Data Types

Caption	Name	Description
Boolean	`boolean_t`	Boolean value. One of `true` or `false`.
Byte String	`bytestring_t` (Base: `string_t`)	Base 64 encoded immutable byte sequence. Traditional Base 64 is preferred but publishers may use URL-safe Base 64 when known to be acceptable to consumers. These encodings are described in RFC 4648. Constraints Regex: `^(?:(?:[A-Za-z0-9+/]4)(?:[A-Za-z0-9+/]2==\|[A-Za-z0-9+/]3=)\|(?:[A-Za-z0-9_-]4)(?:[A-Za-z0-9_-]2==\|[A-Za-z0-9_-]3=))?$`
Datetime	`datetime_t` (Base: `string_t`)	The Internet Date/Time format as defined in RFC-3339. For example:`2024-09-10T23:20:50.520Z`,`2024-09-10 23:20:50.520789Z`. Constraints Regex: `^\d4-\d2-\d2[Tt]\d2:\d2:\d2(?:.\d+)?([Zz]\|[+-]\d2:\d2)?$`
Email Address	`email_t` (Base: `string_t`)	Email address. For example:`[email protected]`. Constraints Regex: ^[a-zA-Z0-9!#$%&'*+-/=?^_`\|~.]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$
Hash	`file_hash_t` (Base: `string_t`)	Hash. A unique value that corresponds to the content of the file, image, ja3_hash or hassh found in the schema. For example: MD5: `3172ac7e2b55cbb81f04a6e65855a628`. Constraints Regex: `^[a-fA-F0-9]+$`
File Name	`file_name_t` (Base: `string_t`)	File name. For example:`text-file.txt`.
File Path	`file_path_t` (Base: `string_t`)	The full path to the file. For example: For example:`c:\windows\system32\svchost.exe`.
Float	`float_t`	Real floating-point value. For example:`3.14`.
Hostname	`hostname_t` (Base: `string_t`)	Unique name assigned to a device connected to a computer network. It may be a fully qualified domain name (FQDN). For example:`r2-d2.example.com.`,`mx.example.com`
Integer	`integer_t`	Signed integer value.
IP Address	`ip_t` (Base: `string_t`)	Internet Protocol address (IP address), in either IPv4 or IPv6 format. For example:`192.168.200.24`, `2001:0db8:85a3:0000:0000:8a2e:0370:7334`. Constraints Max Length: 40 Regex: ((^\s((([0-9]\|[1-9][0-9]\|1[0-9]2\|2[0-4][0-9]\|25[0-5]).)3([0-9]\|[1-9][0-9]\|1[0-9]2\|2[0-4][0-9]\|25[0-5]))\s$)\|(^\s((([0-9A-Fa-f]1,4:)7([0-9A-Fa-f]1,4\|:))\|(([0-9A-Fa-f]1,4:)6(:[0-9A-Fa-f]1,4\|((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d))3)\|:))\|(([0-9A-Fa-f]1,4:)5(((:[0-9A-Fa-f]1,4)1,2)\|:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d))3)\|:))\|(([0-9A-Fa-f]1,4:)4(((:[0-9A-Fa-f]1,4)1,3)\|((:[0-9A-Fa-f]1,4)?:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d))3))\|:))\|(([0-9A-Fa-f]1,4:)3(((:[0-9A-Fa-f]1,4)1,4)\|((:[0-9A-Fa-f]1,4)0,2:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d))3))\|:))\|(([0-9A-Fa-f]1,4:)2(((:[0-9A-Fa-f]1,4)1,5)\|((:[0-9A-Fa-f]1,4)0,3:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d))3))\|:))\|(([0-9A-Fa-f]1,4:)1(((:[0-9A-Fa-f]1,4)1,6)\|((:[0-9A-Fa-f]1,4)0,4:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d))3))\|:))\|(:(((:[0-9A-Fa-f]1,4)1,7)\|((:[0-9A-Fa-f]1,4)0,5:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d))3))\|:)))(%.+)?\s$))
JSON	`json_t`	Embedded JSON value. A value can be a string, or a number, or true or false or null, or an object or an array. These structures can be nested. See www.json.org.
Long	`long_t`	8-byte long, signed integer value.
MAC Address	`mac_t` (Base: `string_t`)	Media Access Control (MAC) address. For example:`18:36:F3:98:4F:9A`. Constraints Max Length: 32 Regex: `^([0-9A-Fa-f]2[:-])5([0-9A-Fa-f]2)$`
Port	`port_t` (Base: `integer_t`)	The TCP/UDP port number. For example:`80`,`22`. Constraints Between 0 and 65535
Process Name	`process_name_t` (Base: `string_t`)	Process name. For example:`Notepad`.
Resource UID	`resource_uid_t` (Base: `string_t`)	Resource unique identifier. For example, S3 Bucket name or EC2 Instance ID.
String	`string_t`	UTF-8 encoded byte sequence.
Subnet	`subnet_t` (Base: `string_t`)	The subnet represented in a CIDR notation, using the format network_address/prefix_length. The network_address can be in either IPv4 or IPv6 format. The prefix length indicates the number of bits used for the network portion, and the remaining bits are available for host addresses within that subnet. For example:`192.168.1.0/24`,`2001:0db8:85a3:0000::/64` Constraints Max Length: 42
Timestamp	`timestamp_t` (Base: `long_t`)	The timestamp format is the number of milliseconds since the Epoch 01/01/1970 00:00:00 UTC. For example:`1618524549901`.
URL String	`url_t` (Base: `string_t`)	Uniform Resource Locator (URL) string. For example:`http://www.example.com/download/trouble.exe`.
User Name	`username_t` (Base: `string_t`)	User name. For example:`john_doe`.
UUID	`uuid_t` (Base: `string_t`)	128-bit universal unique identifier. For example:`123e4567-e89b-12d3-a456-42661417400`. Constraints Regex: `[0-9a-fA-F]8-[0-9a-fA-F]4-[0-9a-fA-F]4-[0-9a-fA-F]4-[0-9a-fA-F]12`
Registry Key Path	`reg_key_path_t` (Base: `string_t`)	Full path of registry key.

This page describes qdm-1.5.1+ocsf-1.6.0

Constraints

Constraints

Constraints

Constraints

Constraints

Constraints

Constraints

Constraints

Constraints