RubyGems - stix_schema_spy - Versions diffs - 1.0 → 1.1 - Mend

stix_schema_spy 1.0 → 1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (175) hide show

data/config/1.1.1/stix/exploit_target.xsd ADDED Viewed

@@ -0,0 +1,324 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:et="http://stix.mitre.org/ExploitTarget-1" xmlns:stixCommon="http://stix.mitre.org/common-1" xmlns:marking="http://data-marking.mitre.org/Marking-1" xmlns:stix="http://stix.mitre.org/stix-1" xmlns:cybox="http://cybox.mitre.org/cybox-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:campaign="http://stix.mitre.org/Campaign-1" xmlns:coa="http://stix.mitre.org/CourseOfAction-1" xmlns:incident="http://stix.mitre.org/Incident-1" xmlns:indicator="http://stix.mitre.org/Indicator-2" xmlns:ta="http://stix.mitre.org/ThreatActor-1" xmlns:ttp="http://stix.mitre.org/TTP-1" targetNamespace="http://stix.mitre.org/ExploitTarget-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1" xml:lang="English">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org. </xs:documentation>
+		<xs:appinfo>
+			<schema>STIX Exploit Target</schema>
+			<version>1.1.1</version>
+			<date>05/08/2014 9:00:00 AM</date>
+			<short_description>Structured Threat Information eXpression (STIX) - ExploitTarget - Schematic implementation for the ExploitTarget construct within the STIX structured cyber threat expression language architecture</short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://stix.mitre.org/common-1" schemaLocation="stix_common.xsd"/>
+	<xs:import namespace="http://data-marking.mitre.org/Marking-1" schemaLocation="data_marking.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/cybox-2" schemaLocation="cybox/cybox_core.xsd"/>
+	<xs:element name="Exploit_Target" type="et:ExploitTargetType">
+		<xs:annotation>
+			<xs:documentation>The ExploitTarget field characterizes potential targets for exploitation. In other words characteristics about targeted victims that may make them vulnerable to attack.</xs:documentation>
+		</xs:annotation>
+		<xs:unique name="unique-et-id">
+			<xs:selector xpath=".//stixCommon:*|.//stix:*|.//cybox:*|.//cyboxCommon:*|.//campaign:*|.//coa:*|.//et:*|.//incident:*|.//indicator:*|.//ta:*|.//ttp:*|.//marking:*"/>
+			<xs:field xpath="@id"/>
+		</xs:unique>
+	</xs:element>
+	<xs:complexType name="ExploitTargetType">
+		<xs:complexContent>
+			<xs:extension base="stixCommon:ExploitTargetBaseType">
+				<xs:sequence>
+					<xs:element name="Title" type="xs:string" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Title field provides a simple title for this ExploitTarget.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Description field is optional and provides an unstructured, text description of this ExploitTarget.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Short_Description" type="stixCommon:StructuredTextType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Short_Description field is optional and provides a short, unstructured, text description of this ExploitTarget.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Vulnerability" type="et:VulnerabilityType" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>The Vulnerability field identifies and characterizes a Vulnerability as a potential ExploitTarget.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Weakness" type="et:WeaknessType" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>The Weakness field identifies and characterizes a Weakness as a potential ExploitTarget.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Configuration" type="et:ConfigurationType" minOccurs="0" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>The Configuration field identifies and characterizes a Configuration as a potential ExploitTarget.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Potential_COAs" type="et:PotentialCOAsType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Potential_COAs field specifies potential Courses of Action for this ExploitTarget.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Information_Source" type="stixCommon:InformationSourceType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Information_Source field details the source of this entry.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Handling" type="marking:MarkingType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Handling field specifies the appropriate data handling markings for the elements of this Exploit Target. The valid marking scope is the nearest ExploitTargetBaseType ancestor of this Handling element and all its descendants.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Related_Exploit_Targets" type="et:RelatedExploitTargetsType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Related_Exploit_Targets field specifies one or more exploit targets that are related to this exploit target.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Related_Packages" type="stixCommon:RelatedPackageRefsType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Related_Packages field identifies or characterizes relationships to set of related Packages.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+				<xs:attribute name="version" type="et:ExploitTargetVersionType">
