Showing:

Annotations
Attributes
Diagrams
Facets
Source
Used by
Main schema campaign.xsd
Namespace http://stix.mitre.org/Campaign-1
Annotations
This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.
Element campaign:Campaign
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Campaign field characterizes a single cyber threat Campaign.
Diagram
Diagram stix_common_xsd.tmp#CampaignBaseType_id stix_common_xsd.tmp#CampaignBaseType_idref stix_common_xsd.tmp#CampaignBaseType_timestamp stix_common_xsd.tmp#CampaignBaseType campaign_xsd.tmp#CampaignType_version campaign_xsd.tmp#CampaignType_Title campaign_xsd.tmp#CampaignType_Description campaign_xsd.tmp#CampaignType_Short_Description campaign_xsd.tmp#CampaignType_Names campaign_xsd.tmp#CampaignType_Intended_Effect campaign_xsd.tmp#CampaignType_Status campaign_xsd.tmp#CampaignType_Related_TTPs campaign_xsd.tmp#CampaignType_Related_Incidents campaign_xsd.tmp#CampaignType_Related_Indicators campaign_xsd.tmp#CampaignType_Attribution campaign_xsd.tmp#CampaignType_Associated_Campaigns campaign_xsd.tmp#CampaignType_Confidence campaign_xsd.tmp#CampaignType_Activity campaign_xsd.tmp#CampaignType_Information_Source campaign_xsd.tmp#CampaignType_Handling campaign_xsd.tmp#CampaignType_Related_Packages campaign_xsd.tmp#CampaignType
Type campaign:CampaignType
Type hierarchy
Children campaign:Activity, campaign:Associated_Campaigns, campaign:Attribution, campaign:Confidence, campaign:Description, campaign:Handling, campaign:Information_Source, campaign:Intended_Effect, campaign:Names, campaign:Related_Incidents, campaign:Related_Indicators, campaign:Related_Packages, campaign:Related_TTPs, campaign:Short_Description, campaign:Status, campaign:Title
Attributes
QName Type Use Annotation
id xs:QName optional
Specifies a globally unique identifier for this cyber threat Campaign.
idref xs:QName optional
Specifies a globally unique identifier for a cyber threat Campaign specified elsewhere.
When idref is specified, the id attribute must not be specified, and any instance of this Campaign should not hold content.
timestamp xs:dateTime optional
Specifies a timestamp for the definition of a specific version of a Campaign. When used in conjunction with the id, this field is specifying the definition time for the specific version of the  Campaign. When used in conjunction with the idref, this field is specifying a reference to a specific version of a Campaign defined elsewhere. This field has no defined semantic meaning if used in the absence of either the id or idref fields.
version campaign:CampaignVersionType optional
Specifies the relevant STIX-Campaign schema version for this content.
Source
<xs:element name="Campaign" type="campaign:CampaignType">
  <xs:annotation>
    <xs:documentation>The Campaign field characterizes a single cyber threat Campaign.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:CampaignType / campaign:Title
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Title field provides a simple title for this Campaign.
Diagram
Diagram
Type xs:string
Source
<xs:element name="Title" type="xs:string" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Title field provides a simple title for this Campaign.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:CampaignType / campaign:Description
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Description field is optional and provides an unstructured, text description of this Campaign.
Diagram
Diagram stix_common_xsd.tmp#StructuredTextType_id stix_common_xsd.tmp#StructuredTextType_ordinality stix_common_xsd.tmp#StructuredTextType_structuring_format stix_common_xsd.tmp#StructuredTextType
Type stixCommon:StructuredTextType
Attributes
QName Type Use Annotation
id xs:QName optional
Specifies a globally unique identifier for this Description.
ordinality xs:positiveInteger optional
Specifies the intended order position of this construct instance (e.g. Description) within a set of potentially multiple peer construct instances. If only a single construct instance is present its ordinality can be assumed to be 1. If multiple construct instances are present, the ordinality field should be specified with unique values for each instance.
structuring_format xs:string optional
Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interferring with XML validation of the STIX document. If this attribute is absent, the implication is that no markup is being used.
Source
<xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Description field is optional and provides an unstructured, text description of this Campaign.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:CampaignType / campaign:Short_Description
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Short_Description field is optional and provides a short, unstructured, text description of this Campaign.
