The first and most important step to getting started with CybOX is to understand why it was developed, what problems it is designed to solve, and how you can use it to solve those problems. The About CybOX page is a great start to understanding this.
In CybOX 2.1, the data model is represented as an XML Schema. The CybOX schemas define the canonical CybOX data model and the only official way to share CybOX information is through XML instance documents that conform to these schemas.
If you’re an XML person, now would be a good time to download the schemas. To do so, visit the CybOX Releases page and choose which bundle of content you want to download. The recommended download is the All Files (Offline) bundle. It contains all the CybOX schemas, and all extension/external schemas. In other words, everything you need to validate CybOX instance documents. We do not suggest using the schemas from this GitHub schemas repository unless you know what you’re doing: these are development versions and are not optimized for ease of use.
In either case, the schema documentation is available both for those of you that aren’t as familiar with XML Schema and those that are but don’t want to have to pour through XML. This documentation is available on the CybOX Releases page, under the “Documentation” column.
If you’re like many people, there’s no substitute for good sample data when working with a new language or tool. The CybOX project provides a set of samples for just that reason, containing short, use-case driven examples.
Once you understand the core concepts of how CybOX works and have either the schemas or the documentation so you can look up any data model questions, there are a couple options of where to look next: