stix_schema_spy 1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (482) hide show
  1. checksums.yaml +15 -0
  2. data/.gitignore +17 -0
  3. data/Gemfile +4 -0
  4. data/LICENSE.txt +24 -0
  5. data/README.md +41 -0
  6. data/Rakefile +3 -0
  7. data/config/1.0.1/stix/README.md +20 -0
  8. data/config/1.0.1/stix/campaign.xsd +210 -0
  9. data/config/1.0.1/stix/course_of_action.xsd +166 -0
  10. data/config/1.0.1/stix/cybox/README.md +13 -0
  11. data/config/1.0.1/stix/cybox/cybox_common.xsd +2319 -0
  12. data/config/1.0.1/stix/cybox/cybox_core.xsd +1095 -0
  13. data/config/1.0.1/stix/cybox/cybox_default_vocabularies.xsd +3326 -0
  14. data/config/1.0.1/stix/cybox/extensions/platform/README.txt +1 -0
  15. data/config/1.0.1/stix/cybox/extensions/platform/cpe-language_2.3.xsd +234 -0
  16. data/config/1.0.1/stix/cybox/extensions/platform/cpe-naming_2.3.xsd +45 -0
  17. data/config/1.0.1/stix/cybox/extensions/platform/cpe2.3.xsd +40 -0
  18. data/config/1.0.1/stix/cybox/extensions/platform/xml.xsd +145 -0
  19. data/config/1.0.1/stix/cybox/objects/API_Object.xsd +55 -0
  20. data/config/1.0.1/stix/cybox/objects/Account_Object.xsd +50 -0
  21. data/config/1.0.1/stix/cybox/objects/Address_Object.xsd +122 -0
  22. data/config/1.0.1/stix/cybox/objects/Artifact_Object.xsd +206 -0
  23. data/config/1.0.1/stix/cybox/objects/Code_Object.xsd +417 -0
  24. data/config/1.0.1/stix/cybox/objects/Custom_Object.xsd +43 -0
  25. data/config/1.0.1/stix/cybox/objects/DNS_Cache_Object.xsd +53 -0
  26. data/config/1.0.1/stix/cybox/objects/DNS_Query_Object.xsd +159 -0
  27. data/config/1.0.1/stix/cybox/objects/DNS_Record_Object.xsd +87 -0
  28. data/config/1.0.1/stix/cybox/objects/Device_Object.xsd +55 -0
  29. data/config/1.0.1/stix/cybox/objects/Disk_Object.xsd +117 -0
  30. data/config/1.0.1/stix/cybox/objects/Disk_Partition_Object.xsd +199 -0
  31. data/config/1.0.1/stix/cybox/objects/Email_Message_Object.xsd +273 -0
  32. data/config/1.0.1/stix/cybox/objects/File_Object.xsd +359 -0
  33. data/config/1.0.1/stix/cybox/objects/GUI_Dialogbox_Object.xsd +41 -0
  34. data/config/1.0.1/stix/cybox/objects/GUI_Object.xsd +40 -0
  35. data/config/1.0.1/stix/cybox/objects/GUI_Window_Object.xsd +46 -0
  36. data/config/1.0.1/stix/cybox/objects/HTTP_Session_Object.xsd +623 -0
  37. data/config/1.0.1/stix/cybox/objects/Library_Object.xsd +114 -0
  38. data/config/1.0.1/stix/cybox/objects/Link_Object.xsd +36 -0
  39. data/config/1.0.1/stix/cybox/objects/Linux_Package_Object.xsd +119 -0
  40. data/config/1.0.1/stix/cybox/objects/Memory_Object.xsd +70 -0
  41. data/config/1.0.1/stix/cybox/objects/Mutex_Object.xsd +40 -0
  42. data/config/1.0.1/stix/cybox/objects/Network_Connection_Object.xsd +609 -0
  43. data/config/1.0.1/stix/cybox/objects/Network_Flow_Object.xsd +1559 -0
  44. data/config/1.0.1/stix/cybox/objects/Network_Packet_Object.xsd +2948 -0
  45. data/config/1.0.1/stix/cybox/objects/Network_Route_Entry_Object.xsd +155 -0
  46. data/config/1.0.1/stix/cybox/objects/Network_Route_Object.xsd +93 -0
  47. data/config/1.0.1/stix/cybox/objects/Network_Socket_Object.xsd +524 -0
  48. data/config/1.0.1/stix/cybox/objects/Network_Subnet_Object.xsd +64 -0
  49. data/config/1.0.1/stix/cybox/objects/PDF_File_Object.xsd +601 -0
  50. data/config/1.0.1/stix/cybox/objects/Pipe_Object.xsd +40 -0
  51. data/config/1.0.1/stix/cybox/objects/Port_Object.xsd +74 -0
  52. data/config/1.0.1/stix/cybox/objects/Process_Object.xsd +197 -0
  53. data/config/1.0.1/stix/cybox/objects/Product_Object.xsd +60 -0
  54. data/config/1.0.1/stix/cybox/objects/Semaphore_Object.xsd +50 -0
  55. data/config/1.0.1/stix/cybox/objects/Socket_Address_Object.xsd +42 -0
  56. data/config/1.0.1/stix/cybox/objects/System_Object.xsd +409 -0
  57. data/config/1.0.1/stix/cybox/objects/URI_Object.xsd +62 -0
  58. data/config/1.0.1/stix/cybox/objects/Unix_File_Object.xsd +164 -0
  59. data/config/1.0.1/stix/cybox/objects/Unix_Network_Route_Entry_Object.xsd +56 -0
  60. data/config/1.0.1/stix/cybox/objects/Unix_Pipe_Object.xsd +36 -0
  61. data/config/1.0.1/stix/cybox/objects/Unix_Process_Object.xsd +143 -0
  62. data/config/1.0.1/stix/cybox/objects/Unix_User_Account_Object.xsd +78 -0
  63. data/config/1.0.1/stix/cybox/objects/Unix_Volume_Object.xsd +41 -0
  64. data/config/1.0.1/stix/cybox/objects/User_Account_Object.xsd +110 -0
  65. data/config/1.0.1/stix/cybox/objects/User_Session_Object.xsd +60 -0
  66. data/config/1.0.1/stix/cybox/objects/Volume_Object.xsd +235 -0
  67. data/config/1.0.1/stix/cybox/objects/Whois_Object.xsd +456 -0
  68. data/config/1.0.1/stix/cybox/objects/Win_Computer_Account_Object.xsd +135 -0
  69. data/config/1.0.1/stix/cybox/objects/Win_Critical_Section_Object.xsd +40 -0
  70. data/config/1.0.1/stix/cybox/objects/Win_Driver_Object.xsd +269 -0
  71. data/config/1.0.1/stix/cybox/objects/Win_Event_Log_Object.xsd +137 -0
  72. data/config/1.0.1/stix/cybox/objects/Win_Event_Object.xsd +80 -0
  73. data/config/1.0.1/stix/cybox/objects/Win_Executable_File_Object.xsd +1333 -0
  74. data/config/1.0.1/stix/cybox/objects/Win_File_Object.xsd +269 -0
  75. data/config/1.0.1/stix/cybox/objects/Win_Handle_Object.xsd +186 -0
  76. data/config/1.0.1/stix/cybox/objects/Win_Kernel_Hook_Object.xsd +109 -0
  77. data/config/1.0.1/stix/cybox/objects/Win_Kernel_Object.xsd +128 -0
  78. data/config/1.0.1/stix/cybox/objects/Win_Mailslot_Object.xsd +56 -0
  79. data/config/1.0.1/stix/cybox/objects/Win_Memory_Page_Region_Object.xsd +198 -0
  80. data/config/1.0.1/stix/cybox/objects/Win_Mutex_Object.xsd +42 -0
  81. data/config/1.0.1/stix/cybox/objects/Win_Network_Route_Entry_Object.xsd +200 -0
  82. data/config/1.0.1/stix/cybox/objects/Win_Network_Share_Object.xsd +205 -0
  83. data/config/1.0.1/stix/cybox/objects/Win_Pipe_Object.xsd +73 -0
  84. data/config/1.0.1/stix/cybox/objects/Win_Prefetch_Object.xsd +113 -0
  85. data/config/1.0.1/stix/cybox/objects/Win_Process_Object.xsd +167 -0
  86. data/config/1.0.1/stix/cybox/objects/Win_Registry_Key_Object.xsd +290 -0
  87. data/config/1.0.1/stix/cybox/objects/Win_Semaphore_Object.xsd +42 -0
  88. data/config/1.0.1/stix/cybox/objects/Win_Service_Object.xsd +287 -0
  89. data/config/1.0.1/stix/cybox/objects/Win_System_Object.xsd +126 -0
  90. data/config/1.0.1/stix/cybox/objects/Win_System_Restore_Object.xsd +199 -0
  91. data/config/1.0.1/stix/cybox/objects/Win_Task_Object.xsd +755 -0
  92. data/config/1.0.1/stix/cybox/objects/Win_Thread_Object.xsd +146 -0
  93. data/config/1.0.1/stix/cybox/objects/Win_User_Account_Object.xsd +73 -0
  94. data/config/1.0.1/stix/cybox/objects/Win_Volume_Object.xsd +161 -0
  95. data/config/1.0.1/stix/cybox/objects/Win_Waitable_Timer_Object.xsd +90 -0
  96. data/config/1.0.1/stix/cybox/objects/X509_Certificate_Object.xsd +270 -0
  97. data/config/1.0.1/stix/data_marking.xsd +92 -0
  98. data/config/1.0.1/stix/exploit_target.xsd +224 -0
  99. data/config/1.0.1/stix/extensions/address/ciq_address_3.0.xsd +27 -0
  100. data/config/1.0.1/stix/extensions/address/readme.txt +1 -0
  101. data/config/1.0.1/stix/extensions/attack_pattern/capec_2.6.1.xsd +31 -0
  102. data/config/1.0.1/stix/extensions/attack_pattern/readme.txt +1 -0
  103. data/config/1.0.1/stix/extensions/identity/ciq_identity_3.0.xsd +108 -0
  104. data/config/1.0.1/stix/extensions/identity/readme.txt +1 -0
  105. data/config/1.0.1/stix/extensions/malware/maec_4.0.1.xsd +31 -0
  106. data/config/1.0.1/stix/extensions/malware/readme.txt +1 -0
  107. data/config/1.0.1/stix/extensions/marking/simple_marking.xsd +30 -0
  108. data/config/1.0.1/stix/extensions/marking/tlp.xsd +39 -0
  109. data/config/1.0.1/stix/extensions/structured_coa/generic.xsd +46 -0
  110. data/config/1.0.1/stix/extensions/test_mechanism/generic.xsd +46 -0
  111. data/config/1.0.1/stix/extensions/test_mechanism/open_ioc_2010.xsd +32 -0
  112. data/config/1.0.1/stix/extensions/test_mechanism/oval_5.10.xsd +37 -0
  113. data/config/1.0.1/stix/extensions/test_mechanism/snort.xsd +36 -0
  114. data/config/1.0.1/stix/extensions/test_mechanism/yara.xsd +36 -0
  115. data/config/1.0.1/stix/extensions/vulnerability/cvrf_1.1.xsd +33 -0
  116. data/config/1.0.1/stix/extensions/vulnerability/readme.txt +1 -0
  117. data/config/1.0.1/stix/external/capec_2.6.1/ap_schema_v2.6.1.xsd +3618 -0
  118. data/config/1.0.1/stix/external/cvrf_1.1/common.xsd +176 -0
  119. data/config/1.0.1/stix/external/cvrf_1.1/cpe-language_2.2a.xsd +182 -0
  120. data/config/1.0.1/stix/external/cvrf_1.1/cvrf.xsd +487 -0
  121. data/config/1.0.1/stix/external/cvrf_1.1/cvss-v2_0.9.xsd +415 -0
  122. data/config/1.0.1/stix/external/cvrf_1.1/dc.xsd +118 -0
  123. data/config/1.0.1/stix/external/cvrf_1.1/prod.xsd +292 -0
  124. data/config/1.0.1/stix/external/cvrf_1.1/scap-core_0.9.xsd +170 -0
  125. data/config/1.0.1/stix/external/cvrf_1.1/vuln.xsd +631 -0
  126. data/config/1.0.1/stix/external/cvrf_1.1/xml.xsd +287 -0
  127. data/config/1.0.1/stix/external/maec_4.0.1/maec_bundle_schema.xsd +1139 -0
  128. data/config/1.0.1/stix/external/maec_4.0.1/maec_package_schema.xsd +938 -0
  129. data/config/1.0.1/stix/external/maec_4.0.1/metadataSharing.xsd +1712 -0
  130. data/config/1.0.1/stix/external/oasis_ciq_3.0/CommonTypes.xsd +104 -0
  131. data/config/1.0.1/stix/external/oasis_ciq_3.0/xAL-types.xsd +511 -0
  132. data/config/1.0.1/stix/external/oasis_ciq_3.0/xAL.xsd +672 -0
  133. data/config/1.0.1/stix/external/oasis_ciq_3.0/xNAL-types.xsd +36 -0
  134. data/config/1.0.1/stix/external/oasis_ciq_3.0/xNAL.xsd +126 -0
  135. data/config/1.0.1/stix/external/oasis_ciq_3.0/xNL-types.xsd +222 -0
  136. data/config/1.0.1/stix/external/oasis_ciq_3.0/xNL.xsd +284 -0
  137. data/config/1.0.1/stix/external/oasis_ciq_3.0/xPIL-types.xsd +854 -0
  138. data/config/1.0.1/stix/external/oasis_ciq_3.0/xPIL.xsd +1621 -0
  139. data/config/1.0.1/stix/external/oasis_ciq_3.0/xlink-2003-12-31.xsd +90 -0
  140. data/config/1.0.1/stix/external/open_ioc_2010/ioc-TR.xsd +25 -0
  141. data/config/1.0.1/stix/external/open_ioc_2010/ioc.xsd +105 -0
  142. data/config/1.0.1/stix/external/oval_5.10/oval-common-schema.xsd +781 -0
  143. data/config/1.0.1/stix/external/oval_5.10/oval-definitions-schema.xsd +1608 -0
  144. data/config/1.0.1/stix/external/oval_5.10/oval-variables-schema.xsd +84 -0
  145. data/config/1.0.1/stix/external/oval_5.10/xmldsig-core-schema.xsd +309 -0
  146. data/config/1.0.1/stix/incident.xsd +787 -0
  147. data/config/1.0.1/stix/indicator.xsd +310 -0
  148. data/config/1.0.1/stix/stix_common.xsd +762 -0
  149. data/config/1.0.1/stix/stix_core.xsd +218 -0
  150. data/config/1.0.1/stix/stix_default_vocabularies.xsd +1684 -0
  151. data/config/1.0.1/stix/threat_actor.xsd +174 -0
  152. data/config/1.0.1/stix/ttp.xsd +341 -0
  153. data/config/1.0/stix/campaign.xsd +209 -0
  154. data/config/1.0/stix/course_of_action.xsd +165 -0
  155. data/config/1.0/stix/cybox/cybox_common.xsd +2319 -0
  156. data/config/1.0/stix/cybox/cybox_core.xsd +1090 -0
  157. data/config/1.0/stix/cybox/cybox_default_vocabularies.xsd +3106 -0
  158. data/config/1.0/stix/cybox/extensions/platform/README.txt +1 -0
  159. data/config/1.0/stix/cybox/extensions/platform/cpe2.3.xsd +40 -0
  160. data/config/1.0/stix/cybox/objects/API_Object.xsd +55 -0
  161. data/config/1.0/stix/cybox/objects/Account_Object.xsd +50 -0
  162. data/config/1.0/stix/cybox/objects/Address_Object.xsd +122 -0
  163. data/config/1.0/stix/cybox/objects/Artifact_Object.xsd +206 -0
  164. data/config/1.0/stix/cybox/objects/Code_Object.xsd +417 -0
  165. data/config/1.0/stix/cybox/objects/Custom_Object.xsd +43 -0
  166. data/config/1.0/stix/cybox/objects/DNS_Cache_Object.xsd +53 -0
  167. data/config/1.0/stix/cybox/objects/DNS_Query_Object.xsd +159 -0
  168. data/config/1.0/stix/cybox/objects/DNS_Record_Object.xsd +87 -0
  169. data/config/1.0/stix/cybox/objects/Device_Object.xsd +55 -0
