Showing:

Annotations
Attributes
Diagrams
Facets
Source
Used by
Main schema stix_default_vocabularies.xsd
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.
Complex Type stixVocabs:ReportIntentVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The ReportIntentVocab is the default STIX vocabulary for the ReportType Intent field.

				Note that this vocabulary is under development. Feedback is appreciated and should be sent to the STIX discussion list.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#ReportIntentVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#ReportIntentVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Report Intent Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#ReportIntentVocab-1.0 optional
Source
<xs:complexType name="ReportIntentVocab-1.0">
  <xs:annotation>
    <xs:documentation>The ReportIntentVocab is the default STIX vocabulary for the ReportType Intent field. Note that this vocabulary is under development. Feedback is appreciated and should be sent to the STIX discussion list.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:ReportIntentEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Report Intent Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#ReportIntentVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:ReportIntentEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The default set of values to use for a report intent in STIX.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Collective Threat Intelligence
Report is intended to describe a broad characterization of a threat across multiple facets.
enumeration Threat Report
Report is intended to describe a broad characterization of a threat across multiple facets expressed as a cohesive report.
enumeration Indicators
Report is intended to describe mainly indicators.
enumeration Indicators - Phishing
Report is intended to describe mainly phishing indicators.
enumeration Indicators - Watchlist
Report is intended to describe mainly network watchlist indicators.
enumeration Indicators - Malware Artifacts
Report is intended to describe mainly malware artifact indicators.
enumeration Indicators - Network Activity
Report is intended to describe mainly network activity indicators.
enumeration Indicators - Endpoint Characteristics
Report is intended to describe mainly endpoint characteristics (hashes, registry values, installed software, known vulnerabilities, etc.) indicators.
enumeration Campaign Characterization
Report is intended to describe mainly a characterization of one or more campaigns.
enumeration Threat Actor Characterization
Report is intended to describe mainly a characterization of one or more threat actors.
enumeration Exploit Characterization
Report is intended to describe mainly a characterization of one or more exploits.
enumeration Attack Pattern Characterization
Report is intended to describe mainly a characterization of one or more attack patterns.
enumeration Malware Characterization
Report is intended to describe mainly a characterization of one or more malware instances.
enumeration TTP - Infrastructure
Report is intended to describe mainly a characterization of attacker infrastructure.
enumeration TTP - Tools
Report is intended to describe mainly a characterization of attacker tools.
enumeration Courses of Action
Report is intended to describe mainly a set of courses of action.
enumeration Incident
Report is intended to describe mainly information about one or more incidents.
enumeration Observations
Report is intended to describe mainly information about instantial observations (cyber observables).
enumeration Observations - Email
Report is intended to describe mainly information about instantial email observations (email cyber observables).
enumeration Malware Samples
Report is intended to describe a set of malware samples.
Source
<xs:simpleType name="ReportIntentEnum-1.0">
  <xs:annotation>
    <xs:documentation>The default set of values to use for a report intent in STIX.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Collective Threat Intelligence">
      <xs:annotation>
        <xs:documentation>Report is intended to describe a broad characterization of a threat across multiple facets.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Threat Report">
      <xs:annotation>
        <xs:documentation>Report is intended to describe a broad characterization of a threat across multiple facets expressed as a cohesive report.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Indicators">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly indicators.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Indicators - Phishing">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly phishing indicators.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Indicators - Watchlist">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly network watchlist indicators.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Indicators - Malware Artifacts">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly malware artifact indicators.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Indicators - Network Activity">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly network activity indicators.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Indicators - Endpoint Characteristics">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly endpoint characteristics (hashes, registry values, installed software, known vulnerabilities, etc.) indicators.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Campaign Characterization">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly a characterization of one or more campaigns.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Threat Actor Characterization">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly a characterization of one or more threat actors.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Exploit Characterization">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly a characterization of one or more exploits.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Attack Pattern Characterization">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly a characterization of one or more attack patterns.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Malware Characterization">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly a characterization of one or more malware instances.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="TTP - Infrastructure">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly a characterization of attacker infrastructure.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="TTP - Tools">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly a characterization of attacker tools.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Courses of Action">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly a set of courses of action.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Incident">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly information about one or more incidents.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Observations">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly information about instantial observations (cyber observables).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Observations - Email">
      <xs:annotation>
        <xs:documentation>Report is intended to describe mainly information about instantial email observations (email cyber observables).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Malware Samples">
      <xs:annotation>
        <xs:documentation>Report is intended to describe a set of malware samples.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:PackageIntentVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The PackageIntentVocab is the default STIX vocabulary for Package Intent.
NOTE: As of STIX Version 1.2, the PackageIntentVocab is deprecated and should only be used with the deprecated STIXHeaderType/Package_Intent field. Please use a Report and ReportIntentVocab-1.0 instead.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#PackageIntentVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#PackageIntentVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Package Intent Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#PackageIntentVocab-1.0 optional
Source
<xs:complexType name="PackageIntentVocab-1.0">
  <xs:annotation>
    <xs:documentation>The PackageIntentVocab is the default STIX vocabulary for Package Intent.</xs:documentation>
    <xs:documentation>NOTE: As of STIX Version 1.2, the PackageIntentVocab is deprecated and should only be used with the deprecated STIXHeaderType/Package_Intent field. Please use a Report and ReportIntentVocab-1.0 instead.</xs:documentation>
    <xs:appinfo>
      <deprecated>true</deprecated>
    </xs:appinfo>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:PackageIntentEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Package Intent Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#PackageIntentVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:PackageIntentEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The default set of values to use for a package intent in STIX.
NOTE: As of STIX Version 1.2, the PackageIntentEnum is deprecated and should only be used with the deprecated STIXHeaderType/Package_Intent field. Please use a Report and ReportIntentEnum-1.0 instead.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Collective Threat Intelligence
Package is intended to convey a broad characterization of a threat across multiple facets.
enumeration Threat Report
Package is intended to convey a broad characterization of a threat across multiple facets expressed as a cohesive report.
enumeration Indicators
Package is intended to convey mainly indicators.
enumeration Indicators - Phishing
Package is intended to convey mainly phishing indicators.
enumeration Indicators - Watchlist
Package is intended to convey mainly network watchlist indicators.
enumeration Indicators - Malware Artifacts
Package is intended to convey mainly malware artifact indicators.
enumeration Indicators - Network Activity
Package is intended to convey mainly network activity indicators.
enumeration Indicators - Endpoint Characteristics
Package is intended to convey mainly endpoint characteristics (hashes, registry values, installed software, known vulnerabilities, etc.) indicators.
enumeration Campaign Characterization
Package is intended to convey mainly a characterization of one or more campaigns.
enumeration Threat Actor Characterization
Package is intended to convey mainly a characterization of one or more threat actors.
enumeration Exploit Characterization
Package is intended to convey mainly a characterization of one or more exploits.
enumeration Attack Pattern Characterization
Package is intended to convey mainly a characterization of one or more attack patterns.
enumeration Malware Characterization
Package is intended to convey mainly a characterization of one or more malware instances.
enumeration TTP - Infrastructure
Package is intended to convey mainly a characterization of attacker infrastructure.
enumeration TTP - Tools
Package is intended to convey mainly a characterization of attacker tools.
enumeration Courses of Action
Package is intended to convey mainly a set of courses of action.
enumeration Incident
Package is intended to convey mainly information about one or more incidents.
enumeration Observations
Package is intended to convey mainly information about instantial observations (cyber observables).
enumeration Observations - Email
Package is intended to convey mainly information about instantial email observations (email cyber observables).
enumeration Malware Samples
Package is intended to convey a set of malware samples.
