STIX Elements and Fields

The following table lists STIX-enabled resources along with the corresponding STIX, MAEC, and CybOX elements visible in the response:

Resource	Element	Fields
Get Samples (Search Samples and Sessions)	cybox:Observables Observables are events or stateful properties such as the value of a registry key, deletion of a file, or the receipt of an HTTP GET.	cybox:Observable cybox:Description cybox:Object cybox:Properties
Get Sessions (Search Samples and Sessions)	stix:Incident Incidents are discrete instances of observable patterns affecting an organization; it includes information discovered during an incident response investigation.	incident:Description incident:Victim incident:Related_Observables
Get Sample Analysis	ttp:MalwareType TTPs (Tactics, Techniques, and Procedures) represent adversarial behavior, such as potentially targeted victims, attack patterns and malware, leveraged resources (infrastructure, tools, personas).	ttp:Title ttp:Description ttp:Behavior ttp:Malware ttp:Malware_Instance maecPackage:MAEC_Package maecPackage:Malware_Subjects - maecPackage:Malware_Subject
Get Tags	stix:Indicator Indicators convey specific observable patterns combined with contextual information. They represent artifacts and behaviors of interest.	indicator:Title indicator:Description indicator:Short_Description indicator:Sightings indicator:Producer stixCommon:Description stixCommon:Identity stixCommon:Name
Get Tag Details	stix:Indicator	indicator:Title indicator:Description indicator:Short_Description indicator:Composite_Indicator_Expression indicator:Indicator indicator:Sightings indicator:Producer

Document:AutoFocus™ API References