Diagram
Diagram stix_common_xsd.tmp#StructuredTextType_id stix_common_xsd.tmp#StructuredTextType_ordinality stix_common_xsd.tmp#StructuredTextType_structuring_format stix_common_xsd.tmp#StructuredTextType
Type stixCommon:StructuredTextType
Attributes
QName Type Use Annotation
id xs:QName optional
Specifies a globally unique identifier for this Description.
ordinality xs:positiveInteger optional
Specifies the intended order position of this construct instance (e.g. Description) within a set of potentially multiple peer construct instances. If only a single construct instance is present its ordinality can be assumed to be 1. If multiple construct instances are present, the ordinality field should be specified with unique values for each instance.
structuring_format xs:string optional
Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interferring with XML validation of the STIX document. If this attribute is absent, the implication is that no markup is being used.
Source
<xs:element name="Short_Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Short_Description field is optional and provides a short, unstructured, text description of this Campaign.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:CampaignType / campaign:Names
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Names field specifies Names used to identify this Campaign. These may be either internal or external names.
Diagram
Diagram campaign_xsd.tmp#NamesType_Name campaign_xsd.tmp#NamesType
Type campaign:NamesType
Children campaign:Name
Source
<xs:element name="Names" type="campaign:NamesType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Names field specifies Names used to identify this Campaign. These may be either internal or external names.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:NamesType / campaign:Name
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Name field specifies a Name used to identify this Campaign. This field can be used to capture various aliases used to identify this Campaign.
This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for STIX 1.2. Users may either define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a free string field.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType
Type stixCommon:ControlledVocabularyStringType
Attributes
QName Type Use Annotation
vocab_name xs:string optional
The vocab_name field specifies the name of the controlled vocabulary.
vocab_reference xs:anyURI optional
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.
Source
<xs:element name="Name" type="stixCommon:ControlledVocabularyStringType" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Name field specifies a Name used to identify this Campaign. This field can be used to capture various aliases used to identify this Campaign.</xs:documentation>
    <xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for STIX 1.2. Users may either define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a free string field.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:CampaignType / campaign:Intended_Effect
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Intended_Effect field characterizes the intended effect of this cyber threat Campaign.
It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is IntendedEffectVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
Diagram
Diagram stix_common_xsd.tmp#StatementType_timestamp stix_common_xsd.tmp#StatementType_timestamp_precision stix_common_xsd.tmp#StatementType_Value stix_common_xsd.tmp#StatementType_Description stix_common_xsd.tmp#StatementType_Source stix_common_xsd.tmp#StatementType_Confidence stix_common_xsd.tmp#StatementType
Type stixCommon:StatementType
Children stixCommon:Confidence, stixCommon:Description, stixCommon:Source, stixCommon:Value
Attributes
QName Type Default Use Annotation
timestamp xs:dateTime optional
Specifies the time this statement was asserted.
In order to avoid ambiguity, it is strongly suggest that all timestamps include a specification of the timezone if it is known.
timestamp_precision stixCommon:DateTimePrecisionEnum second optional
Represents the precision of the associated timestamp value. If omitted, the default is "second", meaning the timestamp is precise to the full field value. Digits in the timestamp that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.
Source
<xs:element name="Intended_Effect" type="stixCommon:StatementType" minOccurs="0" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Intended_Effect field characterizes the intended effect of this cyber threat Campaign.</xs:documentation>
    <xs:documentation>It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is IntendedEffectVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.</xs:documentation>
    <xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:CampaignType / campaign:Status
Namespace http://stix.mitre.org/Campaign-1
Annotations
The status of this Campaign. For example, is the Campaign ongoing, historical, future, etc.
This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is CampaignStatusType in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType
Type stixCommon:ControlledVocabularyStringType
Attributes
QName Type Use Annotation
vocab_name xs:string optional
The vocab_name field specifies the name of the controlled vocabulary.
vocab_reference xs:anyURI optional
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.