Source
<xs:simpleType name="PackageIntentEnum-1.0">
  <xs:annotation>
    <xs:documentation>The default set of values to use for a package intent in STIX.</xs:documentation>
    <xs:documentation>NOTE: As of STIX Version 1.2, the PackageIntentEnum is deprecated and should only be used with the deprecated STIXHeaderType/Package_Intent field. Please use a Report and ReportIntentEnum-1.0 instead.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <deprecated>true</deprecated>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Collective Threat Intelligence">
      <xs:annotation>
        <xs:documentation>Package is intended to convey a broad characterization of a threat across multiple facets.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Threat Report">
      <xs:annotation>
        <xs:documentation>Package is intended to convey a broad characterization of a threat across multiple facets expressed as a cohesive report.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Indicators">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly indicators.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Indicators - Phishing">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly phishing indicators.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Indicators - Watchlist">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly network watchlist indicators.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Indicators - Malware Artifacts">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly malware artifact indicators.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Indicators - Network Activity">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly network activity indicators.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Indicators - Endpoint Characteristics">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly endpoint characteristics (hashes, registry values, installed software, known vulnerabilities, etc.) indicators.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Campaign Characterization">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly a characterization of one or more campaigns.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Threat Actor Characterization">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly a characterization of one or more threat actors.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Exploit Characterization">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly a characterization of one or more exploits.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Attack Pattern Characterization">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly a characterization of one or more attack patterns.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Malware Characterization">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly a characterization of one or more malware instances.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="TTP - Infrastructure">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly a characterization of attacker infrastructure.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="TTP - Tools">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly a characterization of attacker tools.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Courses of Action">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly a set of courses of action.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Incident">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly information about one or more incidents.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Observations">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly information about instantial observations (cyber observables).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Observations - Email">
      <xs:annotation>
        <xs:documentation>Package is intended to convey mainly information about instantial email observations (email cyber observables).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Malware Samples">
      <xs:annotation>
        <xs:documentation>Package is intended to convey a set of malware samples.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:HighMediumLowVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The HighMediumLowVocab is the default STIX vocabulary for expressing basic values that may be high, medium, low, none, or unknown.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#HighMediumLowVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#HighMediumLowVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default High/Medium/Low Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#HighMediumLowVocab-1.0 optional
Source
<xs:complexType name="HighMediumLowVocab-1.0">
  <xs:annotation>
    <xs:documentation>The HighMediumLowVocab is the default STIX vocabulary for expressing basic values that may be high, medium, low, none, or unknown.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:HighMediumLowEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default High/Medium/Low Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#HighMediumLowVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:HighMediumLowEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The default set of values to use for expressing a high/medium/low statement in STIX.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration High
enumeration Medium
enumeration Low
enumeration None
enumeration Unknown
Source
<xs:simpleType name="HighMediumLowEnum-1.0">
  <xs:annotation>
    <xs:documentation>The default set of values to use for expressing a high/medium/low statement in STIX.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="High"/>
    <xs:enumeration value="Medium"/>
    <xs:enumeration value="Low"/>
    <xs:enumeration value="None"/>
    <xs:enumeration value="Unknown"/>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:MalwareTypeVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The MalwareTypeVocab is the default STIX vocabulary for expressing types of malware instances.

                Note that this vocabulary is under development. Feedback is appreciated and should be sent to the STIX discussion list.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#MalwareTypeVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#MalwareTypeVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Malware Type Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#MalwareTypeVocab-1.0 optional
Source
<xs:complexType name="MalwareTypeVocab-1.0">
  <xs:annotation>
    <xs:documentation>The MalwareTypeVocab is the default STIX vocabulary for expressing types of malware instances. Note that this vocabulary is under development. Feedback is appreciated and should be sent to the STIX discussion list.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:MalwareTypeEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Malware Type Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#MalwareTypeVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:MalwareTypeEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The default set of malware types to use for characterizing a malware instance in STIX.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Automated Transfer Scripts
enumeration Adware
enumeration Dialer
enumeration Bot
enumeration Bot - Credential Theft
enumeration Bot - DDoS
enumeration Bot - Loader
enumeration Bot - Spam
enumeration DoS / DDoS
enumeration DoS / DDoS - Participatory
enumeration DoS / DDoS - Script
enumeration DoS / DDoS - Stress Test Tools
enumeration Exploit Kits
enumeration POS / ATM Malware
enumeration Ransomware
enumeration Remote Access Trojan
enumeration Rogue Antivirus
enumeration Rootkit
Source
<xs:simpleType name="MalwareTypeEnum-1.0">
  <xs:annotation>
    <xs:documentation>The default set of malware types to use for characterizing a malware instance in STIX.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <source>The initial version of this enumeration was contributed by iSight Partners, Inc. and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Automated Transfer Scripts"/>
    <xs:enumeration value="Adware"/>
    <xs:enumeration value="Dialer"/>
    <xs:enumeration value="Bot"/>
    <xs:enumeration value="Bot - Credential Theft"/>
    <xs:enumeration value="Bot - DDoS"/>
    <xs:enumeration value="Bot - Loader"/>
    <xs:enumeration value="Bot - Spam"/>
    <xs:enumeration value="DoS / DDoS"/>
    <xs:enumeration value="DoS / DDoS - Participatory"/>
    <xs:enumeration value="DoS / DDoS - Script"/>
    <xs:enumeration value="DoS / DDoS - Stress Test Tools"/>
    <xs:enumeration value="Exploit Kits"/>
    <xs:enumeration value="POS / ATM Malware"/>
    <xs:enumeration value="Ransomware"/>
    <xs:enumeration value="Remote Access Trojan"/>
    <xs:enumeration value="Rogue Antivirus"/>
    <xs:enumeration value="Rootkit"/>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:IndicatorTypeVocab-1.1
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The IndicatorTypeVocab is the default STIX vocabulary for expressing indicator types.

