This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.
Element campaign:Campaign
Namespace
http://stix.mitre.org/Campaign-1
Annotations
The Campaign field characterizes a single cyber threat Campaign.
Specifies a timestamp for the definition of a specific version of a Campaign. When used in conjunction with the id, this field is specifying the definition time for the specific version of the Campaign. When used in conjunction with the idref, this field is specifying a reference to a specific version of a Campaign defined elsewhere. This field has no defined semantic meaning if used in the absence of either the id or idref fields.
Specifies the relevant STIX-Campaign schema version for this content.
Source
<xs:element name="Campaign" type="campaign:CampaignType"><xs:annotation><xs:documentation>The Campaign field characterizes a single cyber threat Campaign.</xs:documentation></xs:annotation></xs:element>
The Title field provides a simple title for this Campaign.
Diagram
Type
xs:string
Source
<xs:element name="Title" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>The Title field provides a simple title for this Campaign.</xs:documentation></xs:annotation></xs:element>
Specifies the intended order position of this construct instance (e.g. Description) within a set of potentially multiple peer construct instances. If only a single construct instance is present its ordinality can be assumed to be 1. If multiple construct instances are present, the ordinality field should be specified with unique values for each instance.
Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interferring with XML validation of the STIX document. If this attribute is absent, the implication is that no markup is being used.
Source
<xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Description field is optional and provides an unstructured, text description of this Campaign.</xs:documentation></xs:annotation></xs:element>
Specifies the intended order position of this construct instance (e.g. Description) within a set of potentially multiple peer construct instances. If only a single construct instance is present its ordinality can be assumed to be 1. If multiple construct instances are present, the ordinality field should be specified with unique values for each instance.
Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interferring with XML validation of the STIX document. If this attribute is absent, the implication is that no markup is being used.
Source
<xs:element name="Short_Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Short_Description field is optional and provides a short, unstructured, text description of this Campaign.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Names" type="campaign:NamesType" minOccurs="0"><xs:annotation><xs:documentation>The Names field specifies Names used to identify this Campaign. These may be either internal or external names.</xs:documentation></xs:annotation></xs:element>
The Name field specifies a Name used to identify this Campaign. This field can be used to capture various aliases used to identify this Campaign.
This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for STIX 1.2. Users may either define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a free string field.
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.
Source
<xs:element name="Name" type="stixCommon:ControlledVocabularyStringType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Name field specifies a Name used to identify this Campaign. This field can be used to capture various aliases used to identify this Campaign.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for STIX 1.2. Users may either define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a free string field.</xs:documentation></xs:annotation></xs:element>
The Intended_Effect field characterizes the intended effect of this cyber threat Campaign.
It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is IntendedEffectVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
Represents the precision of the associated timestamp value. If omitted, the default is "second", meaning the timestamp is precise to the full field value. Digits in the timestamp that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.
Source
<xs:element name="Intended_Effect" type="stixCommon:StatementType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Intended_Effect field characterizes the intended effect of this cyber threat Campaign.</xs:documentation><xs:documentation>It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is IntendedEffectVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.</xs:documentation><xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.</xs:documentation></xs:annotation></xs:element>
The status of this Campaign. For example, is the Campaign ongoing, historical, future, etc.
This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is CampaignStatusType in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.
Source
<xs:element name="Status" type="stixCommon:ControlledVocabularyStringType" minOccurs="0"><xs:annotation><xs:documentation>The status of this Campaign. For example, is the Campaign ongoing, historical, future, etc.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is CampaignStatusType in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.</xs:documentation><xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.</xs:documentation></xs:annotation></xs:element>
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:element name="Related_TTPs" type="campaign:RelatedTTPsType" minOccurs="0"><xs:annotation><xs:documentation>The Related_TTPs field specifies TTPs asserted to be related to this cyber threat Campaign.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Related_TTP" type="stixCommon:RelatedTTPType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Related_TTP field specifies a single TTP asserted to be related to this cyber threat Campaign.</xs:documentation></xs:annotation></xs:element>
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:element name="Related_Incidents" type="campaign:RelatedIncidentsType" minOccurs="0"><xs:annotation><xs:documentation>The Related_Incidents field identifies or characterizes one or more Incidents related to this cyber threat Campaign.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Related_Incident" type="stixCommon:RelatedIncidentType" maxOccurs="unbounded"><xs:annotation><xs:documentation>Identifies or characterizes an Incident related to this Campaign.</xs:documentation></xs:annotation></xs:element>
The Related_Indicators field identifies or characterizes one or more cyber threat Indicators related to this cyber threat Campaign.
