diff --git a/lists/alexa/list.json b/lists/alexa/list.json
index a19fe08..20243ab 100644
--- a/lists/alexa/list.json
+++ b/lists/alexa/list.json
@@ -1005,7 +1005,8 @@
     "hostname",
     "domain"
   ],
+  "type": "hostname",
   "name": "Top 1000 website from Alexa",
-  "version": 20170212,
+  "version": 20171222,
   "description": "Event contains one or more entries from the top 1000 of the most used website (Alexa)."
 }
diff --git a/lists/eicar.com/list.json b/lists/eicar.com/list.json
index a4a3fb0..4e752c3 100644
--- a/lists/eicar.com/list.json
+++ b/lists/eicar.com/list.json
@@ -1,6 +1,6 @@
 {
   "name": "List of hashes for EICAR test virus",
-  "version": 1,
+  "version": 2,
   "description": "Event contains one or more entries based on hashes for EICAR test virus",
   "matching_attributes": [
     "md5",
@@ -12,6 +12,7 @@
     "filename|sha256",
     "filename|sha512"
   ],
+  "type": "string",
   "list": [
     "44d88612fea8a8f36de82e1278abb02f",
     "6ce6f415d8475545be5ba114f208b0ff",
diff --git a/lists/empty-hashes/list.json b/lists/empty-hashes/list.json
index 0b050df..ba9a927 100644
--- a/lists/empty-hashes/list.json
+++ b/lists/empty-hashes/list.json
@@ -1,6 +1,6 @@
 {
   "name": "List of known hashes for empty files",
-  "version": 1,
+  "version": 2,
   "description": "Event contains one or more entries of empty files based on known hashed",
   "matching_attributes": [
     "md5",
@@ -14,6 +14,7 @@
     "filename|sha256",
     "filename|sha512"
   ],
+  "type": "string",
   "list": [
     "d41d8cd98f00b204e9800998ecf8427e",
     "da39a3ee5e6b4b0d3255bfef95601890afd80709",
diff --git a/lists/google/list.json b/lists/google/list.json
index b728b7d..5a96a17 100644
--- a/lists/google/list.json
+++ b/lists/google/list.json
@@ -1,7 +1,8 @@
 {
   "name": "List of known google domains",
-  "version": 3,
+  "version": 4,
   "description": "Event contains one or more entries of known google domains",
+  "type": "hostname",
   "matching_attributes": [
     "domain",
     "hostname",
diff --git a/lists/ipv6-linklocal/list.json b/lists/ipv6-linklocal/list.json
index 5fba393..c1a21bf 100644
--- a/lists/ipv6-linklocal/list.json
+++ b/lists/ipv6-linklocal/list.json
@@ -2,15 +2,13 @@
   "list": [
     "FE80::/10"
   ],
-  "type": [
-    "cidr"
-  ],
+  "type": "cidr",
   "matching_attributes": [
     "ip-src",
     "ip-dst",
     "domain|ip"
   ],
   "description": "Event contains one or more entries part of the IPv6 link local prefix (RFC 4291)",
-  "version": 1,
+  "version": 2,
   "name": "List of IPv6 link local blocks"
 }
diff --git a/lists/microsoft-office365/list.json b/lists/microsoft-office365/list.json
index c5cdfb8..a56c429 100644
--- a/lists/microsoft-office365/list.json
+++ b/lists/microsoft-office365/list.json
@@ -1519,7 +1519,8 @@
   ],
   "name": "List of known Office 365 URLs and IP address ranges",
   "description": "Office 365 URLs and IP address ranges",
-  "version": 20170212,
+  "version": 20171222,
+  "type": "hostname",
   "matching_attributes": [
     "ip-src",
     "ip-dst",
diff --git a/lists/microsoft/list.json b/lists/microsoft/list.json
index bec2fbb..109a3a6 100644
--- a/lists/microsoft/list.json
+++ b/lists/microsoft/list.json
@@ -1,12 +1,13 @@
 {
   "name": "List of known microsoft domains",