				Note that this vocabulary is under development. Feedback is appreciated and should be sent to the STIX discussion list.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#IndicatorTypeVocab-1.1_vocab_name stix_default_vocabularies_xsd.tmp#IndicatorTypeVocab-1.1_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Indicator Type Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#IndicatorTypeVocab-1.1 optional
Source
<xs:complexType name="IndicatorTypeVocab-1.1">
  <xs:annotation>
    <xs:documentation>The IndicatorTypeVocab is the default STIX vocabulary for expressing indicator types. Note that this vocabulary is under development. Feedback is appreciated and should be sent to the STIX discussion list.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:IndicatorTypeEnum-1.1"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Indicator Type Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#IndicatorTypeVocab-1.1"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:IndicatorTypeEnum-1.1
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The default set of Indicator types to use for characterizing Indicators in STIX.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Malicious E-mail
Indicator describes suspected malicious e-mail (phishing, spear phishing, infected, etc.).
enumeration IP Watchlist
Indicator describes a set of suspected malicious IP addresses or IP blocks.
enumeration File Hash Watchlist
Indicator describes a set of hashes for suspected malicious files.
enumeration Domain Watchlist
Indicator describes a set of suspected malicious domains.
enumeration URL Watchlist
Indicator describes a set of suspected malicious URLS.
enumeration Malware Artifacts
Indicator describes the effects of suspected malware.
enumeration C2
Indicator describes suspected command and control activity or static indications.
enumeration Anonymization
Indicator describes suspected anonymization techniques (Proxy, TOR, VPN, etc.).
enumeration Exfiltration
Indicator describes suspected exfiltration techniques or behavior.
enumeration Host Characteristics
Indicator describes suspected malicious host characteristics.
enumeration Compromised PKI Certificate
Indicator describes a compromised PKI Certificate.
enumeration Login Name
Indicator describes a compromised Login Name.
enumeration IMEI Watchlist
Indicator describes a watchlist for IMEI (handset) identifiers.
enumeration IMSI Watchlist
Indicator describes a watchlist for IMSI (SIM card) identifiers.
Source
<xs:simpleType name="IndicatorTypeEnum-1.1">
  <xs:annotation>
    <xs:documentation>The default set of Indicator types to use for characterizing Indicators in STIX.</xs:documentation>
    <xs:appinfo>
      <version>1.1</version>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Malicious E-mail">
      <xs:annotation>
        <xs:documentation>Indicator describes suspected malicious e-mail (phishing, spear phishing, infected, etc.).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IP Watchlist">
      <xs:annotation>
        <xs:documentation>Indicator describes a set of suspected malicious IP addresses or IP blocks.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="File Hash Watchlist">
      <xs:annotation>
        <xs:documentation>Indicator describes a set of hashes for suspected malicious files.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Domain Watchlist">
      <xs:annotation>
        <xs:documentation>Indicator describes a set of suspected malicious domains.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="URL Watchlist">
      <xs:annotation>
        <xs:documentation>Indicator describes a set of suspected malicious URLS.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Malware Artifacts">
      <xs:annotation>
        <xs:documentation>Indicator describes the effects of suspected malware.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="C2">
      <xs:annotation>
        <xs:documentation>Indicator describes suspected command and control activity or static indications.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Anonymization">
      <xs:annotation>
        <xs:documentation>Indicator describes suspected anonymization techniques (Proxy, TOR, VPN, etc.).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Exfiltration">
      <xs:annotation>
        <xs:documentation>Indicator describes suspected exfiltration techniques or behavior.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Host Characteristics">
      <xs:annotation>
        <xs:documentation>Indicator describes suspected malicious host characteristics.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Compromised PKI Certificate">
      <xs:annotation>
        <xs:documentation>Indicator describes a compromised PKI Certificate.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Login Name">
      <xs:annotation>
        <xs:documentation>Indicator describes a compromised Login Name.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IMEI Watchlist">
      <xs:annotation>
        <xs:documentation>Indicator describes a watchlist for IMEI (handset) identifiers.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IMSI Watchlist">
      <xs:annotation>
        <xs:documentation>Indicator describes a watchlist for IMSI (SIM card) identifiers.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:IndicatorTypeVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The IndicatorTypeVocab is the default STIX vocabulary for expressing indicator types.
NOTE: As of STIX Version 1.1, this version of the IndicatorTypeVocab is deprecated. Please use IndicatorTypeVocab-1.1 instead.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#IndicatorTypeVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#IndicatorTypeVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Indicator Type Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#IndicatorTypeVocab-1.0 optional
Source
<xs:complexType name="IndicatorTypeVocab-1.0">
  <xs:annotation>
    <xs:documentation>The IndicatorTypeVocab is the default STIX vocabulary for expressing indicator types.</xs:documentation>
    <xs:documentation>NOTE: As of STIX Version 1.1, this version of the IndicatorTypeVocab is deprecated. Please use IndicatorTypeVocab-1.1 instead.</xs:documentation>
    <xs:appinfo>
      <deprecated>true</deprecated>
    </xs:appinfo>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:IndicatorTypeEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Indicator Type Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#IndicatorTypeVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:IndicatorTypeEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The default set of Indicator types to use for characterizing Indicators in STIX.
NOTE: As of STIX Version 1.1, this version of the IndicatorTypeEnum is deprecated. Please use IndicatorTypeEnum-1.1 instead.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Malicious E-mail
Indicator describes suspected malicious e-mail (phishing, spear phishing, infected, etc.).
enumeration IP Watchlist
Indicator describes a set of suspected malicious IP addresses or IP blocks.
enumeration File Hash Watchlist
Indicator describes a set of hashes for suspected malicious files.
enumeration Domain Watchlist
Indicator describes a set of suspected malicious domains.
enumeration URL Watchlist
Indicator describes a set of suspected malicious URLS.
enumeration Malware Artifacts
Indicator describes the effects of suspected malware.
enumeration C2
Indicator describes suspected command and control activity or static indications.
enumeration Anonymization
Indicator describes suspected anonymization techniques (Proxy, TOR, VPN, etc.).
enumeration Exfiltration
Indicator describes suspected exfiltration techniques or behavior.
enumeration Host Characteristics
Indicator describes suspected malicious host characteristics.
