-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathcourse-of-action.xsd
197 lines (197 loc) · 19.5 KB
/
course-of-action.xsd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:coa="http://docs.oasis-open.org/cti/ns/stix/course-of-action-1" xmlns:stixCommon="http://docs.oasis-open.org/cti/ns/stix/common-1" xmlns:marking="http://docs.oasis-open.org/cti/ns/stix/data-marking-1" xmlns:cybox="http://docs.oasis-open.org/cti/ns/cybox/core-2" targetNamespace="http://docs.oasis-open.org/cti/ns/stix/course-of-action-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2.1" xml:lang="en">
<xs:annotation>
<xs:documentation> STIX[TM] Version 1.2.1. Committee Specification Draft 01 / Public Review Draft 01</xs:documentation>
<xs:appinfo>
<schema>STIX COA</schema>
<version>1.2.1</version>
<date>12/15/2015 9:00:00 AM</date>
<short_description>Structured Threat Information eXpression (STIX) - COA - Schematic implementation for the CourseOfAction construct within the STIX structured cyber threat expression language architecture.</short_description>
<terms_of_use>Copyright (c) OASIS Open 2016. All Rights Reserved.
Distributed under the terms of the OASIS IPR Policy, [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.</terms_of_use>
<terms_of_use> Portions copyright (c) United States Government 2012-2016. All Rights Reserved.
Source: http://docs.oasis-open.org/cti/stix/v1.2.1/csprd01/schemas/
Latest version of the specification: REPLACE_WITH_SPECIFICATION_URL
TC IPR Statement: https://www.oasis-open.org/committees/cti/ipr.php
</terms_of_use>
</xs:appinfo>
</xs:annotation>
<xs:import namespace="http://docs.oasis-open.org/cti/ns/stix/common-1" schemaLocation="common.xsd"/>
<xs:import namespace="http://docs.oasis-open.org/cti/ns/stix/data-marking-1" schemaLocation="data-marking.xsd"/>
<xs:import namespace="http://docs.oasis-open.org/cti/ns/cybox/core-2" schemaLocation="cybox/core.xsd"/>
<xs:element name="Course_Of_Action" type="coa:CourseOfActionType">
<xs:annotation>
<xs:documentation>The CourseOfAction field characterizes a Course of Action to be taken in regards to one of more cyber threats. NOTE: This construct is still in its early stages of maturity and will require a good deal of review and refinement.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:complexType name="CourseOfActionType">
<xs:annotation>
<xs:documentation>The CourseOfActionType characterizes a cyber threat-relevant course of action through informative (title and description), formally structured (type and parameter observables) and contextual (objective, efficacy, impact, cost) properties. CourseOfActionType extends CourseOfActionBaseType from the Common schema, which provides the essential identifier (id) and identifier reference (idref) properties.</xs:documentation>
</xs:annotation>
<xs:complexContent>
<xs:extension base="stixCommon:CourseOfActionBaseType">
<xs:sequence>
<xs:element name="Title" type="xs:string" minOccurs="0">
<xs:annotation>
<xs:documentation>The Title property captures a title for the Course of Action and reflects what the content producer thinks the Course of Action as a whole should be called. The Title property is typically used by humans to reference a particular Course of Action; however, it is not suggested for correlation.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Stage" type="stixCommon:ControlledVocabularyStringType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Stage property specifies what stage in the cyber threat management lifecycle this Course of Action is relevant to. Examples of potential stages include remedy and response (these specific values are only provided to help explain the property: they are neither recommended values nor necessarily part of any existing vocabulary).</xs:documentation>
<xs:documentation>This property is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is COAStageVocab-1.0 in the http://docs.oasis-open.org/cti/ns/stix/vocabularies-1 namespace. This type is defined in the vocabularies.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/vocabularies.xsd.</xs:documentation>
<xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use a string.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Type" type="stixCommon:ControlledVocabularyStringType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Type property specifies the type of action to be taken. Examples of potential types include redirection, eradication and public disclosure (these specific values are only provided to help explain the property: they are neither recommended values nor necessarily part of any existing vocabulary). </xs:documentation>
<xs:documentation>This property is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is CourseOfActionTypeVocab-1.0 in the http://docs.oasis-open.org/cti/ns/stix/vocabularies-1 namespace. This type is defined in the vocabularies.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/vocabularies.xsd.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The Description property captures a textual description of the Course of Action. Any length is permitted. Optional formatting is supported via the structuring_format property.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Short_Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The Short_Description property captures a short textual description of the Course of Action. This property is secondary and should only be used if the Description property is already populated and another, shorter description is available.