  170. data/config/1.0/stix/cybox/objects/Disk_Object.xsd +117 -0
  171. data/config/1.0/stix/cybox/objects/Disk_Partition_Object.xsd +199 -0
  172. data/config/1.0/stix/cybox/objects/Email_Message_Object.xsd +273 -0
  173. data/config/1.0/stix/cybox/objects/File_Object.xsd +359 -0
  174. data/config/1.0/stix/cybox/objects/GUI_Dialogbox_Object.xsd +41 -0
  175. data/config/1.0/stix/cybox/objects/GUI_Object.xsd +40 -0
  176. data/config/1.0/stix/cybox/objects/GUI_Window_Object.xsd +46 -0
  177. data/config/1.0/stix/cybox/objects/HTTP_Session_Object.xsd +623 -0
  178. data/config/1.0/stix/cybox/objects/Library_Object.xsd +114 -0
  179. data/config/1.0/stix/cybox/objects/Link_Object.xsd +24 -0
  180. data/config/1.0/stix/cybox/objects/Linux_Package_Object.xsd +119 -0
  181. data/config/1.0/stix/cybox/objects/Memory_Object.xsd +70 -0
  182. data/config/1.0/stix/cybox/objects/Mutex_Object.xsd +40 -0
  183. data/config/1.0/stix/cybox/objects/Network_Connection_Object.xsd +609 -0
  184. data/config/1.0/stix/cybox/objects/Network_Flow_Object.xsd +1559 -0
  185. data/config/1.0/stix/cybox/objects/Network_Packet_Object.xsd +2948 -0
  186. data/config/1.0/stix/cybox/objects/Network_Route_Entry_Object.xsd +155 -0
  187. data/config/1.0/stix/cybox/objects/Network_Route_Object.xsd +93 -0
  188. data/config/1.0/stix/cybox/objects/Network_Socket_Object.xsd +524 -0
  189. data/config/1.0/stix/cybox/objects/Network_Subnet_Object.xsd +64 -0
  190. data/config/1.0/stix/cybox/objects/PDF_File_Object.xsd +601 -0
  191. data/config/1.0/stix/cybox/objects/Pipe_Object.xsd +40 -0
  192. data/config/1.0/stix/cybox/objects/Port_Object.xsd +74 -0
  193. data/config/1.0/stix/cybox/objects/Process_Object.xsd +197 -0
  194. data/config/1.0/stix/cybox/objects/Product_Object.xsd +60 -0
  195. data/config/1.0/stix/cybox/objects/Semaphore_Object.xsd +50 -0
  196. data/config/1.0/stix/cybox/objects/Socket_Address_Object.xsd +42 -0
  197. data/config/1.0/stix/cybox/objects/System_Object.xsd +409 -0
  198. data/config/1.0/stix/cybox/objects/URI_Object.xsd +62 -0
  199. data/config/1.0/stix/cybox/objects/Unix_File_Object.xsd +164 -0
  200. data/config/1.0/stix/cybox/objects/Unix_Network_Route_Entry_Object.xsd +56 -0
  201. data/config/1.0/stix/cybox/objects/Unix_Pipe_Object.xsd +36 -0
  202. data/config/1.0/stix/cybox/objects/Unix_Process_Object.xsd +143 -0
  203. data/config/1.0/stix/cybox/objects/Unix_User_Account_Object.xsd +78 -0
  204. data/config/1.0/stix/cybox/objects/Unix_Volume_Object.xsd +41 -0
  205. data/config/1.0/stix/cybox/objects/User_Account_Object.xsd +110 -0
  206. data/config/1.0/stix/cybox/objects/User_Session_Object.xsd +60 -0
  207. data/config/1.0/stix/cybox/objects/Volume_Object.xsd +235 -0
  208. data/config/1.0/stix/cybox/objects/Whois_Object.xsd +456 -0
  209. data/config/1.0/stix/cybox/objects/Win_Computer_Account_Object.xsd +135 -0
  210. data/config/1.0/stix/cybox/objects/Win_Critical_Section_Object.xsd +40 -0
  211. data/config/1.0/stix/cybox/objects/Win_Driver_Object.xsd +269 -0
  212. data/config/1.0/stix/cybox/objects/Win_Event_Log_Object.xsd +137 -0
  213. data/config/1.0/stix/cybox/objects/Win_Event_Object.xsd +80 -0
  214. data/config/1.0/stix/cybox/objects/Win_Executable_File_Object.xsd +1333 -0
  215. data/config/1.0/stix/cybox/objects/Win_File_Object.xsd +269 -0
  216. data/config/1.0/stix/cybox/objects/Win_Handle_Object.xsd +186 -0
  217. data/config/1.0/stix/cybox/objects/Win_Kernel_Hook_Object.xsd +109 -0
  218. data/config/1.0/stix/cybox/objects/Win_Kernel_Object.xsd +128 -0
  219. data/config/1.0/stix/cybox/objects/Win_Mailslot_Object.xsd +56 -0
  220. data/config/1.0/stix/cybox/objects/Win_Memory_Page_Region_Object.xsd +198 -0
  221. data/config/1.0/stix/cybox/objects/Win_Mutex_Object.xsd +42 -0
  222. data/config/1.0/stix/cybox/objects/Win_Network_Route_Entry_Object.xsd +200 -0
  223. data/config/1.0/stix/cybox/objects/Win_Network_Share_Object.xsd +205 -0
  224. data/config/1.0/stix/cybox/objects/Win_Pipe_Object.xsd +73 -0
  225. data/config/1.0/stix/cybox/objects/Win_Prefetch_Object.xsd +113 -0
  226. data/config/1.0/stix/cybox/objects/Win_Process_Object.xsd +167 -0
  227. data/config/1.0/stix/cybox/objects/Win_Registry_Key_Object.xsd +290 -0
  228. data/config/1.0/stix/cybox/objects/Win_Semaphore_Object.xsd +42 -0
  229. data/config/1.0/stix/cybox/objects/Win_Service_Object.xsd +287 -0
  230. data/config/1.0/stix/cybox/objects/Win_System_Object.xsd +126 -0
  231. data/config/1.0/stix/cybox/objects/Win_System_Restore_Object.xsd +199 -0
  232. data/config/1.0/stix/cybox/objects/Win_Task_Object.xsd +755 -0
  233. data/config/1.0/stix/cybox/objects/Win_Thread_Object.xsd +146 -0
  234. data/config/1.0/stix/cybox/objects/Win_User_Account_Object.xsd +73 -0
  235. data/config/1.0/stix/cybox/objects/Win_Volume_Object.xsd +161 -0
  236. data/config/1.0/stix/cybox/objects/Win_Waitable_Timer_Object.xsd +90 -0
  237. data/config/1.0/stix/cybox/objects/X509_Certificate_Object.xsd +270 -0
  238. data/config/1.0/stix/data_marking.xsd +92 -0
  239. data/config/1.0/stix/exploit_target.xsd +223 -0
  240. data/config/1.0/stix/extensions/address/ciq_address_3.0.xsd +27 -0
  241. data/config/1.0/stix/extensions/address/readme.txt +1 -0
  242. data/config/1.0/stix/extensions/attack_pattern/capec_2.5.xsd +31 -0
  243. data/config/1.0/stix/extensions/identity/ciq_identity_3.0.xsd +108 -0
  244. data/config/1.0/stix/extensions/identity/readme.txt +1 -0
  245. data/config/1.0/stix/extensions/malware/maec_4.0.xsd +32 -0
  246. data/config/1.0/stix/extensions/malware/readme.txt +3 -0
  247. data/config/1.0/stix/extensions/marking/simple_marking.xsd +30 -0
  248. data/config/1.0/stix/extensions/marking/tlp.xsd +39 -0
  249. data/config/1.0/stix/extensions/structured_coa/generic.xsd +46 -0
  250. data/config/1.0/stix/extensions/test_mechanism/generic.xsd +46 -0
  251. data/config/1.0/stix/extensions/test_mechanism/open_ioc_2010.xsd +32 -0
  252. data/config/1.0/stix/extensions/test_mechanism/oval_5.10.xsd +37 -0
  253. data/config/1.0/stix/extensions/test_mechanism/snort.xsd +36 -0
  254. data/config/1.0/stix/extensions/test_mechanism/yara.xsd +36 -0
  255. data/config/1.0/stix/extensions/vulnerability/cvrf_1.1.xsd +33 -0
  256. data/config/1.0/stix/extensions/vulnerability/readme.txt +1 -0
  257. data/config/1.0/stix/external/capec_2.5/ap_schema_v2.5.xsd +2671 -0
  258. data/config/1.0/stix/external/cvrf_1.1/common.xsd +176 -0
  259. data/config/1.0/stix/external/cvrf_1.1/cpe-language_2.2a.xsd +182 -0
  260. data/config/1.0/stix/external/cvrf_1.1/cvrf.xsd +487 -0
  261. data/config/1.0/stix/external/cvrf_1.1/cvss-v2_0.9.xsd +415 -0
  262. data/config/1.0/stix/external/cvrf_1.1/dc.xsd +118 -0
  263. data/config/1.0/stix/external/cvrf_1.1/prod.xsd +292 -0
  264. data/config/1.0/stix/external/cvrf_1.1/scap-core_0.9.xsd +170 -0
  265. data/config/1.0/stix/external/cvrf_1.1/vuln.xsd +631 -0
  266. data/config/1.0/stix/external/cvrf_1.1/xml.xsd +287 -0
  267. data/config/1.0/stix/external/oasis_ciq_3.0/CommonTypes.xsd +104 -0
  268. data/config/1.0/stix/external/oasis_ciq_3.0/xAL-types.xsd +511 -0
  269. data/config/1.0/stix/external/oasis_ciq_3.0/xAL.xsd +672 -0
  270. data/config/1.0/stix/external/oasis_ciq_3.0/xNAL-types.xsd +36 -0
  271. data/config/1.0/stix/external/oasis_ciq_3.0/xNAL.xsd +126 -0
  272. data/config/1.0/stix/external/oasis_ciq_3.0/xNL-types.xsd +222 -0
  273. data/config/1.0/stix/external/oasis_ciq_3.0/xNL.xsd +284 -0
  274. data/config/1.0/stix/external/oasis_ciq_3.0/xPIL-types.xsd +854 -0
  275. data/config/1.0/stix/external/oasis_ciq_3.0/xPIL.xsd +1621 -0
  276. data/config/1.0/stix/external/oasis_ciq_3.0/xlink-2003-12-31.xsd +90 -0
  277. data/config/1.0/stix/external/open_ioc_2010/ioc-TR.xsd +25 -0
  278. data/config/1.0/stix/external/open_ioc_2010/ioc.xsd +105 -0
  279. data/config/1.0/stix/external/oval_5.10/oval-common-schema.xsd +781 -0
  280. data/config/1.0/stix/external/oval_5.10/oval-definitions-schema.xsd +1608 -0
  281. data/config/1.0/stix/external/oval_5.10/oval-variables-schema.xsd +84 -0
  282. data/config/1.0/stix/external/oval_5.10/xmldsig-core-schema.xsd +309 -0
  283. data/config/1.0/stix/incident.xsd +786 -0
  284. data/config/1.0/stix/indicator.xsd +309 -0
  285. data/config/1.0/stix/stix_common.xsd +762 -0
  286. data/config/1.0/stix/stix_core.xsd +217 -0
  287. data/config/1.0/stix/stix_default_vocabularies.xsd +1578 -0
  288. data/config/1.0/stix/threat_actor.xsd +173 -0
  289. data/config/1.0/stix/ttp.xsd +340 -0
  290. data/config/1.1/stix/campaign.xsd +223 -0
  291. data/config/1.1/stix/course_of_action.xsd +190 -0
  292. data/config/1.1/stix/cybox/cybox_common.xsd +2700 -0
  293. data/config/1.1/stix/cybox/cybox_core.xsd +1145 -0
  294. data/config/1.1/stix/cybox/cybox_default_vocabularies.xsd +5180 -0
  295. data/config/1.1/stix/cybox/extensions/location/ciq_address_3.0.xsd +27 -0
  296. data/config/1.1/stix/cybox/extensions/platform/README.txt +1 -0
  297. data/config/1.1/stix/cybox/extensions/platform/cpe2.3.xsd +34 -0
  298. data/config/1.1/stix/cybox/external/cpe_2.3/cpe-language_2.3.xsd +234 -0
  299. data/config/1.1/stix/cybox/external/cpe_2.3/cpe-naming_2.3.xsd +45 -0
  300. data/config/1.1/stix/cybox/external/cpe_2.3/xml.xsd +145 -0
  301. data/config/1.1/stix/cybox/external/oasis_ciq_3.0/CommonTypes.xsd +104 -0
  302. data/config/1.1/stix/cybox/external/oasis_ciq_3.0/xAL-types.xsd +511 -0
  303. data/config/1.1/stix/cybox/external/oasis_ciq_3.0/xAL.xsd +672 -0
  304. data/config/1.1/stix/cybox/external/oasis_ciq_3.0/xNAL-types.xsd +36 -0
  305. data/config/1.1/stix/cybox/external/oasis_ciq_3.0/xNAL.xsd +126 -0
  306. data/config/1.1/stix/cybox/external/oasis_ciq_3.0/xNL-types.xsd +222 -0
  307. data/config/1.1/stix/cybox/external/oasis_ciq_3.0/xNL.xsd +284 -0
  308. data/config/1.1/stix/cybox/external/oasis_ciq_3.0/xPIL-types.xsd +854 -0
  309. data/config/1.1/stix/cybox/external/oasis_ciq_3.0/xPIL.xsd +1621 -0
  310. data/config/1.1/stix/cybox/external/oasis_ciq_3.0/xlink-2003-12-31.xsd +90 -0
  311. data/config/1.1/stix/cybox/objects/API_Object.xsd +55 -0
  312. data/config/1.1/stix/cybox/objects/ARP_Cache_Object.xsd +98 -0
  313. data/config/1.1/stix/cybox/objects/AS_Object.xsd +50 -0
  314. data/config/1.1/stix/cybox/objects/Account_Object.xsd +501 -0
  315. data/config/1.1/stix/cybox/objects/Address_Object.xsd +127 -0
  316. data/config/1.1/stix/cybox/objects/Archive_File_Object.xsd +134 -0
  317. data/config/1.1/stix/cybox/objects/Artifact_Object.xsd +212 -0
  318. data/config/1.1/stix/cybox/objects/Code_Object.xsd +417 -0
  319. data/config/1.1/stix/cybox/objects/Custom_Object.xsd +42 -0
  320. data/config/1.1/stix/cybox/objects/DNS_Cache_Object.xsd +53 -0
  321. data/config/1.1/stix/cybox/objects/DNS_Query_Object.xsd +164 -0
  322. data/config/1.1/stix/cybox/objects/DNS_Record_Object.xsd +92 -0
  323. data/config/1.1/stix/cybox/objects/Device_Object.xsd +65 -0
  324. data/config/1.1/stix/cybox/objects/Disk_Object.xsd +117 -0
  325. data/config/1.1/stix/cybox/objects/Disk_Partition_Object.xsd +199 -0
  326. data/config/1.1/stix/cybox/objects/Domain_Name_Object.xsd +57 -0
  327. data/config/1.1/stix/cybox/objects/Email_Message_Object.xsd +278 -0
  328. data/config/1.1/stix/cybox/objects/File_Object.xsd +397 -0
  329. data/config/1.1/stix/cybox/objects/GUI_Dialogbox_Object.xsd +41 -0
  330. data/config/1.1/stix/cybox/objects/GUI_Object.xsd +40 -0
  331. data/config/1.1/stix/cybox/objects/GUI_Window_Object.xsd +46 -0
  332. data/config/1.1/stix/cybox/objects/HTTP_Session_Object.xsd +633 -0
  333. data/config/1.1/stix/cybox/objects/Hostname_Object.xsd +45 -0
  334. data/config/1.1/stix/cybox/objects/Image_File_Object.xsd +124 -0
  335. data/config/1.1/stix/cybox/objects/Library_Object.xsd +114 -0
  336. data/config/1.1/stix/cybox/objects/Link_Object.xsd +36 -0