Source
<xs:simpleType name="IndicatorTypeEnum-1.0">
  <xs:annotation>
    <xs:documentation>The default set of Indicator types to use for characterizing Indicators in STIX.</xs:documentation>
    <xs:documentation>NOTE: As of STIX Version 1.1, this version of the IndicatorTypeEnum is deprecated. Please use IndicatorTypeEnum-1.1 instead.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <deprecated>true</deprecated>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Malicious E-mail">
      <xs:annotation>
        <xs:documentation>Indicator describes suspected malicious e-mail (phishing, spear phishing, infected, etc.).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IP Watchlist">
      <xs:annotation>
        <xs:documentation>Indicator describes a set of suspected malicious IP addresses or IP blocks.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="File Hash Watchlist">
      <xs:annotation>
        <xs:documentation>Indicator describes a set of hashes for suspected malicious files.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Domain Watchlist">
      <xs:annotation>
        <xs:documentation>Indicator describes a set of suspected malicious domains.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="URL Watchlist">
      <xs:annotation>
        <xs:documentation>Indicator describes a set of suspected malicious URLS.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Malware Artifacts">
      <xs:annotation>
        <xs:documentation>Indicator describes the effects of suspected malware.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="C2">
      <xs:annotation>
        <xs:documentation>Indicator describes suspected command and control activity or static indications.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Anonymization">
      <xs:annotation>
        <xs:documentation>Indicator describes suspected anonymization techniques (Proxy, TOR, VPN, etc.).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Exfiltration">
      <xs:annotation>
        <xs:documentation>Indicator describes suspected exfiltration techniques or behavior.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Host Characteristics">
      <xs:annotation>
        <xs:documentation>Indicator describes suspected malicious host characteristics.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:COAStageVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The COAStageVocab is the default STIX vocabulary for expressing the stages of the threat management lifecycle that a COA is applicable to.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#COAStageVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#COAStageVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default COA Stages Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#COAStageVocab-1.0 optional
Source
<xs:complexType name="COAStageVocab-1.0">
  <xs:annotation>
    <xs:documentation>The COAStageVocab is the default STIX vocabulary for expressing the stages of the threat management lifecycle that a COA is applicable to.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:COAStageEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default COA Stages Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#COAStageVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:COAStageEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The default set of stages of the threat management lifecycle that a COA may be applicable to.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Remedy
This COA is applicable to the "Remedy" stage of the threat management lifecycle, meaning it may be applied proactively to prevent future threats.
enumeration Response
This COA is applicable to the "Response" stage of the threat management lifecycle, meaning it may be applied as an immediate reaction to an ongoing threat.
Source
<xs:simpleType name="COAStageEnum-1.0">
  <xs:annotation>
    <xs:documentation>The default set of stages of the threat management lifecycle that a COA may be applicable to.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Remedy">
      <xs:annotation>
        <xs:documentation>This COA is applicable to the "Remedy" stage of the threat management lifecycle, meaning it may be applied proactively to prevent future threats.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Response">
      <xs:annotation>
        <xs:documentation>This COA is applicable to the "Response" stage of the threat management lifecycle, meaning it may be applied as an immediate reaction to an ongoing threat.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:CampaignStatusVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The CampaignStatusVocab is the default STIX vocabulary for expressing the status of a campaign.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#CampaignStatusVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#CampaignStatusVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Campaign Status Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#CampaignStatusVocab-1.0 optional
Source
<xs:complexType name="CampaignStatusVocab-1.0">
  <xs:annotation>
    <xs:documentation>The CampaignStatusVocab is the default STIX vocabulary for expressing the status of a campaign.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:CampaignStatusEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Campaign Status Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#CampaignStatusVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:CampaignStatusEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The default list of possible statuses that a campaign might have.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Ongoing
This campaign is currently taking place.
enumeration Historic
This campaign occurred in the past and is currently not taking place.
enumeration Future
This campaign is expected to take place in the future.
Source
<xs:simpleType name="CampaignStatusEnum-1.0">
  <xs:annotation>
    <xs:documentation>The default list of possible statuses that a campaign might have.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Ongoing">
      <xs:annotation>
        <xs:documentation>This campaign is currently taking place.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Historic">
      <xs:annotation>
        <xs:documentation>This campaign occurred in the past and is currently not taking place.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Future">
      <xs:annotation>
        <xs:documentation>This campaign is expected to take place in the future.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:IncidentStatusVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The IncidentStatusVocab is the default STIX vocabulary for expressing the status of an incident.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#IncidentStatusVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#IncidentStatusVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Incident Status Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#IncidentStatusVocab-1.0 optional
Source
<xs:complexType name="IncidentStatusVocab-1.0">
  <xs:annotation>
    <xs:documentation>The IncidentStatusVocab is the default STIX vocabulary for expressing the status of an incident.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:IncidentStatusEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Incident Status Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#IncidentStatusVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:IncidentStatusEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The default list of possible statuses that an incident might have.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration New
enumeration Open
enumeration Stalled
enumeration Containment Achieved
enumeration Restoration Achieved
enumeration Incident Reported
enumeration Closed
enumeration Rejected
enumeration Deleted
Source
<xs:simpleType name="IncidentStatusEnum-1.0">
  <xs:annotation>
    <xs:documentation>The default list of possible statuses that an incident might have.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="New"/>
    <xs:enumeration value="Open"/>
    <xs:enumeration value="Stalled"/>
    <xs:enumeration value="Containment Achieved"/>
    <xs:enumeration value="Restoration Achieved"/>
    <xs:enumeration value="Incident Reported"/>
    <xs:enumeration value="Closed"/>
    <xs:enumeration value="Rejected"/>
    <xs:enumeration value="Deleted"/>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:SecurityCompromiseVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The SecurityCompromiseVocab is the default STIX vocabulary for expressing whether or not an incident resulted in a security compromise.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#SecurityCompromiseVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#SecurityCompromiseVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Security Compromise Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#SecurityCompromiseVocab-1.0 optional
Source
<xs:complexType name="SecurityCompromiseVocab-1.0">
  <xs:annotation>
    <xs:documentation>The SecurityCompromiseVocab is the default STIX vocabulary for expressing whether or not an incident resulted in a security compromise.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:SecurityCompromiseEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Security Compromise Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#SecurityCompromiseVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:SecurityCompromiseEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for expressing whether an incident resulted in a security compromise.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Yes
It has been confirmed that this incident resulted in a security compromise.
enumeration Suspected
It is suspected that this incident resulted in a security compromise.
enumeration No
It has been confirmed that this incident did not result in a security compromise.
enumeration Unknown
It is not known whether this incident resulted in a security compromise.
Source
<xs:simpleType name="SecurityCompromiseEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for expressing whether an incident resulted in a security compromise.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <source>This vocabulary is a part of the VERIS framework and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Yes">
      <xs:annotation>
        <xs:documentation>It has been confirmed that this incident resulted in a security compromise.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Suspected">
      <xs:annotation>
        <xs:documentation>It is suspected that this incident resulted in a security compromise.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="No">
      <xs:annotation>
        <xs:documentation>It has been confirmed that this incident did not result in a security compromise.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Unknown">
      <xs:annotation>
        <xs:documentation>It is not known whether this incident resulted in a security compromise.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:DiscoveryMethodVocab-2.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The DiscoveryMethodVocab is the default STIX vocabulary for expressing how an incident was discovered.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#DiscoveryMethodVocab-2.0_vocab_name stix_default_vocabularies_xsd.tmp#DiscoveryMethodVocab-2.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Discovery Method Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#DiscoveryMethodVocab-2.0 optional
Source
<xs:complexType name="DiscoveryMethodVocab-2.0">
  <xs:annotation>
    <xs:documentation>The DiscoveryMethodVocab is the default STIX vocabulary for expressing how an incident was discovered.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:DiscoveryMethodEnum-2.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Discovery Method Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#DiscoveryMethodVocab-2.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:DiscoveryMethodEnum-2.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for expressing how an incident was discovered.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Agent Disclosure
This incident was disclosed by the threat agent (e.g. public brag, private blackmail).
