RubyGems - stix_schema_spy - Versions diffs - 1.0 → 1.1 - Mend

stix_schema_spy 1.0 → 1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (175) hide show

data/config/1.1.1/stix/extensions/marking/tlp_marking.xsd ADDED Viewed

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:marking="http://data-marking.mitre.org/Marking-1" xmlns:tlpMarking="http://data-marking.mitre.org/extensions/MarkingStructure#TLP-1" targetNamespace="http://data-marking.mitre.org/extensions/MarkingStructure#TLP-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1" xml:lang="English">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The Data Marking Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org. </xs:documentation>
+		<xs:appinfo>
+			<schema>Data Marking Extension - TLP</schema>
+			<version>1.1.1</version>
+			<date>05/08/2014 9:00:00 AM</date>
+			<short_description>Data Marking Extension - TLP Marking Instance - Schematic implementation for attaching a Traffic Light Protocol (TLP)designation to an idendified XML structure.</short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://data-marking.mitre.org/Marking-1" schemaLocation="../../data_marking.xsd"/>
+	<xs:complexType name="TLPMarkingStructureType">
+		<xs:annotation>
+			<xs:documentation>The TLPMarkingStructureType is an implementation of the data marking schema that allows for a TLP Designation to be attached to an identified XML structure. Information about TLP is available here: http://www.us-cert.gov/tlp.</xs:documentation>
+			<xs:documentation>Nodes may be marked by multiple TLP Marking statements. When this occurs, the node should be considered marked at the most restrictive TLP Marking of all TLP Markings that were applied to it. For example, if a node is marked both GREEN and AMBER, the node should be considered AMBER.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="marking:MarkingStructureType">
+				<xs:attribute name="color" type="tlpMarking:TLPColorEnum">
+					<xs:annotation>
+						<xs:documentation>The TLP color designation of the marked structure.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:simpleType name="TLPColorEnum">
+		<xs:annotation>
+			<xs:documentation>The TLP color designation of the marked structure.</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="RED"/>
+			<xs:enumeration value="AMBER"/>
+			<xs:enumeration value="GREEN"/>
+			<xs:enumeration value="WHITE"/>
+		</xs:restriction>
+	</xs:simpleType>
+</xs:schema>

data/config/1.1.1/stix/extensions/structured_coa/generic_structured_coa.xsd ADDED Viewed

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:coa="http://stix.mitre.org/CourseOfAction-1" xmlns:stixCommon="http://stix.mitre.org/common-1" xmlns:genericStructuredCOA="http://stix.mitre.org/extensions/StructuredCOA#Generic-1" targetNamespace="http://stix.mitre.org/extensions/StructuredCOA#Generic-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1" xml:lang="English">
+    <xs:annotation>
+        <xs:documentation>This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.</xs:documentation>
+        <xs:appinfo>
+            <schema>STIX Extension - Structured Course of Action Instance</schema>
+            <version>1.1.1</version>
+            <date>05/08/2014 9:00:00 AM</date>
+            <short_description>Structured Threat Information eXpression (STIX) Extension - Generic Structured Course of Action Instance - Schematic implementation for the using a generic Structured Course of Action within the STIX structured cyber threat expression language architecture.</short_description>
+            <terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+        </xs:appinfo>
+    </xs:annotation>
+    <xs:import namespace="http://stix.mitre.org/CourseOfAction-1" schemaLocation="../../course_of_action.xsd"/>
+    <xs:import namespace="http://stix.mitre.org/common-1" schemaLocation="../../stix_common.xsd"/>
+    <xs:complexType name="GenericStructuredCOAType">
+        <xs:annotation>
+            <xs:documentation>The GenericStructuredCOAType specifies an instantial extension from the abstract StructuredCOAType intended to support the generic inclusion of any COA content.</xs:documentation>
+        </xs:annotation>
+        <xs:complexContent>
+            <xs:extension base="coa:StructuredCOAType">
+                <xs:sequence>
+                    <xs:element name="Description" type="stixCommon:StructuredTextType">
+                        <xs:annotation>
+                            <xs:documentation>A structured Description of this Generic Structured COA.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element name="Type" type="stixCommon:ControlledVocabularyStringType">
+                        <xs:annotation>
+                            <xs:documentation>Specifies the type of Generic Structured COA.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element name="Specification" type="stixCommon:EncodedCDATAType">
+                        <xs:annotation>
+                            <xs:documentation>The Specification field encapsulates any test mechnism specification in its native format within a string field. The specification should be within a CDATA construct within the string field.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                </xs:sequence>
+                <xs:attribute name="reference_location" type="xs:anyURI">
+                    <xs:annotation>
+                        <xs:documentation>Specifies a reference URL for the location of the Generic Structured COA.</xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
+            </xs:extension>
+        </xs:complexContent>
+    </xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/extensions/test_mechanism/generic_test_mechanism.xsd ADDED Viewed