+					<xs:annotation>
+						<xs:documentation>Specifies the relevant STIX-ExploitTarget schema version for this content.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<!---->
+	<xs:simpleType name="ExploitTargetVersionType">
+		<xs:annotation>
+			<xs:documentation>An enumeration of all versions of the Exploit Target type valid in the current release of STIX.</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="1.0"/>
+			<xs:enumeration value="1.0.1"/>
+			<xs:enumeration value="1.1"/>
+			<xs:enumeration value="1.1.1" />
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:complexType name="VulnerabilityType">
+		<xs:annotation>
+			<xs:documentation>Characterizes an individual vulnerability.</xs:documentation>
+			<xs:documentation>In addition to capturing basic information and references to vulnerability registries, this type is intended to be extended to enable the structured description of a vulnerability by using the XML Schema extension feature. The STIX default extension uses the Common Vulnerability Reporting Format (CVRF) schema to do so. The extension that defines this is captured in the CVRF1.1InstanceType in the http://stix.mitre.org/extensions/Vulnerability#CVRF1.1-1 namespace. This type is defined in the extensions/vulnerability/cvrf_1.1_vulnerability.xsd file or at the URL http://stix.mitre.org/XMLSchema/extensions/vulnerability/cvrf_1.1/1.1.1/cvrf_1.1_vulnerability.xsd.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Title" type="xs:string" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Title field provides a simple title for this vulnerability.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Description field provides an unstructured, text description of this vulnerability.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Short_Description" type="stixCommon:StructuredTextType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Short_Description field provides a short, unstructured, text description of this vulnerability.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="CVE_ID" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The CVE_ID field specifies a CVE identifier for a particular vulnerability.</xs:documentation>
+				</xs:annotation>
+				<xs:simpleType>
+					<xs:restriction base="xs:string">
+						<xs:pattern value="CVE-\d\d\d\d-\d+"/>
+					</xs:restriction>
+				</xs:simpleType>
+			</xs:element>
+			<xs:element name="OSVDB_ID" type="xs:positiveInteger" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The OSVDB_ID field specifies an OSVDB identifier for a particular vulnerability.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Source" type="xs:string" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Source field describes the source of the CVE or OSVDB as a textual description or URL.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="CVSS_Score" type="et:CVSSVectorType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The CVSS_Score field captures the full CVSS v2.0 base, temporal, and environmental vectors in their string format.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Discovered_DateTime" type="stixCommon:DateTimeWithPrecisionType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The date and time that this vulnerability was first discovered.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Published_DateTime" type="stixCommon:DateTimeWithPrecisionType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The date and time that this vulnerability was first published.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Affected_Software" type="et:AffectedSoftwareType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Affected_Software field captures the list of platforms and software that are affected by this vulnerability. It is implemented through the CybOX Observables, the suggested CybOX objects to use are the Product Object, the Device Object, the System Object, and the Code Object.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="References" type="stixCommon:ReferencesType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The References field captures a list of external references describing this vulnerability.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+		<xs:attribute name="is_known" type="xs:boolean">