enumeration External - Fraud Detection
This incident was discovered through external fraud detection means (e.g. CPP).
enumeration Monitoring Service
This incident was reported by a managed security event monitoring service.
enumeration Law Enforcement
This incident was reported by law enforcement.
enumeration Customer
This incident was reported by a customer or partner affected by the incident.
enumeration Unrelated Party
This incident was reported by an unrelated third party.
enumeration Audit
This incident was discovered during an external security audit or scan.
enumeration Antivirus
This incident was discovered by an antivirus system.
enumeration Incident Response
This incident was discovered in the course of investigating a separate incident.
enumeration Financial Audit
This incident was discovered in the course of a financial audit and/or reconciliation process.
enumeration Internal - Fraud Detection
This incident was discovered through internal fraud detection means.
enumeration HIPS
This incident was discovered a host-based IDS or file integrity monitoring.
enumeration IT Audit
This incident was discovered by an internal IT audit or scan.
enumeration Log Review
This incident was discovered during a log review process or by a SIEM.
enumeration NIDS
This incident was discovered by a network-based intrustion detection/prevention system.
enumeration Security Alarm
This incident was discovered by a physical security alarm.
enumeration User
This incident was reported by a user.
enumeration Unknown
It is not known how this incident was discovered.
Source
<xs:simpleType name="DiscoveryMethodEnum-2.0">
  <xs:annotation>
    <xs:documentation>The possible values for expressing how an incident was discovered.</xs:documentation>
    <xs:appinfo>
      <version>2.0</version>
      <source>This vocabulary is a part of the VERIS framework and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Agent Disclosure">
      <xs:annotation>
        <xs:documentation>This incident was disclosed by the threat agent (e.g. public brag, private blackmail).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="External - Fraud Detection">
      <xs:annotation>
        <xs:documentation>This incident was discovered through external fraud detection means (e.g. CPP).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Monitoring Service">
      <xs:annotation>
        <xs:documentation>This incident was reported by a managed security event monitoring service.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Law Enforcement">
      <xs:annotation>
        <xs:documentation>This incident was reported by law enforcement.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Customer">
      <xs:annotation>
        <xs:documentation>This incident was reported by a customer or partner affected by the incident.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Unrelated Party">
      <xs:annotation>
        <xs:documentation>This incident was reported by an unrelated third party.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Audit">
      <xs:annotation>
        <xs:documentation>This incident was discovered during an external security audit or scan.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Antivirus">
      <xs:annotation>
        <xs:documentation>This incident was discovered by an antivirus system.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Incident Response">
      <xs:annotation>
        <xs:documentation>This incident was discovered in the course of investigating a separate incident.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Financial Audit">
      <xs:annotation>
        <xs:documentation>This incident was discovered in the course of a financial audit and/or reconciliation process.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Internal - Fraud Detection">
      <xs:annotation>
        <xs:documentation>This incident was discovered through internal fraud detection means.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="HIPS">
      <xs:annotation>
        <xs:documentation>This incident was discovered a host-based IDS or file integrity monitoring.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IT Audit">
      <xs:annotation>
        <xs:documentation>This incident was discovered by an internal IT audit or scan.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Log Review">
      <xs:annotation>
        <xs:documentation>This incident was discovered during a log review process or by a SIEM.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="NIDS">
      <xs:annotation>
        <xs:documentation>This incident was discovered by a network-based intrustion detection/prevention system.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Security Alarm">
      <xs:annotation>
        <xs:documentation>This incident was discovered by a physical security alarm.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="User">
      <xs:annotation>
        <xs:documentation>This incident was reported by a user.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Unknown">
      <xs:annotation>
        <xs:documentation>It is not known how this incident was discovered.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:DiscoveryMethodVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The DiscoveryMethodVocab is the default STIX vocabulary for expressing how an incident was discovered.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#DiscoveryMethodVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#DiscoveryMethodVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Discovery Method Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#DiscoveryMethodVocab-1.0 optional
Source
<xs:complexType name="DiscoveryMethodVocab-1.0">
  <xs:annotation>
    <xs:documentation>The DiscoveryMethodVocab is the default STIX vocabulary for expressing how an incident was discovered.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:DiscoveryMethodEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Discovery Method Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#DiscoveryMethodVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:DiscoveryMethodEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for expressing how an incident was discovered.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Agent Disclosure
This incident was disclosed by the threat agent (e.g. public brag, private blackmail).
enumeration Fraud Detection
This incident was discovered through external fraud detection means (e.g. CPP).
enumeration Monitoring Service
This incident was reported by a managed security event monitoring service.
enumeration Law Enforcement
This incident was reported by law enforcement.
enumeration Customer
This incident was reported by a customer or partner affected by the incident.
enumeration Unrelated Party
This incident was reported by an unrelated third party.
enumeration Audit
This incident was discovered during an external security audit or scan.
enumeration Antivirus
This incident was discovered by an antivirus system.
enumeration Incident Response
This incident was discovered in the course of investigating a separate incident.
enumeration Financial Audit
This incident was discovered in the course of a financial audit and/or reconciliation process.
enumeration Fraud Detection
This incident was discovered through internal fraud detection means.
enumeration HIPS
This incident was discovered a host-based IDS or file integrity monitoring.
enumeration IT Audit
This incident was discovered by an internal IT audit or scan.
enumeration Log Review
This incident was discovered during a log review process or by a SIEM.
enumeration NIDS
This incident was discovered by a network-based intrustion detection/prevention system.
enumeration Security Alarm
This incident was discovered by a physical security alarm.
enumeration User
This incident was reported by a user.
enumeration Unknown
It is not known how this incident was discovered.
