RubyGems - stix_schema_spy - Versions diffs - 1.0 → 1.1 - Mend

stix_schema_spy 1.0 → 1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (175) hide show

data/config/1.1.1/stix/cybox/objects/Win_System_Object.xsd ADDED Viewed

@@ -0,0 +1,126 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinSystemObj="http://cybox.mitre.org/objects#WinSystemObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:WinHandleObj="http://cybox.mitre.org/objects#WinHandleObject-2" xmlns:SystemObj="http://cybox.mitre.org/objects#SystemObject-2" targetNamespace="http://cybox.mitre.org/objects#WinSystemObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_System_Object</schema>
+			<version>2.1</version>
+			<date>01/22/2014</date>
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/objects#WinHandleObject-2" schemaLocation="Win_Handle_Object.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#SystemObject-2" schemaLocation="System_Object.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:element name="Windows_System" type="WinSystemObj:WindowsSystemObjectType">
+		<xs:annotation>
+			<xs:documentation>Windows_System object is intended to characterize Windows systems.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsSystemObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsSystemObjectType type is intended to characterize Windows systems.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="SystemObj:SystemObjectType">
+				<xs:sequence>
+					<xs:element name="Domain" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>The domain that the system belongs to.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Global_Flag_List" type="WinSystemObj:GlobalFlagListType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>A list of global flags. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff549557(v=vs.85).aspx.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="NetBIOS_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The NetBIOS_Name field specifies the NetBIOS (Network Basic Input/Output System) name of the Windows system. This is not the same as the host name.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Open_Handle_List" type="WinHandleObj:WindowsHandleListType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Open_Handle_List field specifies the list of open handles for the Windows system.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Product_ID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Product ID. See also: http://support.microsoft.com/gp/pidwin.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Product_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The ProductName of the current installation of Windows. This is typically found in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion!ProductName.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Registered_Organization" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The organization that this copy of Windows is registered to.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Registered_Owner" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The person or organization that is the registered owner of this copy of Windows.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Windows_Directory" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Windows_Directory field specifies the fully-qualified path to the Windows install directory.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Windows_System_Directory" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Windows_System_Directory field specifies the fully-qualified path to the Windows system directory.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Windows_Temp_Directory" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Windows_Temp_Directory field specifies the fully-qualified path to the Windows temporary files directory.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="GlobalFlagListType">
+		<xs:annotation>
+			<xs:documentation>The GlobalFlagListType type is a listing of all Windows global flags.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Global_Flag" type="WinSystemObj:GlobalFlagType" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>This characterizes Windows global flags. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff549557(v=vs.85).aspx.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="GlobalFlagType">
+		<xs:annotation>
+			<xs:documentation>The GlobalFlagType type is intended to characterize Windows global flags.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Abbreviation" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The abbreviation of a global flag. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff549646(v=vs.85).aspx.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Destination" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The destination of a global flag. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff549646(v=vs.85).aspx.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Hexadecimal_Value" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The hexadecimal value of a global flag. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff549646(v=vs.85).aspx.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Symbolic_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The symbolic name of a global flag. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff549646(v=vs.85).aspx.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/cybox/objects/Win_System_Restore_Object.xsd ADDED Viewed

