stix_schema_spy 1.0

data/config/1.1/stix/cybox/objects/Win_Critical_Section_Object.xsd

@@ -0,0 +1,40 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinCriticalSectionObj="http://cybox.mitre.org/objects#WinCriticalSectionObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" targetNamespace="http://cybox.mitre.org/objects#WinCriticalSectionObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Critical_Section_Object</schema>
+			<version>2.1</version>
+			<date>01/22/2014</date>			
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:element name="Windows_Critical_Section" type="WinCriticalSectionObj:WindowsCriticalSectionObjectType">
+		<xs:annotation>
+			<xs:documentation>The Windows_Critical_Section object is intended to characterize Windows Critical Section objects.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsCriticalSectionObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsCriticalSectionObjectType type is intended to characterize Windows Critical Section objects.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="cyboxCommon:ObjectPropertiesType">
+				<xs:sequence>
+					<xs:element name="Address" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Address field specifies the address of the code that crated the critical section object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Spin_Count" type="cyboxCommon:NonNegativeIntegerObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Spin_Count field specifies the spin count value for the critical section object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+</xs:schema>

data/config/1.1/stix/cybox/objects/Win_Driver_Object.xsd

@@ -0,0 +1,270 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinDriverObj="http://cybox.mitre.org/objects#WinDriverObject-3" xmlns:WinExecutableFileObj="http://cybox.mitre.org/objects#WinExecutableFileObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" targetNamespace="http://cybox.mitre.org/objects#WinDriverObject-3" elementFormDefault="qualified" attributeFormDefault="unqualified" version="3.0">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Driver_Object</schema>
+			<version>3.0</version>
+			<date>01/22/2014</date>			
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#WinExecutableFileObject-2" schemaLocation="Win_Executable_File_Object.xsd"/>
+	<xs:element name="Windows_Driver" type="WinDriverObj:WindowsDriverObjectType">
+		<xs:annotation>
+			<xs:documentation>The Windows_Driver object is intended to characterize Windows device drivers.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsDriverObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsDriverObject type is intended to characterize Windows device drivers.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="WinExecutableFileObj:WindowsExecutableFileObjectType">
+				<xs:sequence>
+					<xs:element name="Device_Object_List" type="WinDriverObj:DeviceObjectListType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Device_Object_List field specifies the device objects that were created by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Driver_Init" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Driver_Init field specifies the entry point for the driver's DriverEntry routine. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff544174(v=vs.85).aspx.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Driver_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Driver_Name field specifies the name of the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Driver_Object_Address" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Driver_Object_Address field specifies the address to the driver's driver object, which contains the storage for the entry point to many of the driver's standard routines. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff548034(v=vs.85).aspx.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Driver_Start_IO" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Driver_Start_IO field specifies the entry point for the driver's StartIO routine. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff544174(v=vs.85).aspx.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Driver_Unload" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Driver_Unload field specifies the entry point for the driver's unload routine. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff544174(v=vs.85).aspx.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Image_Base" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Image_Base field specifies the preferred address of the first byte of the driver's image when it is loaded into memory.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Image_Size" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Image_Size field specifies the size of the driver's image, in bytes.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_CLEANUP" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_CLEANUP field represents a count of the number of times the CLEANUP function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_CLOSE" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_CLOSE field represents a count of the number of times the CLOSE function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_CREATE" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_CREATE field represents a count of the number of times the CREATE function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_CREATE_MAILSLOT" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_CREATE_MAILSLOT field represents a count of the number of times the CREATE_MAILSLOT function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_CREATE_NAMED_PIPE" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_CREATE_NAMED_PIPE field represents a count of the number of times the CREATE_NAMED_PIPE function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_DEVICE_CHANGE" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_DEVICE_CHANGE field represents a count of the number of times the DEVICE_CHANGE function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_DEVICE_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_DEVICE_CONTROL field represents a count of the number of times the DEVICE_CONTROL function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_DIRECTORY_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_DIRECTORY_CONTROL field represents a count of the number of times the DIRECTORY_CONTROL function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_FILE_SYSTEM_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_FILE_SYSTEM_CONTROL field represents a count of the number of times the FILE_SYSTEM_CONTROL