Source
<xs:element name="Status" type="stixCommon:ControlledVocabularyStringType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The status of this Campaign. For example, is the Campaign ongoing, historical, future, etc.</xs:documentation>
    <xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is CampaignStatusType in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.</xs:documentation>
    <xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:CampaignType / campaign:Related_TTPs
Namespace http://stix.mitre.org/Campaign-1
Annotations
Diagram
Type campaign:RelatedTTPsType
Type hierarchy
Children campaign:Related_TTP
Attributes
Source
Element campaign:RelatedTTPsType / campaign:Related_TTP
Namespace http://stix.mitre.org/Campaign-1
Annotations
Diagram
Type stixCommon:RelatedTTPType
Type hierarchy
Children stixCommon:Confidence, stixCommon:Information_Source, stixCommon:Relationship, stixCommon:TTP
Source
Element campaign:CampaignType / campaign:Related_Incidents
Namespace http://stix.mitre.org/Campaign-1
Annotations
Diagram
Type campaign:RelatedIncidentsType
Type hierarchy
Children campaign:Related_Incident
Attributes
Source
Element campaign:RelatedIncidentsType / campaign:Related_Incident
Namespace http://stix.mitre.org/Campaign-1
Annotations
Diagram
Type stixCommon:RelatedIncidentType
Type hierarchy
Children stixCommon:Confidence, stixCommon:Incident, stixCommon:Information_Source, stixCommon:Relationship
Source
Element campaign:CampaignType / campaign:Related_Indicators
Namespace http://stix.mitre.org/Campaign-1
Annotations
Diagram
Type campaign:RelatedIndicatorsType
Type hierarchy
Children campaign:Related_Indicator
Attributes
Source
Element campaign:RelatedIndicatorsType / campaign:Related_Indicator
Namespace http://stix.mitre.org/Campaign-1
Annotations
Diagram
Type stixCommon:RelatedIndicatorType
Type hierarchy
Children stixCommon:Confidence, stixCommon:Indicator, stixCommon:Information_Source, stixCommon:Relationship
Source
Element campaign:CampaignType / campaign:Attribution
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Attribution field specifies assertions of attibuted Threat Actors for this cyber threat Campaign.
Diagram
Diagram stix_common_xsd.tmp#GenericRelationshipListType_scope stix_common_xsd.tmp#GenericRelationshipListType campaign_xsd.tmp#AttributionType_Attributed_Threat_Actor campaign_xsd.tmp#AttributionType
Type campaign:AttributionType
Type hierarchy
Children campaign:Attributed_Threat_Actor
Attributes
QName Type Default Use Annotation
scope stixCommon:RelationshipScopeEnum exclusive optional
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:element name="Attribution" type="campaign:AttributionType" minOccurs="0" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Attribution field specifies assertions of attibuted Threat Actors for this cyber threat Campaign.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:AttributionType / campaign:Attributed_Threat_Actor
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Attributed_Threat_Actor field specifies a Threat Actor asserted to be attributed for a Campaign. The specification of multiple ThreatActor entries for a single Attribution entry would be interpreted as a logical AND composition of the set of specified ThreatActors with a shared Confidence and Information Source. This would be used to assert attribution to a combined set of ThreatActors.
Diagram
Diagram stix_common_xsd.tmp#GenericRelationshipType_Confidence stix_common_xsd.tmp#GenericRelationshipType_Information_Source stix_common_xsd.tmp#GenericRelationshipType_Relationship stix_common_xsd.tmp#GenericRelationshipType stix_common_xsd.tmp#RelatedThreatActorType_Threat_Actor stix_common_xsd.tmp#RelatedThreatActorType
Type stixCommon:RelatedThreatActorType
Type hierarchy
Children stixCommon:Confidence, stixCommon:Information_Source, stixCommon:Relationship, stixCommon:Threat_Actor
Source
<xs:element name="Attributed_Threat_Actor" type="stixCommon:RelatedThreatActorType" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Attributed_Threat_Actor field specifies a Threat Actor asserted to be attributed for a Campaign. The specification of multiple ThreatActor entries for a single Attribution entry would be interpreted as a logical AND composition of the set of specified ThreatActors with a shared Confidence and Information Source. This would be used to assert attribution to a combined set of ThreatActors.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:CampaignType / campaign:Associated_Campaigns
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Associated_Campaigns field specifies other cyber threat Campaigns asserted to be associated with this cyber threat Campaign.
