stix_schema_spy 1.0

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    MTFkNTYzNmFlYzRkNDE4MzZiMmMxZGIwYzdlZTRjOTYzZmIwZDQ2NQ==
+  data.tar.gz: !binary |-
+    NzcwNjNlN2QzYWJlNmRjYmFiNDg2OWJkMTQyZTMyMjMzNzVlYjhiMg==
+SHA512:
+  metadata.gz: !binary |-
+    Y2Q0MTM0Y2U1NGQyOTVlMjA0MTQ4YzNhMjFiNmFhMjA0ODM1NTkwODg3ODQ2
+    ZmUzYmE0ZTJmNTJhMTI1NTgyNTNiYTllMTU4ZTE2ZjM2NjQ1ZmI5NDAzOWIx
+    MWU4ZjhlYWY0ZjcxNmUwZjU5YjY5OWE1YzAzODlkYTBkMmI3OWU=
+  data.tar.gz: !binary |-
+    MjBkNzY1ZGFhOThlMmU4MzkwMDA1MWNjYWVmMGJlMzZlNzg1YjVhZjM2MTlm
+    MmZlZTRjODU1YjZmY2IzNDQ2ZWI2NmIyMTFhZWMxMjM2MzE0NzQzNDQzNzky
+    NjMxYWVhNTU1MmRlMGEyODk3ZDFjYjY4YmNlM2E3YjAzYjVkZDI=

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'http://rubygems.org'
+
+# Specify your gem's dependencies in stix_schema_spy.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,24 @@
+Copyright (c) 2014, The MITRE Corporation
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of The MITRE Corporation nor the 
+      names of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,41 @@
+# StixSchemaSpy
+
+StixSchemaSpy introspects the STIX and CybOX schemas in order to provide a set of Ruby objects that represent them. These can be used to generate code, documentation, or profiles based on the STIX schemas.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'stix_schema_spy'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install stix_schema_spy
+
+## Usage
+
+The easiest way to use the code is to preload all schemas referenced by the current version of STIX:
+
+```
+require 'stix_schema_spy'
+
+StixSchemaSpy::Schema.preload!
+```
+
+You can then use `Schema.find(prefix)` or `Type.find(prefix, type_name)` in order to find specific schemas and types. `Schema.all` and `schema.types` will list all schemas and all types for a given schema, respectively.
+
+A rake task is also available to generate an "uber schema" to validate content against any STIX/CybOX schema. Simply require `stix_schema_spy/util/tasks` and then run `rake stix_schema_spy:generate_schemas[output_dir]`.
+
+Look through the source code and specs for other usage examples.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,3 @@
+require "bundler/gem_tasks"
+require 'nokogiri'
+require 'stix_schema_spy/util/tasks'

data/config/1.0.1/stix/README.md

@@ -0,0 +1,20 @@
+# STIX 
+
+Structured Threat Information eXpression (STIX) is a collaborative community-driven effort to define and develop a standardized language to represent structured cyber threat information. The STIX Language intends to convey the full range of potential cyber threat information and strives to be fully expressive, flexible, extensible, automatable, and as human-readable as possible. All interested parties are welcome to participate in evolving STIX as part of its open, collaborative community.
+
+Please visit the [STIX Web Site](http://stix.mitre.org) for more information about the STIX Language.
+
+The STIX Language operates under the [STIX Terms of Use](http://stix.mitre.org/about/termsofuse.html).
+
+## Cloning the repository
+
+This STIX schemas repository uses [git submodules](http://git-scm.com/book/en/Git-Tools-Submodules) in order to include the CybOX schemas (which are a dependency of the STIX schemas).
+
+A straight `git clone` command will not retrieve these automatically, you'll end up with an empty cybox directory rather than the schemas. To fix this you need to initialize and then update the submodules by running:
+
+    git submodule init
+    git submodule update
+
+Alternatively, using the `--recursive` flag when cloning the repository will automatically initialize and update the submodules.
+
+Finally, any time you see that the cybox directory has been modified (when merging or pulling updates) you will need to run `git submodule update` again to actually update the schemas themselves.