+			<xs:annotation>
+				<xs:documentation>The @is_known field captures whether or not the vulnerability is known (i.e. not a 0-day) at the time of characterization.</xs:documentation>
+			</xs:annotation>
+		</xs:attribute>
+		<xs:attribute name="is_publicly_acknowledged" type="xs:boolean">
+			<xs:annotation>
+				<xs:documentation>The @is_publicly_acknowledged field captures whether or not the vulnerability is publicly acknowledged by the vendor.</xs:documentation>
+			</xs:annotation>
+		</xs:attribute>
+	</xs:complexType>
+	<xs:complexType name="PotentialCOAsType">
+		<xs:complexContent>
+			<xs:extension base="stixCommon:GenericRelationshipListType">
+				<xs:sequence>
+					<xs:element name="Potential_COA" type="stixCommon:RelatedCourseOfActionType" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>The Potential_COA field specifies a potential Course of Action for this ExploitTarget.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="ConfigurationType">
+		<xs:sequence>
+			<xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Description field is optional and provides an unstructured, text description of this Configuration.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Short_Description" type="stixCommon:StructuredTextType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Short_Description field is optional and provides a short, unstructured, text description of this Configuration.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="CCE_ID" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The CCE_ID field is optional and specifies a CCE identifier for a particular configuration item.</xs:documentation>
+				</xs:annotation>
+				<xs:simpleType>
+					<xs:restriction base="xs:string">
+						<xs:pattern value="CCE-\d+-\d"/>
+					</xs:restriction>
+				</xs:simpleType>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="WeaknessType">
+		<xs:sequence>
+			<xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Description field is optional and provides an unstructured, text description of this Weakness.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="CWE_ID" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The CWE_ID element is optional and specifies a CWE identifier for a particular weakness.</xs:documentation>
+				</xs:annotation>
+				<xs:simpleType>
+					<xs:restriction base="xs:string">
+						<xs:pattern value="CWE-\d+"/>
+					</xs:restriction>
+				</xs:simpleType>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="AffectedSoftwareType">
+		<xs:complexContent>
+			<xs:extension base="stixCommon:GenericRelationshipListType">
+				<xs:sequence>
+					<xs:element name="Affected_Software" type="stixCommon:RelatedObservableType" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>Characterizes a single instance of software affected by this vulnerability.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="CVSSVectorType">
+		<xs:sequence>
+			<xs:element name="Overall_Score" type="et:CVSSScoreType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>Captures the overall CVSS 2.0 score. Note that this is not the same as the unadjusted CVSS Base Score, which should be captured in the Base_Score field.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Base_Score" type="et:CVSSScoreType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>Captures the unadjusted CVSS 2.0 Base score.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Base_Vector" type="et:CVSSBaseVectorType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>Captures the CVSS 2.0 Base Vector per the compressed string format.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Temporal_Score" type="et:CVSSScoreType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>Captures the unadjusted CVSS 2.0 Temporal score.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Temporal_Vector" type="et:CVSSTemporalVectorType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>Captures the CVSS 2.0 Temporal Vector per the compressed string format.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Environmental_Score" type="et:CVSSScoreType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>Captures the unadjusted CVSS 2.0 Environmental score.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Environmental_Vector" type="et:CVSSEnvironmentalVectorType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>Captures the CVSS 2.0 Environmental Vector in the compressed string format.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:simpleType name="CVSSScoreType">
+		<xs:restriction base="xs:string">
