Version 2.0 of the MAEC core schema represents a significant set of changes to improve the expressiveness of the schema, particularly in terms of profiling actions performed by malware
and the objects that are associated with these actions, and as such is not backwards compatible with MAEC 1.x. MAEC 2.0 imports and utilizes components of version 0.7 of theCyber
Observables Expression (CybOX™)Schema, where appropriate. Specific changes for Version 2.0 are listed in thePrevious
Version Differences Reportsection of theMAEC Version 2.0 page.
I encourage you to take a look at the new examples (also on the MAEC 2.0 release page) to get a sense of the changes and added capabilities.
Please post any questions or comments regarding this new version to this thread. Also, expect more discussion topics and activity on this list in the near future.