Documentation about and for using the MAEC Language is hosted in the MAEC Project Documentation Repository on

Current Documentation

The main focus of the documentation hosted in the MAEC Project Documentation Repository on the MAECProject page on is to make MAEC easier to understand and to help users start working with MAEC immediately. This documentation currently includes the following:

Back to top

What Are "MAEC Idioms"?

The goal behind the MAEC Idioms is to document a set of common use cases for representing information and metadata surrounding malware, including the capture of specific types of analysis data (for example, "capturing static analysis data") and then show how those could be represented in the MAEC data model. Each idiom is focused on a single scenario and includes a text write-up, block diagram, sample XML, and sample Python API code that shows you exactly how to represent that scenario.

We hope you find this information useful. An initial set of idioms is available now on the MAEC Idioms page, but we are actively looking to expand that initial set to include more concepts and to improve the concepts we have now. The code is also available in the MAEC Project Documentation Repository if you want to fix one of our idioms, or create a new one. As with the rest of the MAEC project, all pull requests will be considered.

Back to top

Feedback Requested

Any feedback is greatly appreciated, both on what we have now and on suggestions for what to add in the future, on the MAEC Community Email Discussion List or directly to

Back to top

Go to the MAEC Project Documentation Repository on

Page Last Updated: October 03, 2014