stix_schema_spy 1.0 → 1.1

data/config/1.1.1/stix/cybox/objects/Win_Registry_Key_Object.xsd

@@ -0,0 +1,290 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinRegistryKeyObj="http://cybox.mitre.org/objects#WinRegistryKeyObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:WinHandleObj="http://cybox.mitre.org/objects#WinHandleObject-2" targetNamespace="http://cybox.mitre.org/objects#WinRegistryKeyObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Registry_Key_Object</schema>
+			<version>2.1</version>
+			<date>01/22/2014</date>			
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#WinHandleObject-2" schemaLocation="Win_Handle_Object.xsd"/>
+	<xs:element name="Windows_Registry_Key" type="WinRegistryKeyObj:WindowsRegistryKeyObjectType">
+		<xs:annotation>
+			<xs:documentation>Windows_Registry_Key object characterizes windows registry objects, including Keys and Key/Value pairs. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms724871(v=vs.85).aspx.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsRegistryKeyObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsRegistryObjectType type is intended to characterize Windows registry objects, including Keys and Key/Value pairs.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="cyboxCommon:ObjectPropertiesType">
+				<xs:sequence>
+					<xs:element name="Key" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Key field specifies the full key to the Windows registry object, not including the hive.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Hive" type="WinRegistryKeyObj:RegistryHiveType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Hive field specifies the Windows registry hive to which the registry object belongs to.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Number_Values" type="cyboxCommon:UnsignedIntegerObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Number_Values field specifies the number of values found in the registry key.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Values" type="WinRegistryKeyObj:RegistryValuesType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Values field specifies the values (with their name/data pairs) held within the registry key.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Modified_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Modified_Time field specifies the last date/time that the registry object was modified.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Creator_Username" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Creator_Username field specifies the name of the user who created the registry object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Handle_List" type="WinHandleObj:WindowsHandleListType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Handle_List field specifies a list of open Handles for this registry object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Number_Subkeys" type="cyboxCommon:UnsignedIntegerObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Number_Subkeys field specifies the number of subkeys contained under the registry key.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Subkeys" type="WinRegistryKeyObj:RegistrySubkeysType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Subkeys field specifies the set of subkeys contained under the registry key.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Byte_Runs" type="cyboxCommon:ByteRunsType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Byte_Runs field contains a list of byte runs from the raw registry.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="RegistryValueType">
+		<xs:annotation>
+			<xs:documentation>The RegistryValueType type is intended to characterize Windows registry Value name/data pairs.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Name field specifies the name of the registry value. For specifying the default value in a registry key, an empty string should be used. </xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Data" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Data field specifies the data contained in the registry value.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Datatype" type="WinRegistryKeyObj:RegistryDatatypeType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Datatype field specifies the registry (REG_*) datatype used in the registry value.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Byte_Runs" type="cyboxCommon:ByteRunsType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Byte_Runs field contains a list of byte runs from the raw registry key entry.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="RegistryDatatypeType">
+		<xs:annotation>
+			<xs:documentation>Registry_Datatype specifies Windows registry datatypes via a union of the RegistryDataTypesEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
+		</xs:annotation>
+		<xs:simpleContent>
+			<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
+				<xs:simpleType>
+					<xs:union memberTypes="WinRegistryKeyObj:RegistryDataTypesEnum xs:string"/>
+				</xs:simpleType>
+				<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
+					<xs:annotation>
+						<xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:restriction>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:complexType name="RegistryHiveType">
+		<xs:annotation>
+			<xs:documentation>RegistryHiveType specifies Windows registry hive types via a union of the RegistryHiveEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
+		</xs:annotation>
+		<xs:simpleContent>
+			<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
+				<xs:simpleType>
+					<xs:union memberTypes="WinRegistryKeyObj:RegistryHiveEnum xs:string"/>
+				</xs:simpleType>
+				<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
+					<xs:annotation>
+						<xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:restriction>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:simpleType name="RegistryDataTypesEnum">
+		<xs:annotation>
+			<xs:documentation>The RegistryDataTypesEnum type is an enumeration of Windows registry datatypes (REG_*). See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms724884(v=vs.85).aspx See also: http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=361.</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="REG_NONE">
+				<xs:annotation>
+					<xs:documentation>No defined value type.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_SZ">
+				<xs:annotation>
+					<xs:documentation>A null-terminated string. This will be either a Unicode or an ANSI string, depending on whether you use the Unicode or ANSI functions.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_EXPAND_SZ">
+				<xs:annotation>
