stix_schema_spy 1.0

data/config/1.0.1/stix/cybox/objects/Win_Computer_Account_Object.xsd

@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinComputerAccountObj="http://cybox.mitre.org/objects#WinComputerAccountObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:AccountObj="http://cybox.mitre.org/objects#AccountObject-2" xmlns:PortObj="http://cybox.mitre.org/objects#PortObject-2" xmlns:ns1="http://cybox.mitre.org/objects#WinComputerAccountObject-2" targetNamespace="http://cybox.mitre.org/objects#WinComputerAccountObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org. </xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Computer_Account_Object</schema>
+			<version>2.0.1</version>
+			<date>09/30/2013 9:00:00 AM</date>
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2013, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included. </terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#AccountObject-2" schemaLocation="Account_Object.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#PortObject-2" schemaLocation="Port_Object.xsd"/>
+	<xs:element name="Windows_Computer_Account" type="WinComputerAccountObj:WindowsComputerAccountObjectType" nillable="true">
+		<xs:annotation>
+			<xs:documentation>The Windows_Computer_Account object is intended to characterize Windows computer accounts.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsComputerAccountObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WinComputerAccountObject type is intended to characterize Windows computer accounts.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="AccountObj:AccountObjectType">
+				<xs:sequence>
+					<xs:element name="Fully_Qualified_Name" type="WinComputerAccountObj:FullyQualifiedNameType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Fully_Qualified_Name field refers to the fully qualified name(s) of the Windows computer account.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Kerberos" type="WinComputerAccountObj:KerberosType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Kerberos field specifies the Kerberos authentication protocol specific Object properties for the Windows computer account.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Security_ID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Security_ID field specifies the Security ID (SID) value assigned to the Windows computer account.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Security_Type" type="cyboxCommon:SIDType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Security_Type field specifies the type of Security ID (SID) assigned to the Windows computer account.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Type" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Type field specifies the type of the Windows computer account.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="FullyQualifiedNameType">
+		<xs:annotation>
+			<xs:documentation>The FullyQualifiedNameType type refers to the fully qualified name(s) of the Windows computer account.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="NetBEUI_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The NetBEUI_Name field specifies the NETBEUI name of the Windows computer account.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Full_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Full_Name field specifies the full name of the Windows computer account.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="KerberosType">
+		<xs:annotation>
+			<xs:documentation>The KerberosType type specifies the Kerberos authentication protocol specific Object properties for the Windows computer account.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Delegation" type="WinComputerAccountObj:KerberosDelegationType">
+				<xs:annotation>
+					<xs:documentation>The Delegation field specifies the Kerberos delegation used for the Windows computer account.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Ticket" type="cyboxCommon:UnsignedLongObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Ticket field specifies the ID of the Kerberos ticket assigned to the Windows computer account.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="KerberosDelegationType">
+		<xs:annotation>
+			<xs:documentation>The Delegation field specifies the Kerberos delegation used for the Windows computer account.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Bitmask" type="cyboxCommon:HexBinaryObjectPropertyType">
+				<xs:annotation>
+					<xs:documentation>The Bitmask field specifies the bitmask used in the Kerberos delegation for the Windows computer account.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Service" type="WinComputerAccountObj:KerberosServiceType">
+				<xs:annotation>
+					<xs:documentation>The Service field specifies the properties of the Kerberos delegation service for the Windows computer account.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="KerberosServiceType">
+		<xs:annotation>
+			<xs:documentation>The KerberosServiceType specifies the properties of the Kerberos delegation service for the Windows computer account.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Computer" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Computer field specifies the computer name for the Kerberos service.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Name field specifies the name of the Kerberos service.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Port" type="PortObj:PortObjectType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Port field specifies the port for the Kerberos service.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="User" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The User field specifies the username for the Kerberos service.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+</xs:schema>

data/config/1.0.1/stix/cybox/objects/Win_Critical_Section_Object.xsd

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinCriticalSectionObj="http://cybox.mitre.org/objects#WinCriticalSectionObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" targetNamespace="http://cybox.mitre.org/objects#WinCriticalSectionObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org. </xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Critical_Section_Object</schema>
+			<version>2.0.1</version>
+			<date>09/30/2013 9:00:00 AM</date>
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2013, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included. </terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:element name="Windows_Critical_Section" type="WinCriticalSectionObj:WindowsCriticalSectionObjectType" nillable="true">
+		<xs:annotation>
+			<xs:documentation>The Windows_Critical_Section object is intended to characterize Windows Critical Section objects.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsCriticalSectionObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsCriticalSectionObjectType type is intended to characterize Windows Critical Section objects.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="cyboxCommon:ObjectPropertiesType">
+				<xs:sequence>
+					<xs:element name="Address" type="cyboxCommon:HexBinaryObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Address field specifies the address of the code that crated the critical section object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Spin_Count" type="cyboxCommon:NonNegativeIntegerObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Spin_Count field specifies the spin count value for the critical section object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+</xs:schema>

