• Home
• org.mitre
• stix
• 1.2.0.1
• source code
• course_of_action.xsd

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

schemas.v1.2.0.course_of_action.xsd Maven / Gradle / Ivy

	
		This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org. 
		
			STIX COA
			1.2
			05/15/2015 9:00:00 AM
			Structured Threat Information eXpression (STIX) - COA - Schematic implementation for the CourseOfAction construct within the STIX structured cyber threat expression language architecture.
			Copyright (c) 2012-2015, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. 
		
	
	
	
	
	
		
			The CourseOfAction field characterizes a Course of Action to be taken in regards to one of more cyber threats. NOTE: This construct is still in its early stages of maturity and will require a good deal of review and refinement.
		
	
	
		
			Represents a single STIX Course of Action.
			CoursesOfAction are specific measures to be taken to address threat whether they are corrective or preventative to address ExploitTargets, or responsive to counter or mitigate the potential impacts of Incidents. In a structured sense, COA consist of their relevant stage in cyber threat management (e.g., remedy of an ExploitTarget or response to an Incident), type of COA, description of COA, objective of the COA, structured representation of the COA (e.g., IPS rule or automated patch/remediation), the likely impact of the COA, the likely cost of the COA, the estimated efficacy of the COA, observable parameters for the COA, handling guidance, etc.
		
		
			
				
					
						
							The Title field provides a simple title for this CourseOfAction.
						
					
					
						
							The Stage field specifies what stage in the cyber threat management lifecycle this CourseOfAction is relevant to (e.g. Remedy or Response).
							This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is COAStageVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
							Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
						
					
					
						
							The Type field specifies the type of this CourseOfAction.
							This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is CourseOfActionTypeVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
						
					
					
						
							The Description field is optional and provides an unstructured, text description of this CourseOfAction.
						
					
					
						
							The Short_Description field is optional and provides a short, unstructured, text description of this CourseOfAction.
						
					
					
						
							The Objective field characterizes the objective of this CourseOfAction.
						
					
					
						
							The Parameter_Observables field enables the specification of technical parameters to this Course of Action expressed using the CybOX Language. It is intended that the combination of the Course of Action Type and the Parameter_Observables could be used to define automated courses of action.
						
					
					
						
							The Structured_COA field enables the specification of an actionable structured representation for the CourseOfAction potentially for automated consumption and implementation.
								This field is implemented through the xsi:type extension mechanism. While STIX has not defined a default type, it has provided support for passing proprietary or externally defined structured courses of action using the Generic Structured COA extension. The Generic Structured COA extension is captured in the GenericStructuredCOAType in the http://stix.mitre.org/extensions/StructuredCOA#Generic-1 namespace. This type is defined in the extensions/structured_coa/generic_structured_coa.xsd file or at the URL http://stix.mitre.org/XMLSchema/extensions/structured_coa/generic/1.1/generic_structured_coa.xsd.
						
					
					
						
							The Impact field characterizes the estimated impact of applying this CourseOfAction.
							It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is HighMediumLowVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
							Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
						
					
					
						
							The Cost field characterizes the estimated cost for applying this CourseOfAction.
							It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is HighMediumLowVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
							Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
						
					
					
						
							The Efficacy field characterizes the effectiveness of this CourseOfAction in achieving its targeted Objective.
							It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is HighMediumLowVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
							Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
						
					
					
						
							The Information_Source field details the source of this entry.
						
					
					
						
							The Handling field specifies the appropriate data handling markings for the elements of this COA. The valid marking scope is the nearest CourseOfActionBaseType ancestor of this Handling element and all its descendants.
						
					
					
						
							The Related_COAs field identifies or characterizes relationships to one or more related courses of action.
						
					
					
						
							The Related_Packages field identifies or characterizes relationships to set of related Packages.
							DEPRECATED: This field is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications.
							
								true
							
						
					
				
				
					
						Specifies the relevant STIX-COA schema version for this content.
					
				
			
		
	
	
	
		
			An enumeration of all versions of the Course of Action type valid in the current release of STIX.
		
		
			
			
			
			
			
		
	
	
		
			The StructuredCOAType enables the specification of an actionable structured representation for the CourseOfAction potentially for automated consumption and implementation.
			This type is defined as an abstract type and is intended to be extended using the XML Schema extension mechanism to allow for the expression of a variety of structured COA types. Instance documents representing structured COAs use the xsi:type attribute to specify which implementation of this type they wish to use.
			STIX has provided one implementation to allow for the passing of proprietary or externally defined structured courses of action in a CDATA block. This implementation is captured in the Generic Structured COA extension, which provides the GenericStructuredCOAType in the http://stix.mitre.org/extensions/StructuredCOA#Generic-1 namespace. The extension is defined in the extensions/structured_coa/generic.xsd file or at the URL http://stix.mitre.org/XMLSchema/extensions/structured_coa/generic/1.1/generic.xsd.
		
		
			
				Specifies a unique ID for this StructuredCOA.
			
		
		
			
				Specifies a reference to the ID for this StructuredCOA specified elsewhere.
				When idref is specified, the id attribute must not be specified, and any instance of this StructuredCOA should not hold content.
			
		
	
	
		
			The ObjectiveType characterizes the objective of this CourseOfAction.
		
		
			
				
					The Description field is optional and provides an unstructured, text description of the objective of this CourseOfAction.
				
			
			
				
					The Short_Description field is optional and provides a short, unstructured, text description of the objective of this CourseOfAction.
				
			
			
				
					The Applicability_Confidence field characterizes the level of confidence held in the applicability of this suggested COA for its targeted Objective.
				
			
		
	
	
		
			
				
					
						
							The Related_COA field specifies a single other course of action related to this course of action.