+					<xs:documentation>A null-terminated string that contains unexpanded references to environment variables (for example, "%PATH%"). It will be a Unicode or ANSI string depending on whether you use the Unicode or ANSI functions.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_BINARY">
+				<xs:annotation>
+					<xs:documentation>Binary data in any form.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_DWORD">
+				<xs:annotation>
+					<xs:documentation>A 32-bit number.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_DWORD_BIG_ENDIAN">
+				<xs:annotation>
+					<xs:documentation>A 32-bit number in big-endian format. Some UNIX systems support big-endian architectures.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_LINK">
+				<xs:annotation>
+					<xs:documentation>A null-terminated Unicode string that contains the target path of a symbolic link.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_MULTI_SZ">
+				<xs:annotation>
+					<xs:documentation>A sequence of null-terminated strings, terminated by an empty string (\0).</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_RESOURCE_LIST">
+				<xs:annotation>
+					<xs:documentation>A series of nested arrays designed to store a resource list used by a hardware device driver or one of the physical devices it controls. This data is detected and written into the ResourceMap tree by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_FULL_RESOURCE_DESCRIPTOR">
+				<xs:annotation>
+					<xs:documentation>A series of nested arrays designed to store a resource list used by a physical hardware device. This data is detected and written into the HardwareDescription tree by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_RESOURCE_REQUIREMENTS_LIST">
+				<xs:annotation>
+					<xs:documentation>Device driver list of hardware resource requirements in Resource Map tree. See http://www.mdgx.com/reg.htm.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_QWORD">
+				<xs:annotation>
+					<xs:documentation>A 64-bit number.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_INVALID_TYPE">
+				<xs:annotation>
+					<xs:documentation>Specifies an invalid key.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:simpleType name="RegistryHiveEnum">
+		<xs:annotation>
+			<xs:documentation>The RegistryHiveEnum type is an enumeration of Windows registry hives (HKEY_*). See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms724836(v=vs.85).aspx.</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="HKEY_CLASSES_ROOT">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key define types (or classes) of documents and the properties associated with those types. Shell and COM applications use the information stored under this key.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_CURRENT_CONFIG">
+				<xs:annotation>
+					<xs:documentation>Contains information about the current hardware profile of the local computer system. The information under HKEY_CURRENT_CONFIG describes only the differences between the current hardware configuration and the standard configuration.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_CURRENT_USER">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key define the preferences of the current user. These preferences include the settings of environment variables, data about program groups, colors, printers, network connections, and application preferences. This key makes it easier to establish the current user's settings; the key maps to the current user's branch in HKEY_USERS.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_LOCAL_MACHINE">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key define the physical state of the computer, including data about the bus type, system memory, and installed hardware and software.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_USERS">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key define the default user configuration for new users on the local computer and the user configuration for the current user.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_CURRENT_USER_LOCAL_SETTINGS">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key define preferences of the current user that are local to the machine. These entries are not included in the per-user registry portion of a roaming user profile.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_PERFORMANCE_DATA">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key allow you to access performance data. The data is not actually stored in the registry; the registry functions cause the system to collect the data from its source.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_PERFORMANCE_NLSTEXT">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key reference the text strings that describe counters in the local language of the area in which the computer system is running. These entries are not available to Regedit.exe and Regedt32.exe.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_PERFORMANCE_TEXT">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key reference the text strings that describe counters in US English. These entries are not available to Regedit.exe and Regedt32.exe.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:complexType name="RegistryValuesType">
+		<xs:annotation>
+			<xs:documentation>The RegistryValuesType type specifies the values (with their name/data pairs) held within the registry key.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Value" type="WinRegistryKeyObj:RegistryValueType" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>The Value field specifies the value (with name/data pair) held within the registry key.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="RegistrySubkeysType">
+		<xs:annotation>
+			<xs:documentation>The RegistrySubkeysType specifies the set of subkeys contained under the registry key.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Subkey" type="WinRegistryKeyObj:WindowsRegistryKeyObjectType" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>The Subkey field specifies a single subkey contained under the registry key.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/cybox/objects/Win_Semaphore_Object.xsd

@@ -0,0 +1,42 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinSemaphoreObj="http://cybox.mitre.org/objects#WinSemaphoreObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:WinHandleObj="http://cybox.mitre.org/objects#WinHandleObject-2" xmlns:SemaphoreObj="http://cybox.mitre.org/objects#SemaphoreObject-2" targetNamespace="http://cybox.mitre.org/objects#WinSemaphoreObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
+	<xs:annotation>		
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Semaphore_Object</schema>
+			<version>2.1</version>