  337. data/config/1.1/stix/cybox/objects/Linux_Package_Object.xsd +75 -0
  338. data/config/1.1/stix/cybox/objects/Memory_Object.xsd +141 -0
  339. data/config/1.1/stix/cybox/objects/Mutex_Object.xsd +40 -0
  340. data/config/1.1/stix/cybox/objects/Network_Connection_Object.xsd +540 -0
  341. data/config/1.1/stix/cybox/objects/Network_Flow_Object.xsd +1559 -0
  342. data/config/1.1/stix/cybox/objects/Network_Packet_Object.xsd +2934 -0
  343. data/config/1.1/stix/cybox/objects/Network_Route_Entry_Object.xsd +155 -0
  344. data/config/1.1/stix/cybox/objects/Network_Route_Object.xsd +93 -0
  345. data/config/1.1/stix/cybox/objects/Network_Socket_Object.xsd +529 -0
  346. data/config/1.1/stix/cybox/objects/Network_Subnet_Object.xsd +64 -0
  347. data/config/1.1/stix/cybox/objects/PDF_File_Object.xsd +595 -0
  348. data/config/1.1/stix/cybox/objects/Pipe_Object.xsd +40 -0
  349. data/config/1.1/stix/cybox/objects/Port_Object.xsd +40 -0
  350. data/config/1.1/stix/cybox/objects/Process_Object.xsd +199 -0
  351. data/config/1.1/stix/cybox/objects/Product_Object.xsd +65 -0
  352. data/config/1.1/stix/cybox/objects/SMS_Message_Object.xsd +79 -0
  353. data/config/1.1/stix/cybox/objects/Semaphore_Object.xsd +50 -0
  354. data/config/1.1/stix/cybox/objects/Socket_Address_Object.xsd +50 -0
  355. data/config/1.1/stix/cybox/objects/System_Object.xsd +410 -0
  356. data/config/1.1/stix/cybox/objects/URI_Object.xsd +62 -0
  357. data/config/1.1/stix/cybox/objects/URL_History_Object.xsd +104 -0
  358. data/config/1.1/stix/cybox/objects/Unix_File_Object.xsd +164 -0
  359. data/config/1.1/stix/cybox/objects/Unix_Network_Route_Entry_Object.xsd +56 -0
  360. data/config/1.1/stix/cybox/objects/Unix_Pipe_Object.xsd +36 -0
  361. data/config/1.1/stix/cybox/objects/Unix_Process_Object.xsd +143 -0
  362. data/config/1.1/stix/cybox/objects/Unix_User_Account_Object.xsd +78 -0
  363. data/config/1.1/stix/cybox/objects/Unix_Volume_Object.xsd +41 -0
  364. data/config/1.1/stix/cybox/objects/User_Account_Object.xsd +110 -0
  365. data/config/1.1/stix/cybox/objects/User_Session_Object.xsd +60 -0
  366. data/config/1.1/stix/cybox/objects/Volume_Object.xsd +235 -0
  367. data/config/1.1/stix/cybox/objects/Whois_Object.xsd +430 -0
  368. data/config/1.1/stix/cybox/objects/Win_Computer_Account_Object.xsd +135 -0
  369. data/config/1.1/stix/cybox/objects/Win_Critical_Section_Object.xsd +40 -0
  370. data/config/1.1/stix/cybox/objects/Win_Driver_Object.xsd +270 -0
  371. data/config/1.1/stix/cybox/objects/Win_Event_Log_Object.xsd +137 -0
  372. data/config/1.1/stix/cybox/objects/Win_Event_Object.xsd +80 -0
  373. data/config/1.1/stix/cybox/objects/Win_Executable_File_Object.xsd +1311 -0
  374. data/config/1.1/stix/cybox/objects/Win_File_Object.xsd +269 -0
  375. data/config/1.1/stix/cybox/objects/Win_Filemapping_Object.xsd +175 -0
  376. data/config/1.1/stix/cybox/objects/Win_Handle_Object.xsd +351 -0
  377. data/config/1.1/stix/cybox/objects/Win_Hook_Object.xsd +152 -0
  378. data/config/1.1/stix/cybox/objects/Win_Kernel_Hook_Object.xsd +109 -0
  379. data/config/1.1/stix/cybox/objects/Win_Kernel_Object.xsd +128 -0
  380. data/config/1.1/stix/cybox/objects/Win_Mailslot_Object.xsd +56 -0
  381. data/config/1.1/stix/cybox/objects/Win_Memory_Page_Region_Object.xsd +198 -0
  382. data/config/1.1/stix/cybox/objects/Win_Mutex_Object.xsd +42 -0
  383. data/config/1.1/stix/cybox/objects/Win_Network_Route_Entry_Object.xsd +200 -0
  384. data/config/1.1/stix/cybox/objects/Win_Network_Share_Object.xsd +205 -0
  385. data/config/1.1/stix/cybox/objects/Win_Pipe_Object.xsd +73 -0
  386. data/config/1.1/stix/cybox/objects/Win_Prefetch_Object.xsd +113 -0
  387. data/config/1.1/stix/cybox/objects/Win_Process_Object.xsd +174 -0
  388. data/config/1.1/stix/cybox/objects/Win_Registry_Key_Object.xsd +290 -0
  389. data/config/1.1/stix/cybox/objects/Win_Semaphore_Object.xsd +42 -0
  390. data/config/1.1/stix/cybox/objects/Win_Service_Object.xsd +287 -0
  391. data/config/1.1/stix/cybox/objects/Win_System_Object.xsd +126 -0
  392. data/config/1.1/stix/cybox/objects/Win_System_Restore_Object.xsd +207 -0
  393. data/config/1.1/stix/cybox/objects/Win_Task_Object.xsd +755 -0
  394. data/config/1.1/stix/cybox/objects/Win_Thread_Object.xsd +146 -0
  395. data/config/1.1/stix/cybox/objects/Win_User_Account_Object.xsd +73 -0
  396. data/config/1.1/stix/cybox/objects/Win_Volume_Object.xsd +161 -0
  397. data/config/1.1/stix/cybox/objects/Win_Waitable_Timer_Object.xsd +90 -0
  398. data/config/1.1/stix/cybox/objects/X509_Certificate_Object.xsd +275 -0
  399. data/config/1.1/stix/data_marking.xsd +96 -0
  400. data/config/1.1/stix/exploit_target.xsd +323 -0
  401. data/config/1.1/stix/extensions/address/ciq_3.0_address.xsd +27 -0
  402. data/config/1.1/stix/extensions/address/readme.txt +1 -0
  403. data/config/1.1/stix/extensions/attack_pattern/capec_2.7_attack_pattern.xsd +31 -0
  404. data/config/1.1/stix/extensions/attack_pattern/readme.txt +1 -0
  405. data/config/1.1/stix/extensions/identity/ciq_3.0_identity.xsd +113 -0
  406. data/config/1.1/stix/extensions/identity/readme.txt +1 -0
  407. data/config/1.1/stix/extensions/malware/maec_4.1_malware.xsd +31 -0
  408. data/config/1.1/stix/extensions/malware/readme.txt +1 -0
  409. data/config/1.1/stix/extensions/marking/simple_marking.xsd +31 -0
  410. data/config/1.1/stix/extensions/marking/terms_of_use_marking.xsd +31 -0
  411. data/config/1.1/stix/extensions/marking/tlp_marking.xsd +40 -0
  412. data/config/1.1/stix/extensions/structured_coa/generic_structured_coa.xsd +46 -0
  413. data/config/1.1/stix/extensions/test_mechanism/generic_test_mechanism.xsd +46 -0
  414. data/config/1.1/stix/extensions/test_mechanism/open_ioc_2010_test_mechanism.xsd +32 -0
  415. data/config/1.1/stix/extensions/test_mechanism/oval_5.10_test_mechanism.xsd +37 -0
  416. data/config/1.1/stix/extensions/test_mechanism/snort_test_mechanism.xsd +56 -0
  417. data/config/1.1/stix/extensions/test_mechanism/yara_test_mechanism.xsd +36 -0
  418. data/config/1.1/stix/extensions/vulnerability/cvrf_1.1_vulnerability.xsd +33 -0
  419. data/config/1.1/stix/extensions/vulnerability/readme.txt +1 -0
  420. data/config/1.1/stix/external/capec_2.7/ap_schema_v2.7.xsd +3618 -0
  421. data/config/1.1/stix/external/cvrf_1.1/common.xsd +176 -0
  422. data/config/1.1/stix/external/cvrf_1.1/cpe-language_2.2a.xsd +182 -0
  423. data/config/1.1/stix/external/cvrf_1.1/cvrf.xsd +487 -0
  424. data/config/1.1/stix/external/cvrf_1.1/cvss-v2_0.9.xsd +415 -0
  425. data/config/1.1/stix/external/cvrf_1.1/dc.xsd +118 -0
  426. data/config/1.1/stix/external/cvrf_1.1/prod.xsd +292 -0
  427. data/config/1.1/stix/external/cvrf_1.1/scap-core_0.9.xsd +170 -0
  428. data/config/1.1/stix/external/cvrf_1.1/vuln.xsd +631 -0
  429. data/config/1.1/stix/external/cvrf_1.1/xml.xsd +287 -0
  430. data/config/1.1/stix/external/maec_4.1/maec_bundle_schema.xsd +1228 -0
  431. data/config/1.1/stix/external/maec_4.1/maec_container_schema.xsd +62 -0
  432. data/config/1.1/stix/external/maec_4.1/maec_default_vocabularies.xsd +5325 -0
  433. data/config/1.1/stix/external/maec_4.1/maec_package_schema.xsd +1095 -0
  434. data/config/1.1/stix/external/maec_4.1/metadataSharing.xsd +1712 -0
  435. data/config/1.1/stix/external/oasis_ciq_3.0/CommonTypes.xsd +104 -0
  436. data/config/1.1/stix/external/oasis_ciq_3.0/xAL-types.xsd +511 -0
  437. data/config/1.1/stix/external/oasis_ciq_3.0/xAL.xsd +672 -0
  438. data/config/1.1/stix/external/oasis_ciq_3.0/xNAL-types.xsd +36 -0
  439. data/config/1.1/stix/external/oasis_ciq_3.0/xNAL.xsd +126 -0
  440. data/config/1.1/stix/external/oasis_ciq_3.0/xNL-types.xsd +222 -0
  441. data/config/1.1/stix/external/oasis_ciq_3.0/xNL.xsd +284 -0
  442. data/config/1.1/stix/external/oasis_ciq_3.0/xPIL-types.xsd +854 -0
  443. data/config/1.1/stix/external/oasis_ciq_3.0/xPIL.xsd +1621 -0
  444. data/config/1.1/stix/external/oasis_ciq_3.0/xlink-2003-12-31.xsd +90 -0
  445. data/config/1.1/stix/external/open_ioc_2010/ioc-TR.xsd +25 -0
  446. data/config/1.1/stix/external/open_ioc_2010/ioc.xsd +105 -0
  447. data/config/1.1/stix/external/oval_5.10/oval-common-schema.xsd +781 -0
  448. data/config/1.1/stix/external/oval_5.10/oval-definitions-schema.xsd +1608 -0
  449. data/config/1.1/stix/external/oval_5.10/oval-variables-schema.xsd +84 -0
  450. data/config/1.1/stix/external/oval_5.10/xmldsig-core-schema.xsd +309 -0
  451. data/config/1.1/stix/incident.xsd +759 -0
  452. data/config/1.1/stix/indicator.xsd +367 -0
  453. data/config/1.1/stix/stix_common.xsd +932 -0
  454. data/config/1.1/stix/stix_core.xsd +253 -0
  455. data/config/1.1/stix/stix_default_vocabularies.xsd +2015 -0
  456. data/config/1.1/stix/threat_actor.xsd +181 -0
  457. data/config/1.1/stix/ttp.xsd +429 -0
  458. data/config/1.1/uber_schema.xsd +149 -0
  459. data/config/mappings.json +30 -0
  460. data/lib/stix_schema_spy.rb +18 -0
  461. data/lib/stix_schema_spy/models/attribute.rb +20 -0
  462. data/lib/stix_schema_spy/models/complex_type.rb +50 -0
  463. data/lib/stix_schema_spy/models/element.rb +26 -0
  464. data/lib/stix_schema_spy/models/external_type.rb +48 -0
  465. data/lib/stix_schema_spy/models/has_children.rb +83 -0
  466. data/lib/stix_schema_spy/models/node.rb +71 -0
  467. data/lib/stix_schema_spy/models/schema.rb +217 -0
  468. data/lib/stix_schema_spy/models/simple_type.rb +47 -0
  469. data/lib/stix_schema_spy/models/special_field.rb +21 -0
  470. data/lib/stix_schema_spy/models/type.rb +106 -0
  471. data/lib/stix_schema_spy/util/schema_naming.rb +106 -0
  472. data/lib/stix_schema_spy/util/tasks.rb +69 -0
  473. data/lib/stix_schema_spy/version.rb +3 -0
  474. data/spec/lib/schema_naming_spec.rb +190 -0
  475. data/spec/models/complex_type_spec.rb +68 -0
  476. data/spec/models/node_spec.rb +47 -0
  477. data/spec/models/schema_spec.rb +63 -0
  478. data/spec/models/simple_type_spec.rb +38 -0
  479. data/spec/models/type_spec.rb +43 -0
  480. data/spec/spec_helper.rb +8 -0
  481. data/stix_schema_spy.gemspec +27 -0
  482. metadata +602 -0
data/config/1.0.1/stix/cybox/cybox_core.xsd ADDED
@@ -0,0 +1,1095 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:cybox="http://cybox.mitre.org/cybox-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" targetNamespace="http://cybox.mitre.org/cybox-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.1">
3
+ <xs:annotation>
4
+ <xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org. </xs:documentation>
5
+ <xs:appinfo>
6
+ <schema>CybOX Core</schema>
7
+ <version>2.0.1</version>
8
+ <date>09/30/2013 9:00:00 AM</date>
9
+ <short_description>The following specifies the fields and types that compose this defined CybOX Core.</short_description>
10
+ <terms_of_use>Copyright (c) 2012-2013, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included. </terms_of_use>
11
+ </xs:appinfo>
12
+ </xs:annotation>
13
+ <xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="cybox_common.xsd"/>
14
+ <xs:element name="Observables" type="cybox:ObservablesType">
15
+ <xs:annotation>
16
+ <xs:documentation>The Observables construct represents a collection of cyber observables.</xs:documentation>
17
+ </xs:annotation>
18
+ </xs:element>
19
+ <xs:complexType name="ObservablesType">
20
+ <xs:annotation>
21
+ <xs:documentation>The ObservablesType is a type representing a collection of cyber observables.</xs:documentation>
22
+ </xs:annotation>
23
+ <xs:sequence>
24
+ <xs:element name="Observable_Package_Source" type="cyboxCommon:MeasureSourceType" minOccurs="0">
25
+ <xs:annotation>
26
+ <xs:documentation>The Observable_Package_Source field is optional and enables descriptive specification of how this package of Observables was identified and specified. </xs:documentation>
27
+ </xs:annotation>
28
+ </xs:element>
29