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:indicator="http://stix.mitre.org/Indicator-2" xmlns:stixCommon="http://stix.mitre.org/common-1" xmlns:genericTM="http://stix.mitre.org/extensions/TestMechanism#Generic-1" targetNamespace="http://stix.mitre.org/extensions/TestMechanism#Generic-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1" xml:lang="English">
+    <xs:annotation>
+        <xs:documentation>This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.</xs:documentation>
+        <xs:appinfo>
+            <schema>STIX Extension - Generic Test Mechanism Instance</schema>
+            <version>1.1.1</version>
+            <date>05/08/2014 9:00:00 AM</date>
+            <short_description>Structured Threat Information eXpression (STIX) Extension - Generic Test Mechanism Instance - Schematic implementation for the using a generic Test Machanism within the STIX structured cyber threat expression language architecture.</short_description>
+            <terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+        </xs:appinfo>
+    </xs:annotation>
+    <xs:import namespace="http://stix.mitre.org/Indicator-2" schemaLocation="../../indicator.xsd"/>
+    <xs:import namespace="http://stix.mitre.org/common-1" schemaLocation="../../stix_common.xsd"/>
+    <xs:complexType name="GenericTestMechanismType">
+        <xs:annotation>
+            <xs:documentation>The GenericTestMechanismType specifies an instantial extension from the abstract TestMechanismType intended to support the generic inclusion of any test mechanism content.</xs:documentation>
+        </xs:annotation>
+        <xs:complexContent>
+            <xs:extension base="indicator:TestMechanismType">
+                <xs:sequence>
+                    <xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0">
+                        <xs:annotation>
+                            <xs:documentation>A structured Description of this Generic Test Mechanism.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element name="Type" type="stixCommon:ControlledVocabularyStringType" minOccurs="0">
+                        <xs:annotation>
+                            <xs:documentation>Specifies the type of Generic Test Mechanism.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element name="Specification" type="stixCommon:EncodedCDATAType" minOccurs="0">
+                        <xs:annotation>
+                            <xs:documentation>The Specification field encapsulates any test mechnism specification in its native format within a string field. The specification should be within a CDATA construct within the string field.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                </xs:sequence>
+                <xs:attribute name="reference_location" type="xs:anyURI">
+                    <xs:annotation>
+                        <xs:documentation>Specifies a reference URL for the location of the Generic Test Mechanism.</xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
+            </xs:extension>
+        </xs:complexContent>
+    </xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/extensions/test_mechanism/open_ioc_2010_test_mechanism.xsd ADDED Viewed