Diagram
Diagram stix_common_xsd.tmp#GenericRelationshipListType_scope stix_common_xsd.tmp#GenericRelationshipListType campaign_xsd.tmp#AssociatedCampaignsType_Associated_Campaign campaign_xsd.tmp#AssociatedCampaignsType
Type campaign:AssociatedCampaignsType
Type hierarchy
Children campaign:Associated_Campaign
Attributes
QName Type Default Use Annotation
scope stixCommon:RelationshipScopeEnum exclusive optional
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:element name="Associated_Campaigns" type="campaign:AssociatedCampaignsType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Associated_Campaigns field specifies other cyber threat Campaigns asserted to be associated with this cyber threat Campaign.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:AssociatedCampaignsType / campaign:Associated_Campaign
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Associated_Campaign field specifies a single other cyber threat Campaign asserted to be associated with this cyber threat Campaign.
Diagram
Diagram stix_common_xsd.tmp#GenericRelationshipType_Confidence stix_common_xsd.tmp#GenericRelationshipType_Information_Source stix_common_xsd.tmp#GenericRelationshipType_Relationship stix_common_xsd.tmp#GenericRelationshipType stix_common_xsd.tmp#RelatedCampaignType_Campaign stix_common_xsd.tmp#RelatedCampaignType
Type stixCommon:RelatedCampaignType
Type hierarchy
Children stixCommon:Campaign, stixCommon:Confidence, stixCommon:Information_Source, stixCommon:Relationship
Source
<xs:element name="Associated_Campaign" type="stixCommon:RelatedCampaignType" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Associated_Campaign field specifies a single other cyber threat Campaign asserted to be associated with this cyber threat Campaign.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:CampaignType / campaign:Confidence
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Confidence field characterizes the level of confidence held in the characterization of this Campaign.
Diagram
Diagram stix_common_xsd.tmp#ConfidenceType_timestamp stix_common_xsd.tmp#ConfidenceType_timestamp_precision stix_common_xsd.tmp#ConfidenceType_Value stix_common_xsd.tmp#ConfidenceType_Description stix_common_xsd.tmp#ConfidenceType_Source stix_common_xsd.tmp#ConfidenceType_Confidence_Assertion_Chain stix_common_xsd.tmp#ConfidenceType
Type stixCommon:ConfidenceType
Children stixCommon:Confidence_Assertion_Chain, stixCommon:Description, stixCommon:Source, stixCommon:Value
Attributes
QName Type Default Use Annotation
timestamp xs:dateTime optional
Specifies the time of this Confidence assertion.
In order to avoid ambiguity, it is strongly suggest that all timestamps include a specification of the timezone if it is known.
timestamp_precision stixCommon:DateTimePrecisionEnum second optional
Represents the precision of the associated timestamp value. If omitted, the default is "second", meaning the timestamp is precise to the full field value. Digits in the timestamp that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.
Source
<xs:element name="Confidence" type="stixCommon:ConfidenceType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Confidence field characterizes the level of confidence held in the characterization of this Campaign.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:CampaignType / campaign:Activity
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Activity field characterizes actions taken in regards to this Campaign. This field is defined as of type ActivityType which is an abstract type enabling the extension and inclusion of various formats of Activity characterization.
Diagram
Diagram stix_common_xsd.tmp#ActivityType_Date_Time stix_common_xsd.tmp#ActivityType_Description stix_common_xsd.tmp#ActivityType
Type stixCommon:ActivityType
Children stixCommon:Date_Time, stixCommon:Description
Source
<xs:element name="Activity" type="stixCommon:ActivityType" minOccurs="0" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Activity field characterizes actions taken in regards to this Campaign. This field is defined as of type ActivityType which is an abstract type enabling the extension and inclusion of various formats of Activity characterization.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:CampaignType / campaign:Information_Source
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Information_Source field details the source of this entry.