+ <xs:element ref="cybox:Observable" maxOccurs="unbounded"/>
30
+ <xs:element name="Pools" type="cybox:PoolsType" minOccurs="0">
31
+ <xs:annotation>
32
+ <xs:documentation>The Pools construct enables the description of Events, Actions, Objects and Properties in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled elements. This reduces redundancy caused when identical observable elements occur multiple times within a set of defined Observables.</xs:documentation>
33
+ </xs:annotation>
34
+ </xs:element>
35
+ </xs:sequence>
36
+ <xs:attribute name="cybox_major_version" type="xs:string" use="required">
37
+ <xs:annotation>
38
+ <xs:documentation>The cybox_major_version field specifies the major version of the CybOX language utlized for this set of Observables.</xs:documentation>
39
+ </xs:annotation>
40
+ </xs:attribute>
41
+ <xs:attribute name="cybox_minor_version" type="xs:string" use="required">
42
+ <xs:annotation>
43
+ <xs:documentation>The cybox_minor_version field specifies the minor version of the CybOX language utlized for this set of Observables.</xs:documentation>
44
+ </xs:annotation>
45
+ </xs:attribute>
46
+ <xs:attribute name="cybox_update_version" type="xs:string" use="optional">
47
+ <xs:annotation>
48
+ <xs:documentation>The cybox_update_version field specifies the update version of the CybOX language utlized for this set of Observables. This field MUST be used when using an update version of CybOX.</xs:documentation>
49
+ </xs:annotation>
50
+ </xs:attribute>
51
+ </xs:complexType>
52
+ <xs:element name="Observable" type="cybox:ObservableType">
53
+ <xs:annotation>
54
+ <xs:documentation>The Observable construct represents a description of a single cyber observable.</xs:documentation>
55
+ </xs:annotation>
56
+ </xs:element>
57
+ <xs:complexType name="ObservableType">
58
+ <xs:annotation>
59
+ <xs:documentation>The ObservableType is a type representing a description of a single cyber observable.</xs:documentation>
60
+ </xs:annotation>
61
+ <xs:sequence>
62
+ <xs:element name="Title" type="xs:string" minOccurs="0">
63
+ <xs:annotation>
64
+ <xs:documentation>The Title field provides a mechanism to specify a short title or description for this Observable</xs:documentation>
65
+ </xs:annotation>
66
+ </xs:element>
67
+ <xs:element name="Description" type="cyboxCommon:StructuredTextType" minOccurs="0">
68
+ <xs:annotation>
69
+ <xs:documentation>The Description field provides a mechanism to specify a structured text description of this Observable. </xs:documentation>
70
+ </xs:annotation>
71
+ </xs:element>
72
+ <xs:element name="Keywords" type="cybox:KeywordsType" minOccurs="0" maxOccurs="1">
73
+ <xs:annotation>
74
+ <xs:documentation>Keywords enables capture of relevant keywords for this cyber observable.</xs:documentation>
75
+ </xs:annotation>
76
+ </xs:element>
77
+ <xs:element name="Observable_Source" type="cyboxCommon:MeasureSourceType" minOccurs="0">
78
+ <xs:annotation>
79
+ <xs:documentation>The Observable_Source field is optional and enables descriptive specification of how this Observable was identified and specified. </xs:documentation>
80
+ </xs:annotation>
81
+ </xs:element>
82
+ <xs:choice minOccurs="0">
83
+ <xs:element ref="cybox:Object" minOccurs="0">
84
+ <xs:annotation>
85
+ <xs:documentation>The Object construct identifies and specificies the characteristics of a specific cyber-relevant object (e.g. a file, a registry key or a process). </xs:documentation>
86
+ </xs:annotation>
87
+ </xs:element>
88
+ <xs:element ref="cybox:Event" minOccurs="0">
89
+ <xs:annotation>
90
+ <xs:documentation>The Event construct enables specification of a cyber observable event that is dynamic in nature with specific action(s) taken against specific cyber relevant objects (e.g. a file is deleted, a registry key is created or an HTTP Get Request is received).</xs:documentation>
91
+ </xs:annotation>
92
+ </xs:element>
93
+ <xs:element name="Observable_Composition" type="cybox:ObservableCompositionType" minOccurs="0">
94
+ <xs:annotation>
95
+ <xs:documentation>The Observable_Composition construct enables specification of composite observables made up of logical constructions of atomic observables or other composite observables (e.g. Obs5 = (Obs1 OR Obs2) AND (Obs3 OR Obs4)).</xs:documentation>
96
+ </xs:annotation>
97
+ </xs:element>
98
+ </xs:choice>
99
+ <xs:element name="Pattern_Fidelity" type="cybox:PatternFidelityType" minOccurs="0">
100
+ <xs:annotation>
101
+ <xs:documentation>Pattern_Fidelity contains elements that enable the characterization of the fidelity of this pattern to its purpose.</xs:documentation>
102
+ </xs:annotation>
103
+ </xs:element>
104
+ </xs:sequence>
105
+ <xs:attribute name="id" type="xs:QName">
106
+ <xs:annotation>
107
+ <xs:documentation>The id field specifies a unique id for this Observable.</xs:documentation>
108
+ </xs:annotation>
109
+ </xs:attribute>
110
+ <xs:attribute name="idref" type="xs:QName">
111
+ <xs:annotation>
112
+ <xs:documentation>The idref field specifies a unique id reference to an Observable defined elsewhere.</xs:documentation>
113
+ </xs:annotation>
114
+ </xs:attribute>
115
+ <xs:attribute name="negate" type="xs:boolean" default="false">
116
+ <xs:annotation>
117
+ <xs:documentation>The negate field, when set to true, indicates the absence (rather than the presence) of the given Observable in a CybOX pattern.</xs:documentation>
118
+ </xs:annotation>
119
+ </xs:attribute>
120
+ </xs:complexType>
121
+ <!---->
122
+ <xs:simpleType name="TrendEnum">
123
+ <xs:annotation>
124
+ <xs:documentation>TrendEnum is a (non-exhaustive) enumeration of trend types.</xs:documentation>
125
+ </xs:annotation>
126
+ <xs:restriction base="xs:string">
127
+ <xs:enumeration value="Increasing">
128
+ <xs:annotation>
129
+ <xs:documentation>Specifies an increasing trend.</xs:documentation>
130
+ </xs:annotation>
131
+ </xs:enumeration>
132
+ <xs:enumeration value="Decreasing">
133
+ <xs:annotation>
134
+ <xs:documentation>Specifies a decreasing trend.</xs:documentation>
135
+ </xs:annotation>
136
+ </xs:enumeration>
137
+ </xs:restriction>
138
+ </xs:simpleType>
139
+ <!---->
140
+ <xs:element name="Event" type="cybox:EventType">
141
+ <xs:annotation>
142
+ <xs:documentation>The Event construct enables specification of a cyber observable event that is dynamic in nature with specific action(s) taken against specific cyber relevant objects (e.g. a file is deleted, a registry key is created or an HTTP Get Request is received).</xs:documentation>
143
+ </xs:annotation>
144
+ </xs:element>
145
+ <xs:complexType name="EventType">
146
+ <xs:annotation>
147
+ <xs:documentation>The EventType is a complex type representing a cyber observable event that is dynamic in nature with specific action(s) taken against specific cyber relevant objects (e.g. a file is deleted, a registry key is created or an HTTP Get Request is received).</xs:documentation>
148
+ </xs:annotation>
149
+ <xs:choice>
150
+ <xs:sequence>
151
+ <xs:element name="Type" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0">
152
+ <xs:annotation>
153
+ <xs:documentation>The Type field uses a standardized controlled vocabulary to capture what type of Event this is.</xs:documentation>
154
+ <xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is EventTypeVocab-1.0.1 in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
155
+ Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field. </xs:documentation>
156
+ </xs:annotation>
157
+ </xs:element>
158
+ <xs:element name="Description" type="cyboxCommon:StructuredTextType" minOccurs="0">
159
+ <xs:annotation>
160
+ <xs:documentation>The Description field provides a mechanism to specify a structured text description of this Event. </xs:documentation>
161
+ </xs:annotation>
162
+ </xs:element>
163
+ <xs:element name="Observation_Method" type="cyboxCommon:MeasureSourceType" minOccurs="0">
164
+ <xs:annotation>
165
+ <xs:documentation>The Observation_Method field is optional and enables descriptive specification of how this Event was observed (in the case of a Cyber Observable Event instance) or could potentially be observed (in the case of a Cyber Observable Event pattern). </xs:documentation>
166
+ </xs:annotation>
167
+ </xs:element>
168
+ <xs:element name="Actions" type="cybox:ActionsType" minOccurs="0">
169
+ <xs:annotation>
170
+ <xs:documentation>The Actions construct enables description/specification of one or more cyber observable actions. </xs:documentation>
171
+ </xs:annotation>
172
+ </xs:element>
173
+ <xs:element name="Frequency" type="cybox:FrequencyType" minOccurs="0">
174
+ <xs:annotation>
175
+ <xs:documentation>The Frequency field conveys a targeted observation pattern of the frequency of the associated event or action.</xs:documentation>
176
+ </xs:annotation>
177
+ </xs:element>
178
+ </xs:sequence>
179
+ <xs:sequence maxOccurs="unbounded">
180
+ <xs:element name="Event" type="cybox:EventType">
181
+ <xs:annotation>
182
+ <xs:documentation>This Event construct is included recursively to enable description/specification of composite Events.</xs:documentation>
183
+ </xs:annotation>
184
+ </xs:element>
185
+ </xs:sequence>
186
+ </xs:choice>
187
+ <xs:attribute name="id" type="xs:QName">
188
+ <xs:annotation>
189
+ <xs:documentation>The id field specifies a unique id for this Event.</xs:documentation>
190
+ </xs:annotation>
191
+ </xs:attribute>
192
+ <xs:attribute name="idref" type="xs:QName">
193
+ <xs:annotation>
194
+ <xs:documentation>The idref field specifies a unique id reference to an Event defined elsewhere.</xs:documentation>
195
+ </xs:annotation>
196
+ </xs:attribute>
197
+ </xs:complexType>
198
+ <xs:complexType name="FrequencyType">
199
+ <xs:annotation>
200
+ <xs:documentation>The FrequencyType is a type representing the specification of a frequency for a given action or event.</xs:documentation>
201
+ </xs:annotation>
202
+ <xs:attribute name="rate" type="xs:float" use="optional">
203
+ <xs:annotation>
204
+ <xs:documentation>This field specifies the rate for this defined frequency.</xs:documentation>
205
+ </xs:annotation>
206
+ </xs:attribute>
207
+ <xs:attribute name="units" type="xs:string" use="optional">
208
+ <xs:annotation>
209
+ <xs:documentation>This field specifies the units for this defined frequency.</xs:documentation>
210
+ </xs:annotation>
211
+ </xs:attribute>
212
+ <xs:attribute name="scale" type="xs:string" use="optional">
213
+ <xs:annotation>
214
+ <xs:documentation>This field specifies the time scale for this defined frequency.</xs:documentation>
215
+ </xs:annotation>
216
+ </xs:attribute>
217
+ <xs:attribute name="trend" type="cybox:TrendEnum">
218
+ <xs:annotation>
219
+ <xs:documentation>This field is optional and conveys a targeted observation pattern of the nature of any trend in the frequency of the associated event or action. This field would be leveraged within an event or action pattern observable triggering on the matching of a specified trend in the frequency of an event or action.</xs:documentation>
220
+ </xs:annotation>
221
+ </xs:attribute>
222
+ </xs:complexType>
223
+ <!---->
224
+ <xs:element name="Action" type="cybox:ActionType">
225
+ <xs:annotation>
226
+ <xs:documentation>The Action construct enables description/specification of a single cyber observable action. </xs:documentation>
227
+ </xs:annotation>
228
+ </xs:element>
229
+ <xs:complexType name="ActionsType">
230
+ <xs:annotation>
231
+ <xs:documentation>The ActionsType is a complex type representing a set of cyber observable actions.</xs:documentation>
232
+ </xs:annotation>
233
+ <xs:sequence>
234
+ <xs:element ref="cybox:Action" maxOccurs="unbounded">
235
+ <xs:annotation>
236
+ <xs:documentation>The Action construct enables description/specification of a single cyber observable action. </xs:documentation>
237
+ </xs:annotation>