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:indicator="http://stix.mitre.org/Indicator-2" xmlns:ioc-tr="http://schemas.mandiant.com/2010/ioc/TR/" xmlns:ioc="http://schemas.mandiant.com/2010/ioc" xmlns:stix-openioc="http://stix.mitre.org/extensions/TestMechanism#OpenIOC2010-1" targetNamespace="http://stix.mitre.org/extensions/TestMechanism#OpenIOC2010-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1" xml:lang="English">
+    <xs:annotation>
+        <xs:documentation>This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.</xs:documentation>
+        <xs:appinfo>
+            <schema>STIX Extension - Open IOC Test Mechanism Instance</schema>
+            <version>1.1.1</version>
+            <date>05/08/2014 9:00:00 AM</date>
+            <short_description>Structured Threat Information eXpression (STIX) Extension - Open IOC Test Mechanism Instance - Schematic implementation for the using the 2010 version of Open IOC to describe a Test Machanism within the STIX structured cyber threat expression language architecture.</short_description>
+            <terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+        </xs:appinfo>
+    </xs:annotation>
+    <xs:import namespace="http://stix.mitre.org/Indicator-2" schemaLocation="../../indicator.xsd"/>
+    <xs:import namespace="http://schemas.mandiant.com/2010/ioc" schemaLocation="../../external/open_ioc_2010/ioc.xsd"/>
+    <xs:import namespace="http://schemas.mandiant.com/2010/ioc/TR/" schemaLocation="../../external/open_ioc_2010/ioc-TR.xsd"/>
+    <xs:complexType name="OpenIOC2010TestMechanismType">
+        <xs:annotation>
+            <xs:documentation>The OpenIOC2010TestMechanismType provides an extension to the TestMechanismType which imports and leverages the 2010 Open IOC schema in order to include OpenIOC elements as the test mechanism.</xs:documentation>
+        </xs:annotation>
+        <xs:complexContent>
+            <xs:extension base="indicator:TestMechanismType">
+                <xs:sequence>
+                    <xs:element name="ioc" type="ioc:IndicatorOfCompromise">
+                        <xs:annotation>
+                            <xs:documentation>The ioc field contains the structured specification of the OpenIOC test mechanism.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                </xs:sequence>
+            </xs:extension>
+        </xs:complexContent>
+    </xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/extensions/test_mechanism/oval_5.10_test_mechanism.xsd ADDED Viewed

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:indicator="http://stix.mitre.org/Indicator-2" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval-var="http://oval.mitre.org/XMLSchema/oval-variables-5" xmlns:stix-oval="http://stix.mitre.org/extensions/TestMechanism#OVAL5.10-1" targetNamespace="http://stix.mitre.org/extensions/TestMechanism#OVAL5.10-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1" xml:lang="English">
+    <xs:annotation>
+        <xs:documentation>This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.</xs:documentation>
+        <xs:appinfo>
+            <schema>STIX Extension - OVAL Test Mechanism Instance</schema>
+            <version>1.1.1</version>
+            <date>05/08/2014 9:00:00 AM</date>
+            <short_description>Structured Threat Information eXpression (STIX) Extension - OVAL Test Mechanism Instance - Schematic implementation for the using OVAL to describe a Test Machanism within the STIX structured cyber threat expression language architecture.</short_description>
+            <terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+        </xs:appinfo>
+    </xs:annotation>
+    <xs:import namespace="http://stix.mitre.org/Indicator-2" schemaLocation="../../indicator.xsd"/>
+    <xs:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5" schemaLocation="../../external/oval_5.10/oval-definitions-schema.xsd"/>
+    <xs:import namespace="http://oval.mitre.org/XMLSchema/oval-variables-5" schemaLocation="../../external/oval_5.10/oval-variables-schema.xsd"/>
+    <xs:complexType name="OVAL5.10TestMechanismType">
+        <xs:annotation>
+            <xs:documentation>The OVALTestMechanismType provides an extension to the TestMechanismType which imports and leverages the OVAL schema in order to include OVAL Definitions as the test mechanism.</xs:documentation>
+        </xs:annotation>
+        <xs:complexContent>
+            <xs:extension base="indicator:TestMechanismType">
+                <xs:sequence>
+                    <xs:element ref="oval-def:oval_definitions">
+                        <xs:annotation>
+                            <xs:documentation>The oval_definitions field contains the structured specification of the OVAL test mechanism. When including OVAL Definition documents it is expected that at least one valid OVAL Definition Definition is included.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element ref="oval-var:oval_variables" minOccurs="0">
+                        <xs:annotation>
+                            <xs:documentation>The oval_variables field contains a valid OVAL Variables document and should only be used to supply external variable values needed by this OVAL Test Mechanism's OVAL Definitions.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                </xs:sequence>
+            </xs:extension>
+        </xs:complexContent>
+    </xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/extensions/test_mechanism/snort_test_mechanism.xsd ADDED Viewed