data/config/1.0.1/stix/campaign.xsd

@@ -0,0 +1,210 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:cybox="http://cybox.mitre.org/cybox-2" xmlns:stixCommon="http://stix.mitre.org/common-1" xmlns:campaign="http://stix.mitre.org/Campaign-1" xmlns:marking="http://data-marking.mitre.org/Marking-1" targetNamespace="http://stix.mitre.org/Campaign-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.0.1" xml:lang="English">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org. </xs:documentation>
+		<xs:appinfo>
+			<schema>STIX Campaign</schema>
+			<version>1.0.1</version>
+			<date>10/04/2013 9:00:00 AM</date>
+			<short_description>Structured Threat Information eXpression (STIX) - Campaign - Schematic implementation for the Campaign construct within the STIX structured cyber threat expression language architecture.</short_description>
+			<terms_of_use>Copyright (c) 2012-2013, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/cybox-2" schemaLocation="cybox/cybox_core.xsd"/>
+	<xs:import namespace="http://stix.mitre.org/common-1" schemaLocation="stix_common.xsd"/>
+	<xs:import namespace="http://data-marking.mitre.org/Marking-1" schemaLocation="data_marking.xsd"/>
+	<xs:element name="Campaign" type="campaign:CampaignType">
+		<xs:annotation>
+			<xs:documentation>The Campaign field characterizes a single cyber threat Campaign.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="CampaignType">
+		<xs:annotation>
+			<xs:documentation>The CampaignType characterizes a single cyber threat Campaign.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="stixCommon:CampaignBaseType">
+				<xs:sequence>
+					<xs:element name="Title" type="xs:string" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Title field provides a simple title for this Campaign.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Names" type="campaign:NamesType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Names field specifies Names used to identify this Campaign. These may be either internal or external names.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Intended_Effect" type="stixCommon:StatementType" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>
+								The Intended_Effect field characterizes the intended effect of this cyber threat Campaign.
+							
+								It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is IntendedEffectVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.0.1/stix_default_vocabularies.xsd .
+
+								Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
+							</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Status" type="stixCommon:ControlledVocabularyStringType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>
+								The status of this Campaign. For example, is the Campaign ongoing, historical, future, etc.
+							
+								This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is CampaignStatusType in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.0.1/stix_default_vocabularies.xsd .
+
+								Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
+							</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Related_TTPs" type="campaign:RelatedTTPsType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Related_TTPs field specifies TTPs asserted to be related to this cyber threat Campaign.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Related_Incidents" type="campaign:RelatedIncidentsType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Related_Incidents field identifies or characterizes one or more Incidents related to this cyber threat Campaign. </xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Related_Indicators" type="campaign:RelatedIndicatorsType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Related_Indicators field identifies or characterizes one or more cyber threat Indicators related to this cyber threat Campaign.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Attribution" type="campaign:AttributionType" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>The Attribution field specifies assertions of attibuted Threat Actors for this cyber threat Campaign.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Associated_Campaigns" type="campaign:AssociatedCampaignsType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Associated_Campaigns field specifies other cyber threat Campaigns asserted to be associated with this cyber threat Campaign.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Confidence" type="stixCommon:ConfidenceType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Confidence field characterizes the level of confidence held in the characterization of this Campaign.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Activity" type="stixCommon:ActivityType" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>The Activity field characterizes actions taken in regards to this ThreatActor. This field is defined as of type ActivityType which is an abstract type enabling the extension and inclusion of various formats of Activity characterization.