Diagram
Diagram stix_common_xsd.tmp#InformationSourceType_Description stix_common_xsd.tmp#InformationSourceType_Identity stix_common_xsd.tmp#InformationSourceType_Role stix_common_xsd.tmp#InformationSourceType_Contributing_Sources stix_common_xsd.tmp#InformationSourceType_Time stix_common_xsd.tmp#InformationSourceType_Tools stix_common_xsd.tmp#InformationSourceType_References stix_common_xsd.tmp#InformationSourceType
Type stixCommon:InformationSourceType
Children stixCommon:Contributing_Sources, stixCommon:Description, stixCommon:Identity, stixCommon:References, stixCommon:Role, stixCommon:Time, stixCommon:Tools
Source
<xs:element name="Information_Source" type="stixCommon:InformationSourceType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Information_Source field details the source of this entry.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:CampaignType / campaign:Handling
Namespace http://stix.mitre.org/Campaign-1
Annotations
The Handling field specifies the appropriate data handling markings for the elements of this Campaign. The valid marking scope is the nearest CampaignBaseType ancestor of this Handling element and all its descendants.
Diagram
Diagram data_marking_xsd.tmp#MarkingType_Marking data_marking_xsd.tmp#MarkingType
Type marking:MarkingType
Children marking:Marking
Source
<xs:element name="Handling" type="marking:MarkingType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Handling field specifies the appropriate data handling markings for the elements of this Campaign. The valid marking scope is the nearest CampaignBaseType ancestor of this Handling element and all its descendants.</xs:documentation>
  </xs:annotation>
</xs:element>
Element campaign:CampaignType / campaign:Related_Packages
Namespace http://stix.mitre.org/Campaign-1
Annotations
Diagram
Type stixCommon:RelatedPackageRefsType
Children stixCommon:Package_Reference
Source
Complex Type campaign:CampaignType
Namespace http://stix.mitre.org/Campaign-1
Annotations
Represents a single STIX Campaign.
Campaigns are instances of ThreatActors pursuing an intent, as observed through sets of Incidents and/or TTP, potentially across organizations. In a structured sense, Campaigns may consist of the suspected intended effect of the adversary, the related TTP leveraged within the Campaign, the related Incidents believed to be part of the Campaign, attribution to the ThreatActors believed responsible for the Campaign, other Campaigns believed related to the Campaign, confidence in the assertion of aggregated intent and characterization of the Campaign, activity taken in response to the Campaign, source of the Campaign information, handling guidance, etc.
Diagram
Diagram stix_common_xsd.tmp#CampaignBaseType_id stix_common_xsd.tmp#CampaignBaseType_idref stix_common_xsd.tmp#CampaignBaseType_timestamp stix_common_xsd.tmp#CampaignBaseType campaign_xsd.tmp#CampaignType_version campaign_xsd.tmp#CampaignType_Title campaign_xsd.tmp#CampaignType_Description campaign_xsd.tmp#CampaignType_Short_Description campaign_xsd.tmp#CampaignType_Names campaign_xsd.tmp#CampaignType_Intended_Effect campaign_xsd.tmp#CampaignType_Status campaign_xsd.tmp#CampaignType_Related_TTPs campaign_xsd.tmp#CampaignType_Related_Incidents campaign_xsd.tmp#CampaignType_Related_Indicators campaign_xsd.tmp#CampaignType_Attribution campaign_xsd.tmp#CampaignType_Associated_Campaigns campaign_xsd.tmp#CampaignType_Confidence campaign_xsd.tmp#CampaignType_Activity campaign_xsd.tmp#CampaignType_Information_Source campaign_xsd.tmp#CampaignType_Handling campaign_xsd.tmp#CampaignType_Related_Packages
Type extension of stixCommon:CampaignBaseType
Type hierarchy
Used by
Children campaign:Activity, campaign:Associated_Campaigns, campaign:Attribution, campaign:Confidence, campaign:Description, campaign:Handling, campaign:Information_Source, campaign:Intended_Effect, campaign:Names, campaign:Related_Incidents, campaign:Related_Indicators, campaign:Related_Packages, campaign:Related_TTPs, campaign:Short_Description, campaign:Status, campaign:Title
Attributes
QName Type Use Annotation
id xs:QName optional
Specifies a globally unique identifier for this cyber threat Campaign.
idref xs:QName optional
Specifies a globally unique identifier for a cyber threat Campaign specified elsewhere.
