_Request", + }, + "cybox.objects.network_packet_object.ICMPv4ErrorMessage": { + "destination_unreachable": "Destination_Unreachable", + "error_msg_content": "Error_Msg_Content", + "redirect_message": "Redirect_Message", + "source_quench": "Source_Quench", + "time_exceeded": "Time_Exceeded", + }, + "cybox.objects.network_packet_object.ICMPv4ErrorMessageContent": { + "first_eight_bytes": "First_Eight_Bytes", + "ip_header": "IP_Header", + }, + "cybox.objects.network_packet_object.ICMPv4Header": { + "checksum": "Checksum", + "code": "Code", + "type_": "Type", + }, + "cybox.objects.network_packet_object.ICMPv4InfoMessage": { + "address_mask_reply": "Address_Mask_Reply", + "address_mask_request": "Address_Mask_Request", + "echo_reply": "Echo_Reply", + "echo_request": "Echo_Request", + "info_msg_content": "Info_Msg_Content", + "timestamp_reply": "Timestamp_Reply", + "timestamp_request": "Timestamp_Request", + }, + "cybox.objects.network_packet_object.ICMPv4InfoMessageContent": { + "identifier": "Identifier", + "sequence_number": "Sequence_Number", + }, + "cybox.objects.network_packet_object.ICMPv4Packet": { + "error_msg": "Error_Msg", + "icmpv4_header": "ICMPv4_Header", + "info_msg": "Info_Msg", + "traceroute": "Traceroute", + }, + "cybox.objects.network_packet_object.ICMPv4RedirectMessage": { + "host_redirect": "Host_Redirect", + "ip_address": "IP_Address", + "network_redirect": "Network_Redirect", + "tos_host_redirect": "ToS_Host_Redirect", + "tos_network_redirect": "ToS_Network_Redirect", + }, + "cybox.objects.network_packet_object.ICMPv4SourceQuench": { + "source_quench": "Source_Quench", + }, + "cybox.objects.network_packet_object.ICMPv4TimeExceeded": { + "frag_reassembly_time_exceeded": "Frag_Reassembly_Time_Exceeded", + "ttl_exceeded_in_transit": "TTL_Exceeded_In_Transit", + }, + "cybox.objects.network_packet_object.ICMPv4TimestampReply": { + "originate_timestamp": "Originate_Timestamp", + "receive_timestamp": "Receive_Timestamp", + "timestamp_reply": "Timestamp_Reply", + "transmit_timestamp": "Transmit_Timestamp", + }, + "cybox.objects.network_packet_object.ICMPv4TimestampRequest": { + "originate_timestamp": "Originate_Timestamp", + "timestamp": "Timestamp", + }, + "cybox.objects.network_packet_object.ICMPv4Traceroute": { + "identifier": "Identifier", + "outbound_hop_count": "Outbound_Hop_Count", + "outbound_packet_forward_success": "Outbound_Packet_Forward_Success", + "outbound_packet_no_route": "Outbound_Packet_no_Route", + "output_link_mtu": "Output_Link_MTU", + "output_link_speed": "Output_Link_Speed", + "return_hop_count": "Return_Hop_Count", + }, + "cybox.objects.network_packet_object.ICMPv6DestinationUnreachable": { + "address_unreachable": "Address_Unreachable", + "beyond_scope": "Beyond_Scope", + "comm_prohibited": "Comm_Prohibited", + "no_route": "No_Route", + "port_unreachable": "Port_Unreachable", + "reject_route": "Reject_Route", + "src_addr_failed_policy": "Src_Addr_Failed_Policy", + }, + "cybox.objects.network_packet_object.ICMPv6EchoReply": { + "data": "Data", + "echo_reply": "Echo_Reply", + }, + "cybox.objects.network_packet_object.ICMPv6EchoRequest": { + "data": "Data", + "echo_request": "Echo_Request", + }, + "cybox.objects.network_packet_object.ICMPv6ErrorMessage": { + "destination_unreachable": "Destination_Unreachable", + "invoking_packet": "Invoking_Packet", + "packet_too_big": "Packet_Too_Big", + "parameter_problem": "Parameter_Problem", + "time_exceeded": "Time_Exceeded", + }, + "cybox.objects.network_packet_object.ICMPv6Header": { + "checksum": "Checksum", + "code": "Code", + "type_": "Type", + }, + "cybox.objects.network_packet_object.ICMPv6InfoMessage": { + "echo_reply": "Echo_Reply", + "echo_request": "Echo_Request", + "info_msg_content": "Info_Msg_Content", + }, + "cybox.objects.network_packet_object.ICMPv6InfoMessageContent": { + "identifier": "Identifier", + "sequence_number": "Sequence_Number", + }, + "cybox.objects.network_packet_object.ICMPv6Packet": { + "error_msg": "Error_Msg", + "icmpv6_header": "ICMPv6_Header", + "info_msg": "Info_Msg", + }, + "cybox.objects.network_packet_object.ICMPv6PacketTooBig": { + "mtu": "MTU", + "packet_too_big": "Packet_Too_Big", + }, + "cybox.objects.network_packet_object.ICMPv6ParameterProblem": { + "erroneous_header_field": "Erroneous_Header_Field", + "pointer": "Pointer", + "unrecognized_ipv6_option": "Unrecognized_IPv6_Option", + "unrecognized_next_header_type": "Unrecognized_Next_Header_Type", + }, + "cybox.objects.network_packet_object.ICMPv6TimeExceeded": { + "fragment_reassem_time_exceeded": "Fragment_Reassem_Time_Exceeded", + "hop_limit_exceeded": "Hop_Limit_Exceeded", + }, + "cybox.objects.network_packet_object.IPv4Flags": { + "do_not_fragment": "Do_Not_Fragment", + "more_fragments": "More_Fragments", + "reserved": "Reserved", + }, + "cybox.objects.network_packet_object.IPv4Header": { + "checksum": "Checksum", + "dest_ipv4_addr": "Dest_IPv4_Addr", + "dscp": "DSCP", + "ecn": "ECN", + "flags": "Flags", + "fragment_offset": "Fragment_Offset", + "header_length": "Header_Length", + "identification": "Identification", + "ip_version": "IP_Version", + "option": "Option", + "protocol": "Protocol", + "src_ipv4_addr": "Src_IPv4_Addr", + "total_length": "Total_Length", + "ttl": "TTL", + }, + "cybox.objects.network_packet_object.IPv4Option": { + "class_": "Class", + "copy_flag": "Copy_Flag", + "option": "Option", + }, + "cybox.objects.network_packet_object.IPv4Packet": { + "data": "Data", + "ipv4_header": "IPv4_Header", + }, + "cybox.objects.network_packet_object.IPv6ExtHeader": { + "authentication_header": "Authentication_Header", + "destination_options": "Destination_Options", + "encapsulating_security_payload": "Encapsulating_Security_Payload", + "fragment": "Fragment", + "hop_by_hop_options": "Hop_by_Hop_Options", + "routing": "Routing", + }, + "cybox.objects.network_packet_object.IPv6Header": { + "dest_ipv6_addr": "Dest_IPv6_Addr", + "flow_label": "Flow_Label", + "ip_version": "IP_Version", + "next_header": "Next_Header", + "payload_length": "Payload_Length", + "src_ipv6_addr": "Src_IPv6_Addr", + "traffic_class": "Traffic_Class", + "ttl": "TTL", + }, + "cybox.objects.network_packet_object.IPv6Option": { + "do_not_recogn_action": "Do_Not_Recogn_Action", + "option_byte": "Option_Byte", + "packet_change": "Packet_Change", + }, + "cybox.objects.network_packet_object.IPv6Packet": { + "data": "Data", + "ext_headers": "Ext_Headers", + "ipv6_header": "IPv6_Header", + }, + "cybox.objects.network_packet_object.InternetLayer": { + "icmpv4": "ICMPv4", + "icmpv6": "ICMPv6", + "ipv4": "IPv4", + "ipv6": "IPv6", + }, + "cybox.objects.network_packet_object.LinkLayer": { + "logical_protocols": "Logical_Protocols", + "physical_interface": "Physical_Interface", + }, + "cybox.objects.network_packet_object.LogicalProtocol": { + "arp_rarp": "ARP_RARP", + "ndp": "NDP", + }, + "cybox.objects.network_packet_object.NDP": { + "icmpv6_header": "ICMPv6_Header", + "neighbor_advertisement": "Neighbor_Advertisement", + "neighbor_solicitation": "Neighbor_Solicitation", + "redirect": "Redirect", + "router_advertisement": "Router_Advertisement", + "router_solicitation": "Router_Solicitation", + }, + "cybox.objects.network_packet_object.NDPLinkAddr": { + "length": "Length", + "link_layer_mac_addr": "Link_Layer_MAC_Addr", + }, + "cybox.objects.network_packet_object.NDPMTU": { + "length": "Length", + "mtu": "MTU", + }, + "cybox.objects.network_packet_object.NDPPrefixInfo": { + "addr_config_flag": "@addr_config_flag", + "length": "Length", + "link_flag": "@link_flag", + "preferred_lifetime": "Preferred_Lifetime", + "prefix": "Prefix", + "prefix_length": "Prefix_Length", + "valid_lifetime": "Valid_Lifetime", + }, + "cybox.objects.network_packet_object.NDPRedirectedHeader": { + "ipheader_and_data": "IPHeader_And_Data", + "length": "Length", + }, + "cybox.objects.network_packet_object.NeighborAdvertisement": { + "options": "Options", + "override_flag": "@override_flag", + "router_flag": "@router_flag", + "solicited_flag": "@solicited_flag", + "target_ipv6_addr": "Target_IPv6_Addr", + }, + "cybox.objects.network_packet_object.NeighborOptions": { + "target_link_addr": "Target_Link_Addr", + }, + "cybox.objects.network_packet_object.NeighborSolicitation": { + "options": "Options", + "target_ipv6_addr": "Target_IPv6_Addr", + }, + "cybox.objects.network_packet_object.NeighborSolicitationOptions": { + "src_link_addr": "Src_Link_Addr", + }, + "cybox.objects.network_packet_object.NetworkPacket": { + "custom_properties": "Custom_Properties", + "internet_layer": "Internet_Layer", + "link_layer": "Link_Layer", + "object_reference": "@object_reference", + "transport_layer": "Transport_Layer", + }, + "cybox.objects.network_packet_object.OptionData": { + "option_data_len": "Option_Data_Len", + "option_type": "Option_Type", + "pad1": "Pad1", + "padn": "PadN", + }, + "cybox.objects.network_packet_object.Pad1": { + "octet": "Octet", + }, + "cybox.objects.network_packet_object.PadN": { + "octet": "Octet", + "option_data": "Option_Data", + "option_data_length": "Option_Data_Length", + }, + "cybox.objects.network_packet_object.PhysicalInterface": { + "ethernet": "Ethernet", + }, + "cybox.objects.network_packet_object.Prefix": { + "ip_addr_prefix": "IP_Addr_Prefix", + "ipv6_addr": "IPv6_Addr", + }, + "cybox.objects.network_packet_object.Redirect": { + "dest_ipv6_addr": "Dest_IPv6_Addr", + "options": "Options", + "target_ipv6_addr": "Target_IPv6_Addr", + }, + "cybox.objects.network_packet_object.RedirectOptions": { + "redirected_header": "Redirected_Header", + "target_link_addr": "Target_Link_Addr", + }, + "cybox.objects.network_packet_object.RouterAdvertisement": { + "cur_hop_limit": "Cur_Hop_Limit", + "managed_address_config_flag": "@managed_address_config_flag", + "options": "Options", + "other_config_flag": "@other_config_flag", + "reachable_time": "Reachable_Time", + "retrans_timer": "Retrans_Timer", + "router_lifetime": "Router_Lifetime", + }, + "cybox.objects.network_packet_object.RouterAdvertisementOptions": { + "mtu": "MTU", + "prefix_info": "Prefix_Info", + "src_link_addr": "Src_Link_Addr", + }, + "cybox.objects.network_packet_object.RouterSolicitation": { + "options": "Options", + }, + "cybox.objects.network_packet_object.RouterSolicitationOptions": { + "src_link_addr": "Src_Link_Addr", + }, + "cybox.objects.network_packet_object.Routing": { + "header_ext_len": "Header_Ext_Len", + "next_header": "Next_Header", + "routing_type": "Routing_Type", + "segments_left": "Segments_Left", + "type_specific_data": "Type_Specific_Data", + }, + "cybox.objects.network_packet_object.TCP": { + "data": "Data", + "options": "Options", + "tcp_header": "TCP_Header", + }, + "cybox.objects.network_packet_object.TCPFlags": { + "ack": "@ack", + "cwr": "@cwr", + "ece": "@ece", + "fin": "@fin", + "ns": "@ns", + "psh": "@psh", + "rst": "@rst", + "syn": "@syn", + "urg": "@urg", + }, + "cybox.objects.network_packet_object.TCPHeader": { + "ack_num": "ACK_Num", + "checksum": "Checksum", + "data_offset": "Data_Offset", + "dest_port": "Dest_Port", + "reserved": "Reserved", + "seq_num": "Seq_Num", + "src_port": "Src_Port", + "tcp_flags": "TCP_Flags", + "urg_ptr": "Urg_Ptr", + "window": "Window", + }, + "cybox.objects.network_packet_object.TransportLayer": { + "tcp": "TCP", + "udp": "UDP", + }, + "cybox.objects.network_packet_object.TypeLength": { + "internet_layer_type": "Internet_Layer_Type", + "length": "Length", + }, + "cybox.objects.network_packet_object.UDP": { + "data": "Data", + "udp_header": "UDP_Header", + }, + "cybox.objects.network_packet_object.UDPHeader": { + "checksum": "Checksum", + "destport": "DestPort", + "length": "Length", + "srcport": "SrcPort", + }, + "cybox.objects.network_packet_object._ICMPEchoReply": { + "data": "Data", + "echo_reply": "Echo_Reply", + }, + "cybox.objects.network_packet_object._ICMPEchoRequest": { + "data": "Data", + "echo_request": "Echo_Request", + }, + "cybox.objects.network_packet_object._ICMPHeader": { + "checksum": "Checksum", + "code": "Code", + "type_": "Type", + }, + "cybox.objects.network_packet_object._ICMPInfoMessageContent": { + "identifier": "Identifier", + "sequence_number": "Sequence_Number", + }, + "cybox.objects.network_packet_object._IPv6ExtHeader": { + "header_ext_len": "Header_Ext_Len", + "next_header": "Next_Header", + "option_data": "Option_Data", + }, + "cybox.objects.network_route_entry_object.NetworkRouteEntry": { + "custom_properties": "Custom_Properties", + "destination_address": "Destination_Address", + "gateway_address": "Gateway_Address", + "interface": "Interface", + "is_autoconfigure_address": "@is_autoconfigure_address", + "is_immortal": "@is_immortal", + "is_ipv6": "@is_ipv6", + "is_loopback": "@is_loopback", + "is_publish": "@is_publish", + "metric": "Metric", + "netmask": "Netmask", + "object_reference": "@object_reference", + "origin": "Origin", + "preferred_lifetime": "Preferred_Lifetime", + "protocol": "Protocol", + "route_age": "Route_Age", + "type_": "Type", + "valid_lifetime": "Valid_Lifetime", + }, + "cybox.objects.network_route_object.NetRoute": { + "custom_properties": "Custom_Properties", + "description": "Description", + "is_autoconfigure_address": "@is_autoconfigure_address", + "is_immortal": "@is_immortal", + "is_ipv6": "@is_ipv6", + "is_loopback": "@is_loopback", + "is_publish": "@is_publish", + "network_route_entries": "Network_Route_Entries", + "object_reference": "@object_reference", + "preferred_lifetime": "Preferred_Lifetime", + "route_age": "Route_Age", + "valid_lifetime": "Valid_Lifetime", + }, + "cybox.objects.network_route_object.NetworkRouteEntries": { + "network_route_entry": "Network_Route_Entry", + }, + "cybox.objects.network_socket_object.NetworkSocket": { + "address_family": "Address_Family", + "custom_properties": "Custom_Properties", + "domain": "Domain", + "is_blocking": "@is_blocking", + "is_listening": "@is_listening", + "local_address": "Local_Address", + "object_reference": "@object_reference", + "options": "Options", + "protocol": "Protocol", + "remote_address": "Remote_Address", + "socket_descriptor": "Socket_Descriptor", + "type_": "Type", + }, + "cybox.objects.network_socket_object.SocketOptions": { + "ip_multicast_if": "IP_MULTICAST_IF", + "ip_multicast_if2": "IP_MULTICAST_IF2", + "ip_multicast_loop": "IP_MULTICAST_LOOP", + "ip_tos": "IP_TOS", + "so_broadcast": "SO_BROADCAST", + "so_conditional_accept": "SO_CONDITIONAL_ACCEPT", + "so_debug": "SO_DEBUG", + "so_dontlinger": "SO_DONTLINGER", + "so_dontroute": "SO_DONTROUTE", + "so_group_priority": "SO_GROUP_PRIORITY", + "so_keepalive": "SO_KEEPALIVE", + "so_linger": "SO_LINGER", + "so_oobinline": "SO_OOBINLINE", + "so_rcvbuf": "SO_RCVBUF", + "so_rcvtimeo": "SO_RCVTIMEO", + "so_reuseaddr": "SO_REUSEADDR", + "so_sndbuf": "SO_SNDBUF", + "so_sndtimeo": "SO_SNDTIMEO", + "so_timeout": "SO_TIMEOUT", + "so_update_accept_context": "SO_UPDATE_ACCEPT_CONTEXT", + "tcp_nodelay": "TCP_NODELAY", + }, + "cybox.objects.network_subnet_object.NetworkSubnet": { + "custom_properties": "Custom_Properties", + "description": "Description", + "name": "Name", + "number_of_ip_addresses": "Number_Of_IP_Addresses", + "object_reference": "@object_reference", + "routes": "Routes", + }, + "cybox.objects.network_subnet_object.Routes": { + "route": "Route", + }, + "cybox.objects.pdf_file_object.PDFDictionary": { + "object_reference": "Object_Reference", + "raw_contents": "Raw_Contents", + }, + "cybox.objects.pdf_file_object.PDFDocumentInformationDictionary": { + "author": "Author", + "creationdate": "CreationDate", + "creator": "Creator", + "keywords": "Keywords", + "moddate": "ModDate", + "producer": "Producer", + "subject": "Subject", + "title": "Title", + "trapped": "Trapped", + }, + "cybox.objects.pdf_file_object.PDFFile": { + "accessed_time": "Accessed_Time", + "byte_runs": "Byte_Runs", + "compression_comment": "Compression_Comment", + "compression_method": "Compression_Method", + "compression_version": "Compression_Version", + "created_time": "Created_Time", + "cross_reference_tables": "Cross_Reference_Tables", + "custom_properties": "Custom_Properties", + "decryption_key": "Decryption_Key", + "device_path": "Device_Path", + "digital_signatures": "Digital_Signatures", + "encryption_algorithm": "Encryption_Algorithm", + "extracted_features": "Extracted_Features", + "file_attributes_list": "File_Attributes_List", + "file_extension": "File_Extension", + "file_format": "File_Format", + "file_name": "File_Name", + "file_path": "File_Path", + "full_path": "Full_Path", + "hashes": "Hashes", + "indirect_objects": "Indirect_Objects", + "is_masqueraded": "@is_masqueraded", + "is_packed": "@is_packed", + "magic_number": "Magic_Number", + "metadata": "Metadata", + "modified_time": "Modified_Time", + "object_reference": "@object_reference", + "packer_list": "Packer_List", + "peak_entropy": "Peak_Entropy", + "permissions": "Permissions", + "size_in_bytes": "Size_In_Bytes", + "sym_links": "Sym_Links", + "trailers": "Trailers", + "user_owner": "User_Owner", + "version": "Version", + }, + "cybox.objects.pdf_file_object.PDFFileID": { + "id_string": "ID_String", + }, + "cybox.objects.pdf_file_object.PDFFileMetadata": { + "document_information_dictionary": "Document_Information_Dictionary", + "encrypted": "@encrypted", + "keyword_counts": "Keyword_Counts", + "number_of_cross_reference_tables": "Number_Of_Cross_Reference_Tables", + "number_of_indirect_objects": "Number_Of_Indirect_Objects", + "number_of_trailers": "Number_Of_Trailers", + "optimized": "@optimized", + }, + "cybox.objects.pdf_file_object.PDFIndirectObject": { + "contents": "Contents", + "hashes": "Hashes", + "id_": "ID", + "offset": "Offset", + "type_": "@type", + }, + "cybox.objects.pdf_file_object.PDFIndirectObjectContents": { + "non_stream_contents": "Non_Stream_Contents", + "stream_contents": "Stream_Contents", + }, + "cybox.objects.pdf_file_object.PDFIndirectObjectID": { + "generation_number": "Generation_Number", + "object_number": "Object_Number", + }, + "cybox.objects.pdf_file_object.PDFIndirectObjectList": { + "indirect_object": "Indirect_Object", + }, + "cybox.objects.pdf_file_object.PDFKeywordCount": { + "non_obfuscated_count": "Non_Obfuscated_Count", + "obfuscated_count": "Obfuscated_Count", + }, + "cybox.objects.pdf_file_object.PDFKeywordCounts": { + "aa_count": "AA_Count", + "ascii85decode_count": "ASCII85Decode_Count", + "asciihexdecode_count": "ASCIIHexDecode_Count", + "ccittfaxdecode_count": "CCITTFaxDecode_Count", + "dctdecode_count": "DCTDecode_Count", + "encrypt_count": "Encrypt_Count", + "flatedecode_count": "FlateDecode_Count", + "javascript_count": "JavaScript_Count", + "jbig2decode_count": "JBIG2Decode_Count", + "js_count": "JS_Count", + "launch_count": "Launch_Count", + "lzwdecode_count": "LZWDecode_Count", + "objstm_count": "ObjStm_Count", + "openaction_count": "OpenAction_Count", + "page_count": "Page_Count", + "richmedia_count": "RichMedia_Count", + "runlengthdecode_count": "RunLengthDecode_Count", + "xfa_count": "XFA_Count", + }, + "cybox.objects.pdf_file_object.PDFStream": { + "decoded_stream": "Decoded_Stream", + "decoded_stream_hashes": "Decoded_Stream_Hashes", + "raw_stream": "Raw_Stream", + "raw_stream_hashes": "Raw_Stream_Hashes", + }, + "cybox.objects.pdf_file_object.PDFTrailer": { + "encrypt": "Encrypt", + "hashes": "Hashes", + "id_": "ID", + "info": "Info", + "last_cross_reference_offset": "Last_Cross_Reference_Offset", + "offset": "Offset", + "prev": "Prev", + "root": "Root", + "size": "Size", + }, + "cybox.objects.pdf_file_object.PDFTrailerList": { + "trailer": "Trailer", + }, + "cybox.objects.pdf_file_object.PDFXRefTable": { + "hashes": "Hashes", + "offset": "Offset", + "subsections": "Subsections", + }, + "cybox.objects.pdf_file_object.PDFXRefTableList": { + "cross_reference_table": "Cross_Reference_Table", + }, + "cybox.objects.pdf_file_object.PDFXrefEntry": { + "byte_offset": "Byte_Offset", + "generation_number": "Generation_Number", + "object_number": "Object_Number", + "type_": "@type", + }, + "cybox.objects.pdf_file_object.PDFXrefEntryList": { + "cross_reference_entry": "Cross_Reference_Entry", + }, + "cybox.objects.pdf_file_object.PDFXrefTableSubsection": { + "cross_reference_entries": "Cross_Reference_Entries", + "first_object_number": "First_Object_Number", + "number_of_objects": "Number_Of_Objects", + }, + "cybox.objects.pdf_file_object.PDFXrefTableSubsectionList": { + "subsection": "Subsection", + }, + "cybox.objects.pipe_object.Pipe": { + "custom_properties": "Custom_Properties", + "name": "Name", + "named": "@named", + "object_reference": "@object_reference", + }, + "cybox.objects.port_object.Port": { + "custom_properties": "Custom_Properties", + "layer4_protocol": "Layer4_Protocol", + "object_reference": "@object_reference", + "port_value": "Port_Value", + }, + "cybox.objects.process_object.ArgumentList": { + "argument": "Argument", + }, + "cybox.objects.process_object.ChildPIDList": { + "child_pid": "Child_PID", + }, + "cybox.objects.process_object.ImageInfo": { + "command_line": "Command_Line", + "current_directory": "Current_Directory", + "file_name": "File_Name", + "path": "Path", + }, + "cybox.objects.process_object.NetworkConnectionList": { + "network_connection": "Network_Connection", + }, + "cybox.objects.process_object.PortList": { + "port": "Port", + }, + "cybox.objects.process_object.Process": { + "argument_list": "Argument_List", + "child_pid_list": "Child_PID_List", + "creation_time": "Creation_Time", + "custom_properties": "Custom_Properties", + "environment_variable_list": "Environment_Variable_List", + "extracted_features": "Extracted_Features", + "image_info": "Image_Info", + "is_hidden": "@is_hidden", + "kernel_time": "Kernel_Time", + "name": "Name", + "network_connection_list": "Network_Connection_List", + "object_reference": "@object_reference", + "parent_pid": "Parent_PID", + "pid": "PID", + "port_list": "Port_List", + "start_time": "Start_Time", + "user_time": "User_Time", + "username": "Username", + }, + "cybox.objects.product_object.Product": { + "custom_properties": "Custom_Properties", + "device_details": "Device_Details", + "edition": "Edition", + "language": "Language", + "object_reference": "@object_reference", + "product": "Product", + "update": "Update", + "vendor": "Vendor", + "version": "Version", + }, + "cybox.objects.semaphore_object.Semaphore": { + "current_count": "Current_Count", + "custom_properties": "Custom_Properties", + "maximum_count": "Maximum_Count", + "name": "Name", + "named": "@named", + "object_reference": "@object_reference", + }, + "cybox.objects.sms_message_object.SMSMessage": { + "bits_per_character": "Bits_Per_Character", + "body": "Body", + "custom_properties": "Custom_Properties", + "encoding": "Encoding", + "is_premium": "@is_premium", + "length": "Length", + "object_reference": "@object_reference", + "recipient_phone_number": "Recipient_Phone_Number", + "sender_phone_number": "Sender_Phone_Number", + "sent_datetime": "Sent_DateTime", + "size": "Size", + "user_data_header": "User_Data_Header", + }, + "cybox.objects.socket_address_object.SocketAddress": { + "custom_properties": "Custom_Properties", + "hostname": "Hostname", + "ip_address": "IP_Address", + "object_reference": "@object_reference", + "port": "Port", + }, + "cybox.objects.system_object.BIOSInfo": { + "bios_date": "BIOS_Date", + "bios_manufacturer": "BIOS_Manufacturer", + "bios_release_date": "BIOS_Release_Date", + "bios_serial_number": "BIOS_Serial_Number", + "bios_version": "BIOS_Version", + }, + "cybox.objects.system_object.DHCPServerList": { + "dhcp_server_address": "DHCP_Server_Address", + }, + "cybox.objects.system_object.IPGatewayList": { + "ip_gateway_address": "IP_Gateway_Address", + }, + "cybox.objects.system_object.IPInfo": { + "ip_address": "IP_Address", + "subnet_mask": "Subnet_Mask", + }, + "cybox.objects.system_object.IPInfoList": { + "ip_info_list": "IP_Info_List", + }, + "cybox.objects.system_object.NetworkInterface": { + "adapter": "Adapter", + "description": "Description", + "dhcp_lease_expires": "DHCP_Lease_Expires", + "dhcp_lease_obtained": "DHCP_Lease_Obtained", + "dhcp_server_list": "DHCP_Server_List", + "ip_gateway_list": "IP_Gateway_List", + "ip_list": "IP_List", + "mac": "MAC", + }, + "cybox.objects.system_object.NetworkInterfaceList": { + "network_interface": "Network_Interface", + }, + "cybox.objects.system_object.OS": { + "bitness": "Bitness", + "build_number": "Build_Number", + "environment_variable_list": "Environment_Variable_List", + "install_date": "Install_Date", + "patch_level": "Patch_Level", + "platform": "Platform", + }, + "cybox.objects.system_object.System": { + "available_physical_memory": "Available_Physical_Memory", + "bios_info": "BIOS_Info", + "custom_properties": "Custom_Properties", + "date": "Date", + "hostname": "Hostname", + "local_time": "Local_Time", + "network_interface_list": "Network_Interface_List", + "object_reference": "@object_reference", + "os": "OS", + "processor": "Processor", + "system_time": "System_Time", + "timezone_dst": "Timezone_DST", + "timezone_standard": "Timezone_Standard", + "total_physical_memory": "Total_Physical_Memory", + "uptime": "Uptime", + "username": "Username", + }, + "cybox.objects.unix_user_account_object.UnixGroup": { + "group_id": "Group_ID", + }, + "cybox.objects.unix_user_account_object.UnixGroupList": { + "group": "Group", + }, + "cybox.objects.unix_user_account_object.UnixPrivilege": { + "permissions_mask": "Permissions_Mask", + }, + "cybox.objects.unix_user_account_object.UnixPrivilegeList": { + "privilege": "Privilege", + }, + "cybox.objects.unix_user_account_object.UnixUserAccount": { + "authentication": "Authentication", + "creation_date": "Creation_Date", + "custom_properties": "Custom_Properties", + "description": "Description", + "disabled": "@disabled", + "domain": "Domain", + "full_name": "Full_Name", + "group_id": "Group_ID", + "group_list": "Group_List", + "home_directory": "Home_Directory", + "last_accessed_time": "Last_Accessed_Time", + "last_login": "Last_Login", + "locked_out": "@locked_out", + "login_shell": "Login_Shell", + "modified_date": "Modified_Date", + "object_reference": "@object_reference", + "password_required": "@password_required", + "privilege_list": "Privilege_List", + "script_path": "Script_Path", + "user_id": "User_ID", + "user_password_age": "User_Password_Age", + "username": "Username", + }, + "cybox.objects.uri_object.URI": { + "custom_properties": "Custom_Properties", + "object_reference": "@object_reference", + "type_": "@type", + "value": "Value", + }, + "cybox.objects.user_account_object.GroupList": { + "group": "Group", + }, + "cybox.objects.user_account_object.PrivilegeList": { + "privilege": "Privilege", + }, + "cybox.objects.user_account_object.UserAccount": { + "authentication": "Authentication", + "creation_date": "Creation_Date", + "custom_properties": "Custom_Properties", + "description": "Description", + "disabled": "@disabled", + "domain": "Domain", + "full_name": "Full_Name", + "group_list": "Group_List", + "home_directory": "Home_Directory", + "last_accessed_time": "Last_Accessed_Time", + "last_login": "Last_Login", + "locked_out": "@locked_out", + "modified_date": "Modified_Date", + "object_reference": "@object_reference", + "password_required": "@password_required", + "privilege_list": "Privilege_List", + "script_path": "Script_Path", + "user_password_age": "User_Password_Age", + "username": "Username", + }, + "cybox.objects.volume_object.FileSystemFlagList": { + "file_system_flag": "File_System_Flag", + }, + "cybox.objects.volume_object.Volume": { + "actual_available_allocation_units": "Actual_Available_Allocation_Units", + "bytes_per_sector": "Bytes_Per_Sector", + "creation_time": "Creation_Time", + "custom_properties": "Custom_Properties", + "device_path": "Device_Path", + "file_system_flag_list": "File_System_Flag_List", + "file_system_type": "File_System_Type", + "is_mounted": "@is_mounted", + "name": "Name", + "object_reference": "@object_reference", + "sectors_per_allocation_unit": "Sectors_Per_Allocation_Unit", + "serial_number": "Serial_Number", + "total_allocation_units": "Total_Allocation_Units", + }, + "cybox.objects.whois_object.WhoisContact": { + "address": "Address", + "contact_id": "Contact_ID", + "contact_type": "@contact_type", + "email_address": "Email_Address", + "fax_number": "Fax_Number", + "name": "Name", + "organization": "Organization", + "phone_number": "Phone_Number", + }, + "cybox.objects.whois_object.WhoisContacts": { + "contact": "Contact", + }, + "cybox.objects.whois_object.WhoisEntry": { + "contact_info": "Contact_Info", + "creation_date": "Creation_Date", + "custom_properties": "Custom_Properties", + "dnssec": "DNSSEC", + "domain_id": "Domain_ID", + "domain_name": "Domain_Name", + "expiration_date": "Expiration_Date", + "ip_address": "IP_Address", + "lookup_date": "Lookup_Date", + "nameservers": "Nameservers", + "object_reference": "@object_reference", + "regional_internet_registry": "Regional_Internet_Registry", + "registrants": "Registrants", + "registrar_info": "Registrar_Info", + "remarks": "Remarks", + "server_name": "Server_Name", + "sponsoring_registrar": "Sponsoring_Registrar", + "status": "Status", + "updated_date": "Updated_Date", + }, + "cybox.objects.whois_object.WhoisNameservers": { + "nameserver": "Nameserver", + }, + "cybox.objects.whois_object.WhoisRegistrant": { + "address": "Address", + "contact_id": "Contact_ID", + "contact_type": "@contact_type", + "email_address": "Email_Address", + "fax_number": "Fax_Number", + "name": "Name", + "organization": "Organization", + "phone_number": "Phone_Number", + "registrant_id": "Registrant_ID", + }, + "cybox.objects.whois_object.WhoisRegistrants": { + "registrant": "Registrant", + }, + "cybox.objects.whois_object.WhoisRegistrar": { + "address": "Address", + "contacts": "Contacts", + "email_address": "Email_Address", + "name": "Name", + "phone_number": "Phone_Number", + "referral_url": "Referral_URL", + "registrar_guid": "Registrar_GUID", + "registrar_id": "Registrar_ID", + "whois_server": "Whois_Server", + }, + "cybox.objects.whois_object.WhoisStatus": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.objects.whois_object.WhoisStatuses": { + "status": "Status", + }, + "cybox.objects.win_computer_account_object.FullyQualifiedName": { + "full_name": "Full_Name", + "netbeui_name": "NetBEUI_Name", + }, + "cybox.objects.win_computer_account_object.Kerberos": { + "delegation": "Delegation", + "ticket": "Ticket", + }, + "cybox.objects.win_computer_account_object.KerberosDelegation": { + "bitmask": "Bitmask", + "service": "Service", + }, + "cybox.objects.win_computer_account_object.KerberosService": { + "computer": "Computer", + "name": "Name", + "port": "Port", + "user": "User", + }, + "cybox.objects.win_computer_account_object.WinComputerAccount": { + "authentication": "Authentication", + "creation_date": "Creation_Date", + "custom_properties": "Custom_Properties", + "description": "Description", + "disabled": "@disabled", + "domain": "Domain", + "fully_qualified_name": "Fully_Qualified_Name", + "kerberos": "Kerberos", + "last_accessed_time": "Last_Accessed_Time", + "locked_out": "@locked_out", + "modified_date": "Modified_Date", + "object_reference": "@object_reference", + "security_id": "Security_ID", + "type_": "Type", + }, + "cybox.objects.win_critical_section_object.WinCriticalSection": { + "address": "Address", + "custom_properties": "Custom_Properties", + "object_reference": "@object_reference", + "spin_count": "Spin_Count", + }, + "cybox.objects.win_driver_object.DeviceObjectList": { + "device_object_struct": "Device_Object_Struct", + }, + "cybox.objects.win_driver_object.DeviceObjectStruct": { + "attached_device_name": "Attached_Device_Name", + "attached_device_object": "Attached_Device_Object", + "attached_to_device_name": "Attached_To_Device_Name", + "attached_to_device_object": "Attached_To_Device_Object", + "attached_to_driver_name": "Attached_To_Driver_Name", + "attached_to_driver_object": "Attached_To_Driver_Object", + "device_name": "Device_Name", + "device_object": "Device_Object", + }, + "cybox.objects.win_driver_object.WinDriver": { + "accessed_time": "Accessed_Time", + "build_information": "Build_Information", + "byte_runs": "Byte_Runs", + "compression_comment": "Compression_Comment", + "compression_method": "Compression_Method", + "compression_version": "Compression_Version", + "created_time": "Created_Time", + "custom_properties": "Custom_Properties", + "decryption_key": "Decryption_Key", + "device_object_list": "Device_Object_List", + "device_path": "Device_Path", + "digital_signature": "Digital_Signature", + "digital_signatures": "Digital_Signatures", + "drive": "Drive", + "driver_init": "Driver_Init", + "driver_name": "Driver_Name", + "driver_object_address": "Driver_Object_Address", + "driver_start_io": "Driver_Start_IO", + "driver_unload": "Driver_Unload", + "encryption_algorithm": "Encryption_Algorithm", + "exports": "Exports", + "extracted_features": "Extracted_Features", + "extraneous_bytes": "Extraneous_Bytes", + "file_attributes_list": "File_Attributes_List", + "file_extension": "File_Extension", + "file_format": "File_Format", + "file_name": "File_Name", + "file_path": "File_Path", + "filename_accessed_time": "Filename_Accessed_Time", + "filename_created_time": "Filename_Created_Time", + "filename_modified_time": "Filename_Modified_Time", + "full_path": "Full_Path", + "hashes": "Hashes", + "headers": "Headers", + "image_base": "Image_Base", + "image_size": "Image_Size", + "imports": "Imports", + "irp_mj_cleanup": "IRP_MJ_CLEANUP", + "irp_mj_close": "IRP_MJ_CLOSE", + "irp_mj_create": "IRP_MJ_CREATE", + "irp_mj_create_mailslot": "IRP_MJ_CREATE_MAILSLOT", + "irp_mj_create_named_pipe": "IRP_MJ_CREATE_NAMED_PIPE", + "irp_mj_device_change": "IRP_MJ_DEVICE_CHANGE", + "irp_mj_device_control": "IRP_MJ_DEVICE_CONTROL", + "irp_mj_directory_control": "IRP_MJ_DIRECTORY_CONTROL", + "irp_mj_file_system_control": "IRP_MJ_FILE_SYSTEM_CONTROL", + "irp_mj_flush_buffers": "IRP_MJ_FLUSH_BUFFERS", + "irp_mj_internal_device_control": "IRP_MJ_INTERNAL_DEVICE_CONTROL", + "irp_mj_lock_control": "IRP_MJ_LOCK_CONTROL", + "irp_mj_pnp": "IRP_MJ_PNP", + "irp_mj_power": "IRP_MJ_POWER", + "irp_mj_query_ea": "IRP_MJ_QUERY_EA", + "irp_mj_query_information": "IRP_MJ_QUERY_INFORMATION", + "irp_mj_query_quota": "IRP_MJ_QUERY_QUOTA", + "irp_mj_query_security": "IRP_MJ_QUERY_SECURITY", + "irp_mj_query_volume_information": "IRP_MJ_QUERY_VOLUME_INFORMATION", + "irp_mj_read": "IRP_MJ_READ", + "irp_mj_set_ea": "IRP_MJ_SET_EA", + "irp_mj_set_information": "IRP_MJ_SET_INFORMATION", + "irp_mj_set_quota": "IRP_MJ_SET_QUOTA", + "irp_mj_set_security": "IRP_MJ_SET_SECURITY", + "irp_mj_set_volume_information": "IRP_MJ_SET_VOLUME_INFORMATION", + "irp_mj_shutdown": "IRP_MJ_SHUTDOWN", + "irp_mj_system_control": "IRP_MJ_SYSTEM_CONTROL", + "irp_mj_write": "IRP_MJ_WRITE", + "is_masqueraded": "@is_masqueraded", + "is_packed": "@is_packed", + "magic_number": "Magic_Number", + "modified_time": "Modified_Time", + "object_reference": "@object_reference", + "packer_list": "Packer_List", + "pe_checksum": "PE_Checksum", + "peak_entropy": "Peak_Entropy", + "permissions": "Permissions", + "resources": "Resources", + "sections": "Sections", + "security_id": "Security_ID", + "security_type": "Security_Type", + "size_in_bytes": "Size_In_Bytes", + "stream_list": "Stream_List", + "sym_links": "Sym_Links", + "type_": "Type", + "user_owner": "User_Owner", + }, + "cybox.objects.win_event_log_object.UnformattedMessageList": { + "unformatted_message": "Unformatted_Message", + }, + "cybox.objects.win_event_log_object.WinEventLog": { + "blob": "Blob", + "category": "Category", + "category_num": "Category_Num", + "correlation_activity_id": "Correlation_Activity_ID", + "correlation_related_activity_id": "Correlation_Related_Activity_ID", + "custom_properties": "Custom_Properties", + "eid": "EID", + "execution_process_id": "Execution_Process_ID", + "execution_thread_id": "Execution_Thread_ID", + "generation_time": "Generation_Time", + "index": "Index", + "log": "Log", + "machine": "Machine", + "message": "Message", + "object_reference": "@object_reference", + "reserved": "Reserved", + "source": "Source", + "type_": "Type", + "unformatted_message_list": "Unformatted_Message_List", + "user": "User", + "write_time": "Write_Time", + }, + "cybox.objects.win_event_object.WinEvent": { + "custom_properties": "Custom_Properties", + "handle": "Handle", + "name": "Name", + "object_reference": "@object_reference", + "type_": "Type", + }, + "cybox.objects.win_executable_file_object.DOSHeader": { + "e_cblp": "e_cblp", + "e_cp": "e_cp", + "e_cparhdr": "e_cparhdr", + "e_crlc": "e_crlc", + "e_cs": "e_cs", + "e_csum": "e_csum", + "e_ip": "e_ip", + "e_lfanew": "e_lfanew", + "e_lfarlc": "e_lfarlc", + "e_magic": "e_magic", + "e_maxalloc": "e_maxalloc", + "e_minalloc": "e_minalloc", + "e_oemid": "e_oemid", + "e_oeminfo": "e_oeminfo", + "e_ovro": "e_ovro", + "e_sp": "e_sp", + "e_ss": "e_ss", + "hashes": "Hashes", + "reserved2": "reserved2", + }, + "cybox.objects.win_executable_file_object.DataDirectory": { + "architecture": "Architecture", + "base_relocation_table": "Base_Relocation_Table", + "bound_import": "Bound_Import", + "certificate_table": "Certificate_Table", + "clr_runtime_header": "CLR_Runtime_Header", + "debug": "Debug", + "delay_import_descriptor": "Delay_Import_Descriptor", + "exception_table": "Exception_Table", + "export_table": "Export_Table", + "global_ptr": "Global_Ptr", + "import_address_table": "Import_Address_Table", + "import_table": "Import_Table", + "load_config_table": "Load_Config_Table", + "reserved": "Reserved", + "resource_table": "Resource_Table", + "tls_table": "Tls_Table", + }, + "cybox.objects.win_executable_file_object.Entropy": { + "max": "Max", + "min": "Min", + "value": "Value", + }, + "cybox.objects.win_executable_file_object.PEBuildInformation": { + "compiler_name": "Compiler_Name", + "compiler_version": "Compiler_Version", + "linker_name": "Linker_Name", + "linker_version": "Linker_Version", + }, + "cybox.objects.win_executable_file_object.PEChecksum": { + "pe_computed_api": "PE_Computed_API", + "pe_file_api": "PE_File_API", + "pe_file_raw": "PE_File_Raw", + }, + "cybox.objects.win_executable_file_object.PEDataDirectoryStruct": { + "size": "Size", + "virtual_address": "Virtual_Address", + }, + "cybox.objects.win_executable_file_object.PEExportedFunction": { + "entry_point": "Entry_Point", + "function_name": "Function_Name", + "ordinal": "Ordinal", + }, + "cybox.objects.win_executable_file_object.PEExportedFunctions": { + "exported_function": "Exported_Function", + }, + "cybox.objects.win_executable_file_object.PEExports": { + "exported_functions": "Exported_Functions", + "exports_time_stamp": "Exports_Time_Stamp", + "name": "Name", + "number_of_addresses": "Number_Of_Addresses", + "number_of_functions": "Number_Of_Functions", + "number_of_names": "Number_Of_Names", + }, + "cybox.objects.win_executable_file_object.PEFileHeader": { + "characteristics": "Characteristics", + "hashes": "Hashes", + "machine": "Machine", + "number_of_sections": "Number_Of_Sections", + "number_of_symbols": "Number_Of_Symbols", + "pointer_to_symbol_table": "Pointer_To_Symbol_Table", + "size_of_optional_header": "Size_Of_Optional_Header", + "time_date_stamp": "Time_Date_Stamp", + }, + "cybox.objects.win_executable_file_object.PEHeaders": { + "dos_header": "DOS_Header", + "entropy": "Entropy", + "file_header": "File_Header", + "hashes": "Hashes", + "optional_header": "Optional_Header", + "signature": "Signature", + }, + "cybox.objects.win_executable_file_object.PEImport": { + "delay_load": "@delay_load", + "file_name": "File_Name", + "imported_functions": "Imported_Functions", + "initially_visible": "@initially_visible", + "virtual_address": "Virtual_Address", + }, + "cybox.objects.win_executable_file_object.PEImportList": { + "import_": "Import", + }, + "cybox.objects.win_executable_file_object.PEImportedFunction": { + "bound": "Bound", + "function_name": "Function_Name", + "hint": "Hint", + "ordinal": "Ordinal", + "virtual_address": "Virtual_Address", + }, + "cybox.objects.win_executable_file_object.PEImportedFunctions": { + "imported_function": "Imported_Function", + }, + "cybox.objects.win_executable_file_object.PEOptionalHeader": { + "address_of_entry_point": "Address_Of_Entry_Point", + "base_of_code": "Base_Of_Code", + "base_of_data": "Base_Of_Data", + "checksum": "Checksum", + "data_directory": "Data_Directory", + "dll_characteristics": "DLL_Characteristics", + "file_alignment": "File_Alignment", + "hashes": "Hashes", + "image_base": "Image_Base", + "loader_flags": "Loader_Flags", + "magic": "Magic", + "major_image_version": "Major_Image_Version", + "major_linker_version": "Major_Linker_Version", + "major_os_version": "Major_OS_Version", + "major_subsystem_version": "Major_Subsystem_Version", + "minor_image_version": "Minor_Image_Version", + "minor_linker_version": "Minor_Linker_Version", + "minor_os_version": "Minor_OS_Version", + "minor_subsystem_version": "Minor_Subsystem_Version", + "number_of_rva_and_sizes": "Number_Of_Rva_And_Sizes", + "section_alignment": "Section_Alignment", + "size_of_code": "Size_Of_Code", + "size_of_headers": "Size_Of_Headers", + "size_of_heap_commit": "Size_Of_Heap_Commit", + "size_of_heap_reserve": "Size_Of_Heap_Reserve", + "size_of_image": "Size_Of_Image", + "size_of_initialized_data": "Size_Of_Initialized_Data", + "size_of_stack_commit": "Size_Of_Stack_Commit", + "size_of_stack_reserve": "Size_Of_Stack_Reserve", + "size_of_uninitialized_data": "Size_Of_Uninitialized_Data", + "subsystem": "Subsystem", + "win32_version_value": "Win32_Version_Value", + }, + "cybox.objects.win_executable_file_object.PEResource": { + "data": "Data", + "hashes": "Hashes", + "language": "Language", + "name": "Name", + "size": "Size", + "sub_language": "Sub_Language", + "type_": "Type", + "virtual_address": "Virtual_Address", + }, + "cybox.objects.win_executable_file_object.PEResourceList": { + "resource": "Resource", + }, + "cybox.objects.win_executable_file_object.PESection": { + "data_hashes": "Data_Hashes", + "entropy": "Entropy", + "header_hashes": "Header_Hashes", + "section_header": "Section_Header", + }, + "cybox.objects.win_executable_file_object