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:stixCommon="http://stix.mitre.org/common-1" xmlns:indicator="http://stix.mitre.org/Indicator-2" xmlns:snortTM="http://stix.mitre.org/extensions/TestMechanism#Snort-1" targetNamespace="http://stix.mitre.org/extensions/TestMechanism#Snort-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1" xml:lang="English">
+    <xs:annotation>
+        <xs:documentation>This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.</xs:documentation>
+        <xs:appinfo>
+            <schema>STIX Extension - Snort Test Mechanism Instance</schema>
+            <version>1.1.1</version>
+            <date>05/08/2014 9:00:00 AM</date>
+            <short_description>Structured Threat Information eXpression (STIX) Extension - Snort Test Mechanism Instance - Schematic implementation for the using a Snort rule as a Test Machanism within the STIX structured cyber threat expression language architecture.</short_description>
+            <terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+        </xs:appinfo>
+    </xs:annotation>
+    <xs:import namespace="http://stix.mitre.org/Indicator-2" schemaLocation="../../indicator.xsd"/>
+    <xs:import namespace="http://stix.mitre.org/common-1" schemaLocation="../../stix_common.xsd"/>
+    <xs:complexType name="SnortTestMechanismType">
+        <xs:annotation>
+            <xs:documentation>The SnortTestMechanismType specifies an instantial extension from the abstract TestMechanismType intended to support the inclusion of a Snort rule as a test mechanism content.</xs:documentation>
+        </xs:annotation>
+        <xs:complexContent>
+            <xs:extension base="indicator:TestMechanismType">
+                <xs:sequence>
+                    <xs:element name="Product_Name" type="xs:string" minOccurs="0">
+                        <xs:annotation>
+                            <xs:documentation>Name of the Snort-compatible tool that the rules were written again. If the tool has a CPE name, use of that name is suggested, otherwise a simple name like "Snort", "Suricata", or "Sourcefire" could be used.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element name="Version" type="xs:string" minOccurs="0">
+                        <xs:annotation>
+                            <xs:documentation>The Version of Snort or Snort-compatible tool that the rules were written against.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element name="Rule" type="stixCommon:EncodedCDATAType" minOccurs="0" maxOccurs="unbounded">
+                        <xs:annotation>
+                            <xs:documentation>The Rule field encapsulates a Snort rule in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element name="Event_Filter" type="stixCommon:EncodedCDATAType" minOccurs="0" maxOccurs="unbounded">
+                        <xs:annotation>
+                            <xs:documentation>The Event_Filter field encapsulates a Snort event filter line in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element name="Rate_Filter" type="stixCommon:EncodedCDATAType" minOccurs="0" maxOccurs="unbounded">
+                        <xs:annotation>
+                            <xs:documentation>The Rate_Filter field encapsulates a Snort rate filter line in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element name="Event_Suppression" type="stixCommon:EncodedCDATAType" minOccurs="0" maxOccurs="unbounded">
+                        <xs:annotation>
+                            <xs:documentation>The Event_Suppression field encapsulates a Snort event suppression line in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                </xs:sequence>
+            </xs:extension>
+        </xs:complexContent>
+    </xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/extensions/test_mechanism/yara_test_mechanism.xsd ADDED Viewed