+			<date>01/22/2014</date>			
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/objects#WinHandleObject-2" schemaLocation="Win_Handle_Object.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#SemaphoreObject-2" schemaLocation="Semaphore_Object.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:element name="Win_Semaphore" type="WinSemaphoreObj:WindowsSemaphoreObjectType">
+		<xs:annotation>
+			<xs:documentation>Windows_Semaphore object is intended to characterize Windows Semaphore (synchronization) objects. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685129(v=vs.85).aspx.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsSemaphoreObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsSemaphoreObjectType is intended to characterize Windows semaphore (synchronization) objects.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent mixed="false">
+			<xs:extension base="SemaphoreObj:SemaphoreObjectType">
+				<xs:sequence>
+					<xs:element name="Handle" minOccurs="0" type="WinHandleObj:WindowsHandleObjectType">
+						<xs:annotation>
+							<xs:documentation>The Handle field specifies the open Windows handle to the semaphore. It imports and uses the WindowsHandleObjectType from the CybOX Windows Handle Object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element minOccurs="0" name="Security_Attributes" type="cyboxCommon:StringObjectPropertyType">
+						<xs:annotation>
+							<xs:documentation>The Security_Attributes field specifies the Windows security attributes for the semaphore.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/cybox/objects/Win_Service_Object.xsd

@@ -0,0 +1,287 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinServiceObj="http://cybox.mitre.org/objects#WinServiceObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:WinProcessObj="http://cybox.mitre.org/objects#WinProcessObject-2" targetNamespace="http://cybox.mitre.org/objects#WinServiceObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
+	<xs:annotation>		
+		<xs:documentation>Change to This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Service_Object</schema>
+			<version>2.1</version>
+			<date>01/22/2014</date>			
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#WinProcessObject-2" schemaLocation="Win_Process_Object.xsd"/>
+	<xs:element name="Windows_Service" type="WinServiceObj:WindowsServiceObjectType">
+		<xs:annotation>
+			<xs:documentation>Windows_Service object is intended to characterize Windows services. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685141(v=vs.85).aspx.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsServiceObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsServiceObjectType type is intended to characterize Windows services.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="WinProcessObj:WindowsProcessObjectType">
+				<xs:sequence>
+					<xs:element name="Description_List" type="WinServiceObj:ServiceDescriptionListType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>A list of description items for this service.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Display_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Display_Name field specifies the displayed name of the service in Windows GUI controls. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms683228(v=vs.85).aspx.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element minOccurs="0" name="Group_Name" type="cyboxCommon:StringObjectPropertyType">
+						<xs:annotation>
+							<xs:documentation>The Group_Name field specifies the name of the load ordering group of which this service is a member.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Service_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Name field specifies the name of the service. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms683229(v=vs.85).aspx.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Service_DLL" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Service_DLL field specifies name of the DLL instantiated in the service.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Service_DLL_Certificate_Issuer" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Certificate Authority (CA) that issued the certificate used to sign the service DLL.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Service_DLL_Certificate_Subject" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The subject of the certifcate (the entity being authenticated).</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Service_DLL_Hashes" type="cyboxCommon:HashListType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>Hashes for the Service DLL file.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Service_DLL_Signature_Description" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Service_DLL_Signature_Description field provides a description of the digital signature for the service DLL.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Startup_Command_Line" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Startup_Command_Line field specifies the full command line used to start the service.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Startup_Type" type="WinServiceObj:ServiceModeType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>Service start options. See http://msdn.microsoft.com/en-us/library/windows/desktop/ms682450(v=vs.85).aspx.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Service_Status" type="WinServiceObj:ServiceStatusType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>Status information for a service. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685996(v=vs.85).aspx.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Service_Type" type="WinServiceObj:ServiceType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Type field specifies the type of the service.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element minOccurs="0" name="Started_As" type="cyboxCommon:StringObjectPropertyType">
+						<xs:annotation>
+							<xs:documentation>The Started_As field specifies the name of the account under which the service was started.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+				<xs:attribute name="service_dll_signature_exists" type="xs:boolean">
+					<xs:annotation>
+						<xs:documentation>Indicates whether or not the DLL is signed.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+				<xs:attribute name="service_dll_signature_verified" type="xs:boolean">
+					<xs:annotation>
+						<xs:documentation>Indicates whether or not the DLL's signature was verified.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="ServiceDescriptionListType">
+		<xs:annotation>