.PESectionHeaderStruct": { + "characteristics": "Characteristics", + "name": "Name", + "number_of_linenumbers": "Number_Of_Linenumbers", + "number_of_relocations": "Number_Of_Relocations", + "pointer_to_linenumbers": "Pointer_To_Linenumbers", + "pointer_to_raw_data": "Pointer_To_Raw_Data", + "pointer_to_relocations": "Pointer_To_Relocations", + "size_of_raw_data": "Size_Of_Raw_Data", + "virtual_address": "Virtual_Address", + "virtual_size": "Virtual_Size", + }, + "cybox.objects.win_executable_file_object.PESectionList": { + "section": "Section", + }, + "cybox.objects.win_executable_file_object.PEVersionInfoResource": { + "comments": "Comments", + "companyname": "CompanyName", + "data": "Data", + "filedescription": "FileDescription", + "fileversion": "FileVersion", + "hashes": "Hashes", + "internalname": "InternalName", + "langid": "LangID", + "language": "Language", + "legalcopyright": "LegalCopyright", + "legaltrademarks": "LegalTrademarks", + "name": "Name", + "originalfilename": "OriginalFilename", + "privatebuild": "PrivateBuild", + "productname": "ProductName", + "productversion": "ProductVersion", + "size": "Size", + "specialbuild": "SpecialBuild", + "sub_language": "Sub_Language", + "type_": "Type", + "virtual_address": "Virtual_Address", + }, + "cybox.objects.win_executable_file_object.WinExecutableFile": { + "accessed_time": "Accessed_Time", + "build_information": "Build_Information", + "byte_runs": "Byte_Runs", + "compression_comment": "Compression_Comment", + "compression_method": "Compression_Method", + "compression_version": "Compression_Version", + "created_time": "Created_Time", + "custom_properties": "Custom_Properties", + "decryption_key": "Decryption_Key", + "device_path": "Device_Path", + "digital_signature": "Digital_Signature", + "digital_signatures": "Digital_Signatures", + "drive": "Drive", + "encryption_algorithm": "Encryption_Algorithm", + "exports": "Exports", + "extracted_features": "Extracted_Features", + "extraneous_bytes": "Extraneous_Bytes", + "file_attributes_list": "File_Attributes_List", + "file_extension": "File_Extension", + "file_format": "File_Format", + "file_name": "File_Name", + "file_path": "File_Path", + "filename_accessed_time": "Filename_Accessed_Time", + "filename_created_time": "Filename_Created_Time", + "filename_modified_time": "Filename_Modified_Time", + "full_path": "Full_Path", + "hashes": "Hashes", + "headers": "Headers", + "imports": "Imports", + "is_masqueraded": "@is_masqueraded", + "is_packed": "@is_packed", + "magic_number": "Magic_Number", + "modified_time": "Modified_Time", + "object_reference": "@object_reference", + "packer_list": "Packer_List", + "pe_checksum": "PE_Checksum", + "peak_entropy": "Peak_Entropy", + "permissions": "Permissions", + "resources": "Resources", + "sections": "Sections", + "security_id": "Security_ID", + "security_type": "Security_Type", + "size_in_bytes": "Size_In_Bytes", + "stream_list": "Stream_List", + "sym_links": "Sym_Links", + "type_": "Type", + "user_owner": "User_Owner", + }, + "cybox.objects.win_file_object.Stream": { + "hashes": "Hash", + "name": "Name", + "size_in_bytes": "Size_In_Bytes", + }, + "cybox.objects.win_file_object.StreamList": { + "stream": "Stream", + }, + "cybox.objects.win_file_object.WinFile": { + "accessed_time": "Accessed_Time", + "byte_runs": "Byte_Runs", + "compression_comment": "Compression_Comment", + "compression_method": "Compression_Method", + "compression_version": "Compression_Version", + "created_time": "Created_Time", + "custom_properties": "Custom_Properties", + "decryption_key": "Decryption_Key", + "device_path": "Device_Path", + "digital_signatures": "Digital_Signatures", + "drive": "Drive", + "encryption_algorithm": "Encryption_Algorithm", + "extracted_features": "Extracted_Features", + "file_attributes_list": "File_Attributes_List", + "file_extension": "File_Extension", + "file_format": "File_Format", + "file_name": "File_Name", + "file_path": "File_Path", + "filename_accessed_time": "Filename_Accessed_Time", + "filename_created_time": "Filename_Created_Time", + "filename_modified_time": "Filename_Modified_Time", + "full_path": "Full_Path", + "hashes": "Hashes", + "is_masqueraded": "@is_masqueraded", + "is_packed": "@is_packed", + "magic_number": "Magic_Number", + "modified_time": "Modified_Time", + "object_reference": "@object_reference", + "packer_list": "Packer_List", + "peak_entropy": "Peak_Entropy", + "permissions": "Permissions", + "security_id": "Security_ID", + "security_type": "Security_Type", + "size_in_bytes": "Size_In_Bytes", + "stream_list": "Stream_List", + "sym_links": "Sym_Links", + "user_owner": "User_Owner", + }, + "cybox.objects.win_file_object.WindowsFileAttribute": { + "appears_random": "@appears_random", + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "datatype": "@datatype", + "defanging_algorithm_ref": "@defanging_algorithm_ref", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "id_": "@id", + "idref": "@idref", + "is_case_sensitive": "@is_case_sensitive", + "is_defanged": "@is_defanged", + "is_obfuscated": "@is_obfuscated", + "obfuscation_algorithm_ref": "@obfuscation_algorithm_ref", + "observed_encoding": "@observed_encoding", + "pattern_type": "@pattern_type", + "refanging_transform": "@refanging_transform", + "refanging_transform_type": "@refanging_transform_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + }, + "cybox.objects.win_file_object.WindowsFileAttributes": { + "attribute": "Attribute", + }, + "cybox.objects.win_file_object.WindowsFilePermissions": { + "full_control": "Full_Control", + "modify": "Modify", + "read": "Read", + "read_and_execute": "Read_And_Execute", + "write": "Write", + }, + "cybox.objects.win_filemapping_object.WinFilemapping": { + "actual_size": "Actual_Size", + "custom_properties": "Custom_Properties", + "file_handle": "File_Handle", + "handle": "Handle", + "maximum_size": "Maximum_Size", + "name": "Name", + "object_reference": "@object_reference", + "page_protection_attribute": "Page_Protection_Attribute", + "page_protection_value": "Page_Protection_Value", + "security_attributes": "Security_Attributes", + }, + "cybox.objects.win_handle_object.WinHandle": { + "access_mask": "Access_Mask", + "custom_properties": "Custom_Properties", + "id_": "ID", + "name": "Name", + "object_address": "Object_Address", + "object_reference": "@object_reference", + "pointer_count": "Pointer_Count", + "type_": "Type", + }, + "cybox.objects.win_handle_object.WinHandleList": { + "handle": "Handle", + }, + "cybox.objects.win_hook_object.WinHook": { + "custom_properties": "Custom_Properties", + "handle": "Handle", + "hooking_function_name": "Hooking_Function_Name", + "hooking_module": "Hooking_Module", + "object_reference": "@object_reference", + "thread_id": "Thread_ID", + "type_": "Type", + }, + "cybox.objects.win_kernel_hook_object.WinKernelHook": { + "custom_properties": "Custom_Properties", + "digital_signature_hooked": "Digital_Signature_Hooked", + "digital_signature_hooking": "Digital_Signature_Hooking", + "hook_description": "Hook_Description", + "hooked_function": "Hooked_Function", + "hooked_module": "Hooked_Module", + "hooking_address": "Hooking_Address", + "hooking_module": "Hooking_Module", + "object_reference": "@object_reference", + "type_": "Type", + }, + "cybox.objects.win_kernel_object.IDTEntry": { + "offset_high": "Offset_High", + "offset_low": "Offset_Low", + "offset_middle": "Offset_Middle", + "selector": "Selector", + "type_attr": "Type_Attr", + }, + "cybox.objects.win_kernel_object.IDTEntryList": { + "idt_entry": "IDT_Entry", + }, + "cybox.objects.win_kernel_object.SSDTEntry": { + "argument_table_base": "Argument_Table_Base", + "hooked": "@hooked", + "number_of_services": "Number_Of_Services", + "service_counter_table_base": "Service_Counter_Table_Base", + "service_table_base": "Service_Table_Base", + }, + "cybox.objects.win_kernel_object.SSDTEntryList": { + "ssdt_entry": "SSDT_Entry", + }, + "cybox.objects.win_kernel_object.WinKernel": { + "custom_properties": "Custom_Properties", + "idt": "IDT", + "object_reference": "@object_reference", + "ssdt": "SSDT", + }, + "cybox.objects.win_mailslot_object.WinMailslot": { + "custom_properties": "Custom_Properties", + "handle": "Handle", + "max_message_size": "Max_Message_Size", + "name": "Name", + "object_reference": "@object_reference", + "read_timeout": "Read_Timeout", + "security_attributes": "Security_Attributes", + }, + "cybox.objects.win_memory_page_region_object.WinMemoryPageRegion": { + "allocation_base_address": "Allocation_Base_Address", + "allocation_protect": "Allocation_Protect", + "block_type": "Block_Type", + "custom_properties": "Custom_Properties", + "extracted_features": "Extracted_Features", + "hashes": "Hashes", + "is_injected": "@is_injected", + "is_mapped": "@is_mapped", + "is_protected": "@is_protected", + "is_volatile": "@is_volatile", + "memory_source": "Memory_Source", + "name": "Name", + "object_reference": "@object_reference", + "protect": "Protect", + "region_end_address": "Region_End_Address", + "region_size": "Region_Size", + "region_start_address": "Region_Start_Address", + "state": "State", + "type_": "Type", + }, + "cybox.objects.win_mutex_object.WinMutex": { + "custom_properties": "Custom_Properties", + "handle": "Handle", + "name": "Name", + "named": "@named", + "object_reference": "@object_reference", + "security_attributes": "Security_Attributes", + }, + "cybox.objects.win_network_route_entry_object.WinNetworkRouteEntry": { + "custom_properties": "Custom_Properties", + "destination_address": "Destination_Address", + "gateway_address": "Gateway_Address", + "interface": "Interface", + "is_autoconfigure_address": "@is_autoconfigure_address", + "is_immortal": "@is_immortal", + "is_ipv6": "@is_ipv6", + "is_loopback": "@is_loopback", + "is_publish": "@is_publish", + "metric": "Metric", + "netmask": "Netmask", + "nl_route_origin": "NL_ROUTE_ORIGIN", + "nl_route_protocol": "NL_ROUTE_PROTOCOL", + "object_reference": "@object_reference", + "origin": "Origin", + "preferred_lifetime": "Preferred_Lifetime", + "protocol": "Protocol", + "route_age": "Route_Age", + "type_": "Type", + "valid_lifetime": "Valid_Lifetime", + }, + "cybox.objects.win_network_share_object.WinNetworkShare": { + "access_all": "ACCESS_ALL", + "access_atrib": "ACCESS_ATRIB", + "access_create": "ACCESS_CREATE", + "access_delete": "ACCESS_DELETE", + "access_exec": "ACCESS_EXEC", + "access_perm": "ACCESS_PERM", + "access_read": "ACCESS_READ", + "access_write": "ACCESS_WRITE", + "current_uses": "Current_Uses", + "custom_properties": "Custom_Properties", + "local_path": "Local_Path", + "max_uses": "Max_Uses", + "netname": "Netname", + "object_reference": "@object_reference", + "type_": "Type", + }, + "cybox.objects.win_pipe_object.WinPipe": { + "custom_properties": "Custom_Properties", + "default_time_out": "Default_Time_Out", + "handle": "Handle", + "in_buffer_size": "In_Buffer_Size", + "max_instances": "Max_Instances", + "name": "Name", + "named": "@named", + "object_reference": "@object_reference", + "open_mode": "Open_Mode", + "out_buffer_size": "Out_Buffer_Size", + "pipe_mode": "Pipe_Mode", + "security_attributes": "Security_Attributes", + }, + "cybox.objects.win_prefetch_object.AccessedDirectoryList": { + "accessed_directory": "Accessed_Directory", + }, + "cybox.objects.win_prefetch_object.AccessedFileList": { + "accessed_file": "Accessed_File", + }, + "cybox.objects.win_prefetch_object.Volume": { + "deviceitem": "DeviceItem", + "volumeitem": "VolumeItem", + }, + "cybox.objects.win_prefetch_object.WinPrefetch": { + "accessed_directory_list": "Accessed_Directory_List", + "accessed_file_list": "Accessed_File_List", + "application_file_name": "Application_File_Name", + "custom_properties": "Custom_Properties", + "first_run": "First_Run", + "last_run": "Last_Run", + "object_reference": "@object_reference", + "prefetch_hash": "Prefetch_Hash", + "times_executed": "Times_Executed", + "volume": "Volume", + }, + "cybox.objects.win_process_object.MemorySectionList": { + "memory_section": "Memory_Section", + }, + "cybox.objects.win_process_object.StartupInfo": { + "dwfillattribute": "dwFillAttribute", + "dwflags": "dwFlags", + "dwx": "dwX", + "dwxcountchars": "dwXCountChars", + "dwxsize": "dwXSize", + "dwy": "dwY", + "dwycountchars": "dwYCountChars", + "dwysize": "dwYSize", + "hstderror": "hStdError", + "hstdinput": "hStdInput", + "hstdoutput": "hStdOutput", + "lpdesktop": "lpDesktop", + "lptitle": "lpTitle", + "wshowwindow": "wShowWindow", + }, + "cybox.objects.win_process_object.WinProcess": { + "argument_list": "Argument_List", + "aslr_enabled": "@aslr_enabled", + "child_pid_list": "Child_PID_List", + "creation_time": "Creation_Time", + "custom_properties": "Custom_Properties", + "dep_enabled": "@dep_enabled", + "environment_variable_list": "Environment_Variable_List", + "extracted_features": "Extracted_Features", + "handle_list": "Handle_List", + "image_info": "Image_Info", + "is_hidden": "@is_hidden", + "kernel_time": "Kernel_Time", + "name": "Name", + "network_connection_list": "Network_Connection_List", + "object_reference": "@object_reference", + "parent_pid": "Parent_PID", + "pid": "PID", + "port_list": "Port_List", + "priority": "Priority", + "section_list": "Section_List", + "security_id": "Security_ID", + "security_type": "Security_Type", + "start_time": "Start_Time", + "startup_info": "Startup_Info", + "thread": "Thread", + "user_time": "User_Time", + "username": "Username", + "window_title": "Window_Title", + }, + "cybox.objects.win_registry_key_object.RegistrySubkeys": { + "subkey": "Subkey", + }, + "cybox.objects.win_registry_key_object.RegistryValue": { + "byte_runs": "Byte_Runs", + "data": "Data", + "datatype": "Datatype", + "name": "Name", + }, + "cybox.objects.win_registry_key_object.RegistryValues": { + "value": "Value", + }, + "cybox.objects.win_registry_key_object.WinRegistryKey": { + "byte_runs": "Byte_Runs", + "creator_username": "Creator_Username", + "custom_properties": "Custom_Properties", + "handle_list": "Handle_List", + "hive": "Hive", + "key": "Key", + "modified_time": "Modified_Time", + "number_subkeys": "Number_Subkeys", + "number_values": "Number_Values", + "object_reference": "@object_reference", + "subkeys": "Subkeys", + "values": "Values", + }, + "cybox.objects.win_semaphore_object.WinSemaphore": { + "current_count": "Current_Count", + "custom_properties": "Custom_Properties", + "handle": "Handle", + "maximum_count": "Maximum_Count", + "name": "Name", + "named": "@named", + "object_reference": "@object_reference", + "security_attributes": "Security_Attributes", + }, + "cybox.objects.win_service_object.ServiceDescriptionList": { + "description": "Description", + }, + "cybox.objects.win_service_object.WinService": { + "argument_list": "Argument_List", + "aslr_enabled": "@aslr_enabled", + "child_pid_list": "Child_PID_List", + "creation_time": "Creation_Time", + "custom_properties": "Custom_Properties", + "dep_enabled": "@dep_enabled", + "description_list": "Description_List", + "display_name": "Display_Name", + "environment_variable_list": "Environment_Variable_List", + "extracted_features": "Extracted_Features", + "group_name": "Group_Name", + "handle_list": "Handle_List", + "image_info": "Image_Info", + "is_hidden": "@is_hidden", + "kernel_time": "Kernel_Time", + "name": "Name", + "network_connection_list": "Network_Connection_List", + "object_reference": "@object_reference", + "parent_pid": "Parent_PID", + "pid": "PID", + "port_list": "Port_List", + "priority": "Priority", + "section_list": "Section_List", + "security_id": "Security_ID", + "security_type": "Security_Type", + "service_dll": "Service_DLL", + "service_dll_certificate_issuer": "Service_DLL_Certificate_Issuer", + "service_dll_certificate_subject": "Service_DLL_Certificate_Subject", + "service_dll_hashes": "Service_DLL_Hashes", + "service_dll_signature_description": "Service_DLL_Signature_Description", + "service_dll_signature_exists": "@service_dll_signature_exists", + "service_dll_signature_verified": "@service_dll_signature_verified", + "service_name": "Service_Name", + "service_status": "Service_Status", + "service_type": "Service_Type", + "start_time": "Start_Time", + "started_as": "Started_As", + "startup_command_line": "Startup_Command_Line", + "startup_info": "Startup_Info", + "startup_type": "Startup_Type", + "thread": "Thread", + "user_time": "User_Time", + "username": "Username", + "window_title": "Window_Title", + }, + "cybox.objects.win_system_object.GlobalFlag": { + "abbreviation": "Abbreviation", + "destination": "Destination", + "hexadecimal_value": "Hexadecimal_Value", + "symbolic_name": "Symbolic_Name", + }, + "cybox.objects.win_system_object.GlobalFlagList": { + "global_flag": "Global_Flag", + }, + "cybox.objects.win_system_object.WinSystem": { + "available_physical_memory": "Available_Physical_Memory", + "bios_info": "BIOS_Info", + "custom_properties": "Custom_Properties", + "date": "Date", + "domain": "Domain", + "global_flag_list": "Global_Flag_List", + "hostname": "Hostname", + "local_time": "Local_Time", + "netbios_name": "NetBIOS_Name", + "network_interface_list": "Network_Interface_List", + "object_reference": "@object_reference", + "open_handle_list": "Open_Handle_List", + "os": "OS", + "processor": "Processor", + "product_id": "Product_ID", + "product_name": "Product_Name", + "registered_organization": "Registered_Organization", + "registered_owner": "Registered_Owner", + "system_time": "System_Time", + "timezone_dst": "Timezone_DST", + "timezone_standard": "Timezone_Standard", + "total_physical_memory": "Total_Physical_Memory", + "uptime": "Uptime", + "username": "Username", + "windows_directory": "Windows_Directory", + "windows_system_directory": "Windows_System_Directory", + "windows_temp_directory": "Windows_Temp_Directory", + }, + "cybox.objects.win_system_restore_object.HiveList": { + "hive": "Hive", + }, + "cybox.objects.win_system_restore_object.WinSystemRestore": { + "acl_change_sid": "ACL_Change_SID", + "acl_change_username": "ACL_Change_Username", + "backup_file_name": "Backup_File_Name", + "change_event": "Change_Event", + "changelog_entry_flags": "ChangeLog_Entry_Flags", + "changelog_entry_sequence_number": "ChangeLog_Entry_Sequence_Number", + "changelog_entry_type": "ChangeLog_Entry_Type", + "created": "Created", + "custom_properties": "Custom_Properties", + "file_attributes": "File_Attributes", + "new_file_name": "New_File_Name", + "object_reference": "@object_reference", + "original_file_name": "Original_File_Name", + "original_short_file_name": "Original_Short_File_Name", + "process_name": "Process_Name", + "registry_hive_list": "Registry_Hive_List", + "restore_point_description": "Restore_Point_Description", + "restore_point_full_path": "Restore_Point_Full_Path", + "restore_point_name": "Restore_Point_Name", + "restore_point_type": "Restore_Point_Type", + }, + "cybox.objects.win_task_object.IComHandlerAction": { + "com_class_id": "COM_Class_ID", + "com_data": "COM_Data", + }, + "cybox.objects.win_task_object.IExecAction": { + "exec_arguments": "Exec_Arguments", + "exec_program_hashes": "Exec_Program_Hashes", + "exec_program_path": "Exec_Program_Path", + "exec_working_directory": "Exec_Working_Directory", + }, + "cybox.objects.win_task_object.IShowMessageAction": { + "show_message_body": "Show_Message_Body", + "show_message_title": "Show_Message_Title", + }, + "cybox.objects.win_task_object.TaskAction": { + "action_id": "Action_ID", + "action_type": "Action_Type", + "icomhandleraction": "IComHandlerAction", + "iemailaction": "IEmailAction", + "iexecaction": "IExecAction", + "ishowmessageaction": "IShowMessageAction", + }, + "cybox.objects.win_task_object.TaskActionList": { + "action": "Action", + }, + "cybox.objects.win_task_object.Trigger": { + "trigger_begin": "Trigger_Begin", + "trigger_delay": "Trigger_Delay", + "trigger_end": "Trigger_End", + "trigger_frequency": "Trigger_Frequency", + "trigger_max_run_time": "Trigger_Max_Run_Time", + "trigger_session_change_type": "Trigger_Session_Change_Type", + "trigger_type": "Trigger_Type", + }, + "cybox.objects.win_task_object.TriggerList": { + "trigger": "Trigger", + }, + "cybox.objects.win_task_object.WinTask": { + "account_logon_type": "Account_Logon_Type", + "account_name": "Account_Name", + "account_run_level": "Account_Run_Level", + "action_list": "Action_List", + "application_name": "Application_Name", + "comment": "Comment", + "creation_date": "Creation_Date", + "creator": "Creator", + "custom_properties": "Custom_Properties", + "exit_code": "Exit_Code", + "flags": "Flags", + "max_run_time": "Max_Run_Time", + "most_recent_run_time": "Most_Recent_Run_Time", + "name": "Name", + "next_run_time": "Next_Run_Time", + "object_reference": "@object_reference", + "parameters": "Parameters", + "priority": "Priority", + "status": "Status", + "trigger_list": "Trigger_List", + "work_item_data": "Work_Item_Data", + "working_directory": "Working_Directory", + }, + "cybox.objects.win_thread_object.WinThread": { + "context": "Context", + "creation_flags": "Creation_Flags", + "creation_time": "Creation_Time", + "custom_properties": "