Classes (260)

action:Action
action:ActionArgument
action:ActionEstimation
action:ActionFrequency
action:ActionLifecycle
action:ActionPattern
action:ActionReferences
action:ArrayOfAction
core:Annotation
core:Assertion
core:Bundle
core:Compilation
core:Confidence
core:ContextualCompilation
core:ControlledVocabulary
core:EnclosingCompilation
core:ExternalReference
core:Facet
core:Grouping
core:Item
core:ModusOperandi
core:RelatedIdentity
core:Relationship
core:UcoObject
identity:Address
identity:Affiliation
identity:BirthInformation
identity:CountriesOfResidence
identity:Events
identity:Identifier
identity:Identity
identity:IdentityFacet
identity:Languages
identity:Nationality
identity:Occupation
identity:Organization
identity:OrganizationDetails
identity:Person
identity:PersonalDetails
identity:PhysicalInfo
identity:Qualification
identity:RelatedIdentity
identity:SimpleName
identity:Visa
investigation1:Authorization
investigation:Attorney
investigation:Authorization
investigation:Examiner
investigation:ExaminerActionLifecylce
investigation:Investigation
investigation:InvestigativeAction
investigation:Investigator
investigation:ProvenanceRecord
investigation:Subject
investigation:SubjectActionLifecycle
investigation:VictimActionLifecycle
location:GPSCoordinates
location:LatLongCoordinates
location:Location
location:SimpleAddress
marking:GranularMarking
marking:LicenseMarking
marking:MarkingDefinition
marking:MarkingModel
marking:ReleaseToMarking
marking:StatementMarking
marking:TermsOfUseMarking
observable:AccountAuthenticationFacet
observable:AccountFacet
observable:AlternateDataStream
observable:ApplicationAccountFacet
observable:ApplicationFacet
observable:ArchiveFileFacet
observable:AttachmentFacet
observable:AudioFacet
observable:AutonomousSystemFacet
observable:BluetoothAddressFacet
observable:BrowserBookmarkFacet
observable:BrowserCookieFacet
observable:CalendarEntryFacet
observable:CalendarFacet
observable:CompressedStreamFacet
observable:ComputerSpecificationFacet
observable:ComputerSpecificationFacetFacet
observable:ContactFacet
observable:ContentDataFacet
observable:DataRangeFacet
observable:DefinedEffectFacet
observable:DeviceFacet
observable:DigitalAccountFacet
observable:DigitalSignatureInfoFacet
observable:DiskFacet
observable:DiskPartitionFacet
observable:DomainNameFacet
observable:EXIFFacet
observable:EmailAccountFacet
observable:EmailAddressFacet
observable:EmailMessageFacet
observable:EncodedStreamFacet
observable:EncryptedStreamFacet
observable:EnvironmentVariable
observable:EventFacet
observable:ExtInodeFacet
observable:ExtractedString
observable:ExtractedStringsFacet
observable:FileFacet
observable:FilePermissionsFacet
observable:FileSystemFacet
observable:FragmentFacet
observable:GeoLocationEntryFacet
observable:GeoLocationLogFacet
observable:GeoLocationTrackFacet
observable:GlobalFlagType
observable:HTTPConnectionFacet
observable:ICMPConnectionFacet
observable:IComHandlerActionType
observable:IExecActionType
observable:IPv4AddressFacet
observable:IPv6AddressFacet
observable:IShowMessageActionType
observable:ImageFacet
observable:LibraryFacet
observable:MACAddressFacet
observable:MemoryFacet
observable:MessageFacet
observable:MessageThreadFacet
observable:MftRecordFacet
observable:MimePartType
observable:MobileAccountFacet
observable:MobileDeviceFacet
observable:MutexFacet
observable:NTFSFilePermissionsFacet
observable:NTFSFileSystemFacet
observable:NetworkConnectionFacet
observable:NetworkFlowFacet
observable:NetworkInterfaceFacet
observable:NoteFacet
observable:Observable
observable:ObservableAction
observable:ObservableObject
observable:ObservablePattern
observable:ObservableRelationship
observable:Observation
observable:OperatingSystemFacet
observable:PDFFIle
observable:PDFFileFacet
observable:PathRelationFacet
observable:PhoneAccountFacet
observable:PhoneCallFacet
observable:ProcessFacet
observable:PropertiesEnumeratedEffectFacet
observable:PropertyReadEffectFacet
observable:RasterPictureFacet
observable:SIMCardFacet
observable:SMSMessageFacet
observable:SQLiteBlobFacet
observable:SendControlCodeEffectFacet
observable:SoftwareFacet
observable:StateChangeEffectFacet
observable:SymbolicLinkFacet
observable:TCPConnectionFacet
observable:TaskActionType
observable:TriggerType