NOTE: As of STIX Version 1.1, this field is deprecated and is scheduled to be removed in STIX Version 2.0. Relationships between indicators and campaigns should be represented using the Related_Campaigns field on IndicatorType unless legacy code or content requires the use of this field.
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:element name="Related_Indicators" type="campaign:RelatedIndicatorsType" minOccurs="0"><xs:annotation><xs:documentation>The Related_Indicators field identifies or characterizes one or more cyber threat Indicators related to this cyber threat Campaign.</xs:documentation><xs:documentation>NOTE: As of STIX Version 1.1, this field is deprecated and is scheduled to be removed in STIX Version 2.0. Relationships between indicators and campaigns should be represented using the Related_Campaigns field on IndicatorType unless legacy code or content requires the use of this field.</xs:documentation><xs:appinfo><deprecated>true</deprecated></xs:appinfo></xs:annotation></xs:element>
The Related_Indicator field identifies or characterizes a cyber threat Indicator related to this Campaign. Such loose associations between Campaigns and Indicators are typically part of the early phases of Campaign identification and characterization. As the Campaign characterization matures these associations are often used to identify relevant TTPs and/or Incidents associated with the Campaign.
<xs:element name="Related_Indicator" type="stixCommon:RelatedIndicatorType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Related_Indicator field identifies or characterizes a cyber threat Indicator related to this Campaign. Such loose associations between Campaigns and Indicators are typically part of the early phases of Campaign identification and characterization. As the Campaign characterization matures these associations are often used to identify relevant TTPs and/or Incidents associated with the Campaign.</xs:documentation></xs:annotation></xs:element>
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:element name="Attribution" type="campaign:AttributionType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Attribution field specifies assertions of attibuted Threat Actors for this cyber threat Campaign.</xs:documentation></xs:annotation></xs:element>
The Attributed_Threat_Actor field specifies a Threat Actor asserted to be attributed for a Campaign. The specification of multiple ThreatActor entries for a single Attribution entry would be interpreted as a logical AND composition of the set of specified ThreatActors with a shared Confidence and Information Source. This would be used to assert attribution to a combined set of ThreatActors.
<xs:element name="Attributed_Threat_Actor" type="stixCommon:RelatedThreatActorType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Attributed_Threat_Actor field specifies a Threat Actor asserted to be attributed for a Campaign. The specification of multiple ThreatActor entries for a single Attribution entry would be interpreted as a logical AND composition of the set of specified ThreatActors with a shared Confidence and Information Source. This would be used to assert attribution to a combined set of ThreatActors.</xs:documentation></xs:annotation></xs:element>
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:element name="Associated_Campaigns" type="campaign:AssociatedCampaignsType" minOccurs="0"><xs:annotation><xs:documentation>The Associated_Campaigns field specifies other cyber threat Campaigns asserted to be associated with this cyber threat Campaign.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Associated_Campaign" type="stixCommon:RelatedCampaignType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Associated_Campaign field specifies a single other cyber threat Campaign asserted to be associated with this cyber threat Campaign.</xs:documentation></xs:annotation></xs:element>
Represents the precision of the associated timestamp value. If omitted, the default is "second", meaning the timestamp is precise to the full field value. Digits in the timestamp that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.
Source
<xs:element name="Confidence" type="stixCommon:ConfidenceType" minOccurs="0"><xs:annotation><xs:documentation>The Confidence field characterizes the level of confidence held in the characterization of this Campaign.</xs:documentation></xs:annotation></xs:element>
The Activity field characterizes actions taken in regards to this Campaign. This field is defined as of type ActivityType which is an abstract type enabling the extension and inclusion of various formats of Activity characterization.
<xs:element name="Activity" type="stixCommon:ActivityType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Activity field characterizes actions taken in regards to this Campaign. This field is defined as of type ActivityType which is an abstract type enabling the extension and inclusion of various formats of Activity characterization.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Information_Source" type="stixCommon:InformationSourceType" minOccurs="0"><xs:annotation><xs:documentation>The Information_Source field details the source of this entry.</xs:documentation></xs:annotation></xs:element>
The Handling field specifies the appropriate data handling markings for the elements of this Campaign. The valid marking scope is the nearest CampaignBaseType ancestor of this Handling element and all its descendants.
<xs:element name="Handling" type="marking:MarkingType" minOccurs="0"><xs:annotation><xs:documentation>The Handling field specifies the appropriate data handling markings for the elements of this Campaign. The valid marking scope is the nearest CampaignBaseType ancestor of this Handling element and all its descendants.</xs:documentation></xs:annotation></xs:element>
The Related_Packages field identifies or characterizes relationships to set of related Packages.
DEPRECATED: This field is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications.
<xs:element name="Related_Packages" type="stixCommon:RelatedPackageRefsType" minOccurs="0"><xs:annotation><xs:documentation>The Related_Packages field identifies or characterizes relationships to set of related Packages.</xs:documentation><xs:documentation>DEPRECATED: This field is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications.</xs:documentation><xs:appinfo><deprecated>true</deprecated></xs:appinfo></xs:annotation></xs:element>
Complex Type campaign:CampaignType
Namespace
http://stix.mitre.org/Campaign-1
Annotations
Represents a single STIX Campaign.
Campaigns are instances of ThreatActors pursuing an intent, as observed through sets of Incidents and/or TTP, potentially across organizations. In a structured sense, Campaigns may consist of the suspected intended effect of the adversary, the related TTP leveraged within the Campaign, the related Incidents believed to be part of the Campaign, attribution to the ThreatActors believed responsible for the Campaign, other Campaigns believed related to the Campaign, confidence in the assertion of aggregated intent and characterization of the Campaign, activity taken in response to the Campaign, source of the Campaign information, handling guidance, etc.
Specifies a timestamp for the definition of a specific version of a Campaign. When used in conjunction with the id, this field is specifying the definition time for the specific version of the Campaign. When used in conjunction with the idref, this field is specifying a reference to a specific version of a Campaign defined elsewhere. This field has no defined semantic meaning if used in the absence of either the id or idref fields.
Specifies the relevant STIX-Campaign schema version for this content.
Source
<xs:complexType name="CampaignType"><xs:annotation><xs:documentation>Represents a single STIX Campaign.</xs:documentation><xs:documentation>Campaigns are instances of ThreatActors pursuing an intent, as observed through sets of Incidents and/or TTP, potentially across organizations. In a structured sense, Campaigns may consist of the suspected intended effect of the adversary, the related TTP leveraged within the Campaign, the related Incidents believed to be part of the Campaign, attribution to the ThreatActors believed responsible for the Campaign, other Campaigns believed related to the Campaign, confidence in the assertion of aggregated intent and characterization of the Campaign, activity taken in response to the Campaign, source of the Campaign information, handling guidance, etc.</xs:documentation></xs:annotation><xs:complexContent><xs:extension base="stixCommon:CampaignBaseType"><xs:sequence><xs:element name="Title" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>The Title field provides a simple title for this Campaign.</xs:documentation></xs:annotation></xs:element><xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Description field is optional and provides an unstructured, text description of this Campaign.