+			<xs:pattern value="((10)|[0-9])\.[0-9]"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:simpleType name="CVSSBaseVectorType">
+		<xs:restriction base="xs:string">
+			<xs:pattern value="AV:[LAN]/AC:[HML]/Au:[MSN]/C:[NPC]/I:[NPC]/A:[NPC]"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:simpleType name="CVSSTemporalVectorType">
+		<xs:restriction base="xs:string">
+			<xs:pattern value="E:([UFH]|(POC)|(ND))/RL:([WU]|(OF)|(TF)|(ND))/RC:([C]|(UC)|(UR)|(ND))"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:simpleType name="CVSSEnvironmentalVectorType">
+		<xs:restriction base="xs:string">
+			<xs:pattern value="CDP:([NLH]|(LM)|(MH)|(ND))/TD:([NLMH]|(ND))/CR:([LMH]|(ND))/IR:([LMH]|(ND))/AR:([LMH]|(ND))"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:complexType name="RelatedExploitTargetsType">
+		<xs:complexContent>
+			<xs:extension base="stixCommon:GenericRelationshipListType">
+				<xs:sequence>
+					<xs:element name="Related_Exploit_Target" type="stixCommon:RelatedExploitTargetType" maxOccurs="unbounded">
+						<xs:annotation>
+							<xs:documentation>The Related_Exploit_Target field specifies a single other exploit target related to this exploit target.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/extensions/address/ciq_3.0_address.xsd ADDED Viewed

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="http://stix.mitre.org/extensions/Address#CIQAddress3.0-1" xmlns:stix-ciqaddress="http://stix.mitre.org/extensions/Address#CIQAddress3.0-1" xmlns:a="urn:oasis:names:tc:ciq:xal:3" xmlns:stixCommon="http://stix.mitre.org/common-1" version="1.1.1" xml:lang="English">
+    <xs:annotation>
+        <xs:documentation>This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org. </xs:documentation>
+        <xs:appinfo>
+            <schema>STIX Extension - CIQ Address 3.0 Instance</schema>
+            <version>1.1.1</version>
+            <date>05/08/2014 9:00:00 AM</date>
+            <short_description>Structured Threat Information eXpression (STIX) Extension - CIQ Address 3.0 Instance - Schematic implementation for the using version 3.0 of CIQ to describe an Address within the STIX structured cyber threat expression language architecture.</short_description>
+            <terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+        </xs:appinfo>
+    </xs:annotation>
+    <xs:import namespace="http://stix.mitre.org/common-1" schemaLocation="../../stix_common.xsd"/>
+    <xs:import namespace="urn:oasis:names:tc:ciq:xal:3" schemaLocation="../../external/oasis_ciq_3.0/xAL.xsd"/>
+    <xs:complexType name="CIQAddress3.0InstanceType">
+        <xs:annotation>
+            <xs:documentation>The CIQAddress3.0InstanceType provides an extension to the AddressAbstractType which imports and leverages version 3.0 of the OASIS CIQ-PIL schema for structured characterization of Addresses.</xs:documentation>
+        </xs:annotation>
+        <xs:complexContent>
+            <xs:extension base="stixCommon:AddressAbstractType">
+                <xs:sequence>
+                    <xs:element minOccurs="0" name="Location" type="a:AddressType"/>
+                </xs:sequence>
+            </xs:extension>
+        </xs:complexContent>
+    </xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/extensions/attack_pattern/capec_2.7_attack_pattern.xsd ADDED Viewed

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:capec="http://capec.mitre.org/capec-2" xmlns:ttp="http://stix.mitre.org/TTP-1" xmlns:stix-capec="http://stix.mitre.org/extensions/AP#CAPEC2.7-1" targetNamespace="http://stix.mitre.org/extensions/AP#CAPEC2.7-1" elementFormDefault="qualified" version="1.0.1" xml:lang="English">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org. </xs:documentation>
+		<xs:appinfo>
+			<schema>STIX Extension - CAPEC 2.7 Attack Pattern Instance</schema>
+			<version>1.0.1</version>
+			<date>05/08/2014 9:00:00 AM</date>
+			<short_description>Structured Threat Information eXpression (STIX) Extension - CAPEC Attack Pattern Instance - Schematic implementation for the using CAPEC 2.7 to describe an Attack Pattern within the STIX structured cyber threat expression language architecture.</short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://stix.mitre.org/TTP-1" schemaLocation="../../ttp.xsd"/>
+	<xs:import namespace="http://capec.mitre.org/capec-2" schemaLocation="../../external/capec_2.7/ap_schema_v2.7.xsd"/>
+	<xs:complexType name="CAPEC2.7InstanceType">
+		<xs:annotation>
+			<xs:documentation>The CAPECInstanceType provides an extension to the APStructureAbstractType which imports and leverages the CAPEC 2.7 schema for structured characterization of Attack Patterns.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="ttp:AttackPatternType">
