Cyber Observable eXpression (CybOX) is a standardized language for representing cyber observables, whether dynamic events or stateful properties that are observable in the operational cyber domain. It is an open-source community effort.
CybOX is not targeted at a single cyber security use case but rather is intended to be flexible enough to offer a common solution for all cyber security use cases requiring the ability to deal with cyber observables. It is also intended to be flexible enough to allow both the high-fidelity description of instances of cyber observables that have been measured in an operational context as well as more abstract patterns for potential observables that may be targets for observation and analysis apriori.
- Mitre, "Cyber Observable eXpression — CybOXTM" (full-text).