AnalysisSystemTypeMAEC Package Schema

The AnalysisSystemType is intended to characterize any systems on which malware analysis is performed. It imports and extends version 2.0.1 of the CybOX System Object.


Field Name Type Description
@object_referenceoptional QName

The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.

Custom_Properties0..1 CustomPropertiesType

The Custom_Properties construct is optional and enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.

Available_Physical_Memory0..1 UnsignedLongObjectPropertyType

The Available_Physical_Memory field specifies the amount of physical memory available on the system, in bytes.

BIOS_Info0..1 BIOSInfoType

The BIOS_Info field specifies information about the BIOS on the system.

Date0..1 DateObjectPropertyType

The Date field specifies the current date on the system.

Hostname0..1 StringObjectPropertyType

The Hostname field specifies the hostname of the system.

Local_Time0..1 TimeObjectPropertyType

The Local_Time field specifies the local time on the system.

Network_Interface_List0..1 NetworkInterfaceListType

The Network_Interface_List field specifies the list of network interfaces present on the system.

OS0..1 OSType

The OS field specifies information about the operating system installed on the system.

Processor0..1 StringObjectPropertyType

The Processor field specifies the name of the CPU used by the system.

Processor_Architecture0..1 ProcessorArchType

The Processor_Architecture field specifies the specific architecture (e.g. x86) used by the CPU of the system.

System_Time0..1 TimeObjectPropertyType

The System_Time field specifies the system, or hardware, time on the system.

Timezone_DST0..1 StringObjectPropertyType

The Timezone_DST field specifies the time zone used by the system, taking daylight savings time (DST) into account.

Timezone_Standard0..1 StringObjectPropertyType

The Timezone_Standard field specifies the time zone used by the system, without taking daylight savings time (DST) into account.

Total_Physical_Memory0..1 UnsignedLongObjectPropertyType

The Total_Physical_Memory field specifies the total amount of physical memory present on the system, in bytes.

Uptime0..1 DurationObjectPropertyType

The Uptime field specifies the duration that represents the current amount of time that the system has been up.

Username0..1 StringObjectPropertyType

The Username field specifies the name of the user currently logged into the system.

Installed_Programs0..1 InstalledProgramsType

The Installed_Programs field specifies the programs installed on the OS that was used to perform the analysis. This can be useful for clarifying the nature of the analysis environment, for instance for determining whether an exploited piece of software was present, as well as for specifying any tools that may have been installed.