observable:UNIXAccountFacet
observable:UNIXFilePermissionsFacet
observable:UNIXProcessFacet
observable:UNIXVolumeFacet
observable:URLFacet
observable:UserAccountFacet
observable:UserSessionFacet
observable:ValuesEnumeratedEffectFacet
observable:VolumeFacet
observable:WhoIsFacet
observable:WhoisContactType
observable:WhoisRegistrarInfoType
observable:WifiAddressFacet
observable:WindowsAccountFacet
observable:WindowsActiveDirectoryAccountFacet
observable:WindowsComputerSpecificationFacet
observable:WindowsPEBinaryFileFacet
observable:WindowsPEFileHeader
observable:WindowsPEOptionalHeader
observable:WindowsPESection
observable:WindowsPrefetchFacet
observable:WindowsProcessFacet
observable:WindowsRegistryHiveFacet
observable:WindowsRegistryKeyFacet
observable:WindowsRegistryValue
observable:WindowsServiceFacet
observable:WindowsTaskFacet
observable:WindowsThreadFacet
observable:WindowsVolumeFacet
observable:WirelessNetworkConnectionFacet
observable:X509CertificateFacet
observable:X509V3ExtensionsFacet
pattern:LogicalPattern
pattern:Pattern
pattern:PatternExpression
role:BenevolentRole
role:MaliciousRole
role:NeutralRole
role:Role
tool:AnalyticTool
tool:Build
tool:BuildConfigurationType
tool:BuildInformationType
tool:BuildUtilityType
tool:CompilerType
tool:ConfigurationSettingType
tool:DefensiveTool
tool:DependencyType
tool:LibraryType
tool:MaliciousTool
tool:Tool
tool:ToolConfigurationType
types:ControlledDictionary
types:ControlledDictionaryEntry
types:Dictionary
types:DictionaryEntry
types:Hash
types:Identifier
victim:Victim
victim:VictimTargeting
vocab1:InvestigationFormVocab
vocab:AccountTypeVocab
vocab:ActionArgumentNameVocab
vocab:ActionNameVocab
vocab:ActionRelationshipTypeVocab
vocab:ActionStatusTypeVocab
vocab:ActionTypeVocab
vocab:BitnessVocab
vocab:CharacterEncodingVocab
vocab:DiskTypeVocab
vocab:EndiannessTypeVocab
vocab:HashNameVocab
vocab:LibraryTypeVocab
vocab:MemoryBlockTypeVocab
vocab:ObservableObjectRelationshipVocab
vocab:ObservableObjectStateVocab
vocab:PartitionTypeVocab
vocab:ProcessorArchVocab
vocab:RegionalRegistryTypeVocab
vocab:RegistryDatatypeVocab
vocab:SIMFormVocab
vocab:SIMTypeVocab
vocab:TaskActionTypeVocab
vocab:TaskFlagVocab
vocab:TaskPriorityVocab
vocab:TaskStatusVocab
vocab:ThreadRunningStatusVocab
vocab:TimestampPrecisionVocab
vocab:TrendVocab
vocab:TriggerFrequencyVocab
vocab:TriggerTypeVocab
vocab:UnixProcessStateVocab
vocab:WhoisContactTypeVocab
vocab:WhoisDNSSECTypeVocab
vocab:WhoisStatusTypeVocab
vocab:WindowsDriveTypeVocab
vocab:WindowsVolumeAttributeVocab

Properties (642)

action:action
action:actionCount
action:actionStatus
action:argumentName
action:endTime
action:environment
action:error
action:estimatedCost
action:estimatedEfficacy
action:estimatedImpact
action:instrument
action:location
action:object
action:objective
action:participant
action:performer
action:phase
action:rate
action:result
action:scale
action:startTime
action:subaction
action:trend
action:units
action:value
core:confidence
core:constrainingVocabularyName
core:constrainingVocabularyReference
core:context
core:createdBy
core:createdTime
core:definingContext
core:description
core:endTime
core:externalIdentifier
core:hasFacet
core:id
core:isDirectional
core:kindOfRelationship
core:modifiedTime
core:name
core:object
core:objectMarking
core:referenceURL
core:role
core:source
core:specVersion
core:startTime
core:statement
core:tag
core:target
core:type
core:value
identity:address
identity:birthdate
identity:familyName
identity:givenName
identity:honorificPrefix
identity:honorificSuffix
investigation:authorizationIdentifier
investigation:authorizationType
investigation:exhibitNumber
investigation:focus
investigation:investigationForm
investigation:investigationStatus
investigation:relevantAuthorization
location:addressType
location:altitude
location:country
location:hdop
location:latitude
location:locality
location:longitude
location:pdop
location:postalCode
location:region
location:street
location:tdop
location:vdop
marking:authorizedIdentities
marking:contentSelectors
marking:definition
marking:definitionType
marking:license
marking:marking
marking:statement
marking:termsOfUse
observable:ESN
observable:ICCID
observable:IMEI
observable:IMSI
observable:MSISDN
observable:MSISDNType
observable:PIN
observable:PUK
observable:SIMForm
observable:SIMType
observable:abbreviation
observable:accessedDirectory
observable:accessedFile
observable:accessedTime
observable:account
observable:accountIdentifier
observable:accountIssuer
observable:accountLogin
observable:accountLogonType
observable:accountRunLevel
observable:accountType
observable:actionID
observable:actionList
observable:actionType
observable:activeDirectoryGroups
observable:adapterName
observable:address
observable:addressOfEntryPoint
observable:addressValue
observable:allocationStatus
observable:alternateDataStreams
observable:application
observable:applicationFileName
observable:applicationIdentifier
observable:archiveType
observable:arguments
observable:asHandle
observable:aslrEnabled
observable:attendant
observable:audioType
observable:authorityKeyIdentifier
observable:availableRam
observable:baseOfCode
observable:baseStation
observable:basicConstraints
observable:bcc
observable:binary
observable:biosDate
observable:biosManufacturer
observable:biosReleaseDate
observable:biosSerialNumber
observable:biosVersion
observable:bitRate
observable:bitness
observable:bitsPerPixel
observable:blockType
observable:bluetoothDeviceName
observable:body
observable:bodyMultipart
observable:bodyRaw
observable:bookmarkPath
observable:byteOrder
observable:byteStringValue
observable:callType
observable:camera
observable:canEscalatePrivs
observable:carrier
observable:categories
observable:cc
observable:certificateIssuer
observable:certificatePolicies
observable:certificateSubject
observable:characteristics
observable:checksum
observable:clockSetting
observable:clusterSize
observable:columnName
observable:comClassID
observable:comData
observable:comment
observable:compressionMethod
observable:compressionRatio
observable:computerName
observable:contactID
observable:contactInfo
observable:contactName
observable:contactOrganization
observable:contactType
observable:contentDisposition
observable:contentType
observable:context
observable:controlCode
observable:cookieDomain
observable:cookieName
observable:cookiePath
observable:cpeid
observable:cpu
observable:cpuFamily
observable:createdTime
observable:creationDate
observable:creationFlags
observable:creationTime
observable:creator
observable:creatorUser
observable:crlDistributionPoints
observable:currentSystemDate
observable:currentWorkingDirectory
observable:cyberAction
observable:data
observable:dataPayload
observable:dataPayloadReferenceURL
observable:dataType
observable:depEnabled
observable:descriptions
observable:destination
observable:destinationFlags
observable:destinationPort
observable:deviceType
observable:dhcpLeaseExpires
observable:dhcpLeaseObtained
observable:dhcpServer
observable:diskPartitionType
observable:diskSize
observable:diskType
observable:displayName
observable:dllCharacteristics
observable:dnssec
observable:documentInformationDictionary
observable:domain
observable:domainID
observable:domainName
observable:driveLetter
observable:driveType
observable:dst
observable:dstBytes
observable:dstPackets
observable:dstPayload
observable:duration
observable:effectiveGroup
observable:effectiveGroupID
observable:effectiveUser
observable:emailAddress
observable:encoding
observable:encodingMethod
observable:encryptionIV
observable:encryptionKey
observable:encryptionMethod
observable:encryptionMode
observable:endTime
observable:englishTranslation
observable:entropy
observable:entryID
observable:environmentVariables
observable:eventID
observable:eventStatus
observable:eventText
observable:eventType
observable:execArguments
observable:execProgramHashes
observable:execProgramPath
observable:execWorkingDirectory
observable:exifData
observable:exitCode
observable:exitStatus
observable:exitTime
observable:expirationDate
observable:expirationTime
observable:extDeletionTime
observable:extFileType
observable:extFlags
observable:extHardLinkCount
observable:extInodeChangeTime
observable:extInodeID
observable:extPermissions
observable:extSGID
observable:extSUID
observable:extendedKeyUsage
observable:extension
observable:faxNumber
observable:fileAlignment
observable:fileHeaderHashes
observable:fileName
observable:filePath
observable:fileSystemType
observable:firstLoginTime
observable:firstName
observable:firstRun
observable:flags
observable:format
observable:fragment
observable:fragmentIndex
observable:freeSpace
observable:from
observable:fullValue
observable:geoLocationEntry
observable:gid
observable:globalFlagList
observable:gpu
observable:gpuFamily
observable:groupName
observable:groups
observable:hasChanged
observable:hash
observable:hashes
observable:headerRaw
observable:hexadecimalValue
observable:hiveType
observable:homeDirectory
observable:host
observable:hostname
observable:httpMesageBodyLength
observable:httpMessageBodyData
observable:httpRequestHeader
observable:iComHandlerAction
observable:iEmailAction
observable:iExecAction
observable:iShowMessageAction
observable:icmpCode
observable:icmpType
observable:imageBase
observable:imageCompressionMethod
observable:imageName
observable:imageType
observable:impHash
observable:inReplyTo
observable:inhibitAnyPolicy
observable:installDate
observable:ip
observable:ipAddress
observable:ipGateway
observable:ipfix
observable:isActive
observable:isDirectory
observable:isDisabled
observable:isEnabled
observable:isEncrypted
observable:isHidden
observable:isInjected
observable:isMapped
observable:isMimeEncoded
observable:isMultipart
observable:isNamed
observable:isOptimized
observable:isPrivate
observable:isPrivileged
observable:isProtected
observable:isRead
observable:isSecure
observable:isSelfSigned
observable:isServiceAccount
observable:isTLD
observable:isVolatile
observable:issuer
observable:issuerAlternativeName
observable:issuerHash
observable:key
observable:keyUsage
observable:keypadUnlockCode
observable:labels
observable:language
observable:lastLoginTime
observable:lastName
observable:lastRun
observable:length
observable:libraryType
observable:loaderFlags
observable:localTime
observable:location
observable:loginTime
observable:logoutTime
observable:lookupDate
observable:macAddress
observable:machine
observable:magic
observable:magicNumber
observable:majorImageVersion
observable:majorLinkerVersion
observable:majorOSVersion
observable:majorSubsystemVersion
observable:manufacturer
observable:maxRunTime
observable:message
observable:messageID
observable:messageText
observable:messageType
observable:metadataChangeTime
observable:mftFileID
observable:mftFileNameAccessedTime
observable:mftFileNameCreatedTime
observable:mftFileNameLength
observable:mftFileNameModifiedTime
observable:mftFileNameRecordChangeTime
observable:mftFlags
observable:mftParentID
observable:mftRecordChangeTime
observable:middleName
observable:mimeClass
observable:mimeType
observable:minorImageVersion
observable:minorLinkerVersion
observable:minorOSVersion
observable:minorSubsystemVersion
observable:mockLocationsAllowed
observable:model
observable:modifiedTime
observable:mostRecentRunTime
observable:mountPoint
observable:msProductID
observable:msProductName
observable:nameConstraints
observable:nameserver
observable:netBIOSName
observable:network
observable:networkInterface
observable:newObject
observable:nextRunTime
observable:ntfsHardLinkCount
observable:ntfsOwnerID
observable:ntfsOwnerSID
observable:number
observable:numberOfLaunches
observable:numberOfRVAAndSizes
observable:numberOfSections
observable:numberOfSubkeys
observable:numberOfSymbols
observable:objectGUID
observable:oldObject
observable:openFileDescriptor
observable:operatingSystem
observable:optionalHeader
observable:options
observable:otherHeaders
observable:owner
observable:ownerSID
observable:parameterAddress
observable:parameters
observable:parent
observable:participant
observable:partition
observable:partitionID
observable:partitionLength
observable:partitionOffset
observable:password
observable:passwordLastChanged
observable:passwordType
observable:path
observable:pdfId0
observable:pdfId1
observable:peType
observable:phone
observable:phoneActivationTime
observable:phoneNumber
observable:phoneNumbers
observable:pictureHeight
observable:pictureType
observable:pictureWidth
observable:pid
observable:pointerToSymbolTable
observable:policyConstraints
observable:policyMappings
observable:port
observable:prefetchHash
observable:priority
observable:privateKeyUsagePeriodNotAfter
observable:privateKeyUsagePeriodNotBefore
observable:processorArchitecture
observable:properties
observable:propertyName
observable:protocols
observable:query
observable:rangeOffset
observable:rangeOffsetType
observable:rangeSize
observable:receivedLines
observable:receivedTime
observable:recurrence
observable:references
observable:referralURL
observable:regionSize
observable:regionStartAddress
observable:region_end_address
observable:regionalInternetRegistry
observable:registeredOrganization
observable:registeredOwner
observable:registrantIDs
observable:registrarGUID
observable:registrarID
observable:registrarInfo
observable:registrarName
observable:registryValues
observable:remarks
observable:remindTime
observable:requestMethod
observable:requestValue
observable:requestVersion
observable:rowCondition
observable:rowIndex
observable:ruid
observable:runningStatus
observable:scheme
observable:screenName
observable:sectionAlignment
observable:sections
observable:sectorSize
observable:securityAttributes
observable:sender
observable:sentTime
observable:serialNumber
observable:serverName
observable:serviceName
observable:serviceStatus
observable:serviceType
observable:sessionID
observable:shell
observable:showMessageBody
observable:showMessageTitle
observable:sid
observable:signature
observable:signatureAlgorithm
observable:signatureDescription
observable:signatureExists
observable:signatureVerified
observable:size
observable:sizeInBytes
observable:sizeOfCode
observable:sizeOfHeaders
observable:sizeOfHeapCommit
observable:sizeOfHeapReserve
observable:sizeOfImage
observable:sizeOfInitializedData
observable:sizeOfOptionalHeader
observable:sizeOfStackCommit
observable:sizeOfStackReserve
observable:sizeOfUninitializedData
observable:sourceFlags
observable:sourcePort
observable:spaceLeft
observable:spaceUsed
observable:sponsoringRegistrar
observable:src
observable:srcBytes
observable:srcPackets
observable:srcPayload
observable:ssid
observable:stackSize
observable:startAddress
observable:startCommandLine
observable:startTime
observable:startType
observable:startupInfo
observable:state
observable:status
observable:storageCapacityInBytes
observable:stringValue
observable:strings
observable:subject
observable:subjectAlternativeName
observable:subjectDirectoryAttributes
observable:subjectHash
observable:subjectKeyIdentifier
observable:subjectPublicKeyAlgorithm
observable:subjectPublicKeyExponent
observable:subjectPublicKeyModulus
observable:subsystem
observable:swid
observable:symbolicName
observable:systemTime
observable:tableName
observable:targetFile
observable:taskComment
observable:taskCreator
observable:text
observable:threadID
observable:thumbprintHash
observable:timeDateStamp
observable:timesExecuted
observable:timezoneDST
observable:timezoneStandard
observable:to
observable:totalFragments
observable:totalRam
observable:totalSpace
observable:triggerBeginTime
observable:triggerDelay
observable:triggerEndTime
observable:triggerFrequency
observable:triggerList
observable:triggerMaxRunTime
observable:triggerSessionChangeType
observable:triggerType
observable:updatedDate
observable:uptime
observable:url
observable:urlTargeted
observable:userName
observable:validityNotAfter
observable:validityNotBefore
observable:value
observable:values
observable:version
observable:visibility
observable:visitCount
observable:volume
observable:volumeID
observable:whoisServer
observable:win32VersionValue
observable:windowTitle
observable:windowsDirectory
observable:windowsSystemDirectory
observable:windowsTempDirectory
observable:windowsVolumeAttributes
observable:workItemData
observable:workingDirectory
observable:x509v3extensions
observable:xMailer
observable:xOriginatingIP
pattern:patternExpression
tool:buildConfiguration
tool:buildID
tool:buildInformation
tool:buildLabel
tool:buildOutputLog
tool:buildProject
tool:buildScript
tool:buildUtility
tool:buildUtilityName
tool:buildVersion
tool:compilationDate
tool:compilerInformalDescription
tool:compilers
tool:configurationSettingDescription
tool:configurationSettings
tool:cpeid
tool:creator
tool:dependencies
tool:dependencyDescription
tool:dependencyType
tool:itemDescription
tool:itemName
tool:itemType
tool:itemValue
tool:libraries
tool:libraryName
tool:libraryVersion
tool:references
tool:servicePack
tool:swid
tool:toolType
tool:usageContextAssumptions
tool:version
types:entry
types:hashMethod
types:hashValue
types:key
types:value