+				<xs:sequence>
+					<xs:element name="CAPEC" type="capec:Attack_PatternType">
+						<xs:annotation>
+							<xs:documentation>The CAPEC field contains the structured specification of an Attack Pattern utilizing the CAPEC schema.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/extensions/identity/ciq_3.0_identity.xsd ADDED Viewed

@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" xmlns:ciq="urn:oasis:names:tc:ciq:xpil:3" xmlns:stixCommon="http://stix.mitre.org/common-1" targetNamespace="http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1" xmlns:stix-ciqidentity="http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1" version="1.1.1" xml:lang="English">
+    <xs:annotation>
+        <xs:documentation>This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org. </xs:documentation>
+        <xs:appinfo>
+            <schema>STIX Extension - CIQ Identity 3.0 Instance</schema>
+            <version>1.1.1</version>
+            <date>05/08/2014 9:00:00 AM</date>
+            <short_description>Structured Threat Information eXpression (STIX) Extension - CIQ Identity 3.0 Instance - Schematic implementation for the using version 3.0 of CIQ to describe an Identity within the STIX structured cyber threat expression language architecture.</short_description>
+            <terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+        </xs:appinfo>
+    </xs:annotation>
+    <xs:import namespace="http://stix.mitre.org/common-1" schemaLocation="../../stix_common.xsd"/>
+    <xs:import namespace="urn:oasis:names:tc:ciq:xpil:3" schemaLocation="../../external/oasis_ciq_3.0/xPIL.xsd"/>
+    <xs:complexType name="CIQIdentity3.0InstanceType">
+        <xs:annotation>
+            <xs:documentation>The CIQIdentity3.0InstanceType provides an extension to the IdentityStructureAbstractType which imports and leverages version 3.0 of the OASIS CIQ-PIL schema for structured characterization of Identities.</xs:documentation>
+        </xs:annotation>
+        <xs:complexContent>
+            <xs:extension base="stixCommon:IdentityType">
+                <xs:sequence>
+                    <xs:element name="Specification" type="stix-ciqidentity:STIXCIQIdentity3.0Type">
+                        <xs:annotation>
+                            <xs:documentation>The Specification field contains the structured characterization of an Identity utilizing the CIQ-PIL schema.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element name="Role" type="xs:string" minOccurs="0" maxOccurs="unbounded">
+                        <xs:annotation>
+                            <xs:documentation>The Role field specifies a relevant role played by this entity.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                </xs:sequence>
+            </xs:extension>
+        </xs:complexContent>
+    </xs:complexType>
+    <xs:complexType name="STIXCIQIdentity3.0Type">
+        <xs:annotation>
+            <xs:documentation>The STIXCIQIdentityType provides a restriction and minor extension of the imported OASIS CIQ-PIL PartyType for use in characterizing STIX Identities.</xs:documentation>
+        </xs:annotation>
+        <xs:complexContent>
+            <xs:restriction base="ciq:PartyType">
+                <xs:sequence>
+                    <xs:element minOccurs="0" ref="ciq:FreeTextLines"/>
+                    <xs:element minOccurs="0" ref="ciq:PartyName"/>
+                    <xs:element minOccurs="0" ref="ciq:Addresses"/>
+                    <xs:element minOccurs="0" ref="ciq:Accounts">
+                        <xs:annotation>
+                            <xs:documentation>A container to define the accounts details of the party such as utility account, financil accounts</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element minOccurs="0" ref="ciq:ContactNumbers"/>
+                    <xs:element minOccurs="0" ref="ciq:Documents">
+                        <xs:annotation>
+                            <xs:documentation>A container for identification document and cards of the party that are unique to the party. e.g. license, identification card, credit card, etc</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element minOccurs="0" ref="ciq:ElectronicAddressIdentifiers"/>
+                    <xs:element minOccurs="0" ref="ciq:Events"/>
+                    <xs:element minOccurs="0" ref="ciq:Identifiers"/>
+                    <xs:element minOccurs="0" ref="ciq:Memberships">
+                        <xs:annotation>
+                            <xs:documentation>A container for memberships of party with other organisations (e.g. industry groups) or social networks (clubs, association, etc)</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element minOccurs="0" ref="ciq:Relationships">