When idref is specified, the id attribute must not be specified, and any instance of this Campaign should not hold content.
timestamp xs:dateTime optional
Specifies a timestamp for the definition of a specific version of a Campaign. When used in conjunction with the id, this field is specifying the definition time for the specific version of the  Campaign. When used in conjunction with the idref, this field is specifying a reference to a specific version of a Campaign defined elsewhere. This field has no defined semantic meaning if used in the absence of either the id or idref fields.
version campaign:CampaignVersionType optional
Specifies the relevant STIX-Campaign schema version for this content.
Source
<xs:complexType name="CampaignType">
  <xs:annotation>
    <xs:documentation>Represents a single STIX Campaign.</xs:documentation>
    <xs:documentation>Campaigns are instances of ThreatActors pursuing an intent, as observed through sets of Incidents and/or TTP, potentially across organizations. In a structured sense, Campaigns may consist of the suspected intended effect of the adversary, the related TTP leveraged within the Campaign, the related Incidents believed to be part of the Campaign, attribution to the ThreatActors believed responsible for the Campaign, other Campaigns believed related to the Campaign, confidence in the assertion of aggregated intent and characterization of the Campaign, activity taken in response to the Campaign, source of the Campaign information, handling guidance, etc.</xs:documentation>
  </xs:annotation>
  <xs:complexContent>
    <xs:extension base="stixCommon:CampaignBaseType">
      <xs:sequence>
        <xs:element name="Title" type="xs:string" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Title field provides a simple title for this Campaign.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded">
          <xs:annotation>
            <xs:documentation>The Description field is optional and provides an unstructured, text description of this Campaign.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Short_Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded">
          <xs:annotation>
            <xs:documentation>The Short_Description field is optional and provides a short, unstructured, text description of this Campaign.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Names" type="campaign:NamesType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Names field specifies Names used to identify this Campaign. These may be either internal or external names.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Intended_Effect" type="stixCommon:StatementType" minOccurs="0" maxOccurs="unbounded">
          <xs:annotation>
            <xs:documentation>The Intended_Effect field characterizes the intended effect of this cyber threat Campaign.</xs:documentation>
            <xs:documentation>It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is IntendedEffectVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.</xs:documentation>
            <xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Status" type="stixCommon:ControlledVocabularyStringType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The status of this Campaign. For example, is the Campaign ongoing, historical, future, etc.</xs:documentation>
            <xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is CampaignStatusType in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.</xs:documentation>
            <xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Related_TTPs" type="campaign:RelatedTTPsType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Related_TTPs field specifies TTPs asserted to be related to this cyber threat Campaign.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Related_Incidents" type="campaign:RelatedIncidentsType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Related_Incidents field identifies or characterizes one or more Incidents related to this cyber threat Campaign.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Related_Indicators" type="campaign:RelatedIndicatorsType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Related_Indicators field identifies or characterizes one or more cyber threat Indicators related to this cyber threat Campaign.</xs:documentation>
            <xs:documentation>NOTE: As of STIX Version 1.1, this field is deprecated and is scheduled to be removed in STIX Version 2.0. Relationships between indicators and campaigns should be represented using the Related_Campaigns field on IndicatorType unless legacy code or content requires the use of this field.</xs:documentation>
            <xs:appinfo>
              <deprecated>true</deprecated>
            </xs:appinfo>
          </xs:annotation>
        </xs:element>
        <xs:element name="Attribution" type="campaign:AttributionType" minOccurs="0" maxOccurs="unbounded">
          <xs:annotation>
            <xs:documentation>The Attribution field specifies assertions of attibuted Threat Actors for this cyber threat Campaign.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Associated_Campaigns" type="campaign:AssociatedCampaignsType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Associated_Campaigns field specifies other cyber threat Campaigns asserted to be associated with this cyber threat Campaign.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Confidence" type="stixCommon:ConfidenceType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Confidence field characterizes the level of confidence held in the characterization of this Campaign.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Activity" type="stixCommon:ActivityType" minOccurs="0" maxOccurs="unbounded">
          <xs:annotation>