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Information_Source" type="stixCommon:InformationSourceType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Information_Source field details the source of this entry.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Handling" type="marking:MarkingType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Handling field specifies the appropriate data handling markings for the elements of this Campaign. The valid marking scope is the nearest CampaignBaseType ancestor of this Handling element and all its descendants.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+				<xs:attribute name="version" type="campaign:CampaignVersionType">
+					<xs:annotation>
+						<xs:documentation>Specifies the relevant STIX-Campaign schema version for this content.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<!---->
+	<xs:simpleType name="CampaignVersionType">
+		<xs:annotation>
+			<xs:documentation>An enumeration of all versions of the Campaign type valid in the current release of STIX.</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="1.0"/>
+			<xs:enumeration value="1.0.1"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:complexType name="AttributionType">
+		<xs:annotation>
+			<xs:documentation>AttributionType specifies suspected Threat Actors attributed to a given Campaign.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="stixCommon:GenericRelationshipListType">
+				<xs:sequence>
+					<xs:element name="Attributed_Threat_Actor" type="stixCommon:RelatedThreatActorType" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>The Attributed_Threat_Actor field specifies a Threat Actor asserted to be attributed for a Campaign. The specification of multiple ThreatActor entries for a single Attribution entry would be interpreted as a logical AND composition of the set of specified ThreatActors with a shared Confidence and Information Source. This would be used to assert attribution to a combined set of ThreatActors.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<!---->
+	<xs:complexType name="RelatedTTPsType">
+		<xs:complexContent>
+			<xs:extension base="stixCommon:GenericRelationshipListType">
+				<xs:sequence>
+					<xs:sequence>
+						<xs:element name="Related_TTP" type="stixCommon:RelatedTTPType" maxOccurs="unbounded">
+							<xs:annotation>
+								<xs:documentation>The Related_TTP field specifies a single TTP asserted to be related to this cyber threat Campaign.</xs:documentation>
+							</xs:annotation>
+						</xs:element>
+					</xs:sequence>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="NamesType">
+		<xs:sequence>
+			<xs:element name="Name" type="stixCommon:ControlledVocabularyStringType" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>
+						The Name field specifies a Name used to identify this Campaign. This field can be used to capture various aliases used to identify this Campaign.
+					
+						This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for STIX 1.0. Users may either define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a free string field.					
+					</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="RelatedIncidentsType">
+		<xs:complexContent>
+			<xs:extension base="stixCommon:GenericRelationshipListType">
+				<xs:sequence>
+					<xs:sequence>
+						<xs:element name="Related_Incident" type="stixCommon:RelatedIncidentType" maxOccurs="unbounded">
+							<xs:annotation>
+								<xs:documentation>Identifies or characterizes an Incident related to this Campaign. </xs:documentation>
+							</xs:annotation>
+						</xs:element>
+					</xs:sequence>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="RelatedIndicatorsType">
+		<xs:complexContent>
+			<xs:extension base="stixCommon:GenericRelationshipListType">
+				<xs:sequence>
+					<xs:element name="Related_Indicator" type="stixCommon:RelatedIndicatorType" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>The Related_Indicator field identifies or characterizes a cyber threat Indicator related to this Campaign. Such loose associations between Campaigns and Indicators are typically part of the early phases of Campaign identification and characterization. As the Campaign characterization matures these associations are often used to identify relevant TTPs and/or Incidents associated with the Campaign.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="AssociatedCampaignsType">
+		<xs:complexContent>
+			<xs:extension base="stixCommon:GenericRelationshipListType">
+				<xs:sequence>
+					<xs:element name="Associated_Campaign" type="stixCommon:RelatedCampaignType" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>The Associated_Campaign field specifies a single other cyber threat Campaign asserted to be associated with this cyber threat Campaign.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+</xs:schema>