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:indicator="http://stix.mitre.org/Indicator-2" xmlns:stixCommon="http://stix.mitre.org/common-1" xmlns:yaraTM="http://stix.mitre.org/extensions/TestMechanism#YARA-1" targetNamespace="http://stix.mitre.org/extensions/TestMechanism#YARA-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1" xml:lang="English">
+    <xs:annotation>
+        <xs:documentation>This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.</xs:documentation>
+        <xs:appinfo>
+            <schema>STIX Extension - YARA Test Mechanism Instance</schema>
+            <version>1.1.1</version>
+            <date>05/08/2014 9:00:00 AM</date>
+            <short_description>Structured Threat Information eXpression (STIX) Extension - YARA Test Mechanism Instance - Schematic implementation for the using a YARA rule as a Test Machanism within the STIX structured cyber threat expression language architecture.</short_description>
+            <terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+        </xs:appinfo>
+    </xs:annotation>
+    <xs:import namespace="http://stix.mitre.org/Indicator-2" schemaLocation="../../indicator.xsd"/>
+    <xs:import namespace="http://stix.mitre.org/common-1" schemaLocation="../../stix_common.xsd"/>
+    <xs:complexType name="YaraTestMechanismType">
+        <xs:annotation>
+            <xs:documentation>The YaraTestMechanismType specifies an instantial extension from the abstract TestMechanismType intended to support the inclusion of a YARA rule as a test mechanism content.</xs:documentation>
+        </xs:annotation>
+        <xs:complexContent>
+            <xs:extension base="indicator:TestMechanismType">
+                <xs:sequence>
+                    <xs:element name="Version" type="xs:string" minOccurs="0">
+                        <xs:annotation>
+                            <xs:documentation>The Version of YARA that the rule was written against.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                    <xs:element name="Rule" type="stixCommon:EncodedCDATAType" minOccurs="0">
+                        <xs:annotation>
+                            <xs:documentation>The Rule field encapsulates a YARA rule in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                </xs:sequence>
+            </xs:extension>
+        </xs:complexContent>
+    </xs:complexType>
+</xs:schema>

data/config/1.1.1/stix/extensions/vulnerability/cvrf_1.1_vulnerability.xsd ADDED Viewed

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" xmlns:stix-cvrf="http://stix.mitre.org/extensions/Vulnerability#CVRF-1" targetNamespace="http://stix.mitre.org/extensions/Vulnerability#CVRF-1" xmlns="http://stix.mitre.org/extensions/Vulnerability#CVRF-1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:et="http://stix.mitre.org/ExploitTarget-1" version="1.1.1" xml:lang="English">
+    <xs:annotation>
+        <xs:documentation>This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org. </xs:documentation>
+        <xs:appinfo>
+            <schema>STIX Extension - CVRF 1.1 Vulnerability Instance</schema>
+            <version>1.1.1</version>
+            <date>05/08/2014 9:00:00 AM</date>
+            <short_description>Structured Threat Information eXpression (STIX) Extension - CVRF 1.1 Vulnerability Instance - Schematic implementation for the using version 1.1 of CVRF to describe an Vulneability within the STIX structured cyber threat expression language architecture.</short_description>
+            <terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. </terms_of_use>
+        </xs:appinfo>
+    </xs:annotation>
+    <xs:import namespace="http://www.icasi.org/CVRF/schema/cvrf/1.1" schemaLocation="../../external/cvrf_1.1/cvrf.xsd"/>
+    <xs:import namespace="http://stix.mitre.org/ExploitTarget-1" schemaLocation="../../exploit_target.xsd"/>
+    <xs:complexType name="CVRF1.1InstanceType">
+        <xs:annotation>
+            <xs:documentation>
+                The CVRF1.1InstanceType provides an extension to the VulnerabilityType which imports and leverages the CVRF schema for structured characterization of Vulnerabilities. This could include characterization of 0-days or other vulnerabilities that do not have a CVE or OSVDB ID.
+            </xs:documentation>
+        </xs:annotation>
+        <xs:complexContent>
+            <xs:extension base="et:VulnerabilityType">
+                <xs:sequence>
+                    <xs:element ref="cvrf:cvrfdoc">
+                        <xs:annotation>
+                            <xs:documentation>The CVRF field contains the structured characterization of Vulnerabilities utilizing the CVRF schema.</xs:documentation>
+                        </xs:annotation>
+                    </xs:element>
+                </xs:sequence>
+            </xs:extension>
+        </xs:complexContent>
+    </xs:complexType>
+</xs:schema>