The AVClassificationType captures information on AV scanner classifications for the malware instance object captured in the Bundle or Package.
The id field specifies a unique ID for this Tool.
The idref field specifies reference to a unique ID for this Tool.
When idref is specified, the id attribute must not be specified, and any instance of this type should not hold content unless an extension of the type allows it.
This field contains the name of the tool leveraged.
This field contains the type of the tool leveraged.
This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for CybOX 2.0. Users may either define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a free string field. Additionally, locations where the ToolInformationType is used may define default vocabularies for this field.
This field contains general descriptive information for this tool.
This field contains references to instances or additional information for this tool.
This field contains information identifying the vendor organization for this tool.
This field contains an appropriate version descriptor of this tool.
This field contains an appropriate service pack descriptor for this tool.
This is an abstract type provided to a flexible mechanism for enabling tool-specific data to be included.
This field contains a hash value computed on the tool file content in order to verify its integrity.
This field contains information describing the configuration and usage of the tool.
This field contains information describing the execution environment of the tool.
This field captures any errors generated during the run of the tool.
This field captures other relevant metadata including tool-specific fields.
This field contains the name of the compensation model used for the tool.
The Engine_Version field captures the version of the AV engine used by the AV scanner tool that assigned the classification to the malware instance object.
The Definition_Version field captures the version of the AV definitions used by the AV scanner tool that assigned the classification to the malware instance object.
The Classification_Name field captures the classification assigned to the malware instance object by the AV scanner tool characterized in the Company_Name and Product_Name fields.