Custom_Properties", + "handle": "Handle", + "object_reference": "@object_reference", + "parameter_address": "Parameter_Address", + "priority": "Priority", + "running_status": "Running_Status", + "security_attributes": "Security_Attributes", + "stack_size": "Stack_Size", + "start_address": "Start_Address", + "thread_id": "Thread_ID", + }, + "cybox.objects.win_user_object.WinGroup": { + "name": "Name", + }, + "cybox.objects.win_user_object.WinGroupList": { + "group": "Group", + }, + "cybox.objects.win_user_object.WinPrivilege": { + "user_right": "User_Right", + }, + "cybox.objects.win_user_object.WinPrivilegeList": { + "privilege": "Privilege", + }, + "cybox.objects.win_user_object.WinUser": { + "authentication": "Authentication", + "creation_date": "Creation_Date", + "custom_properties": "Custom_Properties", + "description": "Description", + "disabled": "@disabled", + "domain": "Domain", + "full_name": "Full_Name", + "group_list": "Group_List", + "home_directory": "Home_Directory", + "last_accessed_time": "Last_Accessed_Time", + "last_login": "Last_Login", + "locked_out": "@locked_out", + "modified_date": "Modified_Date", + "object_reference": "@object_reference", + "password_required": "@password_required", + "privilege_list": "Privilege_List", + "script_path": "Script_Path", + "security_id": "Security_ID", + "security_type": "Security_Type", + "user_password_age": "User_Password_Age", + "username": "Username", + }, + "cybox.objects.win_volume_object.WinVolume": { + "actual_available_allocation_units": "Actual_Available_Allocation_Units", + "attributes_list": "Attributes_List", + "bytes_per_sector": "Bytes_Per_Sector", + "creation_time": "Creation_Time", + "custom_properties": "Custom_Properties", + "device_path": "Device_Path", + "drive_letter": "Drive_Letter", + "drive_type": "Drive_Type", + "file_system_flag_list": "File_System_Flag_List", + "file_system_type": "File_System_Type", + "is_mounted": "@is_mounted", + "name": "Name", + "object_reference": "@object_reference", + "sectors_per_allocation_unit": "Sectors_Per_Allocation_Unit", + "serial_number": "Serial_Number", + "total_allocation_units": "Total_Allocation_Units", + }, + "cybox.objects.win_volume_object.WindowsVolumeAttributesList": { + "attribute": "Attribute", + }, + "cybox.objects.win_waitable_timer_object.WinWaitableTimer": { + "custom_properties": "Custom_Properties", + "name": "Name", + "object_reference": "@object_reference", + "security_attributes": "Security_Attributes", + "type_": "Type", + }, + "cybox.objects.x509_certificate_object.RSAPublicKey": { + "exponent": "Exponent", + "modulus": "Modulus", + }, + "cybox.objects.x509_certificate_object.SubjectPublicKey": { + "public_key_algorithm": "Public_Key_Algorithm", + "rsa_public_key": "RSA_Public_Key", + }, + "cybox.objects.x509_certificate_object.Validity": { + "not_after": "Not_After", + "not_before": "Not_Before", + }, + "cybox.objects.x509_certificate_object.X509Cert": { + "issuer": "Issuer", + "non_standard_extensions": "Non_Standard_Extensions", + "serial_number": "Serial_Number", + "signature_algorithm": "Signature_Algorithm", + "standard_extensions": "Standard_Extensions", + "subject": "Subject", + "subject_public_key": "Subject_Public_Key", + "validity": "Validity", + "version": "Version", + }, + "cybox.objects.x509_certificate_object.X509Certificate": { + "certificate": "Certificate", + "certificate_signature": "Certificate_Signature", + "custom_properties": "Custom_Properties", + "object_reference": "@object_reference", + "raw_certificate": "Raw_Certificate", + }, + "cybox.objects.x509_certificate_object.X509CertificateSignature": { + "signature": "Signature", + "signature_algorithm": "Signature_Algorithm", + }, + "cybox.objects.x509_certificate_object.X509NonStandardExtensions": { + "netscape_certificate_type": "Netscape_Certificate_Type", + "netscape_comment": "Netscape_Comment", + "old_authority_key_identifier": "Old_Authority_Key_Identifier", + "old_primary_key_attributes": "Old_Primary_Key_Attributes", + }, + "cybox.objects.x509_certificate_object.X509V3Extensions": { + "authority_key_identifier": "Authority_Key_Identifier", + "basic_constraints": "Basic_Constraints", + "certificate_policies": "Certificate_Policies", + "crl_distribution_points": "CRL_Distribution_Points", + "extended_key_usage": "Extended_Key_Usage", + "inhibit_any_policy": "Inhibit_Any_Policy", + "issuer_alternative_name": "Issuer_Alternative_Name", + "key_usage": "Key_Usage", + "name_constraints": "Name_Constraints", + "policy_constraints": "Policy_Constraints", + "policy_mappings": "Policy_Mappings", + "private_key_usage_period": "Private_Key_Usage_Period", + "subject_alternative_name": "Subject_Alternative_Name", + "subject_directory_attributes": "Subject_Directory_Attributes", + "subject_key_identifier": "Subject_Key_Identifier", + }, +} diff --git a/stixmarx/fields/stix/stix11110.py b/stixmarx/fields/stix/stix11110.py new file mode 100644 index 0000000..5007a1f --- /dev/null +++ b/stixmarx/fields/stix/stix11110.py @@ -0,0 +1,1182 @@ +# Copyright (c) 2018, The MITRE Corporation. All rights reserved. +# See LICENSE.txt for complete terms. + +# This is an auto-generated file. +# stix - 1.1.1.10 + +__date__ = "2018-03-21 13:01:55.202000" + + +# Maps Python instance attribute names to XML instance field names for +# Python API classes. +_FIELDS = { + "cybox.common.contributor.Contributor": { + "contribution_location": "Contribution_Location", + "date": "Date", + "email": "Email", + "name": "Name", + "organization": "Organization", + "phone": "Phone", + "role": "Role", + }, + "cybox.common.object_properties.ObjectProperties": { + "custom_properties": "Custom_Properties", + "object_reference": "@object_reference", + }, + "cybox.common.structured_text.StructuredText": { + "structuring_format": "@structuring_format", + "value": "text()", + }, + "cybox.common.time.Time": { + "end_time": "End_Time", + "produced_time": "Produced_Time", + "received_time": "Received_Time", + "start_time": "Start_Time", + }, + "cybox.common.tools.ToolInformationList": { + "tool": "Tool", + }, + "cybox.core.observable.Observable": { + "description": "Description", + "event": "Event", + "id_": "@id", + "idref": "@idref", + "keywords": "Keywords", + "object_": "Object", + "observable_composition": "Observable_Composition", + "observable_source": "Observable_Source", + "pattern_fidelity": "Pattern_Fidelity", + "sighting_count": "@sighting_count", + "title": "Title", + }, + "cybox.core.observable.ObservableComposition": { + "observables": "Observable", + "operator": "@operator", + }, + "cybox.core.observable.Observables": { + "observable_package_source": "Observable_Package_Source", + "observables": "Observable", + }, + "cybox.objects.file_object.File": { + "accessed_time": "Accessed_Time", + "byte_runs": "Byte_Runs", + "compression_comment": "Compression_Comment", + "compression_method": "Compression_Method", + "compression_version": "Compression_Version", + "created_time": "Created_Time", + "custom_properties": "Custom_Properties", + "decryption_key": "Decryption_Key", + "device_path": "Device_Path", + "digital_signatures": "Digital_Signatures", + "encryption_algorithm": "Encryption_Algorithm", + "extracted_features": "Extracted_Features", + "file_attributes_list": "File_Attributes_List", + "file_extension": "File_Extension", + "file_format": "File_Format", + "file_name": "File_Name", + "file_path": "File_Path", + "full_path": "Full_Path", + "hashes": "Hashes", + "is_masqueraded": "@is_masqueraded", + "is_packed": "@is_packed", + "magic_number": "Magic_Number", + "modified_time": "Modified_Time", + "object_reference": "@object_reference", + "packer_list": "Packer_List", + "peak_entropy": "Peak_Entropy", + "permissions": "Permissions", + "size_in_bytes": "Size_In_Bytes", + "sym_links": "Sym_Links", + "user_owner": "User_Owner", + }, + "stix.base.BaseCoreComponent": { + "description": "Description", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "short_description": "Short_Description", + "timestamp": "@timestamp", + "title": "Title", + "version": "@version", + }, + "stix.campaign.AssociatedCampaigns": { + "campaign": "Associated_Campaign", + "scope": "@scope", + }, + "stix.campaign.Attribution": { + "scope": "@scope", + "threat_actor": "Attributed_Threat_Actor", + }, + "stix.campaign.Campaign": { + "activity": "Activity", + "associated_campaigns": "Associated_Campaigns", + "attribution": "Attribution", + "confidence": "Confidence", + "description": "Description", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "information_source": "Information_Source", + "intended_effects": "Intended_Effect", + "names": "Names", + "related_incidents": "Related_Incidents", + "related_indicators": "Related_Indicators", + "related_packages": "Related_Packages", + "related_ttps": "Related_TTPs", + "short_description": "Short_Description", + "status": "Status", + "timestamp": "@timestamp", + "title": "Title", + "version": "@version", + }, + "stix.campaign.Names": { + "name": "Name", + }, + "stix.campaign.RelatedIncidents": { + "incident": "Related_Incident", + "scope": "@scope", + }, + "stix.campaign.RelatedIndicators": { + "indicator": "Related_Indicator", + "scope": "@scope", + }, + "stix.campaign.RelatedTTPs": { + "scope": "@scope", + "ttp": "Related_TTP", + }, + "stix.coa.CourseOfAction": { + "cost": "Cost", + "description": "Description", + "efficacy": "Efficacy", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "impact": "Impact", + "information_source": "Information_Source", + "objective": "Objective", + "parameter_observables": "Parameter_Observables", + "related_coas": "Related_COAs", + "related_packages": "Related_Packages", + "short_description": "Short_Description", + "stage": "Stage", + "structured_coa": "Structured_COA", + "timestamp": "@timestamp", + "title": "Title", + "type_": "Type", + "version": "@version", + }, + "stix.coa.RelatedCOAs": { + "related_coa": "Related_COA", + "scope": "@scope", + }, + "stix.coa.objective.Objective": { + "applicability_confidence": "Applicability_Confidence", + "description": "Description", + "short_description": "Short_Description", + }, + "stix.coa.structured_coa._BaseStructuredCOA": { + "id_": "@id", + "idref": "@idref", + }, + "stix.common.EncodedCDATA": { + "encoded": "@encoded", + "value": "text()", + }, + "stix.common.activity.Activity": { + "date_time": "Date_Time", + "description": "Description", + }, + "stix.common.campaign_reference.CampaignRef": { + "idref": "@idref", + "names": "Names", + "timestamp": "@timestamp", + }, + "stix.common.confidence.Confidence": { + "description": "Description", + "source": "Source", + "timestamp": "@timestamp", + "timestamp_precision": "@timestamp_precision", + "value": "Value", + }, + "stix.common.datetimewithprecision.DateTimeWithPrecision": { + "precision": "@precision", + "value": "text()", + }, + "stix.common.identity.Identity": { + "id_": "@id", + "idref": "@idref", + "name": "Name", + "related_identities": "Related_Identities", + }, + "stix.common.identity.RelatedIdentities": { + "related_identity": "Related_Identity", + }, + "stix.common.information_source.ContributingSources": { + "source": "Source", + }, + "stix.common.information_source.InformationSource": { + "contributing_sources": "Contributing_Sources", + "description": "Description", + "identity": "Identity", + "references": "References", + "roles": "Role", + "time": "Time", + "tools": "Tools", + }, + "stix.common.kill_chains.KillChain": { + "definer": "@definer", + "id_": "@id", + "kill_chain_phases": "Kill_Chain_Phase", + "name": "@name", + "number_of_phases": "@number_of_phases", + "reference": "@reference", + }, + "stix.common.kill_chains.KillChainPhase": { + "name": "@name", + "ordinality": "@ordinality", + "phase_id": "@phase_id", + }, + "stix.common.kill_chains.KillChainPhaseReference": { + "kill_chain_id": "@kill_chain_id", + "kill_chain_name": "@kill_chain_name", + "name": "@name", + "ordinality": "@ordinality", + "phase_id": "@phase_id", + }, + "stix.common.kill_chains.KillChainPhasesReference": { + "kill_chain_phase": "Kill_Chain_Phase", + }, + "stix.common.kill_chains.KillChains": { + "kill_chain": "Kill_Chain", + }, + "stix.common.names.Names": { + "name": "Name", + }, + "stix.common.profiles.Profiles": { + "profile": "Profile", + }, + "stix.common.references.References": { + "reference": "Reference", + }, + "stix.common.related.GenericRelationship": { + "confidence": "Confidence", + "information_source": "Information_Source", + "relationship": "Relationship", + }, + "stix.common.related.GenericRelationshipEntity": { + "scope": "@scope", + }, + "stix.common.related.RelatedCOA": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Course_Of_Action", + "relationship": "Relationship", + }, + "stix.common.related.RelatedCampaign": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Campaign", + "relationship": "Relationship", + }, + "stix.common.related.RelatedCampaignRef": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Campaign", + "relationship": "Relationship", + }, + "stix.common.related.RelatedExploitTarget": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Exploit_Target", + "relationship": "Relationship", + }, + "stix.common.related.RelatedIdentity": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Identity", + "relationship": "Relationship", + }, + "stix.common.related.RelatedIncident": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Incident", + "relationship": "Relationship", + }, + "stix.common.related.RelatedIndicator": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Indicator", + "relationship": "Relationship", + }, + "stix.common.related.RelatedObservable": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Observable", + "relationship": "Relationship", + }, + "stix.common.related.RelatedPackage": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Package", + "relationship": "Relationship", + }, + "stix.common.related.RelatedPackageRef": { + "confidence": "Confidence", + "idref": "@idref", + "information_source": "Information_Source", + "relationship": "Relationship", + "timestamp": "@timestamp", + }, + "stix.common.related.RelatedPackageRefs": { + "package": "Package_Reference", + }, + "stix.common.related.RelatedPackages": { + "related_package": "Related_Package", + "scope": "@scope", + }, + "stix.common.related.RelatedTTP": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "TTP", + "relationship": "Relationship", + }, + "stix.common.related.RelatedThreatActor": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Threat_Actor", + "relationship": "Relationship", + }, + "stix.common.related._BaseRelated": { + "confidence": "Confidence", + "information_source": "Information_Source", + "relationship": "Relationship", + }, + "stix.common.statement.Statement": { + "confidence": "Confidence", + "description": "Description", + "source": "Source", + "timestamp": "@timestamp", + "timestamp_precision": "@timestamp_precision", + "value": "Value", + }, + "stix.common.structured_text.StructuredText": { + "id_": "@id", + "structuring_format": "@structuring_format", + "value": "text()", + }, + "stix.common.tools.ToolInformation": { + "description": "Description", + "id_": "@id", + "idref": "@idref", + "name": "Name", + "service_pack": "Service_Pack", + "short_description": "Short_Description", + "title": "Title", + "tool_hashes": "Tool_Hashes", + "type_": "Type", + "vendor": "Vendor", + "version": "Version", + }, + "stix.common.vocabs.AssetType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.AttackerInfrastructureType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.AttackerToolType_1_0": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.AvailabilityLossType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.AvailabilityLossType_1_1_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.COAStage_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.CampaignStatus_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.CourseOfActionType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.DiscoveryMethod_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.DiscoveryMethod_2_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.HighMediumLow_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ImpactQualification_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ImpactRating_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IncidentCategory_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IncidentEffect_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IncidentStatus_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IndicatorType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IndicatorType_1_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.InformationSourceRole_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.InformationType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IntendedEffect_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.LocationClass_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.LossDuration_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.LossProperty_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.MalwareType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ManagementClass_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.Motivation_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.Motivation_1_0_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.Motivation_1_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.OwnershipClass_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.PackageIntent_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.PlanningAndOperationalSupport_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.PlanningAndOperationalSupport_1_0_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ReportIntent_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.SecurityCompromise_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.SystemType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ThreatActorSophistication_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ThreatActorType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.VocabString": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.core.Campaigns": { + "campaign": "Campaign", + }, + "stix.core.CoursesOfAction": { + "course_of_action": "Course_Of_Action", + }, + "stix.core.ExploitTargets": { + "exploit_target": "Exploit_Target", + }, + "stix.core.Incidents": { + "incident": "Incident", + }, + "stix.core.Indicators": { + "indicator": "Indicator", + }, + "stix.core.ThreatActors": { + "threat_actor": "Threat_Actor", + }, + "stix.core.stix_header.STIXHeader": { + "description": "Description", + "handling": "Handling", + "information_source": "Information_Source", + "package_intents": "Package_Intent", + "profiles": "Profiles", + "short_description": "Short_Description", + "title": "Title", + }, + "stix.core.stix_package.STIXPackage": { + "campaigns": "Campaigns", + "courses_of_action": "Courses_Of_Action", + "exploit_targets": "Exploit_Targets", + "id_": "@id", + "idref": "@idref", + "incidents": "Incidents", + "indicators": "Indicators", + "observables": "Observables", + "related_packages": "Related_Packages", + "stix_header": "STIX_Header", + "threat_actors": "Threat_Actors", + "timestamp": "@timestamp", + "ttps": "TTPs", + "version": "@version", + }, + "stix.core.ttps.TTPs": { + "kill_chains": "Kill_Chains", + "ttps": "TTP", + }, + "stix.data_marking.Marking": { + "marking": "Marking", + }, + "stix.data_marking.MarkingSpecification": { + "controlled_structure": "Controlled_Structure", + "id_": "@id", + "idref": "@idref", + "information_source": "Information_Source", + "marking_structures": "Marking_Structure", + "version": "@version", + }, + "stix.data_marking.MarkingStructure": { + "id_": "@id", + "idref": "@idref", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + }, + "stix.exploit_target.ExploitTarget": { + "configuration": "Configuration", + "description": "Description", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "information_source": "Information_Source", + "potential_coas": "Potential_COAs", + "related_exploit_targets": "Related_Exploit_Targets", + "related_packages": "Related_Packages", + "short_description": "Short_Description", + "timestamp": "@timestamp", + "title": "Title", + "version": "@version", + "vulnerabilities": "Vulnerability", + "weaknesses": "Weakness", + }, + "stix.exploit_target.PotentialCOAs": { + "potential_coa": "Potential_COA", + "scope": "@scope", + }, + "stix.exploit_target.RelatedExploitTargets": { + "related_exploit_target": "Related_Exploit_Target", + "scope": "@scope", + }, + "stix.exploit_target.configuration.Configuration": { + "cce_id": "CCE_ID", + "description": "Description", + "short_description": "Short_Description", + }, + "stix.exploit_target.vulnerability.AffectedSoftware": { + "affected_software": "Affected_Software", + "scope": "@scope", + }, + "stix.exploit_target.vulnerability.CVSSVector": { + "base_score": "Base_Score", + "base_vector": "Base_Vector", + "environmental_score": "Environmental_Score", + "environmental_vector": "Environmental_Vector", + "overall_score": "Overall_Score", + "temporal_score": "Temporal_Score", + "temporal_vector": "Temporal_Vector", + }, + "stix.exploit_target.vulnerability.Vulnerability": { + "affected_software": "Affected_Software", + "cve_id": "CVE_ID", + "cvss_score": "CVSS_Score", + "description": "Description", + "discovered_datetime": "Discovered_DateTime", + "is_known": "@is_known", + "is_publicly_acknowledged": "@is_publicly_acknowledged", + "osvdb_id": "OSVDB_ID", + "published_datetime": "Published_DateTime", + "references": "References", + "short_description": "Short_Description", + "source": "Source", + "title": "Title", + }, + "stix.exploit_target.weakness.Weakness": { + "cwe_id": "CWE_ID", + "description": "Description", + }, + "stix.extensions.identity.ciq_identity_3_0.CIQIdentity3_0Instance": { + "id_": "@id", + "idref": "@idref", + "name": "Name", + "related_identities": "Related_Identities", + }, + "stix.extensions.malware.maec_4_1_malware.MAECInstance": { + "description": "Description", + "id_": "@id", + "idref": "@idref", + "maec": "MAEC", + "names": "Name", + "short_description": "Short_Description", + "title": "Title", + "types": "Type", + }, + "stix.extensions.marking.ais.AISConsentType": { + "consent": "@consent", + }, + "stix.extensions.marking.ais.AISMarkingStructure": { + "id_": "@id", + "idref": "@idref", + "is_proprietary": "Is_Proprietary", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + "not_proprietary": "Not_Proprietary", + }, + "stix.extensions.marking.ais.IsProprietary": { + "ais_consent": "AISConsent", + "cisa_proprietary": "CISA_Proprietary", + "tlp_marking": "TLPMarking", + }, + "stix.extensions.marking.ais.NotProprietary": { + "ais_consent": "AISConsent", + "cisa_proprietary": "CISA_Proprietary", + "tlp_marking": "TLPMarking", + }, + "stix.extensions.marking.ais.TLPMarkingType": { + "color": "@color", + }, + "stix.extensions.marking.simple_marking.SimpleMarkingStructure": { + "id_": "@id", + "idref": "@idref", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + "statement": "Statement", + }, + "stix.extensions.marking.terms_of_use_marking.TermsOfUseMarkingStructure": { + "id_": "@id", + "idref": "@idref", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + "terms_of_use": "Terms_Of_Use", + }, + "stix.extensions.marking.tlp.TLPMarkingStructure": { + "color": "@color", + "id_": "@id", + "idref": "@idref", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + }, + "stix.extensions.structured_coa.generic_structured_coa.GenericStructuredCOA": { + "description": "Description", + "id_": "@id", + "idref": "@idref", + "reference_location": "@reference_location", + "specification": "Specification", + "type_": "Type", + }, + "stix.extensions.test_mechanism.generic_test_mechanism.GenericTestMechanism": { + "description": "Description", + "efficacy": "Efficacy", + "id_": "@id", + "idref": "@idref", + "producer": "Producer", + "reference_location": "@reference_location", + "specification": "Specification", + "type_": "Type", + }, + "stix.extensions.test_mechanism.open_ioc_2010_test_mechanism.OpenIOCTestMechanism": { + "efficacy": "Efficacy", + "id_": "@id", + "idref": "@idref", + "ioc": "@ioc", + "producer": "Producer", + }, + "stix.extensions.test_mechanism.snort_test_mechanism.SnortTestMechanism": { + "efficacy": "Efficacy", + "event_filters": "Event_Filter", + "event_suppressions": "Event_Suppression", + "id_": "@id", + "idref": "@idref", + "producer": "Producer", + "product_name": "Product_Name", + "rate_filters": "Rate_Filter", + "rules": "Rule", + "version": "Version", + }, + "stix.extensions.test_mechanism.yara_test_mechanism.YaraTestMechanism": { + "efficacy": "Efficacy", + "id_": "@id", + "idref": "@idref", + "producer": "Producer", + "rule": "Rule", + "version": "Version", + }, + "stix.incident.AffectedAssets": { + "affected_asset": "Affected_Asset", + }, + "stix.incident.AttributedThreatActors": { + "scope": "@scope", + "threat_actor": "Threat_Actor", + }, + "stix.incident.Incident": { + "affected_assets": "Affected_Assets", + "attributed_threat_actors": "Attributed_Threat_Actors", + "categories": "Categories", + "coa_requested": "COA_Requested", + "coa_taken": "COA_Taken", + "confidence": "Confidence", + "contacts": "Contact", + "coordinators": "Coordinator", + "description": "Description", + "discovery_methods": "Discovery_Method", + "external_ids": "External_ID", + "handling": "Handling", + "history": "History", + "id_": "@id", + "idref": "@idref", + "impact_assessment": "Impact_Assessment", + "information_source": "Information_Source", + "intended_effects": "Intended_Effect", + "leveraged_ttps": "Leveraged_TTPs", + "related_incidents": "Related_Incidents", + "related_indicators": "Related_Indicators", + "related_observables": "Related_Observables", + "related_packages": "Related_Packages", + "reporter": "Reporter", + "responders": "Responder", + "security_compromise": "Security_Compromise", + "short_description": "Short_Description", + "status": "Status", + "time": "Time", + "timestamp": "@timestamp", + "title": "Title", + "url": "URL", + "version": "@version", + "victims": "Victim", + }, + "stix.incident.IncidentCategories": { + "category": "Category", + }, + "stix.incident.LeveragedTTPs": { + "scope": "@scope", + "ttp": "Leveraged_TTP", + }, + "stix.incident.RelatedIncidents": { + "incident": "Related_Incident", + "scope": "@scope", + }, + "stix.incident.RelatedIndicators": { + "indicator": "Related_Indicator", + "scope": "@scope", + }, + "stix.incident.RelatedObservables": { + "observable": "Related_Observable", + "scope": "@scope", + }, + "stix.incident.affected_asset.AffectedAsset": { + "business_function_or_roles": "Business_Function_Or_Role", + "description": "Description", + "location_class": "Location_Class", + "management_class": "Management_Class", + "nature_of_security_effect": "Nature_Of_Security_Effect", + "ownership_class": "Ownership_Class", + "structured_description": "Structured_Description", + "type_": "Type", + }, + "stix.incident.affected_asset.AssetType": { + "count_affected": "@count_affected", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.incident.affected_asset.NatureOfSecurityEffect": { + "nature_of_security_effect": "Property_Affected", + }, + "stix.incident.coa.COARequested": { + "contributors": "Contributors", + "course_of_action": "Course_Of_Action", + "priority": "@priority", + "time": "Time", + }, + "stix.incident.coa.COATaken": { + "contributors": "Contributors", + "course_of_action": "Course_Of_Action", + "time": "Time", + }, + "stix.incident.coa.COATime": { + "end": "End", + "start": "Start", + }, + "stix.incident.contributors.Contributors": { + "contributors": "Contributor", + }, + "stix.incident.direct_impact_summary.DirectImpactSummary": { + "asset_losses": "Asset_Losses", + "business_mission_disruption": "Business_Mission_Disruption", + "response_and_recovery_costs": "Response_And_Recovery_Costs", + }, + "stix.incident.external_id.ExternalID": { + "source": "@source", + "value": "text()", + }, + "stix.incident.history.History": { + "history_items": "History_Item", + }, + "stix.incident.history.HistoryItem": { + "action_entry": "Action_Entry", + "journal_entry": "Journal_Entry", + }, + "stix.incident.history.JournalEntry": { + "author": "@author", + "time": "@time", + "time_precision": "@time_precision", + "value": "text()", + }, + "stix.incident.impact_assessment.Effects": { + "effects": "Effect", + }, + "stix.incident.impact_assessment.ImpactAssessment": { + "direct_impact_summary": "Direct_Impact_Summary", + "effects": "Effects", + "impact_qualification": "Impact_Qualification", + "indirect_impact_summary": "Indirect_Impact_Summary", + "total_loss_estimation": "Total_Loss_Estimation", + }, + "stix.incident.indirect_impact_summary.IndirectImpactSummary": { + "brand_and_market_damage": "Brand_And_Market_Damage", + "increased_operating_costs": "Increased_Operating_Costs", + "legal_and_regulatory_costs": "Legal_And_Regulatory_Costs", + "loss_of_competitive_advantage": "Loss_Of_Competitive_Advantage", + }, + "stix.incident.loss_estimation.LossEstimation": { + "amount": "@amount", + "iso_currency_code": "@iso_currency_code", + }, + "stix.incident.property_affected.NonPublicDataCompromised": { + "data_encrypted": "@data_encrypted", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.incident.property_affected.PropertyAffected": { + "descriptions_of_effect": "Description_Of_Effect", + "duration_of_availability_loss": "Duration_Of_Availability_Loss", + "non_public_data_compromised": "Non_Public_Data_Compromised", + "property_": "Property", + "type_of_availability_loss": "Type_Of_Availability_Loss", + }, + "stix.incident.time.Time": { + "containment_achieved": "Containment_Achieved", + "first_data_exfiltration": "First_Data_Exfiltration", + "first_malicious_action": "First_Malicious_Action", + "incident_closed": "Incident_Closed", + "incident_discovery": "Incident_Discovery", + "incident_opened": "Incident_Opened", + "incident_reported": "Incident_Reported", + "initial_compromise": "Initial_Compromise", + "restoration_achieved": "Restoration_Achieved", + }, + "stix.incident.total_loss_estimation.TotalLossEstimation": { + "actual_total_loss_estimation": "Actual_Total_Loss_Estimation", + "initial_reported_total_loss_estimation": "Initial_Reported_Total_Loss_Estimation", + }, + "stix.indicator.indicator.CompositeIndicatorExpression": { + "indicator": "Indicator", + "operator": "@operator", + }, + "stix.indicator.indicator.Indicator": { + "alternative_id": "Alternative_ID", + "composite_indicator_expression": "Composite_Indicator_Expression", + "confidence": "Confidence", + "description": "Description", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "indicated_ttps": "Indicated_TTP", + "indicator_types": "Type", + "kill_chain_phases": "Kill_Chain_Phases", + "likely_impact": "Likely_Impact", + "negate": "@negate", + "observable": "Observable", + "producer": "Producer", + "related_campaigns": "Related_Campaigns", + "related_indicators": "Related_Indicators", + "related_packages": "Related_Packages", + "short_description": "Short_Description", + "sightings": "Sightings", + "suggested_coas": "Suggested_COAs", + "test_mechanisms": "Test_Mechanisms", + "timestamp": "@timestamp", + "title": "Title", + "valid_time_positions": "Valid_Time_Position", + "version": "@version", + }, + "stix.indicator.indicator.RelatedCampaignRefs": { + "related_campaign": "Related_Campaign", + "scope": "@scope", + }, + "stix.indicator.indicator.RelatedIndicators": { + "related_indicator": "Related_Indicator", + "scope": "@scope", + }, + "stix.indicator.indicator.SuggestedCOAs": { + "scope": "@scope", + "suggested_coa": "Suggested_COA", + }, + "stix.indicator.sightings.RelatedObservables": { + "observable": "Related_Observable", + "scope": "@scope", + }, + "stix.indicator.sightings.Sighting": { + "confidence": "Confidence", + "description": "Description", + "reference": "Reference", + "related_observables": "Related_Observables", + "source": "Source", + "timestamp": "@timestamp", + "timestamp_precision": "@timestamp_precision", + }, + "stix.indicator.sightings.Sightings": { + "sighting": "Sighting", + "sightings_count": "@sightings_count", + }, + "stix.indicator.test_mechanism.TestMechanisms": { + "test_mechanism": "Test_Mechanism", + }, + "stix.indicator.test_mechanism._BaseTestMechanism": { + "efficacy": "Efficacy", + "id_": "@id", + "idref": "@idref", + "producer": "Producer", + }, + "stix.indicator.valid_time.ValidTime": { + "end_time": "End_Time", + "start_time": "Start_Time", + }, + "stix.threat_actor.AssociatedActors": { + "associated_actor": "Associated_Actor", + "scope": "@scope", + }, + "stix.threat_actor.AssociatedCampaigns": { + "associated_campaign": "Associated_Campaign", + "scope": "@scope", + }, + "stix.threat_actor.ObservedTTPs": { + "observed_ttp": "Observed_TTP", + "scope": "@scope", + }, + "stix.threat_actor.ThreatActor": { + "associated_actors": "Associated_Actors", + "associated_campaigns": "Associated_Campaigns", + "confidence": "Confidence", + "description": "Description", + "handling": "Handling", + "id_": "@id", + "identity": "Identity", + "idref": "@idref", + "information_source": "Information_Source", + "intended_effects": "Intended_Effect", + "motivations": "Motivation", + "observed_ttps": "Observed_TTPs", + "planning_and_operational_supports": "Planning_And_Operational_Support", + "related_packages": "Related_Packages", + "short_description": "Short_Description", + "sophistications": "Sophistication", + "timestamp": "@timestamp", + "title": "Title", + "types": "Type", + "version": "@version", + }, + "stix.ttp.TTP": { + "behavior": "Behavior", + "description": "Description", + "exploit_targets": "Exploit_Targets", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "information_source": "Information_Source", + "intended_effects": "Intended_Effect", + "kill_chain_phases": "Kill_Chain_Phases", + "related_packages": "Related_Packages", + "related_ttps": "Related_TTPs", + "resources": "Resources", + "short_description": "Short_Description", + "timestamp": "@timestamp", + "title": "Title", + "version": "@version", + "victim_targeting": "Victim_Targeting", + }, + "stix.ttp.attack_pattern.AttackPattern": { + "capec_id": "@capec_id", + "description": "Description", + "id_": "@id", + "idref": "@idref", + "short_description": "Short_Description", + "title": "Title", + }, + "stix.ttp.behavior.AttackPatterns": { + "attack_pattern": "Attack_Pattern", + }, + "stix.ttp.behavior.Behavior": { + "attack_patterns": "Attack_Patterns", + "exploits": "Exploits", + "malware_instances": "Malware", + }, + "stix.ttp.behavior.Exploits": { + "exploit": "Exploit", + }, + "stix.ttp.behavior.MalwareInstances": { + "malware_instance": "Malware_Instance", + }, + "stix.ttp.exploit.Exploit": { + "description": "Description", + "id_": "@id", + "idref": "@idref", + "short_description": "Short_Description", + "title": "Title", + }, + "stix.ttp.exploit_targets.ExploitTargets": { + "exploit_target": "Exploit_Target", + "scope": "@scope", + }, + "stix.ttp.infrastructure.Infrastructure": { + "description": "Description", + "id_": "@id", + "idref": "@idref", + "observable_characterization": "Observable_Characterization", + "short_description": "Short_Description", + "title": "Title", + "types": "Type", + }, + "stix.ttp.malware_instance.MalwareInstance": { + "description": "Description", + "id_": "@id", + "idref": "@idref", + "names": "Name", + "short_description": "Short_Description", + "title": "Title", + "types": "Type", + }, + "stix.ttp.related_ttps.RelatedTTPs": { + "related_ttp": "Related_TTP", + "scope": "@scope", + }, + "stix.ttp.resource.Personas": { + "persona": "Persona", + }, + "stix.ttp.resource.Resource": { + "infrastructure": "Infrastructure", + "personas": "Personas", + "tools": "Tools", + }, + "stix.ttp.resource.Tools": { + "tool": "Tool", + }, + "stix.ttp.victim_targeting.VictimTargeting": { + "identity": "Identity", + "targeted_information": "Targeted_Information", + "targeted_systems": "Targeted_Systems", + }, +} diff --git a/stixmarx/fields/stix/stix1204.py b/stixmarx/fields/stix/stix1204.py new file mode 100644 index 0000000..68527af --- /dev/null +++ b/stixmarx/fields/stix/stix1204.py @@ -0,0 +1,1242 @@ +# Copyright (c) 2018, The MITRE Corporation. All rights reserved. +# See LICENSE.txt for complete terms. + +# This is an auto-generated file. +# stix - 1.2.0.4 + +__date__ = "2018-03-21 12:20:17.268000" + + +# Maps Python instance attribute names to XML instance field names for +# Python API classes. +_FIELDS = { + "cybox.common.contributor.Contributor": { + "contribution_location": "Contribution_Location", + "date": "Date", + "email": "Email", + "name": "Name", + "organization": "Organization", + "phone": "Phone", + "role": "Role", + }, + "cybox.common.object_properties.ObjectProperties": { + "custom_properties": "Custom_Properties", + "object_reference": "@object_reference", + }, + "cybox.common.structured_text.StructuredText": { + "structuring_format": "@structuring_format", + "value": "text()", + }, + "cybox.common.time.Time": { + "end_time": "End_Time", + "produced_time": "Produced_Time", + "received_time": "Received_Time", + "start_time": "Start_Time", + }, + "cybox.common.tools.ToolInformationList": { + "tool": "Tool", + }, + "cybox.core.observable.Observable": { + "description": "Description", + "event": "Event", + "id_": "@id", + "idref": "@idref", + "keywords": "Keywords", + "object_": "Object", + "observable_composition": "Observable_Composition", + "observable_source": "Observable_Source", + "pattern_fidelity": "Pattern_Fidelity", + "sighting_count": "@sighting_count", + "title": "Title", + }, + "cybox.core.observable.ObservableComposition": { + "observables": "Observable", + "operator": "@operator", + }, + "cybox.core.observable.Observables": { + "observable_package_source": "Observable_Package_Source", + "observables": "Observable", + }, + "cybox.objects.file_object.File": { + "accessed_time": "Accessed_Time", + "byte_runs": "Byte_Runs", + "compression_comment": "Compression_Comment", + "compression_method": "Compression_Method", + "compression_version": "Compression_Version", + "created_time": "Created_Time", + "custom_properties": "Custom_Properties", + "decryption_key": "Decryption_Key", + "device_path": "Device_Path", + "digital_signatures": "Digital_Signatures", + "encryption_algorithm": "Encryption_Algorithm", + "extracted_features": "Extracted_Features", + "file_attributes_list": "File_Attributes_List", + "file_extension": "File_Extension", + "file_format": "File_Format", + "file_name": "File_Name", + "file_path": "File_Path", + "full_path": "Full_Path", + "hashes": "Hashes", + "is_masqueraded": "@is_masqueraded", + "is_packed": "@is_packed", + "magic_number": "Magic_Number", + "modified_time": "Modified_Time", + "object_reference": "@object_reference", + "packer_list": "Packer_List", + "peak_entropy": "Peak_Entropy", + "permissions": "Permissions", + "size_in_bytes": "Size_In_Bytes", + "sym_links": "Sym_Links", + "user_owner": "User_Owner", + }, + "maec.package.package.Package": { + "grouping_relationships": "Grouping_Relationships", + "id_": "@id", + "malware_subjects": "Malware_Subjects", + "schema_version": "@schema_version", + "timestamp": "@timestamp", + }, + "stix.base.BaseCoreComponent": { + "descriptions": "Description", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "short_descriptions": "Short_Description", + "timestamp": "@timestamp", + "title": "Title", + "version": "@version", + }, + "stix.campaign.AssociatedCampaigns": { + "campaign": "Associated_Campaign", + "scope": "@scope", + }, + "stix.campaign.Attribution": { + "scope": "@scope", + "threat_actor": "Attributed_Threat_Actor", + }, + "stix.campaign.Campaign": { + "activity": "Activity", + "associated_campaigns": "Associated_Campaigns", + "attribution": "Attribution", + "confidence": "Confidence", + "descriptions": "Description", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "information_source": "Information_Source", + "intended_effects": "Intended_Effect", + "names": "Names", + "related_incidents": "Related_Incidents", + "related_indicators": "Related_Indicators", + "related_packages": "Related_Packages", + "related_ttps": "Related_TTPs", + "short_descriptions": "Short_Description", + "status": "Status", + "timestamp": "@timestamp", + "title": "Title", + "version": "@version", + }, + "stix.campaign.Names": { + "name": "Name", + }, + "stix.campaign.RelatedIncidents": { + "incident": "Related_Incident", + "scope": "@scope", + }, + "stix.campaign.RelatedIndicators": { + "indicator": "Related_Indicator", + "scope": "@scope", + }, + "stix.campaign.RelatedTTPs": { + "scope": "@scope", + "ttp": "Related_TTP", + }, + "stix.coa.CourseOfAction": { + "cost": "Cost", + "descriptions": "Description", + "efficacy": "Efficacy", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "impact": "Impact", + "information_source": "Information_Source", + "objective": "Objective", + "parameter_observables": "Parameter_Observables", + "related_coas": "Related_COAs", + "related_packages": "Related_Packages", + "short_descriptions": "Short_Description", + "stage": "Stage", + "structured_coa": "Structured_COA", + "timestamp": "@timestamp", + "title": "Title", + "type_": "Type", + "version": "@version", + }, + "stix.coa.RelatedCOAs": { + "related_coa": "Related_COA", + "scope": "@scope", + }, + "stix.coa.objective.Objective": { + "applicability_confidence": "Applicability_Confidence", + "descriptions": "Description", + "short_descriptions": "Short_Description", + }, + "stix.coa.structured_coa._BaseStructuredCOA": { + "id_": "@id", + "idref": "@idref", + }, + "stix.common.EncodedCDATA": { + "encoded": "@encoded", + "value": "text()", + }, + "stix.common.activity.Activity": { + "date_time": "Date_Time", + "descriptions": "Description", + }, + "stix.common.campaign_reference.CampaignRef": { + "idref": "@idref", + "names": "Names", + "timestamp": "@timestamp", + }, + "stix.common.confidence.Confidence": { + "descriptions": "Description", + "source": "Source", + "timestamp": "@timestamp", + "timestamp_precision": "@timestamp_precision", + "value": "Value", + }, + "stix.common.datetimewithprecision.DateTimeWithPrecision": { + "precision": "@precision", + "value": "text()", + }, + "stix.common.identity.Identity": { + "id_": "@id", + "idref": "@idref", + "name": "Name", + "related_identities": "Related_Identities", + }, + "stix.common.identity.RelatedIdentities": { + "related_identity": "Related_Identity", + }, + "stix.common.information_source.ContributingSources": { + "source": "Source", + }, + "stix.common.information_source.InformationSource": { + "contributing_sources": "Contributing_Sources", + "descriptions": "Description", + "identity": "Identity", + "references": "References", + "roles": "Role", + "time": "Time", + "tools": "Tools", + }, + "stix.common.kill_chains.KillChain": { + "definer": "@definer", + "id_": "@id", + "kill_chain_phases": "Kill_Chain_Phase", + "name": "@name", + "number_of_phases": "@number_of_phases", + "reference": "@reference", + }, + "stix.common.kill_chains.KillChainPhase": { + "name": "@name", + "ordinality": "@ordinality", + "phase_id": "@phase_id", + }, + "stix.common.kill_chains.KillChainPhaseReference": { + "kill_chain_id": "@kill_chain_id", + "kill_chain_name": "@kill_chain_name", + "name": "@name", + "ordinality": "@ordinality", + "phase_id": "@phase_id", + }, + "stix.common.kill_chains.KillChainPhasesReference": { + "kill_chain_phase": "Kill_Chain_Phase", + }, + "stix.common.kill_chains.KillChains": { + "kill_chain": "Kill_Chain", + }, + "stix.common.names.Names": { + "name": "Name", + }, + "stix.common.profiles.Profiles": { + "profile": "Profile", + }, + "stix.common.references.References": { + "reference": "Reference", + }, + "stix.common.related.GenericRelationship": { + "confidence": "Confidence", + "information_source": "Information_Source", + "relationship": "Relationship", + }, + "stix.common.related.GenericRelationshipEntity": { + "scope": "@scope", + }, + "stix.common.related.RelatedCOA": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Course_Of_Action", + "relationship": "Relationship", + }, + "stix.common.related.RelatedCampaign": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Campaign", + "relationship": "Relationship", + }, + "stix.common.related.RelatedCampaignRef": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Campaign", + "relationship": "Relationship", + }, + "stix.common.related.RelatedExploitTarget": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Exploit_Target", + "relationship": "Relationship", + }, + "stix.common.related.RelatedIdentity": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Identity", + "relationship": "Relationship", + }, + "stix.common.related.RelatedIncident": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Incident", + "relationship": "Relationship", + }, + "stix.common.related.RelatedIndicator": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Indicator", + "relationship": "Relationship", + }, + "stix.common.related.RelatedObservable": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Observable", + "relationship": "Relationship", + }, + "stix.common.related.RelatedPackage": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Package", + "relationship": "Relationship", + }, + "stix.common.related.RelatedPackageRef": { + "confidence": "Confidence", + "idref": "@idref", + "information_source": "Information_Source", + "relationship": "Relationship", + "timestamp": "@timestamp", + }, + "stix.common.related.RelatedPackageRefs": { + "package": "Package_Reference", + }, + "stix.common.related.RelatedPackages": { + "related_package": "Related_Package", + "scope": "@scope", + }, + "stix.common.related.RelatedReport": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Report", + "relationship": "Relationship", + }, + "stix.common.related.RelatedReports": { + "related_report": "Related_Report", + "scope": "@scope", + }, + "stix.common.related.RelatedTTP": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "TTP", + "relationship": "Relationship", + }, + "stix.common.related.RelatedThreatActor": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Threat_Actor", + "relationship": "Relationship", + }, + "stix.common.related._BaseRelated": { + "confidence": "Confidence", + "information_source": "Information_Source", + "relationship": "Relationship", + }, + "stix.common.statement.Statement": { + "confidence": "Confidence", + "descriptions": "Description", + "source": "Source", + "timestamp": "@timestamp", + "timestamp_precision": "@timestamp_precision", + "value": "Value", + }, + "stix.common.structured_text.StructuredText": { + "id_": "@id", + "ordinality": "@ordinality", + "structuring_format": "@structuring_format", + "value": "text()", + }, + "stix.common.tools.ToolInformation": { + "description": "Description", + "id_": "@id", + "idref": "@idref", + "name": "Name", + "service_pack": "Service_Pack", + "short_descriptions": "Short_Description", + "title": "Title", + "tool_hashes": "Tool_Hashes", + "type_": "Type", + "vendor": "Vendor", + "version": "Version", + }, + "stix.common.vocabs.AssetType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.AttackerInfrastructureType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.AttackerToolType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.AvailabilityLossType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.AvailabilityLossType_1_1_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.COAStage_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.CampaignStatus_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.CourseOfActionType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.DiscoveryMethod_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.DiscoveryMethod_2_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.HighMediumLow_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ImpactQualification_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ImpactRating_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IncidentCategory_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IncidentEffect_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IncidentStatus_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IndicatorType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IndicatorType_1_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.InformationSourceRole_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.InformationType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IntendedEffect_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.LocationClass_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.LossDuration_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.LossProperty_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.MalwareType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ManagementClass_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.Motivation_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.Motivation_1_0_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.Motivation_1_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.OwnershipClass_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.PackageIntent_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.PlanningAndOperationalSupport_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.PlanningAndOperationalSupport_1_0_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ReportIntent_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.SecurityCompromise_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.SystemType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ThreatActorSophistication_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ThreatActorType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.Versioning_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.VocabString": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.core.Campaigns": { + "campaign": "Campaign", + }, + "stix.core.CoursesOfAction": { + "course_of_action": "Course_Of_Action", + }, + "stix.core.ExploitTargets": { + "exploit_target": "Exploit_Target", + }, + "stix.core.Incidents": { + "incident": "Incident", + }, + "stix.core.Indicators": { + "indicator": "Indicator", + }, + "stix.core.Reports": { + "report": "Report", + }, + "stix.core.ThreatActors": { + "threat_actor": "Threat_Actor", + }, + "stix.core.stix_header.STIXHeader": { + "descriptions": "Description", + "handling": "Handling", + "information_source": "Information_Source", + "package_intents": "Package_Intent", + "profiles": "Profiles", + "short_descriptions": "Short_Description", + "title": "Title", + }, + "stix.core.stix_package.STIXPackage": { + "campaigns": "Campaigns", + "courses_of_action": "Courses_Of_Action", + "exploit_targets": "Exploit_Targets", + "id_": "@id", + "idref": "@idref", + "incidents": "Incidents", + "indicators": "Indicators", + "observables": "Observables", + "related_packages": "Related_Packages", + "reports": "Reports", + "stix_header": "STIX_Header", + "threat_actors": "Threat_Actors", + "timestamp": "@timestamp", + "ttps": "TTPs", + "version": "@version", + }, + "stix.core.ttps.TTPs": { + "kill_chains": "Kill_Chains", + "ttps": "TTP", + }, + "stix.data_marking.Marking": { + "marking": "Marking", + }, + "stix.data_marking.MarkingSpecification": { + "controlled_structure": "Controlled_Structure", + "id_": "@id", + "idref": "@idref", + "information_source": "Information_Source", + "marking_structures": "Marking_Structure", + "version": "@version", + }, + "stix.data_marking.MarkingStructure": { + "id_": "@id", + "idref": "@idref", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + }, + "stix.exploit_target.ExploitTarget": { + "configuration": "Configuration", + "descriptions": "Description", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "information_source": "Information_Source", + "potential_coas": "Potential_COAs", + "related_exploit_targets": "Related_Exploit_Targets", + "related_packages": "Related_Packages", + "short_descriptions": "Short_Description", + "timestamp": "@timestamp", + "title": "Title", + "version": "@version", + "vulnerabilities": "Vulnerability", + "weaknesses": "Weakness", + }, + "stix.exploit_target.PotentialCOAs": { + "potential_coa": "Potential_COA", + "scope": "@scope", + }, + "stix.exploit_target.RelatedExploitTargets": { + "related_exploit_target": "Related_Exploit_Target", + "scope": "@scope", + }, + "stix.exploit_target.configuration.Configuration": { + "cce_id": "CCE_ID", + "descriptions": "Description", + "short_descriptions": "Short_Description", + }, + "stix.exploit_target.vulnerability.AffectedSoftware": { + "affected_software": "Affected_Software", + "scope": "@scope", + }, + "stix.exploit_target.vulnerability.CVSSVector": { + "base_score": "Base_Score", + "base_vector": "Base_Vector", + "environmental_score": "Environmental_Score", + "environmental_vector": "Environmental_Vector", + "overall_score": "Overall_Score", + "temporal_score": "Temporal_Score", + "temporal_vector": "Temporal_Vector", + }, + "stix.exploit_target.vulnerability.Vulnerability": { + "affected_software": "Affected_Software", + "cve_id": "CVE_ID", + "cvss_score": "CVSS_Score", + "descriptions": "Description", + "discovered_datetime": "Discovered_DateTime", + "is_known": "@is_known", + "is_publicly_acknowledged": "@is_publicly_acknowledged", + "osvdb_id": "OSVDB_ID", + "published_datetime": "Published_DateTime", + "references": "References", + "short_descriptions": "Short_Description", + "source": "Source", + "title": "Title", + }, + "stix.exploit_target.weakness.Weakness": { + "cwe_id": "CWE_ID", + "descriptions": "Description", + }, + "stix.extensions.identity.ciq_identity_3_0.CIQIdentity3_0Instance": { + "id_": "@id", + "idref": "@idref", + "name": "Name", + "related_identities": "Related_Identities", + }, + "stix.extensions.malware.maec_4_1_malware.MAECInstance": { + "descriptions": "Description", + "id_": "@id", + "idref": "@idref", + "maec": "MAEC", + "names": "Name", + "short_descriptions": "Short_Description", + "title": "Title", + "types": "Type", + }, + "stix.extensions.marking.ais.AISConsentType": { + "consent": "@consent", + }, + "stix.extensions.marking.ais.AISMarkingStructure": { + "id_": "@id", + "idref": "@idref", + "is_proprietary": "Is_Proprietary", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + "not_proprietary": "Not_Proprietary", + }, + "stix.extensions.marking.ais.IsProprietary": { + "ais_consent": "AISConsent", + "cisa_proprietary": "CISA_Proprietary", + "tlp_marking": "TLPMarking", + }, + "stix.extensions.marking.ais.NotProprietary": { + "ais_consent": "AISConsent", + "cisa_proprietary": "CISA_Proprietary", + "tlp_marking": "TLPMarking", + }, + "stix.extensions.marking.ais.TLPMarkingType": { + "color": "@color", + }, + "stix.extensions.marking.simple_marking.SimpleMarkingStructure": { + "id_": "@id", + "idref": "@idref", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + "statement": "Statement", + }, + "stix.extensions.marking.terms_of_use_marking.TermsOfUseMarkingStructure": { + "id_": "@id", + "idref": "@idref", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + "terms_of_use": "Terms_Of_Use", + }, + "stix.extensions.marking.tlp.TLPMarkingStructure": { + "color": "@color", + "id_": "@id", + "idref": "@idref", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + }, + "stix.extensions.structured_coa.generic_structured_coa.GenericStructuredCOA": { + "descriptions": "Description", + "id_": "@id", + "idref": "@idref", + "reference_location": "@reference_location", + "specification": "Specification", + "type_": "Type", + }, + "stix.extensions.test_mechanism.generic_test_mechanism.GenericTestMechanism": { + "descriptions": "Description", + "efficacy": "Efficacy", + "id_": "@id", + "idref": "@idref", + "producer": "Producer", + "reference_location": "@reference_location", + "specification": "Specification", + "type_": "Type", + }, + "stix.extensions.test_mechanism.open_ioc_2010_test_mechanism.OpenIOCTestMechanism": { + "efficacy": "Efficacy", + "id_": "@id", + "idref": "@idref", + "ioc": "@ioc", + "producer": "Producer", + }, + "stix.extensions.test_mechanism.snort_test_mechanism.SnortTestMechanism": { + "efficacy": "Efficacy", + "event_filters": "Event_Filter", + "event_suppressions": "Event_Suppression", + "id_": "@id", + "idref": "@idref", + "producer": "Producer", + "product_name": "Product_Name", + "rate_filters": "Rate_Filter", + "rules": "Rule", + "version": "Version", + }, + "stix.extensions.test_mechanism.yara_test_mechanism.YaraTestMechanism": { + "efficacy": "Efficacy", + "id_": "@id", + "idref": "@idref", + "producer": "Producer", + "rule": "Rule", + "version": "Version", + }, + "stix.incident.AffectedAssets": { + "affected_asset": "Affected_Asset", + }, + "stix.incident.AttributedThreatActors": { + "scope": "@scope", + "threat_actor": "Threat_Actor", + }, + "stix.incident.Incident": { + "affected_assets": "Affected_Assets", + "attributed_threat_actors": "Attributed_Threat_Actors", + "categories": "Categories", + "coa_requested": "COA_Requested", + "coa_taken": "COA_Taken", + "confidence": "Confidence", + "contacts": "Contact", + "coordinators": "Coordinator", + "descriptions": "Description", + "discovery_methods": "Discovery_Method", + "external_ids": "External_ID", + "handling": "Handling", + "history": "History", + "id_": "@id", + "idref": "@idref", + "impact_assessment": "Impact_Assessment", + "information_source": "Information_Source", + "intended_effects": "Intended_Effect", + "leveraged_ttps": "Leveraged_TTPs", + "related_incidents": "Related_Incidents", + "related_indicators": "Related_Indicators", + "related_observables": "Related_Observables", + "related_packages": "Related_Packages", + "reporter": "Reporter", + "responders": "Responder", + "security_compromise": "Security_Compromise", + "short_descriptions": "Short_Description", + "status": "Status", + "time": "Time", + "timestamp": "@timestamp", + "title": "Title", + "url": "URL", + "version": "@version", + "victims": "Victim", + }, + "stix.incident.IncidentCategories": { + "category": "Category", + }, + "stix.incident.LeveragedTTPs": { + "scope": "@scope", + "ttp": "Leveraged_TTP", + }, + "stix.incident.RelatedIncidents": { + "incident": "Related_Incident", + "scope": "@scope", + }, + "stix.incident.RelatedIndicators": { + "indicator": "Related_Indicator", + "scope": "@scope", + }, + "stix.incident.RelatedObservables": { + "observable": "Related_Observable", + "scope": "@scope", + }, + "stix.incident.affected_asset.AffectedAsset": { + "business_function_or_roles": "Business_Function_Or_Role", + "descriptions": "Description", + "location_class": "Location_Class", + "management_class": "Management_Class", + "nature_of_security_effect": "Nature_Of_Security_Effect", + "ownership_class": "Ownership_Class", + "structured_description": "Structured_Description", + "type_": "Type", + }, + "stix.incident.affected_asset.AssetType": { + "count_affected": "@count_affected", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.incident.affected_asset.NatureOfSecurityEffect": { + "nature_of_security_effect": "Property_Affected", + }, + "stix.incident.coa.COARequested": { + "contributors": "Contributors", + "course_of_action": "Course_Of_Action", + "priority": "@priority", + "time": "Time", + }, + "stix.incident.coa.COATaken": { + "contributors": "Contributors", + "course_of_action": "Course_Of_Action", + "time": "Time", + }, + "stix.incident.coa.COATime": { + "end": "End", + "start": "Start", + }, + "stix.incident.contributors.Contributors": { + "contributors": "Contributor", + }, + "stix.incident.direct_impact_summary.DirectImpactSummary": { + "asset_losses": "Asset_Losses", + "business_mission_disruption": "Business_Mission_Disruption", + "response_and_recovery_costs": "Response_And_Recovery_Costs", + }, + "stix.incident.external_id.ExternalID": { + "source": "@source", + "value": "text()", + }, + "stix.incident.history.History": { + "history_items": "History_Item", + }, + "stix.incident.history.HistoryItem": { + "action_entry": "Action_Entry", + "journal_entry": "Journal_Entry", + }, + "stix.incident.history.JournalEntry": { + "author": "@author", + "time": "@time", + "time_precision": "@time_precision", + "value": "text()", + }, + "stix.incident.impact_assessment.Effects": { + "effects": "Effect", + }, + "stix.incident.impact_assessment.ImpactAssessment": { + "direct_impact_summary": "Direct_Impact_Summary", + "effects": "Effects", + "impact_qualification": "Impact_Qualification", + "indirect_impact_summary": "Indirect_Impact_Summary", + "total_loss_estimation": "Total_Loss_Estimation", + }, + "stix.incident.indirect_impact_summary.IndirectImpactSummary": { + "brand_and_market_damage": "Brand_And_Market_Damage", + "increased_operating_costs": "Increased_Operating_Costs", + "legal_and_regulatory_costs": "Legal_And_Regulatory_Costs", + "loss_of_competitive_advantage": "Loss_Of_Competitive_Advantage", + }, + "stix.incident.loss_estimation.LossEstimation": { + "amount": "@amount", + "iso_currency_code": "@iso_currency_code", + }, + "stix.incident.property_affected.NonPublicDataCompromised": { + "data_encrypted": "@data_encrypted", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.incident.property_affected.PropertyAffected": { + "descriptions_of_effect": "Description_Of_Effect", + "duration_of_availability_loss": "Duration_Of_Availability_Loss", + "non_public_data_compromised": "Non_Public_Data_Compromised", + "property_": "Property", + "type_of_availability_loss": "Type_Of_Availability_Loss", + }, + "stix.incident.time.Time": { + "containment_achieved": "Containment_Achieved", + "first_data_exfiltration": "First_Data_Exfiltration", + "first_malicious_action": "First_Malicious_Action", + "incident_closed": "Incident_Closed", + "incident_discovery": "Incident_Discovery", + "incident_opened": "Incident_Opened", + "incident_reported": "Incident_Reported", + "initial_compromise": "Initial_Compromise", + "restoration_achieved": "Restoration_Achieved", + }, + "stix.incident.total_loss_estimation.TotalLossEstimation": { + "actual_total_loss_estimation": "Actual_Total_Loss_Estimation", + "initial_reported_total_loss_estimation": "Initial_Reported_Total_Loss_Estimation", + }, + "stix.indicator.indicator.CompositeIndicatorExpression": { + "indicator": "Indicator", + "operator": "@operator", + }, + "stix.indicator.indicator.Indicator": { + "alternative_id": "Alternative_ID", + "composite_indicator_expression": "Composite_Indicator_Expression", + "confidence": "Confidence", + "descriptions": "Description", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "indicated_ttps": "Indicated_TTP", + "indicator_types": "Type", + "kill_chain_phases": "Kill_Chain_Phases", + "likely_impact": "Likely_Impact", + "negate": "@negate", + "observable": "Observable", + "producer": "Producer", + "related_campaigns": "Related_Campaigns", + "related_indicators": "Related_Indicators", + "related_packages": "Related_Packages", + "short_descriptions": "Short_Description", + "sightings": "Sightings", + "suggested_coas": "Suggested_COAs", + "test_mechanisms": "Test_Mechanisms", + "timestamp": "@timestamp", + "title