data/config/1.0.1/stix/cybox/objects/Win_Driver_Object.xsd

@@ -0,0 +1,269 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinDriverObj="http://cybox.mitre.org/objects#WinDriverObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" targetNamespace="http://cybox.mitre.org/objects#WinDriverObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org. </xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Driver_Object</schema>
+			<version>2.0.1</version>
+			<date>09/30/2013 9:00:00 AM</date>
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2013, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included. </terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:element name="Windows_Driver" type="WinDriverObj:WindowsDriverObjectType" nillable="true">
+		<xs:annotation>
+			<xs:documentation>The Windows_Driver object is intended to characterize Windows device drivers.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsDriverObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsDriverObject type is intended to characterize Windows device drivers.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="cyboxCommon:ObjectPropertiesType">
+				<xs:sequence>
+					<xs:element name="Device_Object_List" type="WinDriverObj:DeviceObjectListType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Device_Object_List field specifies the device objects that were created by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Driver_Init" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Driver_Init field specifies the entry point for the driver's DriverEntry routine. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff544174(v=vs.85).aspx</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Driver_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Driver_Name field specifies the name of the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Driver_Object_Address" type="cyboxCommon:HexBinaryObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Driver_Object_Address field specifies the address to the driver's driver object, which contains the storage for the entry point to many of the driver's standard routines. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff548034(v=vs.85).aspx</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Driver_Start_IO" type="cyboxCommon:HexBinaryObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Driver_Start_IO field specifies the entry point for the driver's StartIO routine. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff544174(v=vs.85).aspx</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Driver_Unload" type="cyboxCommon:HexBinaryObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Driver_Unload field specifies the entry point for the driver's unload routine. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff544174(v=vs.85).aspx</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Image_Base" type="cyboxCommon:HexBinaryObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Image_Base field specifies the preferred address of the first byte of the driver's image when it is loaded into memory.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Image_Size" type="cyboxCommon:HexBinaryObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Image_Size field specifies the size of the driver's image, in bytes.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_CLEANUP" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_CLEANUP field represents a count of the number of times the CLEANUP function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_CLOSE" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_CLOSE field represents a count of the number of times the CLOSE function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_CREATE" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_CREATE field represents a count of the number of times the CREATE function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_CREATE_MAILSLOT" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_CREATE_MAILSLOT field represents a count of the number of times the CREATE_MAILSLOT function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_CREATE_NAMED_PIPE" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_CREATE_NAMED_PIPE field represents a count of the number of times the CREATE_NAMED_PIPE function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_DEVICE_CHANGE" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_DEVICE_CHANGE field represents a count of the number of times the DEVICE_CHANGE function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_DEVICE_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_DEVICE_CONTROL field represents a count of the number of times the DEVICE_CONTROL function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_DIRECTORY_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_DIRECTORY_CONTROL field represents a count of the number of times the DIRECTORY_CONTROL function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_FILE_SYSTEM_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_FILE_SYSTEM_CONTROL field represents a count of the number of times the FILE_SYSTEM_CONTROL function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_FLUSH_BUFFERS" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_FLUSH_BUFFERS field represents a count of the number of times the FLUSH_BUFFERS function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_INTERNAL_DEVICE_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_INTERNAL_DEVICE_CONTROL field represents a count of the number of times the INTERNAL_DEVICE_CONTROL function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_LOCK_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_LOCK_CONROL field represents a count of the number of times the LOCK_CONROL function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_PNP" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_PNP field represents a count of the number of times the PNP function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_POWER" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_POWER field represents a count of the number of times the POWER function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_READ" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_READ field represents a count of the number of times the READ function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_QUERY_EA" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_QUERY_EA field represents a count of the number of times the QUERY_EA function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_QUERY_INFORMATION" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_QUERY_INFORMATION field represents a count of the number of times the QUERY_INFORMATION function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_QUERY_SECURITY" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_QUERY_SECURITY field represents a count of the number of times the QUERY_SECURITY function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_QUERY_QUOTA" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_QUERY_QUOTA field represents a count of the number of times the QUERY_QUOTA function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_QUERY_VOLUME_INFORMATION" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_QUERY_VOLUME_INFORMATION field represents a count of the number of times the QUERY_VOLUME_INFORMATION function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_SET_EA" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_SET_EA field represents a count of the number of times the SET_EA function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_SET_INFORMATION" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_SET_INFORMATION field represents a count of the number of times the SET_INFORMATION function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_SET_SECURITY" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_SET_SECURITY field represents a count of the number of times the SET_SECURITY function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_SET_QUOTA" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_SET_QUOTA field represents a count of the number of times the SET_QUOTA function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_SET_VOLUME_INFORMATION" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_SET_VOLUME_INFORMATION field represents a count of the number of times the SET_VOLUME_INFORMATION function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_SHUTDOWN" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_SHUTDOWN field represents a count of the number of times the SHUTDOWN function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_SYSTEM_CONTROL" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_SYSTEM_CONTROL field represents a count of the number of times the SYSTEM_CONTROL function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="IRP_MJ_WRITE" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The IRP_MJ_WRITE field represents a count of the number of times the WRITE function code was processed by the driver.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="DeviceObjectStructType">
+		<xs:annotation>
+			<xs:documentation>The DeviceObjectStructType type specifies the properties of a device object. In this context, a device object represents a logical, virtual, or physical device for which a driver handles I/O requests. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff543147(v=vs.85).aspx</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Attached_Device_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Attached_Device_Name field specifies the name of another device object that was attached to this one. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff543147(v=vs.85).aspx</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Attached_Device_Object" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Attached_Device_Object field specifies a pointer to another device object that was attached to this one. Typically this is a filter driver. See also: http://msdn.microsoft.com/en-us/library/windows/hardware/ff543147(v=vs.85).aspx</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Attached_To_Device_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Attached_To_Device_Name field specifies the name of another device object that this one was attached to.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Attached_To_Device_Object" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Attached_To_Device_Object field specifies a pointer to another device object that this one was attached to. </xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Attached_To_Driver_Object" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Attached_To_Driver_Object field specifies a pointer to the driver to which this device object was attached.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Attached_To_Driver_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Attached_To_Driver_Name field specifies the name of the driver to which this device object was attached.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Device_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Device_Name field specifies the name of the device object.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Device_Object" type="cyboxCommon:UnsignedLongObjectPropertyType" nillable="true" minOccurs="0" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The Device_Object field specifies a pointer to the driver object for the caller.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="DeviceObjectListType">
+		<xs:annotation>
+			<xs:documentation>The DeviceObjectListType specifies a list of device objects.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Device_Object_Struct" type="WinDriverObj:DeviceObjectStructType" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>The Device_Object _Struct field specifies a single device object utilizing the Windows Driver Device Object Struct.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+</xs:schema>

