If you are in need of a schema which is not mentioned here, or if you want to change an existing schema, please make a proposal to the mailinglist or have a look at the github repository.
This schema is specially defined for all kinds of abusive login attacks.
(Example: http://www.x-arf.org/examples/ssh-report.txt | .eml-File)
A report for an abusive attack carried out by a malware.
Fraud (Phishing, etc.)
A report schema for informational report about an ip address which is
(de-)listed on a dnsbl.