data/config/1.0.1/stix/course_of_action.xsd

@@ -0,0 +1,166 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:coa="http://stix.mitre.org/CourseOfAction-1" xmlns:stixCommon="http://stix.mitre.org/common-1" xmlns:marking="http://data-marking.mitre.org/Marking-1" targetNamespace="http://stix.mitre.org/CourseOfAction-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.0.1" xml:lang="English">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org. </xs:documentation>
+		<xs:appinfo>
+			<schema>STIX COA</schema>
+			<version>1.0.1</version>
+			<date>10/04/2013 9:00:00 AM</date>
+			<short_description>Structured Threat Information eXpression (STIX) - COA - Schematic implementation for the CourseOfAction construct within the STIX structured cyber threat expression language architecture.</short_description>
+			<terms_of_use>Copyright (c) 2012-2013, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://stix.mitre.org/common-1" schemaLocation="stix_common.xsd"/>
+	<xs:import namespace="http://data-marking.mitre.org/Marking-1" schemaLocation="data_marking.xsd"/>
+	<xs:element name="Course_Of_Action" type="coa:CourseOfActionType">
+		<xs:annotation>
+			<xs:documentation>The CourseOfAction field characterizes a Course of Action to be taken in regards to one of more cyber threats. NOTE: This construct is still in its early stages of maturity and will require a good deal of review and refinement.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="CourseOfActionType">
+		<xs:annotation>
+			<xs:documentation>The CourseOfActionType characterizes a Course of Action to be taken in regards to one of more cyber threats. NOTE: This construct is still in its early stages of maturity and will require a good deal of review and refinement.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="stixCommon:CourseOfActionBaseType">
+				<xs:sequence>
+					<xs:element name="Title" type="xs:string" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Title field provides a simple title for this CourseOfAction.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Stage" type="stixCommon:ControlledVocabularyStringType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>
+								The Stage field specifies what stage in the cyber threat management lifecycle this CourseOfAction is relevant to (e.g. Remedy or Reponse).
+							
+								This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is COAStageVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.0.1/stix_default_vocabularies.xsd .
+
+								Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
+							</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Type" type="stixCommon:ControlledVocabularyStringType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>
+								The Type field specifies the type of this CourseOfAction.
+							
+								This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for STIX 1.0. Users may either define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a free string field.
+							</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Description element is optional and enables a generalized but structured description of this CourseOfAction.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Objective" type="coa:ObjectiveType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Objective field characterizes the objective of this CourseOfAction.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Structured_COA" type="coa:StructuredCOAType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>
+								The Structured_COA field enables the specification of an actionable structured representation for the CourseOfAction potentially for automated consumption and implementation.
+
+								This field is implemented through the xsi:type extension mechanism. While STIX has not defined a default type, it has provided support for passing proprietary or externally defined structured courses of action using the Generic Structured COA extension. The Generic Structured COA extension is captured in the GenericStructuredCOAType in the http://stix.mitre.org/extensions/StructuredCOA#Generic-1 namespace. This type is defined in the extensions/structured_coa/generic.xsd file or at the URL http://stix.mitre.org/XMLSchema/extensions/structured_coa/generic/1.0/generic.xsd.
+							</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Impact" type="stixCommon:StatementType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>
+								The Impact field characterizes the estimated impact of applying this CourseOfAction.
+
+								It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is HighMediumLowVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.0.1/stix_default_vocabularies.xsd .
+
+								Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
+							</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Cost" type="stixCommon:StatementType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>
+								The Cost field characterizes the estimated cost for applying this CourseOfAction.
+
+								It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is HighMediumLowVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.0.1/stix_default_vocabularies.xsd .
+
+								Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
+							</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Efficacy" type="stixCommon:StatementType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>
+								The Efficacy field characterizes the effectiveness of this CourseOfAction in achieving its targeted Objective.
+
+								It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is HighMediumLowVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.0.1/stix_default_vocabularies.xsd .
+
+								Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
+							</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Handling" type="marking:MarkingType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Handling field specifies the appropriate data handling markings for the elements of this COA. The valid marking scope is the nearest CourseOfActionBaseType ancestor of this Handling element and all its descendants.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+				<xs:attribute name="version" type="coa:CourseOfActionVersionType">
+					<xs:annotation>
+						<xs:documentation>Specifies the relevant STIX-COA schema version for this content.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<!---->
+	<xs:simpleType name="CourseOfActionVersionType">
+		<xs:annotation>
+			<xs:documentation>An enumeration of all versions of the Course of Action type valid in the current release of STIX.</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="1.0"/>
+			<xs:enumeration value="1.0.1"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:complexType name="StructuredCOAType" abstract="true">
+		<xs:annotation>
+			<xs:documentation>
+				The StructuredCOAType enables the specification of an actionable structured representation for the CourseOfAction potentially for automated consumption and implementation. 
+
+				This type is defined as an abstract type and is intended to be extended using the XML Schema extension mechanism to allow for the expression of a variety of structured COA types. Instance documents representing structured COAs use the xsi:type attribute to specify which implementation of this type they wish to use.
+
+				STIX has provided one implementation to allow for the passing of proprietary or externally defined structured courses of action in a CDATA block. This implementation is captured in the Generic Structured COA extension, which provides the GenericStructuredCOAType in the http://stix.mitre.org/extensions/StructuredCOA#Generic-1 namespace. The extension is defined in the extensions/structured_coa/generic.xsd file or at the URL http://stix.mitre.org/XMLSchema/extensions/structured_coa/generic/1.0/generic.xsd.
+			</xs:documentation>
+		</xs:annotation>
+		<xs:attribute name="id" type="xs:QName">
+			<xs:annotation>
+				<xs:documentation>Specifies a unique ID for this StructuredCOA.</xs:documentation>
+			</xs:annotation>
+		</xs:attribute>
+		<xs:attribute name="idref" type="xs:QName">
+			<xs:annotation>
+				<xs:documentation>Specifies a reference to the ID for this StructuredCOA specified elsewhere.</xs:documentation>
+			</xs:annotation>
+		</xs:attribute>
+	</xs:complexType>
+	<xs:complexType name="ObjectiveType">
+		<xs:annotation>
+			<xs:documentation>The ObjectiveType characterizes the objective of this CourseOfAction.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Description element is optional and enables a generalized description of the objective of this CourseOfAction.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Applicability_Confidence" type="stixCommon:ConfidenceType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Applicability_Confidence field characterizes the level of confidence held in the applicability of this suggested COA for its targeted Objective.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+</xs:schema>