Specifications

MAEC Bundle Specification, Version 4.1

Provides an overview and detailed description of the MAEC Bundle Data Model used in the MAEC Language. The "MAEC Bundle" provides the ability to capture and share data obtained from the analysis of a single malware instance; its underlying structure is formed by actions, behaviors, and capabilities. June 12, 2014.

Go »

MAEC Package Specification, Version 4.1

Provides an overview and detailed description of the MAEC Package Data Model used in the MAEC Language. The "MAEC Package" enables a user to capture and share MAEC characterized data for one or more malware subjects (a "malware subject" is MAEC's representation of a malware instance and all of the known data associated with it, including data derived from analysis and metadata); in most such cases, the malware subjects are related. June 12, 2014.

Go »

MAEC Container Specification, Version 4.1

Provides an overview and detailed description of the MAEC Container Data Model used in the MAEC Language. The MAEC Container enables a user to share any collection of MAEC characterized data, including one or more MAEC Packages. June 12, 2014.

Go »

MAEC Vocabularies Specification, Version 4.1

Provides an overview and detailed description of the MAEC Default Vocabularies Data Model used in the MAEC Language. The "MAEC Vocabularies" represent a set of default controlled vocabularies for use in MAEC content and were created to take advantage of the extension mechanisms provided by the Cyber Observable eXpression (CybOX™) Version 2.1 controlled vocabulary implementation; these vocabularies are broken out from the MAEC Bundle, Package, and Container schemas to support customized extension and replacement. June 12, 2014.

Go »