Guides

Data Types

Suggest Edits
Caption Name Description
Boolean boolean_t

Boolean value. One of true or false.
Byte String bytestring_t

(Base: string_t)

Base64 encoded immutable byte sequence.
Datetime datetime_t

(Base: string_t)

The Internet Date/Time format as defined in RFC-3339. For example 1985-04-12T23:20:50.52Z.

Constraints

  • Regex: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(Z|[\+-]\d{2}:\d{2})?$
Email Address email_t

(Base: string_t)

Email address. For example: [email protected].

🚧 WARNING: DEPRECATED

Email Address has been deprecated since 1.2.0. Deprecated in upgrade from qdm-1.1.0 to qdm-1.2.0

Constraints

  • Regex: ^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$
Hash file_hash_t

(Base: string_t)

Hash. A unique value that corresponds to the content of the file, image, ja3_hash or hassh found in the schema. For example MD5: 3172ac7e2b55cbb81f04a6e65855a628.

Constraints

  • Max Length: 64
File Name file_name_t

(Base: string_t)

File name. For example: text-file.txt.
Float float_t

Real floating-point value. For example: 3.14.
Hostname hostname_t

(Base: string_t)

Unique name assigned to a device connected to a computer network. A domain name in general is an Internet address that can be resolved through the Domain Name System (DNS). For example: r2-d2.example.com.

Constraints

  • Regex: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$
Integer integer_t

Signed integer value.
IP Address ip_t

(Base: string_t)

Internet Protocol address (IP address), in either IPv4 or IPv6 format. For example, 192.168.200.24 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

Constraints

  • Max Length: 40

  • Regex: ((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$))
JSON json_t

Embedded JSON value. A value can be a string, or a number, or true or false or null, or an object or an array. These structures can be nested. See www.json.org.
Long long_t

8-byte long, signed integer value.
MAC Address mac_t

(Base: string_t)

Media Access Control (MAC) address. For example: 18:36:F3:98:4F:9A.

Constraints

  • Max Length: 32

  • Regex: ^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$
Object object_t

Object is an unordered set of name/value pairs. For example: {ip: 92.24.47.250, type: IP Address}

🚧 WARNING: DEPRECATED

Object has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
Path Name path_t

(Base: string_t)

File or folder full path name. For example: /home/user/tmp/text-file.txt.

🚧 WARNING: DEPRECATED

Path Name has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0

Constraints

  • Regex: ^[\pL0-9_]+[\pL0-9 ~!@#%&*\-./_]*$
Port port_t

(Base: integer_t)

The TCP/UDP port number. For example: 80 or 22.

Constraints

  • Between 0 and 65535
Process Name process_name_t

(Base: string_t)

Process name. For example: Notepad.
Resource UID resource_uid_t

(Base: string_t)

Resource unique identifier. For example, S3 Bucket name or EC2 Instance ID.

Constraints

  • Max Length: 64
String string_t

UTF-8 encoded byte sequence.

Constraints

  • Max Length: 65535
Subnet subnet_t

(Base: string_t)

The subnet represented in a CIDR notation, using the format network_address/prefix_length. The network_address can be in either IPv4 or IPv6 format. The prefix length indicates the number of bits used for the network portion, and the remaining bits are available for host addresses within that subnet.

For example:
  • 192.168.1.0/24
  • 2001:0db8:85a3:0000::/64

Constraints

  • Max Length: 42
Timestamp timestamp_t

(Base: long_t)

The timestamp format is the number of milliseconds since the Epoch 01/01/1970 00:00:00 UTC. For example 1618524549901.
URL String url_t

(Base: string_t)

Uniform Resource Locator (URL) string. For example: http://www.example.com/download/trouble.exe.
User Name username_t

(Base: string_t)

User name. For example: john_doe.
UUID uuid_t

(Base: string_t)

128-bit universal unique identifier. For example: 123e4567-e89b-12d3-a456-42661417400.

Constraints

  • Regex: [0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}

This page describes qdm-1.3.2+ocsf-1.3.0

Updated 6 months ago