@@ -0,0 +1,207 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinSystemRestoreObj="http://cybox.mitre.org/objects#WinSystemRestoreObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" targetNamespace="http://cybox.mitre.org/objects#WinSystemRestoreObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_System_Restore_Object</schema>
+			<version>2.1</version>
+			<date>01/22/2014</date>
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:element name="Windows_System_Restore_Entry" type="WinSystemRestoreObj:WindowsSystemRestoreObjectType">
+		<xs:annotation>
+			<xs:documentation>Windows_System_Restore_Entry object is intended to characterize Windows system restore points. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/dd408121(v=vs.85).aspx.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsSystemRestoreObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsSystemRestoreObjectType is intended to characterize Windows system restore points.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="cyboxCommon:ObjectPropertiesType">
+				<xs:sequence>
+					<xs:element name="Restore_Point_Description" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The description of this restore point.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Restore_Point_Full_Path" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The full path to the restore point.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Restore_Point_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The name associated with this restore point.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Restore_Point_Type" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The type of restore point. (ex: "Checkpoint").</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="ACL_Change_SID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The SID associated with a restore point change log event. This usually appears when the event flag includes "ACL Info".</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="ACL_Change_Username" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The username associated with a restore point change log event. It usually appears when the event flag includes "ACL Info".</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Backup_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The backup file name associated with a particular restore point change log event.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Change_Event" type="WinSystemRestoreObj:ChangeLogEntryTypeType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The change event associated with this restore point object (ex: "System Checkpoint", "Software Installation", etc.).</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="ChangeLog_Entry_Flags" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The flags associated with a restore point change log entry (ex: "ACL Info, "Short Name", etc.).</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="ChangeLog_Entry_Sequence_Number" type="cyboxCommon:LongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The change log sequence number associated with this restore point object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="ChangeLog_Entry_Type" type="WinSystemRestoreObj:ChangeLogEntryTypeType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The changelog entry type associated with this restore point object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Change_Log_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The changelog file associated with the restore point.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Created" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The created date of the system restore point.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="File_Attributes" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>Attributes of the file associated with this restore point object (ex: "Directory").</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="New_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The new filename of the file associated with this restore point object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Original_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The original filename associated with this restore point change log event.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Original_Short_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The original Short filename (SFN) of the file associated with this restore point object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Process_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The process name associated with this restore point object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Registry_Hive_List" type="WinSystemRestoreObj:HiveListType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The registry hives associated with this restore point.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="HiveListType">
+		<xs:annotation>
+			<xs:documentation>HiveListType is intended to characterize a group of keys, subkeys, and values in the Windows registry that has a set of supporting files containing backups of its data and is associated with a system restore point.</xs:documentation>
+			<xs:documentation>http://msdn.microsoft.com/en-us/library/windows/desktop/ms724877(v=vs.85).aspx.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Hive" type="cyboxCommon:StringObjectPropertyType" minOccurs="1" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>The Hive element specifies the Windows registry hive associated with the system restore point.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="ChangeLogEntryTypeType">
+		<xs:annotation>
+			<xs:documentation>ChangeLogEntryTypeType types, via a union of the ChangeLogEntryTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
+		</xs:annotation>
+		<xs:simpleContent>
+			<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
+				<xs:simpleType>
+					<xs:union memberTypes="WinSystemRestoreObj:ChangeLogEntryTypeEnum xs:string"/>
+				</xs:simpleType>
+				<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
+					<xs:annotation>
+						<xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:restriction>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:simpleType name="ChangeLogEntryTypeEnum">
+		<xs:annotation>
+			<xs:documentation>The change types found in a Restore Point changelog&gt;.</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="UPDATE_ACL">
+				<xs:annotation>
+					<xs:documentation>Represents a changelog entry descriptor for updating an ACL. (0x00000001).</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="UPDATE_ATTRIBUTES">
+				<xs:annotation>
+					<xs:documentation>Represents a changelog entry descriptor for updating attributes. (0x00000002).</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="DELETE_FILE">
+				<xs:annotation>
+					<xs:documentation>Represents a changelog entry descriptor for deleting a file. (0x00000004).</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="CREATE_FILE">
+				<xs:annotation>
+					<xs:documentation>Represents a changelog entry descriptor for creating a file. (0x00000010).</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="RENAME_FILE">
+				<xs:annotation>
+					<xs:documentation>Represents a changelog entry descriptor for renaming a file. (0x00000020).</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="CREATE_DIRECTORY">
+				<xs:annotation>
+					<xs:documentation>Represents a changelog entry descriptor for creating a directory. (0x00000040).</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="RENAME_DIRECTORY">
+				<xs:annotation>
+					<xs:documentation>Represents a changelog entry descriptor for renaming a directory. (0x00000080).</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="DELETE_DIRECTORY">
+				<xs:annotation>
+					<xs:documentation>Represents a changelog entry descriptor for deleting a directory. (0x00000100).</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="MNT_CREATE">
+				<xs:annotation>
+					<xs:documentation>Related to filesystem attachment points. (0x00000200).</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+		</xs:restriction>
+	</xs:simpleType>
+</xs:schema>