Class: File
_The File Object represents the properties of a file. _
URI: attack:File
classDiagram
class File
click File href "../File/"
CyberObservableObject <|-- File
click CyberObservableObject href "../CyberObservableObject/"
File : atime
File : contains_refs
File : content_ref
File : ctime
File : defanged
File : description
File : extensions
File : granular_markings
File --> "*" GranularMarking : granular_markings
click GranularMarking href "../GranularMarking/"
File : hashes
File --> "0..1" HashesType : hashes
click HashesType href "../HashesType/"
File : id
File : magic_number_hex
File : mime_type
File : mtime
File : name
File : name_enc
File : object_marking_refs
File : parent_directory_ref
File : size
File : spec_version
File --> "0..1" SpecVersionEnum : spec_version
click SpecVersionEnum href "../SpecVersionEnum/"
File : type
Inheritance
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| type | 1 StixTypeName |
STIX object type | direct |
| id | 1 StixIdentifier |
STIX object identifier | direct |
| hashes | 0..1 HashesType |
Specifies a dictionary of hashes for the file or content | direct |
| size | 0..1 Integer |
Object size in bytes | direct |
| name | 0..1 String |
Human-readable name | direct |
| name_enc | 0..1 String |
Encoding for a name field | direct |
| magic_number_hex | 0..1 String |
Hex magic number | direct |
| mime_type | 0..1 String |
MIME type value | direct |
| ctime | 0..1 Datetime |
Creation time | direct |
| mtime | 0..1 Datetime |
Last modification time | direct |
| atime | 0..1 Datetime |
Last access time | direct |
| parent_directory_ref | 0..1 StixIdentifier |
Parent directory reference | direct |
| contains_refs | * StixIdentifier |
References to contained objects | direct |
| content_ref | 0..1 StixIdentifier |
Referenced content object | direct |
| extensions | * String |
Open-ended extension payloads | direct |
| spec_version | 0..1 SpecVersionEnum |
STIX specification version | CyberObservableCore |
| object_marking_refs | * StixIdentifier |
Marking definition references applied to this object | CyberObservableCore |
| granular_markings | * GranularMarking |
Granular markings that apply to selected content | CyberObservableCore |
| defanged | 0..1 Boolean |
Defines whether or not the data contained within the object has been defanged | CyberObservableCore |
| description | 0..1 String |
Human-readable description | StixEntity |
In Subsets
Comments
- jsonschema_rule: anyOf exactly_one_of_hint: "hashes|name-at-least-one" jsonschema_source: https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/file.json
Notes
- JSON Schema requires at least one of hashes or name.
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/attack
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | attack:File |
| native | attack:File |
| exact | unified_cyber_ontology:File |
LinkML Source
Direct
name: File
description: 'The File Object represents the properties of a file. '
notes:
- JSON Schema requires at least one of hashes or name.
comments:
- 'jsonschema_rule: anyOf exactly_one_of_hint: "hashes|name-at-least-one" jsonschema_source:
https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/file.json'
in_subset:
- observables
from_schema: https://w3id.org/lmodel/attack
exact_mappings:
- unified_cyber_ontology:File
is_a: CyberObservableObject
slots:
- type
- id
- hashes
- size
- name
- name_enc
- magic_number_hex
- mime_type
- ctime
- mtime
- atime
- parent_directory_ref
- contains_refs
- content_ref
- extensions
slot_usage:
id:
name: id
pattern: ^file--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
type:
name: type
pattern: ^file$
contains_refs:
name: contains_refs
comments:
- 'jsonschema_minItems: "1"'
Induced
name: File
description: 'The File Object represents the properties of a file. '
notes:
- JSON Schema requires at least one of hashes or name.
comments:
- 'jsonschema_rule: anyOf exactly_one_of_hint: "hashes|name-at-least-one" jsonschema_source:
https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/file.json'
in_subset:
- observables
from_schema: https://w3id.org/lmodel/attack
exact_mappings:
- unified_cyber_ontology:File
is_a: CyberObservableObject
slot_usage:
id:
name: id
pattern: ^file--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
type:
name: type
pattern: ^file$
contains_refs:
name: contains_refs
comments:
- 'jsonschema_minItems: "1"'
attributes:
type:
name: type
description: STIX object type.
from_schema: https://w3id.org/lmodel/attack
related_mappings:
- unified_cyber_ontology:state
rank: 1000
alias: type
owner: File
domain_of:
- StixEntity
- Bundle
- Core
- CyberObservableCore
- ExtensionDefinition
- LanguageContent
- MarkingDefinition
- File
range: stix_type_name
required: true
pattern: ^file$
id:
name: id
description: STIX object identifier.
