samples/CybOX_Network_Connection_Pattern.xml

<?xml version="1.0" encoding="UTF-8"?>
<cybox:Observables xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:cybox="http://docs.oasis-open.org/cti/ns/cybox/core-2"
    xmlns:cyboxCommon="http://docs.oasis-open.org/cti/ns/cybox/common-2"
    xmlns:AddressObj="http://docs.oasis-open.org/cti/ns/cybox/objects/address-2"
    xmlns:PortObj="http://docs.oasis-open.org/cti/ns/cybox/objects/port-2"
    xmlns:SocketAddressObj="http://docs.oasis-open.org/cti/ns/cybox/objects/socket-address-1"
    xmlns:NetworkConnectionObj="http://docs.oasis-open.org/cti/ns/cybox/objects/network-connection-2"
    xmlns:example="http://example.com/"
    xsi:schemaLocation="
    http://docs.oasis-open.org/cti/ns/cybox/core-2 ../core.xsd
    http://docs.oasis-open.org/cti/ns/cybox/objects/network-connection-2 ../objects/Network_Connection_Object.xsd"
    cybox_major_version="2" cybox_minor_version="1" cybox_update_version="1">
    <cybox:Observable id="example:Observable-1aec7752-29e1-4018-806c-7a9a21ddb20e">
        <cybox:Description>
            This Observable specifies an example pattern written against a Network Connection Object,
            specifically the Layer 3 and 4 Protocols and Destination Socket IP Address and Port. 
        </cybox:Description>
        <cybox:Object id="example:Object-54400c36-5038-478b-bffe-808c40b2f04e">
            <cybox:Properties xsi:type="NetworkConnectionObj:NetworkConnectionObjectType">
                <NetworkConnectionObj:Layer3_Protocol datatype="string" condition="Equals">IPv4</NetworkConnectionObj:Layer3_Protocol>
                <NetworkConnectionObj:Layer4_Protocol datatype="string" condition="Equals">TCP</NetworkConnectionObj:Layer4_Protocol>
                <NetworkConnectionObj:Destination_Socket_Address>
                    <SocketAddressObj:IP_Address>
                        <AddressObj:Address_Value datatype="string" condition="StartsWith">198.49</AddressObj:Address_Value>
                    </SocketAddressObj:IP_Address>
                    <SocketAddressObj:Port>
                        <PortObj:Port_Value condition="Equals">80</PortObj:Port_Value>
                    </SocketAddressObj:Port>
                </NetworkConnectionObj:Destination_Socket_Address>
            </cybox:Properties>
        </cybox:Object>
    </cybox:Observable>
</cybox:Observables>