function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_FLUSH_BUFFERS" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_FLUSH_BUFFERS field represents a count of the number of times the FLUSH_BUFFERS function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_INTERNAL_DEVICE_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_INTERNAL_DEVICE_CONTROL field represents a count of the number of times the INTERNAL_DEVICE_CONTROL function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_LOCK_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_LOCK_CONROL field represents a count of the number of times the LOCK_CONROL function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_PNP" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_PNP field represents a count of the number of times the PNP function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_POWER" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_POWER field represents a count of the number of times the POWER function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_READ" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_READ field represents a count of the number of times the READ function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_QUERY_EA" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_QUERY_EA field represents a count of the number of times the QUERY_EA function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_QUERY_INFORMATION" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_QUERY_INFORMATION field represents a count of the number of times the QUERY_INFORMATION function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_QUERY_SECURITY" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_QUERY_SECURITY field represents a count of the number of times the QUERY_SECURITY function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_QUERY_QUOTA" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_QUERY_QUOTA field represents a count of the number of times the QUERY_QUOTA function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_QUERY_VOLUME_INFORMATION" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_QUERY_VOLUME_INFORMATION field represents a count of the number of times the QUERY_VOLUME_INFORMATION function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_SET_EA" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_SET_EA field represents a count of the number of times the SET_EA function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_SET_INFORMATION" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_SET_INFORMATION field represents a count of the number of times the SET_INFORMATION function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_SET_SECURITY" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_SET_SECURITY field represents a count of the number of times the SET_SECURITY function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_SET_QUOTA" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_SET_QUOTA field represents a count of the number of times the SET_QUOTA function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_SET_VOLUME_INFORMATION" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_SET_VOLUME_INFORMATION field represents a count of the number of times the SET_VOLUME_INFORMATION function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_SHUTDOWN" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_SHUTDOWN field represents a count of the number of times the SHUTDOWN function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_SYSTEM_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_SYSTEM_CONTROL field represents a count of the number of times the SYSTEM_CONTROL function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_WRITE" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_WRITE field represents a count of the number of times the WRITE function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="DeviceObjectStructType">
+		<xs:annotation>
+			<xs:documentation>The DeviceObjectStructType type specifies the properties of a device object. In this context, a device object represents a logical, virtual, or physical device for which a driver handles I/O requests. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff543147(v=vs.85).aspx.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Attached_Device_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Attached_Device_Name field specifies the name of another device object that was attached to this one. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff543147(v=vs.85).aspx.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Attached_Device_Object" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Attached_Device_Object field specifies a pointer to another device object that was attached to this one. Typically this is a filter driver. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff543147(v=vs.85).aspx.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Attached_To_Device_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Attached_To_Device_Name field specifies the name of another device object that this one was attached to.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Attached_To_Device_Object" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Attached_To_Device_Object field specifies a pointer to another device object that this one was attached to.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Attached_To_Driver_Object" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Attached_To_Driver_Object field specifies a pointer to the driver to which this device object was attached.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Attached_To_Driver_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Attached_To_Driver_Name field specifies the name of the driver to which this device object was attached.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Device_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Device_Name field specifies the name of the device object.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Device_Object" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Device_Object field specifies a pointer to the driver object for the caller.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="DeviceObjectListType">
+		<xs:annotation>
+			<xs:documentation>The DeviceObjectListType specifies a list of device objects.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Device_Object_Struct" type="WinDriverObj:DeviceObjectStructType" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>The Device_Object _Struct field specifies a single device object utilizing the Windows Driver Device Object Struct.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+</xs:schema>