data/config/1.0.1/stix/cybox/objects/Win_Event_Log_Object.xsd

@@ -0,0 +1,137 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:WinEventLogObj="http://cybox.mitre.org/objects#WinEventLogObject-2" targetNamespace="http://cybox.mitre.org/objects#WinEventLogObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org. </xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Event_Log_Object</schema>
+			<version>2.0.1</version>
+			<date>09/30/2013 9:00:00 AM</date>
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2013, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included. </terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:element name="Windows_Event_Log" type="WinEventLogObj:WindowsEventLogObjectType">
+		<xs:annotation>
+			<xs:documentation>The Windows_Event_Log object is intended to characterize entries in the Windows event log. Microsoft's Event schema is described at http://msdn.microsoft.com/en-us/library/aa385201 and the .NET API is described at http://msdn.microsoft.com/en-us/library/y80k1300.aspx</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsEventLogObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsEventLogObjectType type is intended to characterize entries in the Windows event log.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="cyboxCommon:ObjectPropertiesType">
+				<xs:sequence>
+					<xs:element name="EID" type="cyboxCommon:LongObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The EID field specifies the ID of the event for which the event log entry was created.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Type" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The event type associated with the entry in the event log, e.g., warning, information, error.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Log" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The name of the log.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Message" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The rendered message string for the event.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Category_Num" type="cyboxCommon:LongObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The event entry's category number, as defined by the source.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Category" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The text associated with Category_Num.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Generation_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Generation_Time field specifies the date/time the event was generated.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Source" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>What logged the event, typically the name of an application or sub-component.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Machine" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The name of the computer on which the event log entry was generated.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="User" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The name of the user (the security ID) responsible for the event.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Blob" type="cyboxCommon:Base64BinaryObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The event data as a binary blob.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Correlation_Activity_ID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>A globally unique identifier that identifies the current activity.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Correlation_Related_Activity_ID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>A globally unique identifier that identifies the activity to which control was transferred to.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Execution_Process_ID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Execution_Process_ID field specifies the Process ID (PID) of the process which created the event.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Execution_Thread_ID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Execution_Thread_ID field specifies the Thread ID (TID) of the thread which created the event.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Index" type="cyboxCommon:LongObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The index of the event entry in the log.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Reserved" type="cyboxCommon:LongObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>A DWORD value that is always set to ELF_LOG_SIGNATURE (the value 0x654c664c), which is ASCII for eLfL.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Unformatted_Message_List" type="WinEventLogObj:UnformattedMessageListType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>List of unformatted messages in the event log entry.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Write_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Write_Time field specifies the date/time that the entry was written into the event log.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="UnformattedMessageListType">
+		<xs:annotation>
+			<xs:documentation>The UnformattedMessageListType type is a list of unformatted messages in the event log entry.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Unformatted_Message" type="cyboxCommon:StringObjectPropertyType" minOccurs="1" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>A single unformatted message in the event log entry.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+</xs:schema>