238
+ </xs:element>
239
+ </xs:sequence>
240
+ </xs:complexType>
241
+ <xs:complexType name="ActionType">
242
+ <xs:annotation>
243
+ <xs:documentation>The ActionType is a complex type representing a single cyber observable action.</xs:documentation>
244
+ </xs:annotation>
245
+ <xs:sequence>
246
+ <xs:element name="Type" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0">
247
+ <xs:annotation>
248
+ <xs:documentation>The Type field is optional and utilizes a standardized controlled vocabulary to specify the basic type of the action that was performed.</xs:documentation>
249
+ <xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ActionTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
250
+ Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
251
+ </xs:documentation>
252
+ </xs:annotation>
253
+ </xs:element>
254
+ <xs:element name="Name" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0">
255
+ <xs:annotation>
256
+ <xs:documentation>The Name field is optional and utilizes a standardized controlled vocabulary to identify/characterize the specific name of the action that was performed.</xs:documentation>
257
+ <xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ActionNameVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
258
+ Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
259
+ </xs:documentation>
260
+ </xs:annotation>
261
+ </xs:element>
262
+ <xs:element name="Description" type="cyboxCommon:StructuredTextType" minOccurs="0">
263
+ <xs:annotation>
264
+ <xs:documentation>The Description field contains a textual description of the action.</xs:documentation>
265
+ </xs:annotation>
266
+ </xs:element>
267
+ <xs:element name="Action_Aliases" type="cybox:ActionAliasesType" minOccurs="0">
268
+ <xs:annotation>
269
+ <xs:documentation>The Action_Aliases field is optional and enables identification of other potentially used names for this Action.</xs:documentation>
270
+ </xs:annotation>
271
+ </xs:element>
272
+ <xs:element name="Action_Arguments" type="cybox:ActionArgumentsType" minOccurs="0">
273
+ <xs:annotation>
274
+ <xs:documentation>The Action_Arguments field is optional and enables the specification of relevant arguments/parameters for this Action.</xs:documentation>
275
+ </xs:annotation>
276
+ </xs:element>
277
+ <xs:element name="Discovery_Method" type="cyboxCommon:MeasureSourceType" minOccurs="0">
278
+ <xs:annotation>
279
+ <xs:documentation>The Discovery_Method field is optional and enables descriptive specification of how this Action was observed (in the case of a Cyber Observable Action instance) or could potentially be observed (in the case of a Cyber Observable Action pattern). </xs:documentation>
280
+ </xs:annotation>
281
+ </xs:element>
282
+ <xs:element name="Associated_Objects" type="cybox:AssociatedObjectsType" minOccurs="0">
283
+ <xs:annotation>
284
+ <xs:documentation>The Associated_Objects construct is optional and enables the description/specification of cyber Objects relevant (either initiating or affected by) this Action.</xs:documentation>
285
+ </xs:annotation>
286
+ </xs:element>
287
+ <xs:element name="Relationships" type="cybox:RelationshipsType" minOccurs="0">
288
+ <xs:annotation>
289
+ <xs:documentation>The Relationships construct is optional and enables description of other cyber observable actions that are related to this Action.</xs:documentation>
290
+ </xs:annotation>
291
+ </xs:element>
292
+ <xs:element name="Frequency" type="cybox:FrequencyType" minOccurs="0">
293
+ <xs:annotation>
294
+ <xs:documentation>The Frequency field conveys a targeted observation pattern of the frequency of the associated event or action.</xs:documentation>
295
+ </xs:annotation>
296
+ </xs:element>
297
+ </xs:sequence>
298
+ <xs:attribute name="id" type="xs:QName">
299
+ <xs:annotation>
300
+ <xs:documentation>The id field specifies a unique id for this Action.</xs:documentation>
301
+ </xs:annotation>
302
+ </xs:attribute>
303
+ <xs:attribute name="idref" type="xs:QName">
304
+ <xs:annotation>
305
+ <xs:documentation>The idref field specifies a unique id reference to an Action defined elsewhere.</xs:documentation>
306
+ </xs:annotation>
307
+ </xs:attribute>
308
+ <xs:attribute name="ordinal_position" type="xs:positiveInteger">
309
+ <xs:annotation>
310
+ <xs:documentation>The ordinal_position field is intended to reference the ordinal position of the action with within a series of actions.</xs:documentation>
311
+ </xs:annotation>
312
+ </xs:attribute>
313
+ <xs:attribute name="action_status" type="cybox:ActionStatusTypeEnum">
314
+ <xs:annotation>
315
+ <xs:documentation>The action_status field enables description of the status of the action being described.</xs:documentation>
316
+ </xs:annotation>
317
+ </xs:attribute>
318
+ <xs:attribute name="context" type="cybox:ActionContextTypeEnum">
319
+ <xs:annotation>
320
+ <xs:documentation>The context field is optional and enables simple characterization of the broad operational context in which the Action is relevant</xs:documentation>
321
+ </xs:annotation>
322
+ </xs:attribute>
323
+ <xs:attribute name="timestamp" type="xs:dateTime">
324
+ <xs:annotation>
325
+ <xs:documentation>The timestamp field represents the local or relative time at which the action occurred or was observed. </xs:documentation>
326
+ </xs:annotation>
327
+ </xs:attribute>
328
+ </xs:complexType>
329
+ <xs:simpleType name="ActionStatusTypeEnum">
330
+ <xs:annotation>
331
+ <xs:documentation>ActionStatusTypeEnum is a (non-exhaustive) enumeration of cyber observable action status types.</xs:documentation>
332
+ </xs:annotation>
333
+ <xs:restriction base="xs:string">
334
+ <xs:enumeration value="Success">
335
+ <xs:annotation>
336
+ <xs:documentation>Specifies a cyber observable action that was successful.</xs:documentation>
337
+ </xs:annotation>
338
+ </xs:enumeration>
339
+ <xs:enumeration value="Fail">
340
+ <xs:annotation>
341
+ <xs:documentation>Specifies a cyber observable action that failed.</xs:documentation>
342
+ </xs:annotation>
343
+ </xs:enumeration>
344
+ <xs:enumeration value="Error">
345
+ <xs:annotation>
346
+ <xs:documentation>Specifies a cyber observable action that resulted in an error.</xs:documentation>
347
+ </xs:annotation>
348
+ </xs:enumeration>
349
+ <xs:enumeration value="Complete/Finish">
350
+ <xs:annotation>
351
+ <xs:documentation>Specifies a cyber observable action that completed or finished. This action status does not specify the result of the action (e.g., Success/Error).</xs:documentation>
352
+ </xs:annotation>
353
+ </xs:enumeration>
354
+ <xs:enumeration value="Pending">
355
+ <xs:annotation>
356
+ <xs:documentation>Specifies a cyber observable action is pending.</xs:documentation>
357
+ </xs:annotation>
358
+ </xs:enumeration>
359
+ <xs:enumeration value="Ongoing">
360
+ <xs:annotation>
361
+ <xs:documentation>Specifies a cyber observable action that is ongoing.</xs:documentation>
362
+ </xs:annotation>
363
+ </xs:enumeration>
364
+ <xs:enumeration value="Unknown">
365
+ <xs:annotation>
366
+ <xs:documentation>Specifies a cyber observable action with an unknown status.</xs:documentation>
367
+ </xs:annotation>
368
+ </xs:enumeration>
369
+ </xs:restriction>
370
+ </xs:simpleType>
371
+ <xs:simpleType name="ActionContextTypeEnum">
372
+ <xs:annotation>
373
+ <xs:documentation>ActionContextTypeEnum is a (non-exhaustive) enumeration of cyber observable action contexts.</xs:documentation>
374
+ </xs:annotation>
375
+ <xs:restriction base="xs:string">
376
+ <xs:enumeration value="Host">
377
+ <xs:annotation>
378
+ <xs:documentation>Specifies that the cyber observable action occurred on a host.</xs:documentation>
379
+ </xs:annotation>
380
+ </xs:enumeration>
381
+ <xs:enumeration value="Network">
382
+ <xs:annotation>
383
+ <xs:documentation>Specifies that the cyber observable action occurred on a network.</xs:documentation>
384
+ </xs:annotation>
385
+ </xs:enumeration>
386
+ </xs:restriction>
387
+ </xs:simpleType>
388
+ <xs:complexType name="ActionAliasesType">
389
+ <xs:annotation>
390
+ <xs:documentation>The ActionAliasesType enables identification of other potentially used names for this Action.</xs:documentation>
391
+ </xs:annotation>
392
+ <xs:sequence>
393
+ <xs:element name="Action_Alias" type="xs:string" maxOccurs="unbounded">
394
+ <xs:annotation>
395
+ <xs:documentation>The Action_Alias field is optional and enables identification of a single other potentially used name for this Action.</xs:documentation>
396
+ </xs:annotation>
397
+ </xs:element>
398
+ </xs:sequence>
399
+ </xs:complexType>
400
+ <xs:complexType name="ActionArgumentsType">
401
+ <xs:annotation>
402
+ <xs:documentation>The ActionArgumentsType enables the specification of relevant arguments/parameters for this Action.</xs:documentation>
403
+ </xs:annotation>
404
+ <xs:sequence>
405
+ <xs:element name="Action_Argument" type="cybox:ActionArgumentType" maxOccurs="unbounded">
406
+ <xs:annotation>
407
+ <xs:documentation>The Action_Argument construct is optional and enables the specification of a single relevant argument/parameter for this Action.</xs:documentation>
408
+ </xs:annotation>
409
+ </xs:element>
410
+ </xs:sequence>
411
+ </xs:complexType>
412
+ <xs:complexType name="ActionArgumentType">
413
+ <xs:annotation>
414
+ <xs:documentation>The ActionArgumentType enables the specification of a single relevant argument/parameter for this Action.</xs:documentation>
415
+ </xs:annotation>
416
+ <xs:sequence>
417
+ <xs:element name="Argument_Name" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0">
418
+ <xs:annotation>
419
+ <xs:documentation>The Defined_Argument_Name field is optional and utilizes a standardized controlled vocabulary to identify/characterize the specific action argument utilized.</xs:documentation>
420
+ <xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ActionArgumentNameVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
421
+ Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
422
+ </xs:documentation>
423
+ </xs:annotation>
424
+ </xs:element>
425
+ <xs:element name="Argument_Value" type="xs:string" minOccurs="0">
426
+ <xs:annotation>
427
+ <xs:documentation>The Argument_Value field specifies the value for this action argument/parameter.</xs:documentation>
428
+ </xs:annotation>
429
+ </xs:element>
430
+ </xs:sequence>
431
+ </xs:complexType>
432
+ <xs:complexType name="AssociatedObjectsType">
433
+ <xs:annotation>
434
+ <xs:documentation>The AssociatedObjectsType enables the description/specification of cyber Objects relevant to an Action.</xs:documentation>
435
+ </xs:annotation>
436
+ <xs:sequence>
437
+ <xs:element name="Associated_Object" type="cybox:AssociatedObjectType" maxOccurs="unbounded">
438
+ <xs:annotation>
439
+ <xs:documentation>The Associated_Object construct enables the description of cyber Objects associated with this Action. This could include Objects that initiated the action, are the target Objects affected by the Action, are utilized by the Action or are the returned result of the Action.</xs:documentation>
440
+ </xs:annotation>
441
+ </xs:element>
442
+ </xs:sequence>
443
+ </xs:complexType>
444
+ <xs:complexType name="AssociatedObjectType">
445
+ <xs:annotation>
446
+ <xs:documentation>The AssociatedObjectType is a complex type representing the characterization of a cyber observable Object associated with a given cyber observable Action.</xs:documentation>
447
+ </xs:annotation>
448
+ <xs:complexContent>
449
+ <xs:extension base="cybox:ObjectType">
450
+ <xs:sequence>
451
+ <xs:element name="Association_Type" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0">
452
+ <xs:annotation>
453
+ <xs:documentation>The Association_Type field utilizes a standardized controlled vocabulary to specify the kind of association this Object holds for this Action.</xs:documentation>
