Documentation

MAEC Overview

This document provides a detailed introduction to the Malware Attribute Enumeration and Characterization (MAEC™) Language, an overview of the MAEC data models, a discussion of high-level use cases, requirements for the MAEC Language, and a discussion of open issues and challenges.

Go »

Specifications

Specification documents are available for the MAEC data models.

Go »

Idioms

MAEC idioms describe how common patterns in malware analysis (for instance, capturing dynamic analysis results) are represented in MAEC. They're similar to programming language idioms in that they document common patterns for representing content in MAEC.

Go »

Use Cases

MAEC use cases illustrate how MAEC can be used in cyber security. High level use cases are provided in four general areas: malware analysis, cyber threat analysis, intrusion detection, and incident management.

Go »

Suggested Practices

MAEC suggested practices (often called best practices) are guidelines that will help you create MAEC content that conforms to the MAEC design goals and ensures the best compatibility with other MAEC tooling.

Go »

Data Model Overview

The MAEC Language is defined by three data models and a default set of controlled vocabularies.

Go »

Common Features

We list malware features - whether statically, dynamically, and manually identified - that are commonly characterized with MAEC and CybOX.

Go »

Utilities and Developer Resources

Various utilities and other developer resources have been developed for working with MAEC. The collection includes translators as well as bindings and APIs.

Go »

Characterizing Malware with MAEC and STIX

This document describes the use of the Malware Attribute Enumeration and Characterization (MAEC™) and Structured Threat Information eXpression (STIX™) languages in the context of malware characterization and malware metadata exchange. By describing the relationships between the languages and by providing details on each language's ability to capture malware-related information, this document answers the "When should I use MAEC, when should I use STIX, and when should I use both?" questions.

Go »

FAQs

We provide answers to frequently asked questions.

Go »