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Objective" type="coa:ObjectiveType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Objective property characterizes the results that this Course of Action is intended to achieve.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Parameter_Observables" type="cybox:ObservablesType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Parameter_Observables property enables the specification of structured technical parameters to this Course of Action expressed using the CybOX Language. It is intended that the combination of the Course of Action Type and the Parameter_Observables could be used to define unambiguous and potentially automated courses of action.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Structured_COA" type="coa:StructuredCOAType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Structured_COA property characterizes an alternative actionable structured representation for the Course of Action potentially for automated consumption and implementation. Its underlying abstract type MUST be extended to enable the expression of a structured Course of Action.</xs:documentation>
<xs:documentation> This property is implemented through the xsi:type extension mechanism. While STIX has not defined a default type, it has provided support for passing proprietary or externally defined structured courses of action using the Generic Structured COA extension. The Generic Structured COA extension is captured in the GenericStructuredCOAType in the http://docs.oasis-open.org/cti/ns/stix/extensions/structured-coa/generic-1 namespace. This type is defined in the extensions/structured-coa/generic-structured-coa.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/extensions/structured-coa/generic-structured-coa.xsd.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Impact" type="stixCommon:StatementType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Impact property characterizes the estimated impact of applying a Course of Action to achieve its targeted objective, which includes a Value property that specifies the level of impact. Examples of potential levels include high, medium, and low (these specific values are only provided to help explain the Value property: they are neither recommended values nor necessarily part of any existing vocabulary).</xs:documentation>
<xs:documentation>It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is HighMediumLowVocab-1.0 in the http://docs.oasis-open.org/cti/ns/stix/vocabularies-1 namespace. This type is defined in the vocabularies.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/vocabularies.xsd.</xs:documentation>
<xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use a string.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Cost" type="stixCommon:StatementType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Cost property characterizes the estimated cost for applying a Course of Action to achieve its targeted objective, which includes a Value property that specifies the level of cost. Examples of potential levels include high, medium, and low (these specific values are only provided to help explain the Value property: they are neither recommended values nor necessarily part of any existing vocabulary).</xs:documentation>
<xs:documentation>It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is HighMediumLowVocab-1.0 in the http://docs.oasis-open.org/cti/ns/stix/vocabularies-1 namespace. This type is defined in the vocabularies.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/vocabularies.xsd.</xs:documentation>
<xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use a string.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Efficacy" type="stixCommon:StatementType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Efficacy property characterizes a measure of the likely effectiveness of a Course of Action to achieve its targeted objective, which includes a Value property that specifies the level of effectiveness. Examples of potential levels include high, medium, and low (these specific values are only provided to help explain the Value property: they are neither recommended values nor necessarily part of any existing vocabulary). </xs:documentation>
<xs:documentation>It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is HighMediumLowVocab-1.0 in the http://docs.oasis-open.org/cti/ns/stix/vocabularies-1 namespace. This type is defined in the vocabularies.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/vocabularies.xsd.</xs:documentation>
<xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use a string.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Information_Source" type="stixCommon:InformationSourceType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Information_Source property characterizes the source of the Course of Action information. Examples of details captured include identitifying characteristics, time-related attributes, and a list of tools used to collect the information.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Handling" type="marking:MarkingType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Handling property specifies the appropriate data handling markings for the properties of this Course of Action. The marking scope is limited to the Course of Action and the content it contains. Note that data handling markings can also be specified at a higher level.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Related_COAs" type="coa:RelatedCOAsType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Related_COAs property specifies a set of one or more other Course of Actions related to this Course of Action.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Related_Packages" type="stixCommon:RelatedPackageRefsType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Related_Packages property specifies a set of one or more STIX Packages that are related to the Course of Action. </xs:documentation>