454
+ <xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ActionObjectAssociationTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
455
+ Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
456
+ </xs:documentation>
457
+ </xs:annotation>
458
+ </xs:element>
459
+ <xs:element name="Action_Pertinent_Object_Properties" type="cybox:ActionPertinentObjectPropertiesType" minOccurs="0">
460
+ <xs:annotation>
461
+ <xs:documentation>The Action_Pertinent_Object_Properties construct is optional and identifies which of the Properties of this Object are specifically pertinent to this Action.</xs:documentation>
462
+ </xs:annotation>
463
+ </xs:element>
464
+ </xs:sequence>
465
+ </xs:extension>
466
+ </xs:complexContent>
467
+ </xs:complexType>
468
+ <xs:complexType name="ActionPertinentObjectPropertiesType">
469
+ <xs:annotation>
470
+ <xs:documentation>The ActionPertinentObjectPropertiesType identifies which of the Properties of this Object are specifically pertinent to this Action.</xs:documentation>
471
+ </xs:annotation>
472
+ <xs:sequence>
473
+ <xs:element name="Property" type="cybox:ActionPertinentObjectPropertyType" maxOccurs="unbounded">
474
+ <xs:annotation>
475
+ <xs:documentation>The Property construct identifies a single Object Property that is specifically pertinent to this Action.</xs:documentation>
476
+ </xs:annotation>
477
+ </xs:element>
478
+ </xs:sequence>
479
+ </xs:complexType>
480
+ <xs:complexType name="ActionPertinentObjectPropertyType">
481
+ <xs:annotation>
482
+ <xs:documentation>The ActionPertinentObjectPropertyType identifies one of the Properties of an Object that specifically pertinent to an Action.</xs:documentation>
483
+ </xs:annotation>
484
+ <xs:attribute name="name" type="xs:string">
485
+ <xs:annotation>
486
+ <xs:documentation>The name field specifies the field name for the pertinent Object Property.</xs:documentation>
487
+ </xs:annotation>
488
+ </xs:attribute>
489
+ <xs:attribute name="xpath" type="xs:string">
490
+ <xs:annotation>
491
+ <xs:documentation>The xpath field specifies the XPath 1.0 expression identifying the pertinent property within the Properties schema for this object type.</xs:documentation>
492
+ </xs:annotation>
493
+ </xs:attribute>
494
+ </xs:complexType>
495
+ <xs:complexType name="RelationshipsType">
496
+ <xs:annotation>
497
+ <xs:documentation>The RelationshipsType enables description of other cyber observable actions that are related to this Action.</xs:documentation>
498
+ </xs:annotation>
499
+ <xs:sequence>
500
+ <xs:element name="Relationship" type="cybox:ActionRelationshipType" maxOccurs="unbounded">
501
+ <xs:annotation>
502
+ <xs:documentation>The Relationship construct is optional and enables description of a single other cyber observable action that is related to this Action.</xs:documentation>
503
+ </xs:annotation>
504
+ </xs:element>
505
+ </xs:sequence>
506
+ </xs:complexType>
507
+ <xs:complexType name="ActionRelationshipType">
508
+ <xs:annotation>
509
+ <xs:documentation>The ActionRelationshipType characterizes a relationship between a specified cyber observable action and another cyber observable action.</xs:documentation>
510
+ </xs:annotation>
511
+ <xs:sequence>
512
+ <xs:element name="Type" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0">
513
+ <xs:annotation>
514
+ <xs:documentation>The Type field utilizes a standardized controlled vocabulary to describe the nature of the relationship between this Action and the related Action.</xs:documentation>
515
+ <xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ActionRelationshipTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
516
+ Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field. </xs:documentation>
517
+ </xs:annotation>
518
+ </xs:element>
519
+ <xs:element name="Action_Reference" type="cybox:ActionReferenceType" maxOccurs="unbounded">
520
+ <xs:annotation>
521
+ <xs:documentation>The Action_Reference construct captures references to other Actions.</xs:documentation>
522
+ </xs:annotation>
523
+ </xs:element>
524
+ </xs:sequence>
525
+ </xs:complexType>
526
+ <xs:complexType name="ActionReferenceType">
527
+ <xs:annotation>
528
+ <xs:documentation>ActionReferenceType is intended to serve as a method for linking to actions.</xs:documentation>
529
+ </xs:annotation>
530
+ <xs:attribute name="action_id" type="xs:QName" use="required">
531
+ <xs:annotation>
532
+ <xs:documentation>The action_id field refers to the id of the action being referenced.</xs:documentation>
533
+ </xs:annotation>
534
+ </xs:attribute>
535
+ </xs:complexType>
536
+ <!---->
537
+ <xs:element name="Object" type="cybox:ObjectType">
538
+ <xs:annotation>
539
+ <xs:documentation>The Object construct identifies and specificies the characteristics of a specific cyber-relevant object (e.g. a file, a registry key or a process). </xs:documentation>
540
+ </xs:annotation>
541
+ </xs:element>
542
+ <xs:complexType name="ObjectType">
543
+ <xs:annotation>
544
+ <xs:documentation>The ObjectType is a complex type representing the characteristics of a specific cyber-relevant object (e.g. a file, a registry key or a process). </xs:documentation>
545
+ </xs:annotation>
546
+ <xs:sequence>
547
+ <xs:element name="State" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0" maxOccurs="1">
548
+ <xs:annotation>
549
+ <xs:documentation>The State field enables the description of the current state of the object, through a standardized controlled vocabulary.</xs:documentation>
550
+ <xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ObjectStateVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
551
+ Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field. </xs:documentation>
552
+ </xs:annotation>
553
+ </xs:element>
554
+ <xs:element name="Description" type="cyboxCommon:StructuredTextType" minOccurs="0">
555
+ <xs:annotation>
556
+ <xs:documentation>The Description field provides a mechanism to specify a structured text description of this Object. </xs:documentation>
557
+ </xs:annotation>
558
+ </xs:element>
559
+ <xs:element name="Properties" type="cyboxCommon:ObjectPropertiesType" minOccurs="0">
560
+ <xs:annotation>
561
+ <xs:documentation>The Properties construct is an abstract placeholder for various predefined Object type schemas (e.g. File, Process or System) that can be instantiated in its place through extension of the ObjectPropertiesType. This mechanism enables the specification of a broad range of Object types with consistent Object Property naming and structure. The set of Properties schemas are maintained independent of the core CybOX schema.</xs:documentation>
562
+ </xs:annotation>
563
+ </xs:element>
564
+ <xs:element name="Domain_Specific_Object_Properties" type="cybox:DomainSpecificObjectPropertiesType" minOccurs="0">
565
+ <xs:annotation>
566
+ <xs:documentation>The Domain_Specific_Object_Properties construct is of an Abstract type placeholder within the CybOX schema enabling the inclusion of domain-specific metadata for an object through the use of a custom type defined as an extension of this base Abstract type. This enables domains utilizing CybOX such as malware analysis or forensics to incorporate non-generalized object metadata from their domains into CybOX objects.</xs:documentation>
567
+ </xs:annotation>
568
+ </xs:element>
569
+ <xs:element name="Related_Objects" type="cybox:RelatedObjectsType" minOccurs="0">
570
+ <xs:annotation>
571
+ <xs:documentation>The Related_Objects construct is optional and enables the identification and/or specification of Objects with relevant relationships with this Object.</xs:documentation>
572
+ </xs:annotation>
573
+ </xs:element>
574
+ <xs:element name="Defined_Effect" type="cybox:DefinedEffectType" minOccurs="0">
575
+ <xs:annotation>
576
+ <xs:documentation>The Defined_Effect construct is an abstract placeholder for various predefined Object Effect types (e.g. DataReadEffect, ValuesEnumeratedEffect or StateChangeEffect) that can be instantiated in its place through extension of the DefinedEffectType. This mechanism enables the specification of a broad range of types of potential complex action effects on Objects. The set of Defined_Effect types (extending the DefinedEffectType) are maintained as part of the core CybOX schema.</xs:documentation>
577
+ </xs:annotation>
578
+ </xs:element>
579
+ <xs:element name="Discovery_Method" type="cyboxCommon:MeasureSourceType" minOccurs="0">
580
+ <xs:annotation>
581
+ <xs:documentation>The Discovery_Method field is optional and enables descriptive specification of how this Object was observed (in the case of a Cyber Observable Object instance) or could potentially be observed (in the case of a Cyber Observable Object pattern). </xs:documentation>
582
+ </xs:annotation>
583
+ </xs:element>
584
+ </xs:sequence>
585
+ <xs:attribute name="id" type="xs:QName">
586
+ <xs:annotation>
587
+ <xs:documentation>The id field specifies a unique id for this Object.</xs:documentation>
588
+ </xs:annotation>
589
+ </xs:attribute>
590
+ <xs:attribute name="idref" type="xs:QName">
591
+ <xs:annotation>
592
+ <xs:documentation>The idref field specifies a unique id reference to an Object defined elsewhere.</xs:documentation>
593
+ </xs:annotation>
594
+ </xs:attribute>
595
+ <xs:attribute name="has_changed" type="xs:boolean">
596
+ <xs:annotation>
597
+ <xs:documentation>The has_changed field is optional and conveys a targeted observation pattern of whether the associated object specified has changed. This field would be leveraged within a pattern observable triggering on whether the value of an object specification has changed.</xs:documentation>
598
+ </xs:annotation>
599
+ </xs:attribute>
600
+ </xs:complexType>
601
+ <xs:complexType name="DomainSpecificObjectPropertiesType" abstract="true">
602
+ <xs:annotation>
603
+ <xs:documentation>The DomainSpecificObjectPropertiesType is an abstract type placeholder within the CybOX schema enabling the inclusion of domain-specific metadata for an object through the use of a custom type defined as an extension of this base Abstract type. This enables domains utilizing CybOX such as malware analysis or forensics to incorporate non-generalized object metadata from their domains into CybOX objects.</xs:documentation>
604
+ </xs:annotation>
605
+ </xs:complexType>
606
+ <xs:complexType name="RelatedObjectsType">
607
+ <xs:annotation>
608
+ <xs:documentation>The RelatedObjectsType enables the identification and/or specification of Objects with relevant relationships with this Object.</xs:documentation>
609
+ </xs:annotation>
610
+ <xs:sequence>
611
+ <xs:element name="Related_Object" type="cybox:RelatedObjectType" maxOccurs="unbounded">
612
+ <xs:annotation>
613
+ <xs:documentation>The Related_Object construct is optional and enables the identification and/or specification of a single Objects with relevant relationships with this Object.</xs:documentation>
614
+ </xs:annotation>
615
+ </xs:element>
616
+ </xs:sequence>
617
+ </xs:complexType>
618
+ <xs:complexType name="RelatedObjectType">
619
+ <xs:annotation>
620
+ <xs:documentation>The RelatedObjectType enables the identification and/or specification of an Object with a relevant relationship with this Object.</xs:documentation>
621
+ </xs:annotation>
622
+ <xs:complexContent>
623
+ <xs:extension base="cybox:ObjectType">
624
+ <xs:sequence>
625
+ <xs:element name="Relationship" type="cyboxCommon:ControlledVocabularyStringType" minOccurs="0">
626
+ <xs:annotation>
627
+ <xs:documentation>The Relationship field uses a standardized controlled vocabulary to capture the nature of the relationship between this Object and the Related_Object.</xs:documentation>
628
+ <xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ObjectRelationshipVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd.