Source
<xs:simpleType name="DiscoveryMethodEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for expressing how an incident was discovered.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <source>This vocabulary is a part of the VERIS framework and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Agent Disclosure">
      <xs:annotation>
        <xs:documentation>This incident was disclosed by the threat agent (e.g. public brag, private blackmail).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Fraud Detection">
      <xs:annotation>
        <xs:documentation>This incident was discovered through external fraud detection means (e.g. CPP).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Monitoring Service">
      <xs:annotation>
        <xs:documentation>This incident was reported by a managed security event monitoring service.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Law Enforcement">
      <xs:annotation>
        <xs:documentation>This incident was reported by law enforcement.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Customer">
      <xs:annotation>
        <xs:documentation>This incident was reported by a customer or partner affected by the incident.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Unrelated Party">
      <xs:annotation>
        <xs:documentation>This incident was reported by an unrelated third party.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Audit">
      <xs:annotation>
        <xs:documentation>This incident was discovered during an external security audit or scan.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Antivirus">
      <xs:annotation>
        <xs:documentation>This incident was discovered by an antivirus system.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Incident Response">
      <xs:annotation>
        <xs:documentation>This incident was discovered in the course of investigating a separate incident.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Financial Audit">
      <xs:annotation>
        <xs:documentation>This incident was discovered in the course of a financial audit and/or reconciliation process.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Fraud Detection">
      <xs:annotation>
        <xs:documentation>This incident was discovered through internal fraud detection means.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="HIPS">
      <xs:annotation>
        <xs:documentation>This incident was discovered a host-based IDS or file integrity monitoring.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="IT Audit">
      <xs:annotation>
        <xs:documentation>This incident was discovered by an internal IT audit or scan.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Log Review">
      <xs:annotation>
        <xs:documentation>This incident was discovered during a log review process or by a SIEM.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="NIDS">
      <xs:annotation>
        <xs:documentation>This incident was discovered by a network-based intrustion detection/prevention system.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Security Alarm">
      <xs:annotation>
        <xs:documentation>This incident was discovered by a physical security alarm.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="User">
      <xs:annotation>
        <xs:documentation>This incident was reported by a user.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Unknown">
      <xs:annotation>
        <xs:documentation>It is not known how this incident was discovered.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:AvailabilityLossTypeVocab-1.1.1
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The AvailabilityLossTypeVocab is the default STIX vocabulary for expressing the type of availability that was lost due to an incident.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#AvailabilityLossTypeVocab-1.1.1_vocab_name stix_default_vocabularies_xsd.tmp#AvailabilityLossTypeVocab-1.1.1_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Availability Loss Type Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#AvailabilityLossTypeVocab-1.1.1 optional
Source
<xs:complexType name="AvailabilityLossTypeVocab-1.1.1">
  <xs:annotation>
    <xs:documentation>The AvailabilityLossTypeVocab is the default STIX vocabulary for expressing the type of availability that was lost due to an incident.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:AvailabilityLossTypeEnum-1.1.1"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Availability Loss Type Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#AvailabilityLossTypeVocab-1.1.1"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:AvailabilityLossTypeEnum-1.1.1
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for expressing the type of availability that was lost due to an incident.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Destruction
The information was destroyed or wiped.
enumeration Loss
Availability to the information was lost.
enumeration Interruption
Availability to the information was interrupted.
enumeration Degradation
Availability to the information was degraded.
enumeration Acceleration
Availability loss type is acceleration.
enumeration Obscuration
Availability to the information is obscured.
enumeration Unknown
The availability loss type is not known.
Source
<xs:simpleType name="AvailabilityLossTypeEnum-1.1.1">
  <xs:annotation>
    <xs:documentation>The possible values for expressing the type of availability that was lost due to an incident.</xs:documentation>
    <xs:appinfo>
      <version>1.1.1</version>
      <source>This vocabulary is a part of the VERIS framework and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Destruction">
      <xs:annotation>
        <xs:documentation>The information was destroyed or wiped.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Loss">
      <xs:annotation>
        <xs:documentation>Availability to the information was lost.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Interruption">
      <xs:annotation>
        <xs:documentation>Availability to the information was interrupted.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Degradation">
      <xs:annotation>
        <xs:documentation>Availability to the information was degraded.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Acceleration">
      <xs:annotation>
        <xs:documentation>Availability loss type is acceleration.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Obscuration">
      <xs:annotation>
        <xs:documentation>Availability to the information is obscured.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Unknown">
      <xs:annotation>
        <xs:documentation>The availability loss type is not known.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:AvailabilityLossTypeVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The AvailabilityLossTypeVocab is the default STIX vocabulary for expressing the type of availability that was lost due to an incident.
NOTE: As of STIX Version 1.1.1, this version of the AvailabilityLossTypeVocab is deprecated. Please use AvailabilityLossTypeVocab-1.1.1 instead.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#AvailabilityLossTypeVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#AvailabilityLossTypeVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Availability Loss Type Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#AvailabilityLossTypeVocab-1.0 optional
Source
<xs:complexType name="AvailabilityLossTypeVocab-1.0">
  <xs:annotation>
    <xs:documentation>The AvailabilityLossTypeVocab is the default STIX vocabulary for expressing the type of availability that was lost due to an incident.</xs:documentation>
    <xs:documentation>NOTE: As of STIX Version 1.1.1, this version of the AvailabilityLossTypeVocab is deprecated. Please use AvailabilityLossTypeVocab-1.1.1 instead.</xs:documentation>
    <xs:appinfo>
      <deprecated>true</deprecated>
    </xs:appinfo>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:AvailabilityLossTypeEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Availability Loss Type Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#AvailabilityLossTypeVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:AvailabilityLossTypeEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for expressing the type of availability that was lost due to an incident.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Destruction
The information was destroyed or wiped.
enumeration Loss
Availability to the information was lost.
enumeration Interruption
Availability to the information was interrupted.
enumeration Degredation
Availability to the information was degraded.
enumeration Acceleration
Availability loss type is acceleration.
enumeration Obscuration
Availability to the information is obscured.
enumeration Unknown
The availability loss type is not known.
Source
<xs:simpleType name="AvailabilityLossTypeEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for expressing the type of availability that was lost due to an incident.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <source>This vocabulary is a part of the VERIS framework and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Destruction">
      <xs:annotation>
        <xs:documentation>The information was destroyed or wiped.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Loss">
      <xs:annotation>
        <xs:documentation>Availability to the information was lost.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Interruption">
      <xs:annotation>
        <xs:documentation>Availability to the information was interrupted.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Degredation">
      <xs:annotation>
        <xs:documentation>Availability to the information was degraded.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Acceleration">
      <xs:annotation>
        <xs:documentation>Availability loss type is acceleration.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Obscuration">
      <xs:annotation>
        <xs:documentation>Availability to the information is obscured.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Unknown">
      <xs:annotation>
        <xs:documentation>The availability loss type is not known.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:LossDurationVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The LossDurationVocab is the default STIX vocabulary for expressing the approximate length of time of a loss due to an incident.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#LossDurationVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#LossDurationVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Loss Duration Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#LossDurationVocab-1.0 optional
Source
<xs:complexType name="LossDurationVocab-1.0">
  <xs:annotation>
    <xs:documentation>The LossDurationVocab is the default STIX vocabulary for expressing the approximate length of time of a loss due to an incident.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:LossDurationEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Loss Duration Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#LossDurationVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:LossDurationEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for expressing the type of availability that was lost due to an incident.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Permanent
The loss is permanent.
enumeration Weeks
The loss lasted for weeks.
enumeration Days
The loss lasted for days.
enumeration Hours
The loss lasted for hours.
enumeration Minutes
The loss lasted for minutes.
enumeration Seconds
The loss lasted for seconds.
enumeration Unknown
The loss duration is not known.