<xs:documentation>DEPRECATED: This property is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications.</xs:documentation>
<xs:appinfo>
<deprecated>true</deprecated>
</xs:appinfo>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attribute name="version" type="coa:CourseOfActionVersionType">
<xs:annotation>
<xs:documentation>The version property specifies the version number of the STIX Course of Action data model used to capture the information associated with the Course of Action.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!---->
<xs:simpleType name="CourseOfActionVersionType">
<xs:annotation>
<xs:documentation>An enumeration of all versions of the Course of Action type valid in the current release of STIX.</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string">
<xs:enumeration value="stix-1.2.1" />
</xs:restriction>
</xs:simpleType>
<xs:complexType name="StructuredCOAType" abstract="true">
<xs:annotation>
<xs:documentation>The StructuredCOAType enables the specification of an alternative actionable structured representation for the CourseOfAction potentially for automated consumption and implementation.</xs:documentation>
<xs:documentation>This type is defined as an abstract type and is intended to be extended using the XML Schema extension mechanism to allow for the expression of a variety of structured COA types. Instance documents representing structured COAs use the xsi:type attribute to specify which implementation of this type they wish to use.</xs:documentation>
<xs:documentation>STIX has provided one implementation to allow for the passing of proprietary or externally defined structured courses of action in a CDATA block. This implementation is captured in the Generic Structured COA extension, which provides the GenericStructuredCOAType in the http://docs.oasis-open.org/cti/ns/stix/extensions/structured-coa/generic-1 namespace. The extension is defined in the extensions/structured-coa/generic-structured-coa.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/extensions/structured-coa/generic-structured-coa.xsd.</xs:documentation>
</xs:annotation>
<xs:attribute name="id" type="xs:QName">
<xs:annotation>
<xs:documentation>Specifies a unique ID for this StructuredCOA.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="idref" type="xs:QName">
<xs:annotation>
<xs:documentation>Specifies a reference to the ID for this StructuredCOA specified elsewhere.</xs:documentation>
<xs:documentation>When idref is specified, the id attribute must not be specified, and any instance of this StructuredCOA should not hold content.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
<xs:complexType name="ObjectiveType">
<xs:annotation>
<xs:documentation>The ObjectiveType characterizes the results that this Course of Action is intended to achieve.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The Description property captures a textual description of the objective of this Course of Action. Any length is permitted. Optional formatting is supported via the structuring_format property.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Short_Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The Short_Description property captures a short textual description of the objective of this Course of Action. This property is secondary and should only be used if the Description property is already populated and another, shorter description is available.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Applicability_Confidence" type="stixCommon:ConfidenceType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Applicability_Confidence property characterizes the level of confidence in the asserted applicability of the suggested Course of Action for its targeted objective.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="RelatedCOAsType">
<xs:annotation>
<xs:documentation>The RelatedCOAsType specifies a set of one or more other Course of Actions asserted to be related to this Course of Action and therefore is a self-referential relationship. It extends GenericRelationshipListType defined in the STIX Common data model, which specifics the scope (whether the elements of the set are related individually or as a group).</xs:documentation>
</xs:annotation>
<xs:complexContent>
<xs:extension base="stixCommon:GenericRelationshipListType">
<xs:sequence>
<xs:element name="Related_COA" type="stixCommon:RelatedCourseOfActionType" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The Related_COA property specifies another Course of Action associated with this Course of Action and characterizes the relationship between the Courses of Action by capturing information such as the level of confidence that the Courses of Actions are related, the source of the relationship information, and type of the relationship. A relationship between Courses of Action may represent assertions of general associativity or different versions of the same Course of Action.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:schema>