629
+ Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field. </xs:documentation>
630
+ </xs:annotation>
631
+ </xs:element>
632
+ </xs:sequence>
633
+ </xs:extension>
634
+ </xs:complexContent>
635
+ </xs:complexType>
636
+ <xs:complexType name="DefinedEffectType" abstract="true">
637
+ <xs:annotation>
638
+ <xs:documentation>The DefinedEffectType is an abstract placeholder for various predefined Object Effect types (e.g. DataReadEffect, ValuesEnumeratedEffect or StateChangeEffect) that can be instantiated in its place through extension of the DefinedEffectType. This mechanism enables the specification of a broad range of types of potential complex action effects on Objects. The set of Defined_Effect types (extending the DefinedEffectType) are maintained as part of the core CybOX schema.</xs:documentation>
639
+ </xs:annotation>
640
+ <xs:attribute name="effect_type" type="cybox:EffectTypeEnum">
641
+ <xs:annotation>
642
+ <xs:documentation>The effect_type field specifies the nature of the Defined Effect instantiated in the place of the Defined_Effect element. </xs:documentation>
643
+ </xs:annotation>
644
+ </xs:attribute>
645
+ </xs:complexType>
646
+ <xs:simpleType name="EffectTypeEnum">
647
+ <xs:annotation>
648
+ <xs:documentation>EffectTypeEnum is a (non-exhaustive) enumeration of effect types.</xs:documentation>
649
+ </xs:annotation>
650
+ <xs:restriction base="xs:string">
651
+ <xs:enumeration value="State_Changed">
652
+ <xs:annotation>
653
+ <xs:documentation>Specifies that the associated Action had an effect on the Object of changing its state.</xs:documentation>
654
+ </xs:annotation>
655
+ </xs:enumeration>
656
+ <xs:enumeration value="Data_Read">
657
+ <xs:annotation>
658
+ <xs:documentation>Specifies that the associated Action had an effect on the Object of reading data from it.</xs:documentation>
659
+ </xs:annotation>
660
+ </xs:enumeration>
661
+ <xs:enumeration value="Data_Written">
662
+ <xs:annotation>
663
+ <xs:documentation>Specifies that the associated Action had an effect on the Object of writing data to it.</xs:documentation>
664
+ </xs:annotation>
665
+ </xs:enumeration>
666
+ <xs:enumeration value="Data_Sent">
667
+ <xs:annotation>
668
+ <xs:documentation>Specifies that the associated Action had an effect on the Object of sending data to it.</xs:documentation>
669
+ </xs:annotation>
670
+ </xs:enumeration>
671
+ <xs:enumeration value="Data_Received">
672
+ <xs:annotation>
673
+ <xs:documentation>Specifies that the associated Action had an effect on the Object of receiving data from it.</xs:documentation>
674
+ </xs:annotation>
675
+ </xs:enumeration>
676
+ <xs:enumeration value="Properties_Read">
677
+ <xs:annotation>
678
+ <xs:documentation>Specifies that the associated Action had an effect on the Object of reading properties from it.</xs:documentation>
679
+ </xs:annotation>
680
+ </xs:enumeration>
681
+ <xs:enumeration value="Properties_Enumerated">
682
+ <xs:annotation>
683
+ <xs:documentation>Specifies that the associated Action had an effect on the Object of enumeraring properies from it.</xs:documentation>
684
+ </xs:annotation>
685
+ </xs:enumeration>
686
+ <xs:enumeration value="Values_Enumerated">
687
+ <xs:annotation>
688
+ <xs:documentation>Specifies that the associated Action had an effect on the Object of enumerating values from it.</xs:documentation>
689
+ </xs:annotation>
690
+ </xs:enumeration>
691
+ <xs:enumeration value="ControlCode_Sent">
692
+ <xs:annotation>
693
+ <xs:documentation>Specifies that the associated Action had an effect on the Object of having a control code sent to it.</xs:documentation>
694
+ </xs:annotation>
695
+ </xs:enumeration>
696
+ </xs:restriction>
697
+ </xs:simpleType>
698
+ <xs:complexType name="StateChangeEffectType">
699
+ <xs:annotation>
700
+ <xs:documentation>The StateChangeEffectType is intended as a generic way of characterizing the effects of actions upon objects where the some state of the object is changed. </xs:documentation>
701
+ </xs:annotation>
702
+ <xs:complexContent>
703
+ <xs:extension base="cybox:DefinedEffectType">
704
+ <xs:sequence>
705
+ <xs:element name="Old_Object" type="cybox:ObjectType" minOccurs="0">
706
+ <xs:annotation>
707
+ <xs:documentation>The Old_Object construct specifies the object and its properties as they were before the state change effect occurred.</xs:documentation>
708
+ </xs:annotation>
709
+ </xs:element>
710
+ <xs:element name="New_Object" type="cybox:ObjectType">
711
+ <xs:annotation>
712
+ <xs:documentation>The New_Object construct specifies the object and its properties as they are after the state change effect occurred.</xs:documentation>
713
+ </xs:annotation>
714
+ </xs:element>
715
+ </xs:sequence>
716
+ </xs:extension>
717
+ </xs:complexContent>
718
+ </xs:complexType>
719
+ <xs:complexType name="DataReadEffectType">
720
+ <xs:annotation>
721
+ <xs:documentation>The DataReadEffectType type is intended to characterize the effects of actions upon objects where some data is read, such as from a file or a pipe.</xs:documentation>
722
+ </xs:annotation>
723
+ <xs:complexContent>
724
+ <xs:extension base="cybox:DefinedEffectType">
725
+ <xs:sequence>
726
+ <xs:element name="Data" type="cyboxCommon:DataSegmentType">
727
+ <xs:annotation>
728
+ <xs:documentation>The Data field specifies the data that was read from the object by the action.</xs:documentation>
729
+ </xs:annotation>
730
+ </xs:element>
731
+ </xs:sequence>
732
+ </xs:extension>
733
+ </xs:complexContent>
734
+ </xs:complexType>
735
+ <xs:complexType name="DataWrittenEffectType">
736
+ <xs:annotation>
737
+ <xs:documentation>The DataWrittenEffectType type is intended to characterize the effects of actions upon objects where some data is written, such as to a file or a pipe.</xs:documentation>
738
+ </xs:annotation>
739
+ <xs:complexContent>
740
+ <xs:extension base="cybox:DefinedEffectType">
741
+ <xs:sequence>
742
+ <xs:element name="Data" type="cyboxCommon:DataSegmentType">
743
+ <xs:annotation>
744
+ <xs:documentation>The Data field specifies the data that was written to the object by the action.</xs:documentation>
745
+ </xs:annotation>
746
+ </xs:element>
747
+ </xs:sequence>
748
+ </xs:extension>
749
+ </xs:complexContent>
750
+ </xs:complexType>
751
+ <xs:complexType name="DataSentEffectType">
752
+ <xs:annotation>
753
+ <xs:documentation>The DataSentEffectType type is intended to characterize the effects of actions upon objects where some data is sent, such as a byte sequence on a socket.</xs:documentation>
754
+ </xs:annotation>
755
+ <xs:complexContent>
756
+ <xs:extension base="cybox:DefinedEffectType">
757
+ <xs:sequence>
758
+ <xs:element name="Data" type="cyboxCommon:DataSegmentType">
759
+ <xs:annotation>
760
+ <xs:documentation>The Data field specifies the data that was sent on the object, or from the object, by the action.</xs:documentation>
761
+ </xs:annotation>
762
+ </xs:element>
763
+ </xs:sequence>
764
+ </xs:extension>
765
+ </xs:complexContent>
766
+ </xs:complexType>
767
+ <xs:complexType name="DataReceivedEffectType">
768
+ <xs:annotation>
769
+ <xs:documentation>The DataReceivedEffectType type is intended to characterize the effects of actions upon objects where some data is received, such as a byte sequence on a socket.</xs:documentation>
770
+ </xs:annotation>
771
+ <xs:complexContent>
772
+ <xs:extension base="cybox:DefinedEffectType">
773
+ <xs:sequence>
774
+ <xs:element name="Data" type="cyboxCommon:DataSegmentType">
775
+ <xs:annotation>
776
+ <xs:documentation>The Data field specifies the data that was received on the object, or from the object, by the action.</xs:documentation>
777
+ </xs:annotation>
778
+ </xs:element>
779
+ </xs:sequence>
780
+ </xs:extension>
781
+ </xs:complexContent>
782
+ </xs:complexType>
783
+ <xs:complexType name="PropertyReadEffectType">
784
+ <xs:annotation>
785
+ <xs:documentation>The PropertyReadEffectType type is intended to characterize the effects of actions upon objects where some specific property is read from an object, such as the current running state of a process.</xs:documentation>
786
+ </xs:annotation>
787
+ <xs:complexContent>
788
+ <xs:extension base="cybox:DefinedEffectType">
789
+ <xs:sequence>
790
+ <xs:element name="Name" type="xs:string" minOccurs="0">
791
+ <xs:annotation>
792
+ <xs:documentation>The Name field specifies the Name of the property being read.</xs:documentation>
793
+ </xs:annotation>
794
+ </xs:element>
795
+ <xs:element name="Value" type="xs:string" minOccurs="0">
796
+ <xs:annotation>
797
+ <xs:documentation>The Value field specifies the value of the property being read.</xs:documentation>
798
+ </xs:annotation>
799
+ </xs:element>
800
+ </xs:sequence>
801
+ </xs:extension>
802
+ </xs:complexContent>
803
+ </xs:complexType>
804
+ <xs:complexType name="PropertiesEnumeratedEffectType">
805
+ <xs:annotation>
806
+ <xs:documentation>The PropertiesEnumeratedEffectType type is intended to characterize the effects of actions upon objects where some properties of the object are enumerated, such as the startup parameters for a process.</xs:documentation>
807
+ </xs:annotation>
808
+ <xs:complexContent>
809
+ <xs:extension base="cybox:DefinedEffectType">
810
+ <xs:sequence>
811
+ <xs:element name="Properties" type="cybox:PropertiesType">
812
+ <xs:annotation>
813
+ <xs:documentation>The Properties field specifies the properties that were enumerated as a result of the action on the object.</xs:documentation>
814
+ </xs:annotation>
815
+ </xs:element>
816
+ </xs:sequence>
817
+ </xs:extension>
818
+ </xs:complexContent>
819
+ </xs:complexType>
820
+ <xs:complexType name="PropertiesType">
821
+ <xs:annotation>
822
+ <xs:documentation>The PropertiesType specifies the properties that were enumerated as a result of the action on the object.</xs:documentation>
823
+ </xs:annotation>
824
+ <xs:sequence>
825
+ <xs:element name="Property" type="xs:string" maxOccurs="unbounded">
826
+ <xs:annotation>
827
+ <xs:documentation>The Property element specifies a single property that was enumerated as a result of the action on the object.</xs:documentation>
828
+ </xs:annotation>
829
+ </xs:element>
830
+ </xs:sequence>
831
+ </xs:complexType>
832
+ <xs:complexType name="ValuesEnumeratedEffectType">
833
+ <xs:annotation>
834
+ <xs:documentation>The ValuesEnumeratedEffectType type is intended to characterize the effects of actions upon objects where some values of the object are enumerated, such as the values of a registry key.</xs:documentation>
835
+ </xs:annotation>
836
+ <xs:complexContent>
837
+ <xs:extension base="cybox:DefinedEffectType">
838
+ <xs:sequence>
839
+ <xs:element name="Values" type="cybox:ValuesType">
840
+ <xs:annotation>
841
+ <xs:documentation>The Values field specifies the values that were enumerated as a result of the action on the object.</xs:documentation>
842
+ </xs:annotation>
843
+ </xs:element>
844
+ </xs:sequence>
845
+ </xs:extension>
846
+ </xs:complexContent>
847
+ </xs:complexType>
848
+ <xs:complexType name="ValuesType">
849
+ <xs:annotation>
850
+ <xs:documentation>The ValuesType specifies the values that were enumerated as a result of the action on the object.</xs:documentation>
851
+ </xs:annotation>
852
+ <xs:sequence>
853
+ <xs:element name="Value" type="xs:string" maxOccurs="unbounded">
854
+ <xs:annotation>
855
+ <xs:documentation>The Value field specifies a single value that was enumerated as a result of the action on the object.</xs:documentation>
856
+ </xs:annotation>
857
+ </xs:element>
858
+ </xs:sequence>
859
+ </xs:complexType>
860
+ <xs:complexType name="SendControlCodeEffectType">
861
+ <xs:annotation>
862
+ <xs:documentation>The SendControlCodeEffectType is intended to characterize the effects of actions upon objects where some control code, or other control-oriented communication signal, is sent to the object. For example, an action may send a control code to change the running state of a process.</xs:documentation>
863
+ </xs:annotation>
864
+ <xs:complexContent>
865
+ <xs:extension base="cybox:DefinedEffectType">
866
+ <xs:sequence>
867
+ <xs:element name="Control_Code" type="xs:string">
868
+ <xs:annotation>
869
+ <xs:documentation>The Control_Code field specifies the actual control code that was sent to the object.</xs:documentation>
870
+ </xs:annotation>
871
+ </xs:element>
872
+ </xs:sequence>
873
+ </xs:extension>
874
+ </xs:complexContent>
875
+ </xs:complexType>
876
+ <!---->
877
+ <xs:element name="Property" type="cyboxCommon:PropertyType">
878
+ <xs:annotation>
879
+ <xs:documentation>The Property element represents the specification of a single Object Property</xs:documentation>
880
+ </xs:annotation>
881
+ </xs:element>
882
+ <!---->
883
+ <xs:complexType name="ObservableCompositionType">
884
+ <xs:annotation>
885
