AVClassificationTypeMAEC Bundle Schema

The AVClassificationType captures information on AV scanner classifications for the malware instance object captured in the Bundle or Package.


Field Name Type Description
@idoptional QName

The id field specifies a unique ID for this Tool.

@idrefoptional QName

The idref field specifies reference to a unique ID for this Tool.

When idref is specified, the id attribute must not be specified, and any instance of this type should not hold content unless an extension of the type allows it.

Name0..1 string

This field contains the name of the tool leveraged.

Type0..n ControlledVocabularyStringType

This field contains the type of the tool leveraged.

This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for CybOX 2.0. Users may either define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a free string field. Additionally, locations where the ToolInformationType is used may define default vocabularies for this field.

Description0..1 StructuredTextType

This field contains general descriptive information for this tool.

References0..1 ToolReferencesType

This field contains references to instances or additional information for this tool.

Vendor0..1 string

This field contains information identifying the vendor organization for this tool.

Version0..1 string

This field contains an appropriate version descriptor of this tool.

Service_Pack0..1 string

This field contains an appropriate service pack descriptor for this tool.

Tool_Specific_Data0..1 ToolSpecificDataType

This is an abstract type provided to a flexible mechanism for enabling tool-specific data to be included.

Tool_Hashes0..1 HashListType

This field contains a hash value computed on the tool file content in order to verify its integrity.

Tool_Configuration0..1 ToolConfigurationType

This field contains information describing the configuration and usage of the tool.

Execution_Environment0..1 ExecutionEnvironmentType

This field contains information describing the execution environment of the tool.

Errors0..1 ErrorsType

This field captures any errors generated during the run of the tool.

Metadata0..n MetadataType

This field captures other relevant metadata including tool-specific fields.

Compensation_Model0..1 CompensationModelType

This field contains the name of the compensation model used for the tool.

Engine_Version0..1 string

The Engine_Version field captures the version of the AV engine used by the AV scanner tool that assigned the classification to the malware instance object.

Definition_Version0..1 string

The Definition_Version field captures the version of the AV definitions used by the AV scanner tool that assigned the classification to the malware instance object.

Classification_Name0..1 string

The Classification_Name field captures the classification assigned to the malware instance object by the AV scanner tool characterized in the Company_Name and Product_Name fields.