-  "version": 1,
+  "version": 2,
   "description": "Event contains one or more entries of known microsoft domains",
   "matching_attributes": [
     "domain",
     "hostname",
     "domain|ip"
   ],
+  "type": "hostname",
   "list": [
     ".files-df.1drv.com",
     ".files.1drv.com",
diff --git a/lists/multicast/list.json b/lists/multicast/list.json
index f3e8380..d217a8b 100644
--- a/lists/multicast/list.json
+++ b/lists/multicast/list.json
@@ -17,15 +17,13 @@
     "238.0.0.0/8",
     "239.0.0.0/8"
   ],
-  "type": [
-    "cidr"
-  ],
+  "type": "cidr",
   "matching_attributes": [
     "ip-src",
     "ip-dst",
     "domain|ip"
   ],
   "description": "Event contains one or more entries part of the RFC 5771 multicast CIDR blocks",
-  "version": 2,
+  "version": 3,
   "name": "List of RFC 5771 multicast CIDR blocks"
 }
diff --git a/lists/public-dns-hostname/list.json b/lists/public-dns-hostname/list.json
index 8e13902..177b485 100644
--- a/lists/public-dns-hostname/list.json
+++ b/lists/public-dns-hostname/list.json
@@ -25347,9 +25347,7 @@
     "url",
     "domain|ip"
   ],
-  "type": [
-    "hostname"
-  ],
+  "type": "hostname",
   "name": "List of known public DNS resolvers expressed as hostname",
-  "version": 20171223
+  "version": 20171224
 }
diff --git a/lists/public-dns-v4/list.json b/lists/public-dns-v4/list.json
index 6664999..6f06949 100644
--- a/lists/public-dns-v4/list.json
+++ b/lists/public-dns-v4/list.json
@@ -40654,6 +40654,7 @@
     "ip-dst",
     "domain|ip"
   ],
+  "type": "string",
   "name": "List of known IPv4 public DNS resolvers",
-  "version": 20171222
+  "version": 20171223
 }
diff --git a/lists/public-dns-v6/list.json b/lists/public-dns-v6/list.json
index 60a71df..37996a5 100644
--- a/lists/public-dns-v6/list.json
+++ b/lists/public-dns-v6/list.json
@@ -278,6 +278,7 @@
     "ip-dst",
     "domain|ip"
   ],
+  "type": "string",
   "name": "List of known IPv6 public DNS resolvers",
-  "version": 20170212
+  "version": 20171222
 }
diff --git a/lists/rfc1918/list.json b/lists/rfc1918/list.json
index b476880..b5e5602 100644
--- a/lists/rfc1918/list.json
+++ b/lists/rfc1918/list.json
@@ -4,15 +4,13 @@
     "172.16.0.0/12",
     "192.168.0.0/16"
   ],
-  "type": [
-    "cidr"
-  ],
+  "type": "cidr",
   "matching_attributes": [
     "ip-src",
     "ip-dst",
     "domain|ip"
   ],
   "description": "Event contains one or more entries part of the RFC 1918 CIDR blocks",
-  "version": 2,
+  "version": 3,
   "name": "List of RFC 1918 CIDR blocks"
 }
diff --git a/lists/rfc3849/list.json b/lists/rfc3849/list.json
index 279ce08..1ae0a89 100644
--- a/lists/rfc3849/list.json
+++ b/lists/rfc3849/list.json
@@ -2,15 +2,13 @@
   "list": [
     "2001:DB8::/32"
   ],
-  "type": [
-    "cidr"
-  ],
+  "type": "cidr",
   "matching_attributes": [
     "ip-src",
     "ip-dst",
     "domain|ip"
   ],
   "description": "Event contains one or more entries part of the IPv6 documentation prefix (RFC 3849)",
-  "version": 2,
+  "version": 3,
   "name": "List of RFC 3849 CIDR blocks"
 }
diff --git a/lists/rfc5735/list.json b/lists/rfc5735/list.json
index 31ea5af..dea9ef0 100644
--- a/lists/rfc5735/list.json
+++ b/lists/rfc5735/list.json
@@ -16,15 +16,13 @@
     "240.0.0.0/4",
     "255.255.255.255/32"
   ],