            <xs:documentation>The Activity field characterizes actions taken in regards to this Campaign. This field is defined as of type ActivityType which is an abstract type enabling the extension and inclusion of various formats of Activity characterization.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Information_Source" type="stixCommon:InformationSourceType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Information_Source field details the source of this entry.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Handling" type="marking:MarkingType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Handling field specifies the appropriate data handling markings for the elements of this Campaign. The valid marking scope is the nearest CampaignBaseType ancestor of this Handling element and all its descendants.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Related_Packages" type="stixCommon:RelatedPackageRefsType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Related_Packages field identifies or characterizes relationships to set of related Packages.</xs:documentation>
            <xs:documentation>DEPRECATED: This field is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications.</xs:documentation>
            <xs:appinfo>
              <deprecated>true</deprecated>
            </xs:appinfo>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
      <xs:attribute name="version" type="campaign:CampaignVersionType">
        <xs:annotation>
          <xs:documentation>Specifies the relevant STIX-Campaign schema version for this content.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Complex Type campaign:NamesType
Namespace http://stix.mitre.org/Campaign-1
Diagram
Diagram campaign_xsd.tmp#NamesType_Name
Used by
Children campaign:Name
Source
<xs:complexType name="NamesType">
  <xs:sequence>
    <xs:element name="Name" type="stixCommon:ControlledVocabularyStringType" maxOccurs="unbounded">
      <xs:annotation>
        <xs:documentation>The Name field specifies a Name used to identify this Campaign. This field can be used to capture various aliases used to identify this Campaign.</xs:documentation>
        <xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. No default vocabulary type has been defined for STIX 1.2. Users may either define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a free string field.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Complex Type campaign:RelatedTTPsType
Namespace http://stix.mitre.org/Campaign-1
Diagram
Diagram stix_common_xsd.tmp#GenericRelationshipListType_scope stix_common_xsd.tmp#GenericRelationshipListType campaign_xsd.tmp#RelatedTTPsType_Related_TTP
Type extension of stixCommon:GenericRelationshipListType
Type hierarchy
Used by
Children campaign:Related_TTP
Attributes
QName Type Default Use Annotation
scope stixCommon:RelationshipScopeEnum exclusive optional
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:complexType name="RelatedTTPsType">
  <xs:complexContent>
    <xs:extension base="stixCommon:GenericRelationshipListType">
      <xs:sequence>
        <xs:element name="Related_TTP" type="stixCommon:RelatedTTPType" maxOccurs="unbounded">
          <xs:annotation>
            <xs:documentation>The Related_TTP field specifies a single TTP asserted to be related to this cyber threat Campaign.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Complex Type campaign:RelatedIncidentsType
Namespace http://stix.mitre.org/Campaign-1
Diagram
Diagram stix_common_xsd.tmp#GenericRelationshipListType_scope stix_common_xsd.tmp#GenericRelationshipListType campaign_xsd.tmp#RelatedIncidentsType_Related_Incident
Type extension of stixCommon:GenericRelationshipListType
Type hierarchy
Used by
Children campaign:Related_Incident
Attributes
QName Type Default Use Annotation
scope stixCommon:RelationshipScopeEnum exclusive optional
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:complexType name="RelatedIncidentsType">
  <xs:complexContent>
    <xs:extension base="stixCommon:GenericRelationshipListType">
      <xs:sequence>
        <xs:element name="Related_Incident" type="stixCommon:RelatedIncidentType" maxOccurs="unbounded">
          <xs:annotation>
            <xs:documentation>Identifies or characterizes an Incident related to this Campaign.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Complex Type campaign:RelatedIndicatorsType
Namespace http://stix.mitre.org/Campaign-1
Diagram
Diagram stix_common_xsd.tmp#GenericRelationshipListType_scope stix_common_xsd.tmp#GenericRelationshipListType campaign_xsd.tmp#RelatedIndicatorsType_Related_Indicator
Type extension of stixCommon:GenericRelationshipListType
Type hierarchy
Used by
Children campaign:Related_Indicator
Attributes
QName Type Default Use Annotation
scope stixCommon:RelationshipScopeEnum exclusive optional
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:complexType name="RelatedIndicatorsType">
  <xs:complexContent>
    <xs:extension base="stixCommon:GenericRelationshipListType">
      <xs:sequence>
        <xs:element name="Related_Indicator" type="stixCommon:RelatedIndicatorType" maxOccurs="unbounded">
          <xs:annotation>
            <xs:documentation>The Related_Indicator field identifies or characterizes a cyber threat Indicator related to this Campaign. Such loose associations between Campaigns and Indicators are typically part of the early phases of Campaign identification and characterization. As the Campaign characterization matures these associations are often used to identify relevant TTPs and/or Incidents associated with the Campaign.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Complex Type campaign:AttributionType
Namespace http://stix.mitre.org/Campaign-1
Annotations
AttributionType specifies suspected Threat Actors attributed to a given Campaign.