Source
<xs:simpleType name="LossDurationEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for expressing the type of availability that was lost due to an incident.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Permanent">
      <xs:annotation>
        <xs:documentation>The loss is permanent.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Weeks">
      <xs:annotation>
        <xs:documentation>The loss lasted for weeks.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Days">
      <xs:annotation>
        <xs:documentation>The loss lasted for days.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Hours">
      <xs:annotation>
        <xs:documentation>The loss lasted for hours.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Minutes">
      <xs:annotation>
        <xs:documentation>The loss lasted for minutes.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Seconds">
      <xs:annotation>
        <xs:documentation>The loss lasted for seconds.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Unknown">
      <xs:annotation>
        <xs:documentation>The loss duration is not known.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:OwnershipClassVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The OwnershipClassVocab is the default STIX vocabulary for expressing the type of ownership of an asset.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#OwnershipClassVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#OwnershipClassVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Ownership Class Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#OwnershipClassVocab-1.0 optional
Source
<xs:complexType name="OwnershipClassVocab-1.0">
  <xs:annotation>
    <xs:documentation>The OwnershipClassVocab is the default STIX vocabulary for expressing the type of ownership of an asset.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:OwnershipClassEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Ownership Class Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#OwnershipClassVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:OwnershipClassEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for expressing the ownership class of an object.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Internally-Owned
The asset is owned internally.
enumeration Employee-Owned
The asset is owned by an employee.
enumeration Partner-Owned
The asset is owned by a partner.
enumeration Customer-Owned
The asset is owned by a customer.
enumeration Unknown
The asset ownership class is unknown.
Source
<xs:simpleType name="OwnershipClassEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for expressing the ownership class of an object.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Internally-Owned">
      <xs:annotation>
        <xs:documentation>The asset is owned internally.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Employee-Owned">
      <xs:annotation>
        <xs:documentation>The asset is owned by an employee.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Partner-Owned">
      <xs:annotation>
        <xs:documentation>The asset is owned by a partner.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Customer-Owned">
      <xs:annotation>
        <xs:documentation>The asset is owned by a customer.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Unknown">
      <xs:annotation>
        <xs:documentation>The asset ownership class is unknown.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:ManagementClassVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The ManagementClassVocab is the default STIX vocabulary for expressing the type of management of an asset.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#ManagementClassVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#ManagementClassVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Management Class Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#ManagementClassVocab-1.0 optional
Source
<xs:complexType name="ManagementClassVocab-1.0">
  <xs:annotation>
    <xs:documentation>The ManagementClassVocab is the default STIX vocabulary for expressing the type of management of an asset.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:ManagementClassEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Management Class Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#ManagementClassVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:ManagementClassEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for expressing the management class of an object.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Internally-Managed
The asset is managed internally.
enumeration Externally-Management
The asset is managed externally.
enumeration Co-Management
The asset is co-managed.
enumeration Unknown
The asset management class is unknown.
Source
<xs:simpleType name="ManagementClassEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for expressing the management class of an object.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Internally-Managed">
      <xs:annotation>
        <xs:documentation>The asset is managed internally.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Externally-Management">
      <xs:annotation>
        <xs:documentation>The asset is managed externally.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Co-Management">
      <xs:annotation>
        <xs:documentation>The asset is co-managed.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Unknown">
      <xs:annotation>
        <xs:documentation>The asset management class is unknown.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:LocationClassVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The LocationClassVocab is the default STIX vocabulary for expressing the location of an asset.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#LocationClassVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#LocationClassVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Location Class Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#LocationClassVocab-1.0 optional
Source
<xs:complexType name="LocationClassVocab-1.0">
  <xs:annotation>
    <xs:documentation>The LocationClassVocab is the default STIX vocabulary for expressing the location of an asset.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:LocationClassEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Location Class Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#LocationClassVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:LocationClassEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for expressing the location class of an object.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Internally-Located
The asset is located internally.
enumeration Externally-Located
The asset is located externally.
enumeration Co-Located
The asset is co-located.
enumeration Mobile
The asset is mobile.
enumeration Unknown
The asset location is unknown.
Source
<xs:simpleType name="LocationClassEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for expressing the location class of an object.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Internally-Located">
      <xs:annotation>
        <xs:documentation>The asset is located internally.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Externally-Located">
      <xs:annotation>
        <xs:documentation>The asset is located externally.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Co-Located">
      <xs:annotation>
        <xs:documentation>The asset is co-located.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Mobile">
      <xs:annotation>
        <xs:documentation>The asset is mobile.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Unknown">
      <xs:annotation>
        <xs:documentation>The asset location is unknown.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:ImpactQualificationVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The ImpactQualificationVocab is the default STIX vocabulary for expressing the subjective level of impact of an incident.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#ImpactQualificationVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#ImpactQualificationVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Impact Qualification Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#ImpactQualificationVocab-1.0 optional
Source
<xs:complexType name="ImpactQualificationVocab-1.0">
  <xs:annotation>
    <xs:documentation>The ImpactQualificationVocab is the default STIX vocabulary for expressing the subjective level of impact of an incident.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:ImpactQualificationEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Impact Qualification Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#ImpactQualificationVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:ImpactQualificationEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for expressing the impact level of an incident.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Insignificant
The impact is absorbed by normal activities.
enumeration Distracting
There are limited “hard costs”, but the impact is felt through having to deal with the incident rather than conducting normal duties.
enumeration Painful
Real, somewhat serious effect on the "bottom line".
enumeration Damaging
Real and serious effect on the “bottom line” and/or long-term ability to generate revenue.
enumeration Catastrophic
A business-ending event.
enumeration Unknown
The impact qualification is unknown.
Source
<xs:simpleType name="ImpactQualificationEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for expressing the impact level of an incident.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <source>This vocabulary is a part of the VERIS framework and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Insignificant">
      <xs:annotation>
        <xs:documentation>The impact is absorbed by normal activities.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Distracting">
      <xs:annotation>
        <xs:documentation>There are limited “hard costs”, but the impact is felt through having to deal with the incident rather than conducting normal duties.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Painful">
      <xs:annotation>
        <xs:documentation>Real, somewhat serious effect on the "bottom line".</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Damaging">
      <xs:annotation>
        <xs:documentation>Real and serious effect on the “bottom line” and/or long-term ability to generate revenue.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Catastrophic">
      <xs:annotation>
        <xs:documentation>A business-ending event.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Unknown">
      <xs:annotation>
        <xs:documentation>The impact qualification is unknown.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:ImpactRatingVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The ImpactRatingVocab is the default STIX vocabulary for expressing the level of impact due to an incident.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#ImpactRatingVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#ImpactRatingVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Impact Rating Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#ImpactRatingVocab-1.0 optional
Source
<xs:complexType name="ImpactRatingVocab-1.0">
  <xs:annotation>
    <xs:documentation>The ImpactRatingVocab is the default STIX vocabulary for expressing the level of impact due to an incident.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:ImpactRatingEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Impact Rating Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#ImpactRatingVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:ImpactRatingEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for expressing the level of impact due to a loss.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration None
There was no impact.
enumeration Minor
There was a minor impact.
enumeration Moderate
There was a moderate impact.
enumeration Major
There was a major impact.
enumeration Unknown
The impact is not known.