+                        <xs:annotation>
+                            <xs:documentation>Relationships with other parties (persons or organisations, and the nature of relationship). Examples: - For person: Contacts, blood relatives, friends, referees, customers, etc - for Organisation: Subsidiary, Parent company, Branches, Divisions, Partners, etc</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element minOccurs="0" ref="ciq:Revenues">
+                        <xs:annotation>
+                            <xs:documentation>Container for income / revenue information of the party (salary/organisation revenue)</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element minOccurs="0" ref="ciq:Stocks"/>
+                    <xs:element minOccurs="0" ref="ciq:Vehicles"/>
+                    <xs:element minOccurs="0" ref="ciq:OrganisationInfo">
+                        <xs:annotation>
+                            <xs:documentation>Container for other organisation specific details that are not covered in this schema that are common to a party</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element minOccurs="0" ref="ciq:PersonInfo">
+                        <xs:annotation>
+                            <xs:documentation>Container for other person specific details that are not covered in this schema elements that are common to a party</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element minOccurs="0" ref="ciq:BirthInfo"/>
+                    <xs:element minOccurs="0" ref="ciq:CountriesOfResidence"/>
+                    <xs:element minOccurs="0" ref="ciq:Favourites"/>
+                    <xs:element minOccurs="0" ref="ciq:Habits"/>
+                    <xs:element minOccurs="0" ref="ciq:Hobbies"/>
+                    <xs:element minOccurs="0" ref="ciq:Languages"/>
+                    <xs:element minOccurs="0" ref="ciq:Nationalities"/>
+                    <xs:element minOccurs="0" ref="ciq:Occupations"/>
+                    <xs:element minOccurs="0" ref="ciq:PhysicalInfo"/>
+                    <xs:element minOccurs="0" ref="ciq:Preferences"/>
+                    <xs:element minOccurs="0" ref="ciq:Qualifications"/>
+                    <xs:element minOccurs="0" ref="ciq:Visas"/>
+                </xs:sequence>
+                <xs:attribute form="qualified" name="PartyType" type="ciq:PartyTypeList">
+                    <xs:annotation>
+                        <xs:documentation>Type of Party. e.g. Person or an organisation. An organisation could be university, college, club, association, company, etc</xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
+                <xs:attribute form="qualified" name="LanguageCode" type="xs:language">
+                    <xs:annotation>
+                        <xs:documentation>Human Language used. e.g. "en", "en-US", "en-AUS", etc</xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
+            </xs:restriction>
+        </xs:complexContent>
+    </xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/extensions/malware/maec_4.1_malware.xsd ADDED Viewed

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="http://stix.mitre.org/extensions/Malware#MAEC4.1-1" xmlns:stix-maec="http://stix.mitre.org/extensions/Malware#MAEC4.1-1" xmlns:maec="http://maec.mitre.org/XMLSchema/maec-package-2" xmlns:ttp="http://stix.mitre.org/TTP-1" version="1.0.1" xml:lang="English">
+    <xs:annotation>
+        <xs:documentation>This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.</xs:documentation>
+        <xs:appinfo>
+            <schema>STIX Extension - MAEC 4.1 Malware Instance</schema>
+            <version>1.0.1</version>
+            <date>05/08/2014 9:00:00 AM</date>
+            <short_description>Structured Threat Information eXpression (STIX) Extension - MAEC 4.1 Malware Instance - Schematic implementation for the using MAEC 4.1 to describe Malware within the STIX structured cyber threat expression language architecture.</short_description>
+            <terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+        </xs:appinfo>
+    </xs:annotation>
+    <xs:import namespace="http://stix.mitre.org/TTP-1" schemaLocation="../../ttp.xsd"/>
+    <xs:import namespace="http://maec.mitre.org/XMLSchema/maec-package-2" schemaLocation="../../external/maec_4.1/maec_package_schema.xsd"/>
+    <xs:complexType name="MAEC4.1InstanceType">
+        <xs:annotation>
+            <xs:documentation>The MAEC4.1InstanceType provides an extension to MalwareInstanceType which imports and leverages the MAEC 4.1 schema for structured characterization of Malware.</xs:documentation>
+        </xs:annotation>