+			<xs:documentation>A collection of service descriptions.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Description" type="cyboxCommon:StringObjectPropertyType" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>A description of the service. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685156(v=vs.85).aspx.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="ServiceModeType">
+		<xs:annotation>
+			<xs:documentation>ServiceModeType specifies Windows service modes via a union of the ServiceModeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
+		</xs:annotation>
+		<xs:simpleContent>
+			<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
+				<xs:simpleType>
+					<xs:union memberTypes="WinServiceObj:ServiceModeEnum xs:string"/>
+				</xs:simpleType>
+				<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" use="optional" fixed="string">
+					<xs:annotation>
+						<xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:restriction>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:complexType name="ServiceStatusType">
+		<xs:annotation>
+			<xs:documentation>ServiceModeType specifies Windows service states via a union of the ServiceStatusEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
+		</xs:annotation>
+		<xs:simpleContent>
+			<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
+				<xs:simpleType>
+					<xs:union memberTypes="WinServiceObj:ServiceStatusEnum xs:string"/>
+				</xs:simpleType>
+				<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
+					<xs:annotation>
+						<xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:restriction>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:complexType name="ServiceType">
+		<xs:annotation>
+			<xs:documentation>ServiceType specifies Windows service types via a union of the ServiceTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
+		</xs:annotation>
+		<xs:simpleContent>
+			<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
+				<xs:simpleType>
+					<xs:union memberTypes="WinServiceObj:ServiceTypeEnum xs:string"/>
+				</xs:simpleType>
+				<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
+					<xs:annotation>
+						<xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:restriction>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:simpleType name="ServiceModeEnum">
+		<xs:annotation>
+			<xs:documentation>The ServiceModeEnum type is an enumeration of service modes. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682450(v=vs.85).aspx.</xs:documentation>
+		</xs:annotation>
+		<xs:list>
+			<xs:simpleType>
+				<xs:restriction base="xs:string">
+					<xs:enumeration value="SERVICE_AUTO_START">
+						<xs:annotation>
+							<xs:documentation>A service started automatically by the service control manager during system startup.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+					<xs:enumeration value="SERVICE_BOOT_START">
+						<xs:annotation>
+							<xs:documentation>A device driver started by the system loader. This value is valid only for driver services.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+					<xs:enumeration value="SERVICE_DEMAND_START">
+						<xs:annotation>
+							<xs:documentation>A service started by the service control manager when a process calls the StartService function.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+					<xs:enumeration value="SERVICE_DISABLED">
+						<xs:annotation>
+							<xs:documentation>A service that cannot be started. Attempts to start the service result in the error code ERROR_SERVICE_DISABLED.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+					<xs:enumeration value="SERVICE_SYSTEM_START">
+						<xs:annotation>
+							<xs:documentation>A device driver started by the IoInitSystem function. This value is valid only for driver services.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+				</xs:restriction>
+			</xs:simpleType>
+		</xs:list>
+	</xs:simpleType>
+	<xs:simpleType name="ServiceStatusEnum">
+		<xs:annotation>
+			<xs:documentation>The ServiceStatusEnum type is an enumeration of potential service states. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685996(v=vs.85).aspx.</xs:documentation>
+		</xs:annotation>
+		<xs:list>
+			<xs:simpleType>
+				<xs:restriction base="xs:string">
+					<xs:enumeration value="SERVICE_CONTINUE_PENDING">
+						<xs:annotation>
+							<xs:documentation>The service continue is pending.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+					<xs:enumeration value="SERVICE_PAUSE_PENDING">
+						<xs:annotation>
+							<xs:documentation>The service pause is pending.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+					<xs:enumeration value="SERVICE_PAUSED">
+						<xs:annotation>
+							<xs:documentation>The service is paused.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+					<xs:enumeration value="SERVICE_RUNNING">
+						<xs:annotation>
+							<xs:documentation>The service is running.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+					<xs:enumeration value="SERVICE_START_PENDING">
+						<xs:annotation>
+							<xs:documentation>The service is starting.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+					<xs:enumeration value="SERVICE_STOP_PENDING">
+						<xs:annotation>
+							<xs:documentation>The service is stopping.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+					<xs:enumeration value="SERVICE_STOPPED">
+						<xs:annotation>
+							<xs:documentation>The service is not running.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+				</xs:restriction>
+			</xs:simpleType>
+		</xs:list>
+	</xs:simpleType>
+	<xs:simpleType name="ServiceTypeEnum">
+		<xs:annotation>
+			<xs:documentation>The ServiceTypeEnum type is an enumeration of service types. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685996(v=vs.85).aspx.</xs:documentation>
+		</xs:annotation>
+		<xs:list>
+			<xs:simpleType>
+				<xs:restriction base="xs:string">
+					<xs:enumeration value="SERVICE_KERNEL_DRIVER">
+						<xs:annotation>
+							<xs:documentation>The service is a device driver.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+					<xs:enumeration value="SERVICE_FILE_SYSTEM_DRIVER">
+						<xs:annotation>
+							<xs:documentation>The service is a file system driver.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+					<xs:enumeration value="SERVICE_WIN32_OWN_PROCESS">
+						<xs:annotation>
+							<xs:documentation>The service runs in its own process.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+					<xs:enumeration value="SERVICE_WIN32_SHARE_PROCESS">
+						<xs:annotation>
+							<xs:documentation>The service shares a process with other services.</xs:documentation>
+						</xs:annotation>
+					</xs:enumeration>
+				</xs:restriction>
+			</xs:simpleType>
+		</xs:list>
+	</xs:simpleType>
+</xs:schema>