Diagram
Diagram stix_common_xsd.tmp#GenericRelationshipListType_scope stix_common_xsd.tmp#GenericRelationshipListType campaign_xsd.tmp#AttributionType_Attributed_Threat_Actor
Type extension of stixCommon:GenericRelationshipListType
Type hierarchy
Used by
Children campaign:Attributed_Threat_Actor
Attributes
QName Type Default Use Annotation
scope stixCommon:RelationshipScopeEnum exclusive optional
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:complexType name="AttributionType">
  <xs:annotation>
    <xs:documentation>AttributionType specifies suspected Threat Actors attributed to a given Campaign.</xs:documentation>
  </xs:annotation>
  <xs:complexContent>
    <xs:extension base="stixCommon:GenericRelationshipListType">
      <xs:sequence>
        <xs:element name="Attributed_Threat_Actor" type="stixCommon:RelatedThreatActorType" maxOccurs="unbounded">
          <xs:annotation>
            <xs:documentation>The Attributed_Threat_Actor field specifies a Threat Actor asserted to be attributed for a Campaign. The specification of multiple ThreatActor entries for a single Attribution entry would be interpreted as a logical AND composition of the set of specified ThreatActors with a shared Confidence and Information Source. This would be used to assert attribution to a combined set of ThreatActors.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Complex Type campaign:AssociatedCampaignsType
Namespace http://stix.mitre.org/Campaign-1
Diagram
Diagram stix_common_xsd.tmp#GenericRelationshipListType_scope stix_common_xsd.tmp#GenericRelationshipListType campaign_xsd.tmp#AssociatedCampaignsType_Associated_Campaign
Type extension of stixCommon:GenericRelationshipListType
Type hierarchy
Used by
Children campaign:Associated_Campaign
Attributes
QName Type Default Use Annotation
scope stixCommon:RelationshipScopeEnum exclusive optional
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:complexType name="AssociatedCampaignsType">
  <xs:complexContent>
    <xs:extension base="stixCommon:GenericRelationshipListType">
      <xs:sequence>
        <xs:element name="Associated_Campaign" type="stixCommon:RelatedCampaignType" maxOccurs="unbounded">
          <xs:annotation>
            <xs:documentation>The Associated_Campaign field specifies a single other cyber threat Campaign asserted to be associated with this cyber threat Campaign.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Simple Type campaign:CampaignVersionType
Namespace http://stix.mitre.org/Campaign-1
Annotations
An enumeration of all versions of the Campaign type valid in the current release of STIX.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration 1.0
enumeration 1.0.1
enumeration 1.1
enumeration 1.1.1
enumeration 1.2
Used by
Source
<xs:simpleType name="CampaignVersionType">
  <xs:annotation>
    <xs:documentation>An enumeration of all versions of the Campaign type valid in the current release of STIX.</xs:documentation>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="1.0"/>
    <xs:enumeration value="1.0.1"/>
    <xs:enumeration value="1.1"/>
    <xs:enumeration value="1.1.1"/>
    <xs:enumeration value="1.2"/>
  </xs:restriction>
</xs:simpleType>
Attribute campaign:CampaignType / @version
Namespace No namespace
Annotations
Specifies the relevant STIX-Campaign schema version for this content.
Type campaign:CampaignVersionType
Facets
enumeration 1.0
enumeration 1.0.1
enumeration 1.1
enumeration 1.1.1
enumeration 1.2
Used by
Complex Type campaign:CampaignType
Source
<xs:attribute name="version" type="campaign:CampaignVersionType">
  <xs:annotation>
    <xs:documentation>Specifies the relevant STIX-Campaign schema version for this content.</xs:documentation>
  </xs:annotation>
</xs:attribute>