| Version 4.1 of the MAEC Language is defined by three data models, each of which is implemented in its own XML schema. There is also a default vocabularies schema, which defines a default set of controlled vocabularies used within MAEC. | |
| As illustrated, “MAEC Bundle” is the (lowest) Tier 1 data model; “MAEC Package” is the (middle) Tier 2 data model; and “MAEC Container” is the (highest) Tier 3 data model. All three data models offer a stand-alone output format, so a lower level model can be used without the higher tier data model (although each model level requires all lower tiers). This three-tiered structure provides flexibility in the type and amount of information that can be shared. |
|
The MAEC Bundle data model provides the ability to capture and share data obtained from the analysis of a single malware instance.
MAEC Bundle »The MAEC Package data model enables a user to share MAEC characterized data for one or more Malware Subjects.
MAEC Package »The MAEC Container data model enables a user to share any collection of MAEC characterized data.
MAEC Container »