-  "type": [
-    "cidr"
-  ],
+  "type": "cidr",
   "matching_attributes": [
     "ip-src",
     "ip-dst",
     "domain|ip"
   ],
   "description": "Event contains one or more entries part of the RFC 5735 CIDR blocks - Special Use IPv4 Addresses",
-  "version": 2,
+  "version": 3,
   "name": "List of RFC 5735 CIDR blocks"
 }
diff --git a/lists/rfc6598/list.json b/lists/rfc6598/list.json
index 3d78a48..0863ee1 100644
--- a/lists/rfc6598/list.json
+++ b/lists/rfc6598/list.json
@@ -2,15 +2,13 @@
   "list": [
     "100.64.0.0/10"
   ],
-  "type": [
-    "cidr"
-  ],
+  "type": "cidr",
   "matching_attributes": [
     "ip-src",
     "ip-dst",
     "domain|ip"
   ],
   "description": "Event contains one or more entries part of the RFC 6598 CIDR blocks - Special Use IPv4 Addresses",
-  "version": 2,
+  "version": 3,
   "name": "List of RFC 6598 CIDR blocks"
 }
diff --git a/lists/second-level-tlds/list.json b/lists/second-level-tlds/list.json
index 859a875..37c9250 100644
--- a/lists/second-level-tlds/list.json
+++ b/lists/second-level-tlds/list.json
@@ -6469,6 +6469,7 @@
     "domain",
     "domain|ip"
   ],
+  "type": "substring",
   "name": "Second level TLDs as known by Mozilla Foundation",
-  "version": 2
+  "version": 3
 }
diff --git a/lists/tlds/list.json b/lists/tlds/list.json
index 94f0077..6b7f8b1 100644
--- a/lists/tlds/list.json
+++ b/lists/tlds/list.json
@@ -1296,7 +1296,8 @@
     "domain",
     "domain|ip"
   ],
+  "type": "substring",
   "description": "Event contains one or more TLDs as attribute with an IDS flag set",
-  "version": 2,
+  "version": 3,
   "name": "TLDs as known by IANA"
 }
diff --git a/lists/url-shortener/list.json b/lists/url-shortener/list.json
index 2d07293..2f92d57 100644
--- a/lists/url-shortener/list.json
+++ b/lists/url-shortener/list.json
@@ -1,6 +1,6 @@
 {
   "name": "List of known URL Shorteners domains",
-  "version": 4,
+  "version": 5,
   "description": "Event contains one or more entries of known Shorteners domains",
   "matching_attributes": [
     "domain",
@@ -9,9 +9,7 @@
     "url",
     "uri"
   ],
-  "type": [
-    "hostname"
-  ],
+  "type": "hostname",
   "list": [
     "1url.com",
     "adcraft.co",
diff --git a/lists/whats-my-ip/list.json b/lists/whats-my-ip/list.json
index 0a95df7..a4d606a 100644
--- a/lists/whats-my-ip/list.json
+++ b/lists/whats-my-ip/list.json
@@ -1,6 +1,6 @@
 {
   "name": "List of known domains to know external IP",
-  "version": 2,
+  "version": 3,
   "description": "Event contains one or more entries of known 'what's is my ip' domains",
   "matching_attributes": [
     "domain",
@@ -9,6 +9,7 @@
     "uri",
     "url"
   ],
+  "type": "hostname",
   "list": [
     "2ip.ru",
     "2ip.tools",
diff --git a/schema.json b/schema.json
index 4148e33..0b97463 100644
--- a/schema.json
+++ b/schema.json
@@ -22,11 +22,13 @@
       }
     },
     "type": {
-      "type": "array",
-      "uniqueItems": true,
-      "items": {
-        "type": "string"
-      }
+      "type": "string",
+      "enum": [
+        "string",
+        "substring",
+        "hostname",
+        "cidr"
+      ]
     },
     "matching_attributes": {
       "type": "array",
@@ -40,6 +42,7 @@
     "list",
     "description",
     "version",
-    "name"
+    "name",
+    "type"
   ]
 }