</xs:documentation></xs:annotation></xs:element><xs:element name="Short_Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Short_Description field is optional and provides a short, unstructured, text description of this Campaign.</xs:documentation></xs:annotation></xs:element><xs:element name="Names" type="campaign:NamesType" minOccurs="0"><xs:annotation><xs:documentation>The Names field specifies Names used to identify this Campaign. These may be either internal or external names.</xs:documentation></xs:annotation></xs:element><xs:element name="Intended_Effect" type="stixCommon:StatementType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Intended_Effect field characterizes the intended effect of this cyber threat Campaign.</xs:documentation><xs:documentation>It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is IntendedEffectVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.</xs:documentation><xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.</xs:documentation></xs:annotation></xs:element><xs:element name="Status" type="stixCommon:ControlledVocabularyStringType" minOccurs="0"><xs:annotation><xs:documentation>The status of this Campaign. For example, is the Campaign ongoing, historical, future, etc.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is CampaignStatusType in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.</xs:documentation><xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.</xs:documentation></xs:annotation></xs:element><xs:element name="Related_TTPs" type="campaign:RelatedTTPsType" minOccurs="0"><xs:annotation><xs:documentation>The Related_TTPs field specifies TTPs asserted to be related to this cyber threat Campaign.</xs:documentation></xs:annotation></xs:element><xs:element name="Related_Incidents" type="campaign:RelatedIncidentsType" minOccurs="0"><xs:annotation><xs:documentation>The Related_Incidents field identifies or characterizes one or more Incidents related to this cyber threat Campaign.</xs:documentation></xs:annotation></xs:element><xs:element name="Related_Indicators" type="campaign:RelatedIndicatorsType" minOccurs="0"><xs:annotation><xs:documentation>The Related_Indicators field identifies or characterizes one or more cyber threat Indicators related to this cyber threat Campaign.</xs:documentation><xs:documentation>NOTE: As of STIX Version 1.1, this field is deprecated and is scheduled to be removed in STIX Version 2.0. Relationships between indicators and campaigns should be represented using the Related_Campaigns field on IndicatorType unless legacy code or content requires the use of this field.</xs:documentation><xs:appinfo><deprecated>true</deprecated></xs:appinfo></xs:annotation></xs:element><xs:element name="Attribution" type="campaign:AttributionType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Attribution field specifies assertions of attibuted Threat Actors for this cyber threat Campaign.</xs:documentation></xs:annotation></xs:element><xs:element name="Associated_Campaigns" type="campaign:AssociatedCampaignsType" minOccurs="0"><xs:annotation><xs:documentation>The Associated_Campaigns field specifies other cyber threat Campaigns asserted to be associated with this cyber threat Campaign.</xs:documentation></xs:annotation></xs:element><xs:element name="Confidence" type="stixCommon:ConfidenceType" minOccurs="0"><xs:annotation><xs:documentation>The Confidence field characterizes the level of confidence held in the characterization of this Campaign.</xs:documentation></xs:annotation></xs:element><xs:element name="Activity" type="stixCommon:ActivityType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Activity field characterizes actions taken in regards to this Campaign. This field is defined as of type ActivityType which is an abstract type enabling the extension and inclusion of various formats of Activity characterization.</xs:documentation></xs:annotation></xs:element><xs:element name="Information_Source" type="stixCommon:InformationSourceType" minOccurs="0"><xs:annotation><xs:documentation>The Information_Source field details the source of this entry.</xs:documentation></xs:annotation></xs:element><xs:element name="Handling" type="marking:MarkingType" minOccurs="0"><xs:annotation><xs:documentation>The Handling field specifies the appropriate data handling markings for the elements of this Campaign. The valid marking scope is the nearest CampaignBaseType ancestor of this Handling element and all its descendants.</xs:documentation></xs:annotation></xs:element><xs:element name="Related_Packages" type="stixCommon:RelatedPackageRefsType" minOccurs="0"><xs:annotation><xs:documentation>The Related_Packages field identifies or characterizes relationships to set of related Packages.</xs:documentation><xs:documentation>DEPRECATED: This field is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications.</xs:documentation><xs:appinfo><deprecated>true</deprecated></xs:appinfo></xs:annotation></xs:element></xs:sequence><xs:attribute name="version" type="campaign:CampaignVersionType"><xs:annotation><xs:documentation>Specifies the relevant STIX-Campaign schema version for this content.</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:complexContent></xs:complexType>
<xs:complexType name="NamesType"><xs:sequence><xs:element name="Name" type="stixCommon:ControlledVocabularyStringType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Name field specifies a Name used to identify this Campaign. This field can be used to capture various aliases used to identify this Campaign.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for STIX 1.2. Users may either define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a free string field.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:complexType name="RelatedTTPsType"><xs:complexContent><xs:extension base="stixCommon:GenericRelationshipListType"><xs:sequence><xs:element name="Related_TTP" type="stixCommon:RelatedTTPType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Related_TTP field specifies a single TTP asserted to be related to this cyber threat Campaign.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:extension></xs:complexContent></xs:complexType>
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:complexType name="RelatedIncidentsType"><xs:complexContent><xs:extension base="stixCommon:GenericRelationshipListType"><xs:sequence><xs:element name="Related_Incident" type="stixCommon:RelatedIncidentType" maxOccurs="unbounded"><xs:annotation><xs:documentation>Identifies or characterizes an Incident related to this Campaign.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:extension></xs:complexContent></xs:complexType>
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:complexType name="RelatedIndicatorsType"><xs:complexContent><xs:extension base="stixCommon:GenericRelationshipListType"><xs:sequence><xs:element name="Related_Indicator" type="stixCommon:RelatedIndicatorType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Related_Indicator field identifies or characterizes a cyber threat Indicator related to this Campaign. Such loose associations between Campaigns and Indicators are typically part of the early phases of Campaign identification and characterization. As the Campaign characterization matures these associations are often used to identify relevant TTPs and/or Incidents associated with the Campaign.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:extension></xs:complexContent></xs:complexType>
Complex Type campaign:AttributionType
Namespace
http://stix.mitre.org/Campaign-1
Annotations
AttributionType specifies suspected Threat Actors attributed to a given Campaign.
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:complexType name="AttributionType"><xs:annotation><xs:documentation>AttributionType specifies suspected Threat Actors attributed to a given Campaign.</xs:documentation></xs:annotation><xs:complexContent><xs:extension base="stixCommon:GenericRelationshipListType"><xs:sequence><xs:element name="Attributed_Threat_Actor" type="stixCommon:RelatedThreatActorType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Attributed_Threat_Actor field specifies a Threat Actor asserted to be attributed for a Campaign. The specification of multiple ThreatActor entries for a single Attribution entry would be interpreted as a logical AND composition of the set of specified ThreatActors with a shared Confidence and Information Source. This would be used to assert attribution to a combined set of ThreatActors.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:extension></xs:complexContent></xs:complexType>
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:complexType name="AssociatedCampaignsType"><xs:complexContent><xs:extension base="stixCommon:GenericRelationshipListType"><xs:sequence><xs:element name="Associated_Campaign" type="stixCommon:RelatedCampaignType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Associated_Campaign field specifies a single other cyber threat Campaign asserted to be associated with this cyber threat Campaign.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:extension></xs:complexContent></xs:complexType>
Simple Type campaign:CampaignVersionType
Namespace
http://stix.mitre.org/Campaign-1
Annotations
An enumeration of all versions of the Campaign type valid in the current release of STIX.
<xs:simpleType name="CampaignVersionType"><xs:annotation><xs:documentation>An enumeration of all versions of the Campaign type valid in the current release of STIX.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="1.0"/><xs:enumeration value="1.0.1"/><xs:enumeration value="1.1"/><xs:enumeration value="1.1.1"/><xs:enumeration value="1.2"/></xs:restriction></xs:simpleType>
<xs:attribute name="version" type="campaign:CampaignVersionType"><xs:annotation><xs:documentation>Specifies the relevant STIX-Campaign schema version for this content.</xs:documentation></xs:annotation></xs:attribute>