Skip to content

Slot: spec_version

STIX specification version.

URI: stix:spec_version Alias: spec_version

Applicable Classes

Name Description Modifies Slot
Grouping A Grouping object explicitly asserts that the referenced STIX Objects have a ... no
UserAccount The User Account Object represents an instance of any type of user account, i... no
Report Reports are collections of threat intelligence focused on one or more topics,... no
EmailMessage The Email Message Object represents an instance of an email message no
Note A Note is a comment or note containing informative text to help explain the c... no
StixDomainObject no
MacAddr The MAC Address Object represents a single Media Access Control (MAC) address no
Relationship The Relationship object is used to link together two SDOs in order to describ... no
Directory The Directory Object represents the properties common to a file system direct... no
Sighting A Sighting denotes the belief that something in CTI (e no
Ipv4Addr The IPv4 Address Object represents one or more IPv4 addresses expressed using... no
Artifact The Artifact Object permits capturing an array of bytes (8-bits), as a base64... no
X509Certificate The X509 Certificate Object represents the properties of an X no
ExtensionDefinition The STIX Extension Definition object allows producers of threat intelligence ... no
StixRelationshipObject no
Url The URL Object represents the properties of a uniform resource locator (URL) no
DomainName The Domain Name represents the properties of a network domain name no
Process The Process Object represents common properties of an instance of a computer ... no
WindowsRegistryKey The Registry Key Object represents the properties of a Windows registry key no
Mutex The Mutex Object represents the properties of a mutual exclusion (mutex) obje... no
AttackPattern Attack Patterns are a type of TTP that describe ways that adversaries attempt... no
ThreatActor Threat Actors are actual individuals, groups, or organizations believed to be... no
Location A Location represents a geographic location no
MarkingDefinition The marking-definition object represents a specific marking yes
ObservedData Observed data conveys information that was observed on systems and networks, ... no
CourseOfAction A Course of Action is an action taken either to prevent an attack or to respo... no
Core Common properties and behavior across all STIX Domain Objects and STIX Relati... yes
AutonomousSystem The AS object represents the properties of an Autonomous Systems (AS) no
Identity Identities can represent actual individuals, organizations, or groups (e no
Vulnerability A Vulnerability is a mistake in software that can be directly used by a hacke... no
Incident The Incident object in STIX 2 no
Opinion An Opinion is an assessment of the correctness of the information in a STIX O... no
CyberObservableCore Common properties and behavior across all Cyber Observable Objects no
MalwareAnalysis Malware Analysis captures the metadata and results of a particular analysis p... no
Infrastructure Infrastructure objects describe systems, software services, and associated ph... no
CyberObservableObject no
EmailAddr The Email Address Object represents a single email address no
IntrusionSet An Intrusion Set is a grouped set of adversary behavior and resources with co... no
Ipv6Addr The IPv6 Address Object represents one or more IPv6 addresses expressed using... no
LanguageContent The language-content object represents text content for STIX Objects represen... no
File The File Object represents the properties of a file no
NetworkTraffic The Network Traffic Object represents arbitrary network traffic that originat... no
Indicator Indicators contain a pattern that can be used to detect suspicious or malicio... no
Malware Malware is a type of TTP that is also known as malicious code and malicious s... no
Tool Tools are legitimate software that can be used by threat actors to perform at... no
Software The Software Object represents high-level properties associated with software... no
Campaign A Campaign is a grouping of adversary behavior that describes a set of malici... no

Properties

Type and Range

Property Value
Range SpecVersionEnum
Domain Of Core, CyberObservableCore, MarkingDefinition

Cardinality and Requirements

Property Value

Identifier and Mapping Information

Schema Source

  • from schema: https://w3id.org/lmodel/stix

Mappings

Mapping Type Mapped Value
self stix:spec_version
native stix:spec_version
close unified_cyber_ontology:specVersion

LinkML Source

name: spec_version
description: STIX specification version.
from_schema: https://w3id.org/lmodel/stix
close_mappings:
- unified_cyber_ontology:specVersion
rank: 1000
alias: spec_version
domain_of:
- Core
- CyberObservableCore
- MarkingDefinition
range: SpecVersionEnum