+ <xs:documentation>The ObservablesCompositionType enables the specification of higher-order composite observables composed of logical combinations of other observables.</xs:documentation>
886
+ </xs:annotation>
887
+ <xs:sequence minOccurs="0">
888
+ <xs:element name="Observable" type="cybox:ObservableType" minOccurs="0" maxOccurs="unbounded">
889
+ <xs:annotation>
890
+ <xs:documentation>The Observable construct represents a description of a single cyber observable.</xs:documentation>
891
+ </xs:annotation>
892
+ </xs:element>
893
+ </xs:sequence>
894
+ <xs:attribute name="operator" type="cybox:OperatorTypeEnum" use="required">
895
+ <xs:annotation>
896
+ <xs:documentation>The operator field enables the specification of complex compositional cyber observables by providing logical operators for defining interrelationships between constituent cyber observables defined utilizing the recursive Observable element.</xs:documentation>
897
+ </xs:annotation>
898
+ </xs:attribute>
899
+ </xs:complexType>
900
+ <xs:simpleType name="OperatorTypeEnum">
901
+ <xs:annotation>
902
+ <xs:documentation>OperatorTypeEnum is a (non-exhaustive) enumeration of operators.</xs:documentation>
903
+ </xs:annotation>
904
+ <xs:restriction base="xs:string">
905
+ <xs:enumeration value="AND">
906
+ <xs:annotation>
907
+ <xs:documentation>Specifies the AND logical composition operation.</xs:documentation>
908
+ </xs:annotation>
909
+ </xs:enumeration>
910
+ <xs:enumeration value="OR">
911
+ <xs:annotation>
912
+ <xs:documentation>Specifies the OR logical composition operation.</xs:documentation>
913
+ </xs:annotation>
914
+ </xs:enumeration>
915
+ </xs:restriction>
916
+ </xs:simpleType>
917
+ <!---->
918
+ <xs:complexType name="PoolsType">
919
+ <xs:annotation>
920
+ <xs:documentation>The PoolsType enables the description of Events, Actions, Objects and Properties in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled elements. This reduces redundancy caused when identical observable elements occur multiple times within a set of defined Observables.</xs:documentation>
921
+ </xs:annotation>
922
+ <xs:sequence>
923
+ <xs:element name="Event_Pool" type="cybox:EventPoolType" minOccurs="0">
924
+ <xs:annotation>
925
+ <xs:documentation>The Event_Pool construct enables the description of CybOX Events in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled Event elements. This reduces redundancy caused when identical Events occur multiple times within a set of defined Observables.</xs:documentation>
926
+ </xs:annotation>
927
+ </xs:element>
928
+ <xs:element name="Action_Pool" type="cybox:ActionPoolType" minOccurs="0">
929
+ <xs:annotation>
930
+ <xs:documentation>The Action_Pool construct enables the description of CybOX Actions in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled Action elements. This reduces redundancy caused when identical Actions occur multiple times within a set of defined Observables.</xs:documentation>
931
+ </xs:annotation>
932
+ </xs:element>
933
+ <xs:element name="Object_Pool" type="cybox:ObjectPoolType" minOccurs="0">
934
+ <xs:annotation>
935
+ <xs:documentation>The Object_Pool construct enables the description of CybOX Objects in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled Object elements. This reduces redundancy caused when identical Objects occur multiple times within a set of defined Observables.</xs:documentation>
936
+ </xs:annotation>
937
+ </xs:element>
938
+ <xs:element name="Property_Pool" type="cybox:PropertyPoolType" minOccurs="0">
939
+ <xs:annotation>
940
+ <xs:documentation>The Property_Pool construct enables the description of CybOX Properties in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled Properties elements. This reduces redundancy caused when identical Properties occur multiple times within a set of defined Observables.</xs:documentation>
941
+ </xs:annotation>
942
+ </xs:element>
943
+ </xs:sequence>
944
+ </xs:complexType>
945
+ <xs:complexType name="EventPoolType">
946
+ <xs:annotation>
947
+ <xs:documentation>The EventPoolType enables the description of CybOX Events in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled Event elements. This reduces redundancy caused when identical Events occur multiple times within a set of defined Observables.</xs:documentation>
948
+ </xs:annotation>
949
+ <xs:sequence>
950
+ <xs:element name="Event" type="cybox:EventType" maxOccurs="unbounded">
951
+ <xs:annotation>
952
+ <xs:documentation>The Event construct enables specification of a cyber observable event that is dynamic in nature with specific action(s) taken against specific cyber relevant objects (e.g. a file is deleted, a registry key is created or an HTTP Get Request is received).</xs:documentation>
953
+ </xs:annotation>
954
+ </xs:element>
955
+ </xs:sequence>
956
+ </xs:complexType>
957
+ <xs:complexType name="ActionPoolType">
958
+ <xs:annotation>
959
+ <xs:documentation>The ActionPoolType enables the description of CybOX Actions in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled Action elements. This reduces redundancy caused when identical Actions occur multiple times within a set of defined Observables.</xs:documentation>
960
+ </xs:annotation>
961
+ <xs:sequence>
962
+ <xs:element name="Action" type="cybox:ActionType" maxOccurs="unbounded">
963
+ <xs:annotation>
964
+ <xs:documentation>The Action construct enables description/specification of a single cyber observable action. </xs:documentation>
965
+ </xs:annotation>
966
+ </xs:element>
967
+ </xs:sequence>
968
+ </xs:complexType>
969
+ <xs:complexType name="ObjectPoolType">
970
+ <xs:annotation>
971
+ <xs:documentation>The ObjectPoolType enables the description of CybOX Objects in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled Object elements. This reduces redundancy caused when identical Objects occur multiple times within a set of defined Observables.</xs:documentation>
972
+ </xs:annotation>
973
+ <xs:sequence>
974
+ <xs:element name="Object" type="cybox:ObjectType" maxOccurs="unbounded">
975
+ <xs:annotation>
976
+ <xs:documentation>The Object construct identifies and specificies the characteristics of a specific cyber-relevant object (e.g. a file, a registry key or a process). </xs:documentation>
977
+ </xs:annotation>
978
+ </xs:element>
979
+ </xs:sequence>
980
+ </xs:complexType>
981
+ <xs:complexType name="PropertyPoolType">
982
+ <xs:annotation>
983
+ <xs:documentation>The PropertyPoolType enables the description of CybOX Properties in a space-efficient pooled manner with the actual Observable structures defined in the CybOX schema containing references to the pooled Properties elements. This reduces redundancy caused when identical Properties occur multiple times within a set of defined Observables.</xs:documentation>
984
+ </xs:annotation>
985
+ <xs:sequence>
986
+ <xs:element name="Property" type="cyboxCommon:PropertyType" maxOccurs="unbounded">
987
+ <xs:annotation>
988
+ <xs:documentation>The Property construct enables the specification of a single Object Property.</xs:documentation>
989
+ </xs:annotation>
990
+ </xs:element>
991
+ </xs:sequence>
992
+ </xs:complexType>
993
+ <!---->
994
+ <xs:simpleType name="NoisinessEnum">
995
+ <xs:annotation>
996
+ <xs:documentation>NoisinessEnum is a (non-exhaustive) enumeration of potential levels of noisiness for a given observable pattern.</xs:documentation>
997
+ </xs:annotation>
998
+ <xs:restriction base="xs:string">
999
+ <xs:enumeration value="High">
1000
+ <xs:annotation>
1001
+ <xs:documentation>Specifies that this observable has a high level of noisiness meaning a potentially high level of false positives.</xs:documentation>
1002
+ </xs:annotation>
1003
+ </xs:enumeration>
1004
+ <xs:enumeration value="Medium">
1005
+ <xs:annotation>
1006
+ <xs:documentation>Specifies that this observable has a medium level of noisiness meaning a potentially medium level of false positives.</xs:documentation>
1007
+ </xs:annotation>
1008
+ </xs:enumeration>
1009
+ <xs:enumeration value="Low">
1010
+ <xs:annotation>
1011
+ <xs:documentation>Specifies that this observable has a low level of noisiness meaning a potentially low level of false positives.</xs:documentation>
1012
+ </xs:annotation>
1013
+ </xs:enumeration>
1014
+ </xs:restriction>
1015
+ </xs:simpleType>
1016
+ <xs:complexType name="ObfuscationTechniquesType">
1017
+ <xs:annotation>
1018
+ <xs:documentation>The ObfuscationTechniquesType enables the description of a set of potential techniques an attacker could leverage to obfuscate the observability of this Observable. </xs:documentation>
1019
+ </xs:annotation>
1020
+ <xs:sequence>
1021
+ <xs:element name="Obfuscation_Technique" type="cybox:ObfuscationTechniqueType" maxOccurs="unbounded">
1022
+ <xs:annotation>
1023
+ <xs:documentation>The Obfuscation_Technique field is optional and enables the description of a single potential technique an attacker could leverage to obfuscate the observability of this Observable. </xs:documentation>
1024
+ </xs:annotation>
1025
+ </xs:element>
1026
+ </xs:sequence>
1027
+ </xs:complexType>
1028
+ <xs:complexType name="ObfuscationTechniqueType">
1029
+ <xs:annotation>
1030
+ <xs:documentation>The ObfuscationTechniqueType enables the description of a single potential technique an attacker could leverage to obfuscate the observability of this Observable. </xs:documentation>
1031
+ </xs:annotation>
1032
+ <xs:sequence>
1033
+ <xs:element name="Description" type="cyboxCommon:StructuredTextType">
1034
+ <xs:annotation>
1035
+ <xs:documentation>The Description field captures a structured text description of the obfuscation technique.</xs:documentation>
1036
+ </xs:annotation>
1037
+ </xs:element>
1038
+ <xs:element name="Observables" type="cybox:ObservablesType" minOccurs="0">
1039
+ <xs:annotation>
1040
+ <xs:documentation>The Observables construct is optional and enables description of potential cyber observables that could indicate the use of this particular obfuscation technique.</xs:documentation>
1041
+ </xs:annotation>
1042
+ </xs:element>
1043
+ </xs:sequence>
1044
+ </xs:complexType>
1045
+ <xs:simpleType name="EaseOfObfuscationEnum">
1046
+ <xs:annotation>
1047
+ <xs:documentation>The EaseOfObfuscationEnum is a (non-exhaustive) enumeration of simple characterizations of how easy it would be for an attacker to obfuscate the observability of this Observable.</xs:documentation>
1048
+ </xs:annotation>
1049
+ <xs:restriction base="xs:string">
1050
+ <xs:enumeration value="High">
1051
+ <xs:annotation>
1052
+ <xs:documentation>Specifies that this observable is very easy to obfuscate and hide.</xs:documentation>
1053
+ </xs:annotation>
1054
+ </xs:enumeration>
1055
+ <xs:enumeration value="Medium">
1056
+ <xs:annotation>
1057
+ <xs:documentation>Specifies that this observable is somewhat easy to obfuscate and hide.</xs:documentation>
1058
+ </xs:annotation>
1059
+ </xs:enumeration>
1060
+ <xs:enumeration value="Low">
1061
+ <xs:annotation>
1062
+ <xs:documentation>Specifies that this observable is not very easy to obfuscate and hide.</xs:documentation>
1063
+ </xs:annotation>
1064
+ </xs:enumeration>
1065
+ </xs:restriction>
1066
+ </xs:simpleType>
1067
+ <xs:complexType name="KeywordsType">
1068
+ <xs:sequence>
1069
+ <xs:element name="Keyword" type="xs:string" minOccurs="1" maxOccurs="unbounded">
1070
+ <xs:annotation>
1071
+ <xs:documentation>Each keyword element contains one keyword.</xs:documentation>
1072
+ </xs:annotation>
1073
+ </xs:element>
1074
+ </xs:sequence>
1075
+ </xs:complexType>
1076
+ <xs:complexType name="PatternFidelityType">
1077
+ <xs:sequence>
1078
+ <xs:element name="Noisiness" type="cybox:NoisinessEnum" minOccurs="0">
1079
+ <xs:annotation>
1080
+ <xs:documentation>The Noisiness field is optional and enables simple characterization of how noisy this Observable typically could be. In other words, how likely is it to generate false positives.</xs:documentation>
1081
+ </xs:annotation>
1082
+ </xs:element>
1083
+ <xs:element name="Ease_of_Evasion" type="cybox:EaseOfObfuscationEnum" minOccurs="0">
1084
+ <xs:annotation>
1085
+ <xs:documentation>The Ease_of_Obfuscation field is optional and enables simple characterization of how easy it would be for an attacker to obfuscate the observability of this Observable.</xs:documentation>
1086
+ </xs:annotation>
1087
+ </xs:element>
1088
+ <xs:element name="Evasion_Techniques" type="cybox:ObfuscationTechniquesType" minOccurs="0">
1089
+ <xs:annotation>
1090
+ <xs:documentation>The Obfuscation_Techniques field is optional and enables the description of potential techniques an attacker could leverage to obfuscate the observability of this Observable. </xs:documentation>
1091
+ </xs:annotation>
1092
+ </xs:element>
1093
+ </xs:sequence>
1094
+ </xs:complexType>
1095
+ </xs:schema>