": "Title", + "valid_time_positions": "Valid_Time_Position", + "version": "@version", + }, + "stix.indicator.indicator.RelatedCampaignRefs": { + "related_campaign": "Related_Campaign", + "scope": "@scope", + }, + "stix.indicator.indicator.RelatedIndicators": { + "related_indicator": "Related_Indicator", + "scope": "@scope", + }, + "stix.indicator.indicator.SuggestedCOAs": { + "scope": "@scope", + "suggested_coa": "Suggested_COA", + }, + "stix.indicator.sightings.RelatedObservables": { + "observable": "Related_Observable", + "scope": "@scope", + }, + "stix.indicator.sightings.Sighting": { + "confidence": "Confidence", + "descriptions": "Description", + "reference": "Reference", + "related_observables": "Related_Observables", + "source": "Source", + "timestamp": "@timestamp", + "timestamp_precision": "@timestamp_precision", + }, + "stix.indicator.sightings.Sightings": { + "sighting": "Sighting", + "sightings_count": "@sightings_count", + }, + "stix.indicator.test_mechanism.TestMechanisms": { + "test_mechanism": "Test_Mechanism", + }, + "stix.indicator.test_mechanism._BaseTestMechanism": { + "efficacy": "Efficacy", + "id_": "@id", + "idref": "@idref", + "producer": "Producer", + }, + "stix.indicator.valid_time.ValidTime": { + "end_time": "End_Time", + "start_time": "Start_Time", + }, + "stix.report.Campaigns": { + "campaign": "Campaign", + }, + "stix.report.CoursesOfAction": { + "course_of_action": "Course_Of_Action", + }, + "stix.report.ExploitTargets": { + "exploit_target": "Exploit_Target", + }, + "stix.report.Incidents": { + "incident": "Incident", + }, + "stix.report.Indicators": { + "indicator": "Indicator", + }, + "stix.report.Report": { + "campaigns": "Campaigns", + "courses_of_action": "Courses_Of_Action", + "exploit_targets": "Exploit_Targets", + "header": "Header", + "id_": "@id", + "idref": "@idref", + "incidents": "Incidents", + "indicators": "Indicators", + "observables": "Observables", + "related_reports": "Related_Reports", + "threat_actors": "Threat_Actors", + "timestamp": "@timestamp", + "ttps": "TTPs", + "version": "@version", + }, + "stix.report.ThreatActors": { + "threat_actor": "Threat_Actor", + }, + "stix.report.header.Header": { + "descriptions": "Description", + "handling": "Handling", + "information_source": "Information_Source", + "intents": "Intent", + "short_descriptions": "Short_Description", + "title": "Title", + }, + "stix.threat_actor.AssociatedActors": { + "associated_actor": "Associated_Actor", + "scope": "@scope", + }, + "stix.threat_actor.AssociatedCampaigns": { + "associated_campaign": "Associated_Campaign", + "scope": "@scope", + }, + "stix.threat_actor.ObservedTTPs": { + "observed_ttp": "Observed_TTP", + "scope": "@scope", + }, + "stix.threat_actor.ThreatActor": { + "associated_actors": "Associated_Actors", + "associated_campaigns": "Associated_Campaigns", + "confidence": "Confidence", + "descriptions": "Description", + "handling": "Handling", + "id_": "@id", + "identity": "Identity", + "idref": "@idref", + "information_source": "Information_Source", + "intended_effects": "Intended_Effect", + "motivations": "Motivation", + "observed_ttps": "Observed_TTPs", + "planning_and_operational_supports": "Planning_And_Operational_Support", + "related_packages": "Related_Packages", + "short_descriptions": "Short_Description", + "sophistications": "Sophistication", + "timestamp": "@timestamp", + "title": "Title", + "types": "Type", + "version": "@version", + }, + "stix.ttp.TTP": { + "behavior": "Behavior", + "descriptions": "Description", + "exploit_targets": "Exploit_Targets", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "information_source": "Information_Source", + "intended_effects": "Intended_Effect", + "kill_chain_phases": "Kill_Chain_Phases", + "related_packages": "Related_Packages", + "related_ttps": "Related_TTPs", + "resources": "Resources", + "short_descriptions": "Short_Description", + "timestamp": "@timestamp", + "title": "Title", + "version": "@version", + "victim_targeting": "Victim_Targeting", + }, + "stix.ttp.attack_pattern.AttackPattern": { + "capec_id": "@capec_id", + "descriptions": "Description", + "id_": "@id", + "idref": "@idref", + "short_descriptions": "Short_Description", + "title": "Title", + }, + "stix.ttp.behavior.AttackPatterns": { + "attack_pattern": "Attack_Pattern", + }, + "stix.ttp.behavior.Behavior": { + "attack_patterns": "Attack_Patterns", + "exploits": "Exploits", + "malware_instances": "Malware", + }, + "stix.ttp.behavior.Exploits": { + "exploit": "Exploit", + }, + "stix.ttp.behavior.MalwareInstances": { + "malware_instance": "Malware_Instance", + }, + "stix.ttp.exploit.Exploit": { + "descriptions": "Description", + "id_": "@id", + "idref": "@idref", + "short_descriptions": "Short_Description", + "title": "Title", + }, + "stix.ttp.exploit_targets.ExploitTargets": { + "exploit_target": "Exploit_Target", + "scope": "@scope", + }, + "stix.ttp.infrastructure.Infrastructure": { + "descriptions": "Description", + "id_": "@id", + "idref": "@idref", + "observable_characterization": "Observable_Characterization", + "short_descriptions": "Short_Description", + "title": "Title", + "types": "Type", + }, + "stix.ttp.malware_instance.MalwareInstance": { + "descriptions": "Description", + "id_": "@id", + "idref": "@idref", + "names": "Name", + "short_descriptions": "Short_Description", + "title": "Title", + "types": "Type", + }, + "stix.ttp.related_ttps.RelatedTTPs": { + "related_ttp": "Related_TTP", + "scope": "@scope", + }, + "stix.ttp.resource.Personas": { + "persona": "Persona", + }, + "stix.ttp.resource.Resource": { + "infrastructure": "Infrastructure", + "personas": "Personas", + "tools": "Tools", + }, + "stix.ttp.resource.Tools": { + "tool": "Tool", + }, + "stix.ttp.victim_targeting.VictimTargeting": { + "identity": "Identity", + "targeted_information": "Targeted_Information", + "targeted_systems": "Targeted_Systems", + }, +} diff --git a/stixmarx/fields/stix/stix1205.py b/stixmarx/fields/stix/stix1205.py new file mode 100644 index 0000000..3b6bbab --- /dev/null +++ b/stixmarx/fields/stix/stix1205.py @@ -0,0 +1,1248 @@ +# Copyright (c) 2018, The MITRE Corporation. All rights reserved. +# See LICENSE.txt for complete terms. + +# This is an auto-generated file. +# stix - 1.2.0.5 + +__date__ = "2018-03-19 13:26:03.343339" + + +# Maps Python instance attribute names to XML instance field names for +# Python API classes. +_FIELDS = { + "cybox.common.contributor.Contributor": { + "contribution_location": "Contribution_Location", + "date": "Date", + "email": "Email", + "name": "Name", + "organization": "Organization", + "phone": "Phone", + "role": "Role", + }, + "cybox.common.object_properties.ObjectProperties": { + "custom_properties": "Custom_Properties", + "object_reference": "@object_reference", + }, + "cybox.common.structured_text.StructuredText": { + "structuring_format": "@structuring_format", + "value": "text()", + }, + "cybox.common.time.Time": { + "end_time": "End_Time", + "produced_time": "Produced_Time", + "received_time": "Received_Time", + "start_time": "Start_Time", + }, + "cybox.common.tools.ToolInformationList": { + "tool": "Tool", + }, + "cybox.core.observable.Observable": { + "description": "Description", + "event": "Event", + "id_": "@id", + "idref": "@idref", + "keywords": "Keywords", + "object_": "Object", + "observable_composition": "Observable_Composition", + "observable_source": "Observable_Source", + "pattern_fidelity": "Pattern_Fidelity", + "sighting_count": "@sighting_count", + "title": "Title", + }, + "cybox.core.observable.ObservableComposition": { + "observables": "Observable", + "operator": "@operator", + }, + "cybox.core.observable.Observables": { + "observable_package_source": "Observable_Package_Source", + "observables": "Observable", + "pools": "Pools", + }, + "cybox.objects.file_object.File": { + "accessed_time": "Accessed_Time", + "byte_runs": "Byte_Runs", + "compression_comment": "Compression_Comment", + "compression_method": "Compression_Method", + "compression_version": "Compression_Version", + "created_time": "Created_Time", + "custom_properties": "Custom_Properties", + "decryption_key": "Decryption_Key", + "device_path": "Device_Path", + "digital_signatures": "Digital_Signatures", + "encryption_algorithm": "Encryption_Algorithm", + "extracted_features": "Extracted_Features", + "file_attributes_list": "File_Attributes_List", + "file_extension": "File_Extension", + "file_format": "File_Format", + "file_name": "File_Name", + "file_path": "File_Path", + "full_path": "Full_Path", + "hashes": "Hashes", + "is_masqueraded": "@is_masqueraded", + "is_packed": "@is_packed", + "magic_number": "Magic_Number", + "modified_time": "Modified_Time", + "object_reference": "@object_reference", + "packer_list": "Packer_List", + "peak_entropy": "Peak_Entropy", + "permissions": "Permissions", + "size_in_bytes": "Size_In_Bytes", + "sym_links": "Sym_Links", + "user_owner": "User_Owner", + }, + "stix.base.BaseCoreComponent": { + "descriptions": "Description", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "short_descriptions": "Short_Description", + "timestamp": "@timestamp", + "title": "Title", + "version": "@version", + }, + "stix.campaign.AssociatedCampaigns": { + "campaign": "Associated_Campaign", + "scope": "@scope", + }, + "stix.campaign.Attribution": { + "scope": "@scope", + "threat_actor": "Attributed_Threat_Actor", + }, + "stix.campaign.Campaign": { + "activity": "Activity", + "associated_campaigns": "Associated_Campaigns", + "attribution": "Attribution", + "confidence": "Confidence", + "descriptions": "Description", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "information_source": "Information_Source", + "intended_effects": "Intended_Effect", + "names": "Names", + "related_incidents": "Related_Incidents", + "related_indicators": "Related_Indicators", + "related_packages": "Related_Packages", + "related_ttps": "Related_TTPs", + "short_descriptions": "Short_Description", + "status": "Status", + "timestamp": "@timestamp", + "title": "Title", + "version": "@version", + }, + "stix.campaign.Names": { + "name": "Name", + }, + "stix.campaign.RelatedIncidents": { + "incident": "Related_Incident", + "scope": "@scope", + }, + "stix.campaign.RelatedIndicators": { + "indicator": "Related_Indicator", + "scope": "@scope", + }, + "stix.campaign.RelatedTTPs": { + "scope": "@scope", + "ttp": "Related_TTP", + }, + "stix.coa.CourseOfAction": { + "cost": "Cost", + "descriptions": "Description", + "efficacy": "Efficacy", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "impact": "Impact", + "information_source": "Information_Source", + "objective": "Objective", + "parameter_observables": "Parameter_Observables", + "related_coas": "Related_COAs", + "related_packages": "Related_Packages", + "short_descriptions": "Short_Description", + "stage": "Stage", + "structured_coa": "Structured_COA", + "timestamp": "@timestamp", + "title": "Title", + "type_": "Type", + "version": "@version", + }, + "stix.coa.RelatedCOAs": { + "related_coa": "Related_COA", + "scope": "@scope", + }, + "stix.coa.objective.Objective": { + "applicability_confidence": "Applicability_Confidence", + "descriptions": "Description", + "short_descriptions": "Short_Description", + }, + "stix.coa.structured_coa._BaseStructuredCOA": { + "id_": "@id", + "idref": "@idref", + }, + "stix.common.EncodedCDATA": { + "encoded": "@encoded", + "value": "text()", + }, + "stix.common.activity.Activity": { + "date_time": "Date_Time", + "descriptions": "Description", + }, + "stix.common.campaign_reference.CampaignRef": { + "idref": "@idref", + "names": "Names", + "timestamp": "@timestamp", + }, + "stix.common.confidence.Confidence": { + "descriptions": "Description", + "source": "Source", + "timestamp": "@timestamp", + "timestamp_precision": "@timestamp_precision", + "value": "Value", + }, + "stix.common.datetimewithprecision.DateTimeWithPrecision": { + "precision": "@precision", + "value": "text()", + }, + "stix.common.identity.Identity": { + "id_": "@id", + "idref": "@idref", + "name": "Name", + "related_identities": "Related_Identities", + }, + "stix.common.identity.RelatedIdentities": { + "related_identity": "Related_Identity", + }, + "stix.common.information_source.ContributingSources": { + "source": "Source", + }, + "stix.common.information_source.InformationSource": { + "contributing_sources": "Contributing_Sources", + "descriptions": "Description", + "identity": "Identity", + "references": "References", + "roles": "Role", + "time": "Time", + "tools": "Tools", + }, + "stix.common.kill_chains.KillChain": { + "definer": "@definer", + "id_": "@id", + "kill_chain_phases": "Kill_Chain_Phase", + "name": "@name", + "number_of_phases": "@number_of_phases", + "reference": "@reference", + }, + "stix.common.kill_chains.KillChainPhase": { + "name": "@name", + "ordinality": "@ordinality", + "phase_id": "@phase_id", + }, + "stix.common.kill_chains.KillChainPhaseReference": { + "kill_chain_id": "@kill_chain_id", + "kill_chain_name": "@kill_chain_name", + "name": "@name", + "ordinality": "@ordinality", + "phase_id": "@phase_id", + }, + "stix.common.kill_chains.KillChainPhasesReference": { + "kill_chain_phase": "Kill_Chain_Phase", + }, + "stix.common.kill_chains.KillChains": { + "kill_chain": "Kill_Chain", + }, + "stix.common.names.Names": { + "name": "Name", + }, + "stix.common.profiles.Profiles": { + "profile": "Profile", + }, + "stix.common.references.References": { + "reference": "Reference", + }, + "stix.common.related.GenericRelationship": { + "confidence": "Confidence", + "information_source": "Information_Source", + "relationship": "Relationship", + }, + "stix.common.related.GenericRelationshipEntity": { + "scope": "@scope", + }, + "stix.common.related.RelatedCOA": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Course_Of_Action", + "relationship": "Relationship", + }, + "stix.common.related.RelatedCampaign": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Campaign", + "relationship": "Relationship", + }, + "stix.common.related.RelatedCampaignRef": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Campaign", + "relationship": "Relationship", + }, + "stix.common.related.RelatedExploitTarget": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Exploit_Target", + "relationship": "Relationship", + }, + "stix.common.related.RelatedIdentity": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Identity", + "relationship": "Relationship", + }, + "stix.common.related.RelatedIncident": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Incident", + "relationship": "Relationship", + }, + "stix.common.related.RelatedIndicator": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Indicator", + "relationship": "Relationship", + }, + "stix.common.related.RelatedObservable": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Observable", + "relationship": "Relationship", + }, + "stix.common.related.RelatedPackage": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Package", + "relationship": "Relationship", + }, + "stix.common.related.RelatedPackageRef": { + "confidence": "Confidence", + "idref": "@idref", + "information_source": "Information_Source", + "relationship": "Relationship", + "timestamp": "@timestamp", + }, + "stix.common.related.RelatedPackageRefs": { + "package": "Package_Reference", + }, + "stix.common.related.RelatedPackages": { + "related_package": "Related_Package", + "scope": "@scope", + }, + "stix.common.related.RelatedReport": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Report", + "relationship": "Relationship", + }, + "stix.common.related.RelatedReports": { + "related_report": "Related_Report", + "scope": "@scope", + }, + "stix.common.related.RelatedTTP": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "TTP", + "relationship": "Relationship", + }, + "stix.common.related.RelatedThreatActor": { + "confidence": "Confidence", + "information_source": "Information_Source", + "item": "Threat_Actor", + "relationship": "Relationship", + }, + "stix.common.related._BaseRelated": { + "confidence": "Confidence", + "information_source": "Information_Source", + "relationship": "Relationship", + }, + "stix.common.statement.Statement": { + "confidence": "Confidence", + "descriptions": "Description", + "source": "Source", + "timestamp": "@timestamp", + "timestamp_precision": "@timestamp_precision", + "value": "Value", + }, + "stix.common.structured_text.StructuredText": { + "id_": "@id", + "ordinality": "@ordinality", + "structuring_format": "@structuring_format", + "value": "text()", + }, + "stix.common.tools.ToolInformation": { + "description": "Description", + "id_": "@id", + "idref": "@idref", + "name": "Name", + "service_pack": "Service_Pack", + "short_descriptions": "Short_Description", + "title": "Title", + "tool_hashes": "Tool_Hashes", + "type_": "Type", + "vendor": "Vendor", + "version": "Version", + }, + "stix.common.vocabs.AssetType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.AttackerInfrastructureType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.AttackerToolType_1_0": { + "apply_condition": "@apply_condition", + "bit_mask": "@bit_mask", + "condition": "@condition", + "delimiter": "@delimiter", + "has_changed": "@has_changed", + "is_case_sensitive": "@is_case_sensitive", + "pattern_type": "@pattern_type", + "regex_syntax": "@regex_syntax", + "trend": "@trend", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.AvailabilityLossType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.AvailabilityLossType_1_1_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.COAStage_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.CampaignStatus_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.CourseOfActionType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.DiscoveryMethod_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.DiscoveryMethod_2_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.HighMediumLow_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ImpactQualification_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ImpactRating_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IncidentCategory_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IncidentEffect_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IncidentStatus_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IndicatorType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IndicatorType_1_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.InformationSourceRole_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.InformationType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.IntendedEffect_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.LocationClass_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.LossDuration_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.LossProperty_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.MalwareType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ManagementClass_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.Motivation_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.Motivation_1_0_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.Motivation_1_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.OwnershipClass_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.PackageIntent_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.PlanningAndOperationalSupport_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.PlanningAndOperationalSupport_1_0_1": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ReportIntent_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.SecurityCompromise_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.SystemType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ThreatActorSophistication_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.ThreatActorType_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.Versioning_1_0": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.common.vocabs.VocabString": { + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.core.Campaigns": { + "campaign": "Campaign", + }, + "stix.core.CoursesOfAction": { + "course_of_action": "Course_Of_Action", + }, + "stix.core.ExploitTargets": { + "exploit_target": "Exploit_Target", + }, + "stix.core.Incidents": { + "incident": "Incident", + }, + "stix.core.Indicators": { + "indicator": "Indicator", + }, + "stix.core.Reports": { + "report": "Report", + }, + "stix.core.ThreatActors": { + "threat_actor": "Threat_Actor", + }, + "stix.core.stix_header.STIXHeader": { + "descriptions": "Description", + "handling": "Handling", + "information_source": "Information_Source", + "package_intents": "Package_Intent", + "profiles": "Profiles", + "short_descriptions": "Short_Description", + "title": "Title", + }, + "stix.core.stix_package.STIXPackage": { + "campaigns": "Campaigns", + "courses_of_action": "Courses_Of_Action", + "exploit_targets": "Exploit_Targets", + "id_": "@id", + "idref": "@idref", + "incidents": "Incidents", + "indicators": "Indicators", + "observables": "Observables", + "related_packages": "Related_Packages", + "reports": "Reports", + "stix_header": "STIX_Header", + "threat_actors": "Threat_Actors", + "timestamp": "@timestamp", + "ttps": "TTPs", + "version": "@version", + }, + "stix.core.ttps.TTPs": { + "kill_chains": "Kill_Chains", + "ttps": "TTP", + }, + "stix.data_marking.Marking": { + "marking": "Marking", + }, + "stix.data_marking.MarkingSpecification": { + "controlled_structure": "Controlled_Structure", + "id_": "@id", + "idref": "@idref", + "information_source": "Information_Source", + "marking_structures": "Marking_Structure", + "version": "@version", + }, + "stix.data_marking.MarkingStructure": { + "id_": "@id", + "idref": "@idref", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + }, + "stix.exploit_target.ExploitTarget": { + "configuration": "Configuration", + "descriptions": "Description", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "information_source": "Information_Source", + "potential_coas": "Potential_COAs", + "related_exploit_targets": "Related_Exploit_Targets", + "related_packages": "Related_Packages", + "short_descriptions": "Short_Description", + "timestamp": "@timestamp", + "title": "Title", + "version": "@version", + "vulnerabilities": "Vulnerability", + "weaknesses": "Weakness", + }, + "stix.exploit_target.PotentialCOAs": { + "potential_coa": "Potential_COA", + "scope": "@scope", + }, + "stix.exploit_target.RelatedExploitTargets": { + "related_exploit_target": "Related_Exploit_Target", + "scope": "@scope", + }, + "stix.exploit_target.configuration.Configuration": { + "cce_id": "CCE_ID", + "descriptions": "Description", + "short_descriptions": "Short_Description", + }, + "stix.exploit_target.vulnerability.AffectedSoftware": { + "affected_software": "Affected_Software", + "scope": "@scope", + }, + "stix.exploit_target.vulnerability.CVSSVector": { + "base_score": "Base_Score", + "base_vector": "Base_Vector", + "environmental_score": "Environmental_Score", + "environmental_vector": "Environmental_Vector", + "overall_score": "Overall_Score", + "temporal_score": "Temporal_Score", + "temporal_vector": "Temporal_Vector", + }, + "stix.exploit_target.vulnerability.Vulnerability": { + "affected_software": "Affected_Software", + "cve_id": "CVE_ID", + "cvss_score": "CVSS_Score", + "descriptions": "Description", + "discovered_datetime": "Discovered_DateTime", + "is_known": "@is_known", + "is_publicly_acknowledged": "@is_publicly_acknowledged", + "osvdb_id": "OSVDB_ID", + "published_datetime": "Published_DateTime", + "references": "References", + "short_descriptions": "Short_Description", + "source": "Source", + "title": "Title", + }, + "stix.exploit_target.weakness.Weakness": { + "cwe_id": "CWE_ID", + "descriptions": "Description", + }, + "stix.extensions.identity.ciq_identity_3_0.CIQIdentity3_0Instance": { + "id_": "@id", + "idref": "@idref", + "name": "Name", + "related_identities": "Related_Identities", + }, + "stix.extensions.malware.maec_4_1_malware.MAECInstance": { + "descriptions": "Description", + "id_": "@id", + "idref": "@idref", + "maec": "MAEC", + "names": "Name", + "short_descriptions": "Short_Description", + "title": "Title", + "types": "Type", + }, + "stix.extensions.marking.ais.AISConsentType": { + "consent": "@consent", + }, + "stix.extensions.marking.ais.AISMarkingStructure": { + "id_": "@id", + "idref": "@idref", + "is_proprietary": "Is_Proprietary", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + "not_proprietary": "Not_Proprietary", + }, + "stix.extensions.marking.ais.IsProprietary": { + "ais_consent": "AISConsent", + "cisa_proprietary": "CISA_Proprietary", + "tlp_marking": "TLPMarking", + }, + "stix.extensions.marking.ais.NotProprietary": { + "ais_consent": "AISConsent", + "cisa_proprietary": "CISA_Proprietary", + "tlp_marking": "TLPMarking", + }, + "stix.extensions.marking.ais.TLPMarkingType": { + "color": "@color", + }, + "stix.extensions.marking.simple_marking.SimpleMarkingStructure": { + "id_": "@id", + "idref": "@idref", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + "statement": "Statement", + }, + "stix.extensions.marking.terms_of_use_marking.TermsOfUseMarkingStructure": { + "id_": "@id", + "idref": "@idref", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + "terms_of_use": "Terms_Of_Use", + }, + "stix.extensions.marking.tlp.TLPMarkingStructure": { + "color": "@color", + "id_": "@id", + "idref": "@idref", + "marking_model_name": "@marking_model_name", + "marking_model_ref": "@marking_model_ref", + }, + "stix.extensions.structured_coa.generic_structured_coa.GenericStructuredCOA": { + "descriptions": "Description", + "id_": "@id", + "idref": "@idref", + "reference_location": "@reference_location", + "specification": "Specification", + "type_": "Type", + }, + "stix.extensions.test_mechanism.generic_test_mechanism.GenericTestMechanism": { + "descriptions": "Description", + "efficacy": "Efficacy", + "id_": "@id", + "idref": "@idref", + "producer": "Producer", + "reference_location": "@reference_location", + "specification": "Specification", + "type_": "Type", + }, + "stix.extensions.test_mechanism.open_ioc_2010_test_mechanism.OpenIOCTestMechanism": { + "efficacy": "Efficacy", + "id_": "@id", + "idref": "@idref", + "ioc": "@ioc", + "producer": "Producer", + }, + "stix.extensions.test_mechanism.snort_test_mechanism.SnortTestMechanism": { + "efficacy": "Efficacy", + "event_filters": "Event_Filter", + "event_suppressions": "Event_Suppression", + "id_": "@id", + "idref": "@idref", + "producer": "Producer", + "product_name": "Product_Name", + "rate_filters": "Rate_Filter", + "rules": "Rule", + "version": "Version", + }, + "stix.extensions.test_mechanism.yara_test_mechanism.YaraTestMechanism": { + "efficacy": "Efficacy", + "id_": "@id", + "idref": "@idref", + "producer": "Producer", + "rule": "Rule", + "version": "Version", + }, + "stix.incident.AffectedAssets": { + "affected_asset": "Affected_Asset", + }, + "stix.incident.AttributedThreatActors": { + "scope": "@scope", + "threat_actor": "Threat_Actor", + }, + "stix.incident.Incident": { + "affected_assets": "Affected_Assets", + "attributed_threat_actors": "Attributed_Threat_Actors", + "categories": "Categories", + "coa_requested": "COA_Requested", + "coa_taken": "COA_Taken", + "confidence": "Confidence", + "contacts": "Contact", + "coordinators": "Coordinator", + "descriptions": "Description", + "discovery_methods": "Discovery_Method", + "external_ids": "External_ID", + "handling": "Handling", + "history": "History", + "id_": "@id", + "idref": "@idref", + "impact_assessment": "Impact_Assessment", + "information_source": "Information_Source", + "intended_effects": "Intended_Effect", + "leveraged_ttps": "Leveraged_TTPs", + "related_incidents": "Related_Incidents", + "related_indicators": "Related_Indicators", + "related_observables": "Related_Observables", + "related_packages": "Related_Packages", + "reporter": "Reporter", + "responders": "Responder", + "security_compromise": "Security_Compromise", + "short_descriptions": "Short_Description", + "status": "Status", + "time": "Time", + "timestamp": "@timestamp", + "title": "Title", + "url": "URL", + "version": "@version", + "victims": "Victim", + }, + "stix.incident.IncidentCategories": { + "category": "Category", + }, + "stix.incident.LeveragedTTPs": { + "scope": "@scope", + "ttp": "Leveraged_TTP", + }, + "stix.incident.RelatedIncidents": { + "incident": "Related_Incident", + "scope": "@scope", + }, + "stix.incident.RelatedIndicators": { + "indicator": "Related_Indicator", + "scope": "@scope", + }, + "stix.incident.RelatedObservables": { + "observable": "Related_Observable", + "scope": "@scope", + }, + "stix.incident.affected_asset.AffectedAsset": { + "business_function_or_roles": "Business_Function_Or_Role", + "descriptions": "Description", + "location_class": "Location_Class", + "management_class": "Management_Class", + "nature_of_security_effect": "Nature_Of_Security_Effect", + "ownership_class": "Ownership_Class", + "structured_description": "Structured_Description", + "type_": "Type", + }, + "stix.incident.affected_asset.AssetType": { + "count_affected": "@count_affected", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.incident.affected_asset.NatureOfSecurityEffect": { + "nature_of_security_effect": "Property_Affected", + }, + "stix.incident.coa.COARequested": { + "contributors": "Contributors", + "course_of_action": "Course_Of_Action", + "priority": "@priority", + "time": "Time", + }, + "stix.incident.coa.COATaken": { + "contributors": "Contributors", + "course_of_action": "Course_Of_Action", + "time": "Time", + }, + "stix.incident.coa.COATime": { + "end": "End", + "start": "Start", + }, + "stix.incident.contributors.Contributors": { + "contributors": "Contributor", + }, + "stix.incident.direct_impact_summary.DirectImpactSummary": { + "asset_losses": "Asset_Losses", + "business_mission_disruption": "Business_Mission_Disruption", + "response_and_recovery_costs": "Response_And_Recovery_Costs", + }, + "stix.incident.external_id.ExternalID": { + "source": "@source", + "value": "text()", + }, + "stix.incident.history.History": { + "history_items": "History_Item", + }, + "stix.incident.history.HistoryItem": { + "action_entry": "Action_Entry", + "journal_entry": "Journal_Entry", + }, + "stix.incident.history.JournalEntry": { + "author": "@author", + "time": "@time", + "time_precision": "@time_precision", + "value": "text()", + }, + "stix.incident.impact_assessment.Effects": { + "effects": "Effect", + }, + "stix.incident.impact_assessment.ImpactAssessment": { + "direct_impact_summary": "Direct_Impact_Summary", + "effects": "Effects", + "impact_qualification": "Impact_Qualification", + "indirect_impact_summary": "Indirect_Impact_Summary", + "total_loss_estimation": "Total_Loss_Estimation", + }, + "stix.incident.indirect_impact_summary.IndirectImpactSummary": { + "brand_and_market_damage": "Brand_And_Market_Damage", + "increased_operating_costs": "Increased_Operating_Costs", + "legal_and_regulatory_costs": "Legal_And_Regulatory_Costs", + "loss_of_competitive_advantage": "Loss_Of_Competitive_Advantage", + }, + "stix.incident.loss_estimation.LossEstimation": { + "amount": "@amount", + "iso_currency_code": "@iso_currency_code", + }, + "stix.incident.property_affected.NonPublicDataCompromised": { + "data_encrypted": "@data_encrypted", + "value": "text()", + "vocab_name": "@vocab_name", + "vocab_reference": "@vocab_reference", + }, + "stix.incident.property_affected.PropertyAffected": { + "descriptions_of_effect": "Description_Of_Effect", + "duration_of_availability_loss": "Duration_Of_Availability_Loss", + "non_public_data_compromised": "Non_Public_Data_Compromised", + "property_": "Property", + "type_of_availability_loss": "Type_Of_Availability_Loss", + }, + "stix.incident.time.Time": { + "containment_achieved": "Containment_Achieved", + "first_data_exfiltration": "First_Data_Exfiltration", + "first_malicious_action": "First_Malicious_Action", + "incident_closed": "Incident_Closed", + "incident_discovery": "Incident_Discovery", + "incident_opened": "Incident_Opened", + "incident_reported": "Incident_Reported", + "initial_compromise": "Initial_Compromise", + "restoration_achieved": "Restoration_Achieved", + }, + "stix.incident.total_loss_estimation.TotalLossEstimation": { + "actual_total_loss_estimation": "Actual_Total_Loss_Estimation", + "initial_reported_total_loss_estimation": "Initial_Reported_Total_Loss_Estimation", + }, + "stix.indicator.indicator.CompositeIndicatorExpression": { + "indicator": "Indicator", + "operator": "@operator", + }, + "stix.indicator.indicator.Indicator": { + "alternative_id": "Alternative_ID", + "composite_indicator_expression": "Composite_Indicator_Expression", + "confidence": "Confidence", + "descriptions": "Description", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "indicated_ttps": "Indicated_TTP", + "indicator_types": "Type", + "kill_chain_phases": "Kill_Chain_Phases", + "likely_impact": "Likely_Impact", + "negate": "@negate", + "observable": "Observable", + "producer": "Producer", + "related_campaigns": "Related_Campaigns", + "related_indicators": "Related_Indicators", + "related_packages": "Related_Packages", + "short_descriptions": "Short_Description", + "sightings": "Sightings", + "suggested_coas": "Suggested_COAs", + "test_mechanisms": "Test_Mechanisms", + "timestamp": "@timestamp", + "title": "Title", + "valid_time_positions": "Valid_Time_Position", + "version": "@version", + }, + "stix.indicator.indicator.RelatedCampaignRefs": { + "related_campaign": "Related_Campaign", + "scope": "@scope", + }, + "stix.indicator.indicator.RelatedIndicators": { + "related_indicator": "Related_Indicator", + "scope": "@scope", + }, + "stix.indicator.indicator.SuggestedCOAs": { + "scope": "@scope", + "suggested_coa": "Suggested_COA", + }, + "stix.indicator.sightings.RelatedObservables": { + "observable": "Related_Observable", + "scope": "@scope", + }, + "stix.indicator.sightings.Sighting": { + "confidence": "Confidence", + "descriptions": "Description", + "reference": "Reference", + "related_observables": "Related_Observables", + "source": "Source", + "timestamp": "@timestamp", + "timestamp_precision": "@timestamp_precision", + }, + "stix.indicator.sightings.Sightings": { + "sighting": "Sighting", + "sightings_count": "@sightings_count", + }, + "stix.indicator.test_mechanism.TestMechanisms": { + "test_mechanism": "Test_Mechanism", + }, + "stix.indicator.test_mechanism._BaseTestMechanism": { + "efficacy": "Efficacy", + "id_": "@id", + "idref": "@idref", + "producer": "Producer", + }, + "stix.indicator.valid_time.ValidTime": { + "end_time": "End_Time", + "start_time": "Start_Time", + }, + "stix.report.Campaigns": { + "campaign": "Campaign", + }, + "stix.report.CoursesOfAction": { + "course_of_action": "Course_Of_Action", + }, + "stix.report.ExploitTargets": { + "exploit_target": "Exploit_Target", + }, + "stix.report.Incidents": { + "incident": "Incident", + }, + "stix.report.Indicators": { + "indicator": "Indicator", + }, + "stix.report.Report": { + "campaigns": "Campaigns", + "courses_of_action": "Courses_Of_Action", + "exploit_targets": "Exploit_Targets", + "header": "Header", + "id_": "@id", + "idref": "@idref", + "incidents": "Incidents", + "indicators": "Indicators", + "observables": "Observables", + "related_reports": "Related_Reports", + "threat_actors": "Threat_Actors", + "timestamp": "@timestamp", + "ttps": "TTPs", + "version": "@version", + }, + "stix.report.TTPs": { + "ttp": "TTP", + }, + "stix.report.ThreatActors": { + "threat_actor": "Threat_Actor", + }, + "stix.report.header.Header": { + "descriptions": "Description", + "handling": "Handling", + "information_source": "Information_Source", + "intents": "Intent", + "short_descriptions": "Short_Description", + "title": "Title", + }, + "stix.threat_actor.AssociatedActors": { + "associated_actor": "Associated_Actor", + "scope": "@scope", + }, + "stix.threat_actor.AssociatedCampaigns": { + "associated_campaign": "Associated_Campaign", + "scope": "@scope", + }, + "stix.threat_actor.ObservedTTPs": { + "observed_ttp": "Observed_TTP", + "scope": "@scope", + }, + "stix.threat_actor.ThreatActor": { + "associated_actors": "Associated_Actors", + "associated_campaigns": "Associated_Campaigns", + "confidence": "Confidence", + "descriptions": "Description", + "handling": "Handling", + "id_": "@id", + "identity": "Identity", + "idref": "@idref", + "information_source": "Information_Source", + "intended_effects": "Intended_Effect", + "motivations": "Motivation", + "observed_ttps": "Observed_TTPs", + "planning_and_operational_supports": "Planning_And_Operational_Support", + "related_packages": "Related_Packages", + "short_descriptions": "Short_Description", + "sophistications": "Sophistication", + "timestamp": "@timestamp", + "title": "Title", + "types": "Type", + "version": "@version", + }, + "stix.ttp.TTP": { + "behavior": "Behavior", + "descriptions": "Description", + "exploit_targets": "Exploit_Targets", + "handling": "Handling", + "id_": "@id", + "idref": "@idref", + "information_source": "Information_Source", + "intended_effects": "Intended_Effect", + "kill_chain_phases": "Kill_Chain_Phases", + "related_packages": "Related_Packages", + "related_ttps": "Related_TTPs", + "resources": "Resources", + "short_descriptions": "Short_Description", + "timestamp": "@timestamp", + "title": "Title", + "version": "@version", + "victim_targeting": "Victim_Targeting", + }, + "stix.ttp.attack_pattern.AttackPattern": { + "capec_id": "@capec_id", + "descriptions": "Description", + "id_": "@id", + "idref": "@idref", + "short_descriptions": "Short_Description", + "title": "Title", + }, + "stix.ttp.behavior.AttackPatterns": { + "attack_pattern": "Attack_Pattern", + }, + "stix.ttp.behavior.Behavior": { + "attack_patterns": "Attack_Patterns", + "exploits": "Exploits", + "malware_instances": "Malware", + }, + "stix.ttp.behavior.Exploits": { + "exploit": "Exploit", + }, + "stix.ttp.behavior.MalwareInstances": { + "malware_instance": "Malware_Instance", + }, + "stix.ttp.exploit.Exploit": { + "descriptions": "Description", + "id_": "@id", + "idref": "@idref", + "short_descriptions": "Short_Description", + "title": "Title", + }, + "stix.ttp.exploit_targets.ExploitTargets": { + "exploit_target": "Exploit_Target", + "scope": "@scope", + }, + "stix.ttp.infrastructure.Infrastructure": { + "descriptions": "Description", + "id_": "@id", + "idref": "@idref", + "observable_characterization": "Observable_Characterization", + "short_descriptions": "Short_Description", + "title": "Title", + "types": "Type", + }, + "stix.ttp.malware_instance.MalwareInstance": { + "descriptions": "Description", + "id_": "@id", + "idref": "@idref", + "names": "Name", + "short_descriptions": "Short_Description", + "title": "Title", + "types": "Type", + }, + "stix.ttp.related_ttps.RelatedTTPs": { + "related_ttp": "Related_TTP", + "scope": "@scope", + }, + "stix.ttp.resource.Personas": { + "persona": "Persona", + }, + "stix.ttp.resource.Resource": { + "infrastructure": "Infrastructure", + "personas": "Personas", + "tools": "Tools", + }, + "stix.ttp.resource.Tools": { + "tool": "Tool", + }, + "stix.ttp.victim_targeting.VictimTargeting": { + "identity": "Identity", + "targeted_information": "Targeted_Information", + "targeted_systems": "Targeted_Systems", + }, +} From 1ec51ad9c38c1e07bf051d3c32e8c55298da808b Mon Sep 17 00:00:00 2001 From: Emmanuelle Vargas-Gonzalez Date: Wed, 21 Mar 2018 13:06:27 -0400 Subject: [PATCH 4/4] Reflect field_mapping changes in __init__() --- scripts/field_generator.py | 1 + stixmarx/fields/__init__.py | 23 ++++++++++++++++------- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/scripts/field_generator.py b/scripts/field_generator.py index 41db56d..f8728d3 100644 --- a/scripts/field_generator.py +++ b/scripts/field_generator.py @@ -256,5 +256,6 @@ def main(): except Exception as ex: LOG.exception(ex) + if __name__ == "__main__": main() diff --git a/stixmarx/fields/__init__.py b/stixmarx/fields/__init__.py index dd7b7c8..cee13b5 100644 --- a/stixmarx/fields/__init__.py +++ b/stixmarx/fields/__init__.py @@ -29,10 +29,10 @@ def _initialize_fields(): from stixmarx.fields.stix.stix1118 import _FIELDS _FIELD_MAPPINGS.update(_FIELDS) else: - from stixmarx.fields.stix.stix1118 import _FIELDS + from stixmarx.fields.stix.stix11110 import _FIELDS _FIELD_MAPPINGS.update(_FIELDS) message = ("No compatible stix %s mappings found. Loaded " - "latest unchanged 1.1.1.8 field mappings.") + "latest unchanged 1.1.1.10 field mappings.") LOG.info(message, utils.stix.__version__) elif utils.stix.__version__.startswith("1.2.0."): @@ -42,14 +42,20 @@ def _initialize_fields(): elif utils.stix.__version__ == "1.2.0.2": from stixmarx.fields.stix.stix1202 import _FIELDS _FIELD_MAPPINGS.update(_FIELDS) - elif utils.stix.__version__ in ("1.2.0.3", "1.2.0.4"): + elif utils.stix.__version__ == "1.2.0.3": from stixmarx.fields.stix.stix1203 import _FIELDS _FIELD_MAPPINGS.update(_FIELDS) + elif utils.stix.__version__ == "1.2.0.4": + from stixmarx.fields.stix.stix1204 import _FIELDS + _FIELD_MAPPINGS.update(_FIELDS) + elif utils.stix.__version__ == "1.2.0.5": + from stixmarx.fields.stix.stix1205 import _FIELDS + _FIELD_MAPPINGS.update(_FIELDS) else: - from stixmarx.fields.stix.stix1203 import _FIELDS + from stixmarx.fields.stix.stix1205 import _FIELDS _FIELD_MAPPINGS.update(_FIELDS) message = ("No compatible stix %s mappings found. Loaded " - "latest unchanged 1.2.0.3 field mappings.") + "latest unchanged 1.2.0.5 field mappings.") LOG.info(message, utils.stix.__version__) else: @@ -64,11 +70,14 @@ def _initialize_fields(): if utils.cybox.__version__ in ("2.1.0.13", "2.1.0.14"): from stixmarx.fields.cybox.cybox21013 import _FIELDS _FIELD_MAPPINGS.update(_FIELDS) + elif utils.cybox.__version__ in ("2.1.0.15", "2.1.0.16"): + from stixmarx.fields.cybox.cybox21016 import _FIELDS + _FIELD_MAPPINGS.update(_FIELDS) else: - from stixmarx.fields.cybox.cybox21013 import _FIELDS + from stixmarx.fields.cybox.cybox21016 import _FIELDS _FIELD_MAPPINGS.update(_FIELDS) message = ("No compatible cybox %s mappings found. Loaded " - "latest unchanged 2.1.0.13 field mappings.") + "latest unchanged 2.1.0.16 field mappings.") LOG.info(message, utils.cybox.__version__) else: