Version 4.0 (Archive)

This page provides information on the version 4.0 release of the MAEC Language. All information about the new version is included in this centralized location. Join the MAEC Community to participate in the next version of MAEC.

Downloads

Includes downloads for the Version 4.0 Schemas, Version 4.0 Example Files, Version 4.0 Schematron Rules, and related documentation.

KEY

  • Complete Schema — has all documentation embedded.
  • Documentation html — element dictionaries, which users can elect to view in a browser or save.
  • All files zip — all the files in a section zipped together to allow for one simple download.
  • xsd/xml/sch — a user can either right click to download the file or left click to open the file in their default viewer.

MAEC Schema Downloads

File Name Schema Version Complete Schema Documentation Schematron
All Files n/a zip n/a n/a
All Files (offline, with examples and documentation) n/a zip n/a n/a
MAEC Bundle 4.0 xsd html sch | xsl
MAEC Package 2.0 xsd html n/a
MAEC Container 2.0 xsd html n/a
MAEC Default Vocabularies 1.0.0 xsd html n/a
Back to top

Release Notes

The major highlights of Version 4.0 are listed below:

  • The import and usage of the Cyber Observables eXpression (CybOX) v2.0
  • The addition of the MAEC default vocabularies schema
  • Better support for AV scanner results
  • Support for characterizing minor variants of a malware subject

For more information please see the detailed Release Notes or schema annotations contained in the links above.

Samples

MAEC Example Content

File Name XML
All Files zip
Bundle Artifact xml
Bundle AV Classifications xml
Bundle Candidate Indicator xml
Bundle Dynamic Triage Tool Output xml
Bundle Network Behavior xml
Bundle Malicious Webpage xml
Bundle Object Re-use xml
Container Multiple Package xml
Package Action Equivalency xml
Package Clustering xml
Package Dynamic Triage xml
Package Manual Analysis xml
Package Multi-Partite Malware xml
Package Multiple Analysis xml
Package Static Triage xml

Timeline

PLANNING DRAFT(S) RELEASE CANDIDATE OFFICIAL
08 April 2013 10 April 2013 26 April 2013

Status Reports

Status updates are included below. You may also review the MAEC Community Discussion Archive for discussions about Version 4.0.

[2013-04-26]
Version 4.0 has been officially released. Many thanks to all in the MAEC Community who helped with this major release.
[2013-04-10]
Posted initial drafts of the Version 4.0 MAEC Bundle, MAEC Package, and MAEC Container schemas in the Downloads section above for MAEC Community review and comment. Please send all feedback to the MAEC Community Discussion List.
[2013-04-10]
MAEC 4.0 is under active development. The primary change from 3.0 will be the incorporation of Cyber Observable eXpression (CybOX™) Version 2.0, which was released on April 8, 2013. Thus, while we had hoped to make this a minor revision, the scope of changes in CybOX v2.0 means that backwards compatibility with previous 3.x versions will not be possible, and thus a new major version is necessary.

In addition to the CybOX v2.0 integration, we’re planning on making the following additions:

  • The ability to add AV-Classification results for a malware binary as a first-class property of the MAEC Bundle.
  • The ability to characterize minor variations (e.g., the same binary with different filenames) of a Malware Subject as part of the Subject. See https://github.com/MAECProject/schemas/issues/14.

The ETA for this release is tentatively by the end this month, but we’ll keep you posted with more firm dates as we make progress on the release. The ALPHA versions of schemas, with the CybOX v2.0 integration, are currently up on our schemas GitHub repository, and will be updated accordingly as we add the new features and make tweaks: https://github.com/MAECProject/schemas.

If you have any suggestions for other changes that should be included, please send them to the MAEC Community Discussion List, or directly to maec@mitre.org.

[2013-04-08]
Version 4.0 of the MAEC Language in the planning stage. If you have any suggestions for changes that should be included, please send them to the MAEC Community Discussion List, or directly to maec@mitre.org.
Back to top

Page Last Updated: September 25, 2013