data/config/1.1/stix/cybox/objects/Win_Event_Log_Object.xsd

@@ -0,0 +1,137 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:WinEventLogObj="http://cybox.mitre.org/objects#WinEventLogObject-2" targetNamespace="http://cybox.mitre.org/objects#WinEventLogObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Event_Log_Object</schema>
+			<version>2.1</version>
+			<date>01/22/2014</date>			
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:element name="Windows_Event_Log" type="WinEventLogObj:WindowsEventLogObjectType">
+		<xs:annotation>
+			<xs:documentation>The Windows_Event_Log object is intended to characterize entries in the Windows event log. Microsoft's Event schema is described at http://msdn.microsoft.com/en-us/library/aa385201 and the .NET API is described at http://msdn.microsoft.com/en-us/library/y80k1300.aspx.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsEventLogObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsEventLogObjectType type is intended to characterize entries in the Windows event log.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="cyboxCommon:ObjectPropertiesType">
+				<xs:sequence>
+					<xs:element name="EID" type="cyboxCommon:LongObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The EID field specifies the ID of the event for which the event log entry was created.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Type" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The event type associated with the entry in the event log, e.g., warning, information, error.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Log" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The name of the log.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Message" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The rendered message string for the event.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Category_Num" type="cyboxCommon:LongObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The event entry's category number, as defined by the source.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Category" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The text associated with Category_Num.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Generation_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Generation_Time field specifies the date/time the event was generated.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Source" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>What logged the event, typically the name of an application or sub-component.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Machine" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The name of the computer on which the event log entry was generated.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="User" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The name of the user (the security ID) responsible for the event.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Blob" type="cyboxCommon:Base64BinaryObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The event data as a binary blob.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Correlation_Activity_ID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>A globally unique identifier that identifies the current activity.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Correlation_Related_Activity_ID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>A globally unique identifier that identifies the activity to which control was transferred to.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Execution_Process_ID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Execution_Process_ID field specifies the Process ID (PID) of the process which created the event.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Execution_Thread_ID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Execution_Thread_ID field specifies the Thread ID (TID) of the thread which created the event.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Index" type="cyboxCommon:LongObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The index of the event entry in the log.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Reserved" type="cyboxCommon:LongObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>A DWORD value that is always set to ELF_LOG_SIGNATURE (the value 0x654c664c), which is ASCII for eLfL.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Unformatted_Message_List" type="WinEventLogObj:UnformattedMessageListType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>List of unformatted messages in the event log entry.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Write_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Write_Time field specifies the date/time that the entry was written into the event log.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="UnformattedMessageListType">
+		<xs:annotation>
+			<xs:documentation>The UnformattedMessageListType type is a list of unformatted messages in the event log entry.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Unformatted_Message" type="cyboxCommon:StringObjectPropertyType" minOccurs="1" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>A single unformatted message in the event log entry.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+</xs:schema>

data/config/1.1/stix/cybox/objects/Win_Event_Object.xsd

@@ -0,0 +1,80 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinEventObj="http://cybox.mitre.org/objects#WinEventObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:WinHandleObj="http://cybox.mitre.org/objects#WinHandleObject-2" targetNamespace="http://cybox.mitre.org/objects#WinEventObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Event_Object</schema>
+			<version>2.1</version>
+			<date>01/22/2014</date>			
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#WinHandleObject-2" schemaLocation="Win_Handle_Object.xsd"/>
+	<xs:element name="Windows_Event" type="WinEventObj:WindowsEventObjectType">
+		<xs:annotation>
+			<xs:documentation>The Windows_Event object is intended to characterize Windows event (synchronization) objects.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsEventObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsEventObjectType type is intended to characterize Windows event (synchronization) objects.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="cyboxCommon:ObjectPropertiesType">
+				<xs:sequence>
+					<xs:element name="Handle" type="WinHandleObj:WindowsHandleObjectType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Handle field specifies the handle to the Windows event object. It imports and uses the WindowsHandleObjectType type from the CybOX Windows Handle object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Name field specifies the name of the Windows event object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Type" type="WinEventObj:WinEventType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Type field specifies the type of the Windows event.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="WinEventType">
+		<xs:annotation>
+			<xs:documentation>WinEventType specifies Windows event types, via a union of the WinEventTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
+		</xs:annotation>
+		<xs:simpleContent>
+			<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
+				<xs:simpleType>
+					<xs:union memberTypes="WinEventObj:WinEventTypeEnum xs:string"/>
+				</xs:simpleType>
+				<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
+					<xs:annotation>
+						<xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:restriction>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:simpleType name="WinEventTypeEnum">
+		<xs:annotation>
+			<xs:documentation>The WinEventTypeEnum type is an enumeration of Windows synchronization event types. These are described in detail in http://msdn.microsoft.com/en-us/library/windows/desktop/ms682655(v=vs.85).aspx.</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="ManualReset">
+				<xs:annotation>
+					<xs:documentation>Indicates an event object whose state remains signaled until it is explicitly reset to nonsignaled by the ResetEvent function. While it is signaled, any number of waiting threads, or threads that subsequently specify the same event object in one of the wait functions, can be released.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="AutoReset">
+				<xs:annotation>
+					<xs:documentation>Indicates an event object whose state remains signaled until a single waiting thread is released, at which time the system automatically sets the state to nonsignaled. If no threads are waiting, the event object's state remains signaled. If more than one thread is waiting, a waiting thread is selected. Do not assume a first-in, first-out (FIFO) order. External events such as kernel-mode APCs can change the wait order.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+		</xs:restriction>
+	</xs:simpleType>
+</xs:schema>