+        <xs:complexContent>
+            <xs:extension base="ttp:MalwareInstanceType">
+                <xs:sequence>
+                    <xs:element name="MAEC" type="maec:PackageType">
+                        <xs:annotation>
+                            <xs:documentation>The MAEC field contains the structured characterization of instances of Malware utilizing the MAEC Package schema.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                </xs:sequence>
+            </xs:extension>
+        </xs:complexContent>
+    </xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/extensions/marking/simple_marking.xsd ADDED Viewed

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:marking="http://data-marking.mitre.org/Marking-1" xmlns:simpleMarking="http://data-marking.mitre.org/extensions/MarkingStructure#Simple-1" targetNamespace="http://data-marking.mitre.org/extensions/MarkingStructure#Simple-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1" xml:lang="English">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The Data Marking Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org. </xs:documentation>
+		<xs:appinfo>
+			<schema>Data Marking Extension - Simple Marking Instance</schema>
+			<version>1.1.1</version>
+			<date>05/08/2014 9:00:00 AM</date>
+			<short_description>Data Marking Extension - Simple Marking Instance - Schematic implementation for attaching a simple statement to an idendified XML structure.</short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://data-marking.mitre.org/Marking-1" schemaLocation="../../data_marking.xsd"/>
+	<xs:complexType name="SimpleMarkingStructureType">
+		<xs:annotation>
+			<xs:documentation>The SimpleMarkingStructureType is a basic implementation of the data marking schema that allows for a string statement to be associated with the data being marked. One example might be the application of a copyright statement to some data set.</xs:documentation>
+			<xs:documentation>Nodes may be marked by multiple SimpleMarking statements. When this occurs, all SimpleMarking statements applied to that node are considered valid. There is no resolution for SimpleMarking Statements that appear to conflict: the behavior is undefined at the STIX level.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="marking:MarkingStructureType">
+				<xs:sequence>
+					<xs:element name="Statement" type="xs:string">
+						<xs:annotation>
+							<xs:documentation>The statement to apply to the structure for which the Marking is to be applied.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/extensions/marking/terms_of_use_marking.xsd ADDED Viewed

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:marking="http://data-marking.mitre.org/Marking-1" xmlns:TOUMarking="http://data-marking.mitre.org/extensions/MarkingStructure#Terms_Of_Use-1" targetNamespace="http://data-marking.mitre.org/extensions/MarkingStructure#Terms_Of_Use-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.0.1" xml:lang="English">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation in coordination with Terry MacDonald. The Data Marking Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org. </xs:documentation>
+		<xs:appinfo>
+			<schema>Data Marking Extension - Terms Of Use Marking Instance</schema>
+			<version>1.0.1</version>
+			<date>05/08/2014 9:00:00 AM</date>
+			<short_description>Data Marking Extension - Terms Of Use Marking Instance - Schematic implementation for attaching a Terms Of Use statement to an idendified XML structure.</short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://data-marking.mitre.org/Marking-1" schemaLocation="../../data_marking.xsd"/>
+	<xs:complexType name="TermsOfUseMarkingStructureType">
+		<xs:annotation>
+			<xs:documentation>The TermsOfUseMarkingStructureType is a basic implementation of the data marking schema that allows for a string statement describing the Terms Of Use to be associated with the data being marked.</xs:documentation>
+			<xs:documentation>Nodes may be marked by multiple Terms Of Use Marking statements. When this occurs, all of the multiple Terms of Use Marking statements apply. Its up to the organization adding an additional Term Of User Marking statement to ensure that it's Terms Of Use does not conflict with any previously applied Terms Of Use Marking Statement.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="marking:MarkingStructureType">
+				<xs:sequence>
+					<xs:element name="Terms_Of_Use" type="xs:string">
+						<xs:annotation>
+							<xs:documentation>The Terms Of Use statement to apply to the structure for which the Marking is to be applied.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+</xs:schema>