-
Notifications
You must be signed in to change notification settings - Fork 17
/
CybOX_Simple_File_Pattern_Regex.xml
23 lines (23 loc) · 1.32 KB
/
CybOX_Simple_File_Pattern_Regex.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
<?xml version="1.0" encoding="UTF-8"?>
<cybox:Observables xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cybox="http://docs.oasis-open.org/cti/ns/cybox/core-2"
xmlns:cyboxCommon="http://docs.oasis-open.org/cti/ns/cybox/common-2"
xmlns:FileObj="http://docs.oasis-open.org/cti/ns/cybox/objects/file-2"
xmlns:example="http://example.com/"
xsi:schemaLocation="
http://docs.oasis-open.org/cti/ns/cybox/core-2 ../core.xsd
http://docs.oasis-open.org/cti/ns/cybox/objects/file-2 ../objects/File_Object.xsd"
cybox_major_version="2" cybox_minor_version="1" cybox_update_version="1">
<cybox:Observable id="example:Observable-9769042a-294d-4f2c-963b-579702df0472">
<cybox:Description>
This observables specifies a pattern for a file with a file name that fits a certain pattern.
The file name starts with 'bad_file', ends with '.exe', and has
between two and five numbers in it.
</cybox:Description>
<cybox:Object id="example:Object-dae8802e-b0df-4989-9ac3-d816b153842b">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:File_Name pattern_type="Regex">bad_file[0-9]{2,5}\.exe</FileObj:File_Name>
</cybox:Properties>
</cybox:Object>
</cybox:Observable>
</cybox:Observables>