schemas.v1.2.0.report.xsd Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of stix Show documentation
Show all versions of stix Show documentation
The Java bindings for STIX v.1.2.0.2
The newest version!
This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.
STIX Report
1.0
05/15/2015 9:00:00 AM
Structured Threat Information eXpression (STIX) - Schematic implementation for a structured cyber threat expression language architecture.
Copyright (c) 2012-2015, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included.
The Report construct gives context to a grouping of STIX content.
ReportType defines a contextual wrapper for a grouping of STIX content.
The Header field provides the contextual information for this grouping of STIX content.
Characterizes one or more cyber observables.
Characterizes one or more cyber threat Indicators.
Characterizes one or more cyber threat adversary Tactics, Techniques or Procedures.
Characterizes one or more potential targets for exploitation.
Characterizes one or more cyber threat Incidents.
Characterizes Courses of Action to be taken in regards to one of more cyber threats.
Characterizes one or more cyber threat Campaigns.
Characterizes one or more cyber Threat Actors.
Characterizes one or more relationships to other Reports.
Specifies the relevant Report schema version for this content.
An enumeration of all versions of Report types valid in the current release of STIX.
The HeaderType provides a structure for characterizing the contextual information in a Report of STIX content.
The Title field provides a simple title for this Report.
The Intent field characterizes the intended purpose(s) or use(s) for this Report.
This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ReportIntentVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
The Description field provides a description of this Report.
The Short_Description field provides a short description of this Report.
Specifies the relevant handling guidance for this Report. The valid marking scope is the nearest ReportType ancestor of this Handling element and all its descendants.
The Information_Source field details the source of this Report, including time information as well as information about the producer, contributors, tools, and references.
Characterizes a single cyber threat Indicator.
This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is IndicatorType in the http://stix.mitre.org/Indicator-2 namespace. This type is defined in the indicator.xsd file or at the URL http://stix.mitre.org/XMLSchema/indicator/2.2/indicator.xsd.
Characterizes a single cyber threat adversary Tactic, Technique or Procedure.
This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is TTPType in the http://stix.mitre.org/TTP-1 namespace. This type is defined in the ttp.xsd file or at the URL http://stix.mitre.org/XMLSchema/ttp/1.2/ttp.xsd.
Identifies or characterizes a single cyber threat Incident.
This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is IncidentType in the http://stix.mitre.org/Incident-1 namespace. This type is defined in the incident.xsd file or at the URL http://stix.mitre.org/XMLSchema/incident/1.2/incident.xsd.
The Course_Of_Action field characterizes a Course of Action to be taken in regards to one of more cyber threats.
This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is CourseOfActionType in the http://stix.mitre.org/CourseOfAction-1 namespace. This type is defined in the course_of_action.xsd file or at the URL http://stix.mitre.org/XMLSchema/course_of_action/1.2/course_of_action.xsd.
Characterizes a single cyber threat Campaign.
This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is CampaignType in the http://stix.mitre.org/Campaign-1 namespace. This type is defined in the campaign.xsd file or at the URL http://stix.mitre.org/XMLSchema/campaign/1.2/campaign.xsd.
Characterizes a single cyber Threat Actor.
This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is ThreatActorType in the http://stix.mitre.org/ThreatActor-1 namespace. This type is defined in the threat_actor.xsd file or at the URL http://stix.mitre.org/XMLSchema/threat_actor/1.2/threat_actor.xsd.
The Related_Report field is optional and enables content producers to express a relationship between the enclosing report (i.e., the subject of the relationship) and a disparate report (i.e., the object side of the relationship).