from_schema: https://w3id.org/lmodel/attack
related_mappings:
- unified_cyber_ontology:externalReference
rank: 1000
alias: id
owner: File
domain_of:
- StixEntity
- Bundle
- Core
- CyberObservableCore
- ExtensionDefinition
- LanguageContent
- MarkingDefinition
- File
range: stix_identifier
required: true
pattern: ^file--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
hashes:
name: hashes
description: Specifies a dictionary of hashes for the file or content.
from_schema: https://w3id.org/lmodel/attack
exact_mappings:
- unified_cyber_ontology:hashes
rank: 1000
alias: hashes
owner: File
domain_of:
- ExternalReference
- Artifact
- File
- X509Certificate
range: HashesType
size:
name: size
description: Object size in bytes.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: size
owner: File
domain_of:
- File
range: integer
minimum_value: 0
name:
name: name
description: Human-readable name.
from_schema: https://w3id.org/lmodel/attack
exact_mappings:
- unified_cyber_ontology:name
rank: 1000
alias: name
owner: File
domain_of:
- RelatedAsset
- StixEntity
- ExtensionDefinition
- MarkingDefinition
- AutonomousSystem
- File
range: string
name_enc:
name: name_enc
description: Encoding for a name field.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: name_enc
owner: File
domain_of:
- File
range: string
pattern: ^[a-zA-Z0-9/\.+_:-]{2,250}$
magic_number_hex:
name: magic_number_hex
description: Hex magic number.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: magic_number_hex
owner: File
domain_of:
- File
range: string
mime_type:
name: mime_type
description: MIME type value.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: mime_type
owner: File
domain_of:
- Artifact
- File
range: string
ctime:
name: ctime
description: Creation time.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: ctime
owner: File
domain_of:
- Directory
- File
range: datetime
mtime:
name: mtime
description: Last modification time.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: mtime
owner: File
domain_of:
- Directory
- File
range: datetime
atime:
name: atime
description: Last access time.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: atime
owner: File
domain_of:
- Directory
- File
range: datetime
parent_directory_ref:
name: parent_directory_ref
description: Parent directory reference.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: parent_directory_ref
owner: File
domain_of:
- File
range: stix_identifier
contains_refs:
name: contains_refs
description: References to contained objects.
comments:
- 'jsonschema_minItems: "1"'
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: contains_refs
owner: File
domain_of:
- Directory
- File
- ArchiveExt
range: stix_identifier
multivalued: true
content_ref:
name: content_ref
description: Referenced content object.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: content_ref
owner: File
domain_of:
- File
range: stix_identifier
extensions:
name: extensions
description: Open-ended extension payloads.
notes:
- JSON Schema uses patternProperties for extension keys; exact key validation
is delegated to validator tooling.
comments:
- 'jsonschema_rule: patternProperties validator_hint: validate-extension-keys-and-values'
from_schema: https://w3id.org/lmodel/attack
related_mappings:
- unified_cyber_ontology:hasFacet
rank: 1000
alias: extensions
owner: File
domain_of:
- Core
- CyberObservableCore
- MarkingDefinition
- File
range: string
multivalued: true
spec_version:
name: spec_version
description: STIX specification version.
from_schema: https://w3id.org/lmodel/attack
close_mappings:
- unified_cyber_ontology:specVersion
rank: 1000
alias: spec_version
owner: File
domain_of:
- Core
- CyberObservableCore
- MarkingDefinition
range: SpecVersionEnum
object_marking_refs:
name: object_marking_refs
description: Marking definition references applied to this object.
comments:
- 'jsonschema_minItems: "1"'
from_schema: https://w3id.org/lmodel/attack
close_mappings:
- unified_cyber_ontology:objectMarking
rank: 1000
alias: object_marking_refs
owner: File
domain_of:
- Core
- CyberObservableCore
- MarkingDefinition
range: stix_identifier
multivalued: true
granular_markings:
name: granular_markings
description: Granular markings that apply to selected content.
comments:
- 'jsonschema_minItems: "1"'
from_schema: https://w3id.org/lmodel/attack
narrow_mappings:
- unified_cyber_ontology:objectMarking
rank: 1000
alias: granular_markings
owner: File
domain_of:
- Core
- CyberObservableCore
- MarkingDefinition
range: GranularMarking
multivalued: true
defanged:
name: defanged
description: Defines whether or not the data contained within the object has been
defanged.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: defanged
owner: File
domain_of:
- CyberObservableCore
range: boolean
description:
name: description
description: Human-readable description.
from_schema: https://w3id.org/lmodel/attack
close_mappings:
- unified_cyber_ontology:description
rank: 1000
alias: description
owner: File
domain_of:
- RelatedAsset
- MutableElement
- StixEntity
- ExtensionDefinition
- ExternalReference
range: string