Source
<xs:simpleType name="ImpactRatingEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for expressing the level of impact due to a loss.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <source>This vocabulary is a part of the VERIS framework and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="None">
      <xs:annotation>
        <xs:documentation>There was no impact.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Minor">
      <xs:annotation>
        <xs:documentation>There was a minor impact.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Moderate">
      <xs:annotation>
        <xs:documentation>There was a moderate impact.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Major">
      <xs:annotation>
        <xs:documentation>There was a major impact.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="Unknown">
      <xs:annotation>
        <xs:documentation>The impact is not known.</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:AssetTypeVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The AssetTypeVocab is the default STIX vocabulary for expressing the type of an asset.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#AssetTypeVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#AssetTypeVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Asset Type Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#AssetTypeVocab-1.0 optional
Source
<xs:complexType name="AssetTypeVocab-1.0">
  <xs:annotation>
    <xs:documentation>The AssetTypeVocab is the default STIX vocabulary for expressing the type of an asset.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:AssetTypeEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Asset Type Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#AssetTypeVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:AssetTypeEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for types of assets.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Backup
enumeration Database
enumeration DHCP
enumeration Directory
enumeration DCS
enumeration DNS
enumeration File
enumeration Log
enumeration Mail
enumeration Mainframe
enumeration Payment switch
enumeration POS controller
enumeration Print
enumeration Proxy
enumeration Remote access
enumeration SCADA
enumeration Web application
enumeration Server
enumeration Access reader
enumeration Camera
enumeration Firewall
enumeration HSM
enumeration IDS
enumeration Broadband
enumeration PBX
enumeration Private WAN
enumeration PLC
enumeration Public WAN
enumeration RTU
enumeration Router or switch
enumeration SAN
enumeration Telephone
enumeration VoIP adapter
enumeration LAN
enumeration WLAN
enumeration Network
enumeration Auth token
enumeration ATM
enumeration Desktop
enumeration PED pad
enumeration Gas terminal
enumeration Laptop
enumeration Media
enumeration Mobile phone
enumeration Peripheral
enumeration POS terminal
enumeration Kiosk
enumeration Tablet
enumeration VoIP phone
enumeration User Device
enumeration Tapes
enumeration Disk media
enumeration Documents
enumeration Flash drive
enumeration Disk drive
enumeration Smart card
enumeration Payment card
enumeration Administrator
enumeration Auditor
enumeration Call center
enumeration Cashier
enumeration Customer
enumeration Developer
enumeration End-user
enumeration Executive
enumeration Finance
enumeration Former employee
enumeration Guard
enumeration Helpdesk
enumeration Human resources
enumeration Maintenance
enumeration Manager
enumeration Partner
enumeration Person
enumeration Unknown
Source
<xs:simpleType name="AssetTypeEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for types of assets.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <source>This vocabulary is a part of the VERIS framework and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Backup"/>
    <xs:enumeration value="Database"/>
    <xs:enumeration value="DHCP"/>
    <xs:enumeration value="Directory"/>
    <xs:enumeration value="DCS"/>
    <xs:enumeration value="DNS"/>
    <xs:enumeration value="File"/>
    <xs:enumeration value="Log"/>
    <xs:enumeration value="Mail"/>
    <xs:enumeration value="Mainframe"/>
    <xs:enumeration value="Payment switch"/>
    <xs:enumeration value="POS controller"/>
    <xs:enumeration value="Print"/>
    <xs:enumeration value="Proxy"/>
    <xs:enumeration value="Remote access"/>
    <xs:enumeration value="SCADA"/>
    <xs:enumeration value="Web application"/>
    <xs:enumeration value="Server"/>
    <xs:enumeration value="Access reader"/>
    <xs:enumeration value="Camera"/>
    <xs:enumeration value="Firewall"/>
    <xs:enumeration value="HSM"/>
    <xs:enumeration value="IDS"/>
    <xs:enumeration value="Broadband"/>
    <xs:enumeration value="PBX"/>
    <xs:enumeration value="Private WAN"/>
    <xs:enumeration value="PLC"/>
    <xs:enumeration value="Public WAN"/>
    <xs:enumeration value="RTU"/>
    <xs:enumeration value="Router or switch"/>
    <xs:enumeration value="SAN"/>
    <xs:enumeration value="Telephone"/>
    <xs:enumeration value="VoIP adapter"/>
    <xs:enumeration value="LAN"/>
    <xs:enumeration value="WLAN"/>
    <xs:enumeration value="Network"/>
    <xs:enumeration value="Auth token"/>
    <xs:enumeration value="ATM"/>
    <xs:enumeration value="Desktop"/>
    <xs:enumeration value="PED pad"/>
    <xs:enumeration value="Gas terminal"/>
    <xs:enumeration value="Laptop"/>
    <xs:enumeration value="Media"/>
    <xs:enumeration value="Mobile phone"/>
    <xs:enumeration value="Peripheral"/>
    <xs:enumeration value="POS terminal"/>
    <xs:enumeration value="Kiosk"/>
    <xs:enumeration value="Tablet"/>
    <xs:enumeration value="VoIP phone"/>
    <xs:enumeration value="User Device"/>
    <xs:enumeration value="Tapes"/>
    <xs:enumeration value="Disk media"/>
    <xs:enumeration value="Documents"/>
    <xs:enumeration value="Flash drive"/>
    <xs:enumeration value="Disk drive"/>
    <xs:enumeration value="Smart card"/>
    <xs:enumeration value="Payment card"/>
    <xs:enumeration value="Administrator"/>
    <xs:enumeration value="Auditor"/>
    <xs:enumeration value="Call center"/>
    <xs:enumeration value="Cashier"/>
    <xs:enumeration value="Customer"/>
    <xs:enumeration value="Developer"/>
    <xs:enumeration value="End-user"/>
    <xs:enumeration value="Executive"/>
    <xs:enumeration value="Finance"/>
    <xs:enumeration value="Former employee"/>
    <xs:enumeration value="Guard"/>
    <xs:enumeration value="Helpdesk"/>
    <xs:enumeration value="Human resources"/>
    <xs:enumeration value="Maintenance"/>
    <xs:enumeration value="Manager"/>
    <xs:enumeration value="Partner"/>
    <xs:enumeration value="Person"/>
    <xs:enumeration value="Unknown"/>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:AttackerInfrastructureTypeVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The AttackerInfrastructureTypeVocab is the default STIX vocabulary for expressing the type of infrastructure an attacker uses.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#AttackerInfrastructureTypeVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#AttackerInfrastructureTypeVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Attacker Infastructure Type Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#AttackerInfrastructureTypeVocab-1.0 optional
Source
<xs:complexType name="AttackerInfrastructureTypeVocab-1.0">
  <xs:annotation>
    <xs:documentation>The AttackerInfrastructureTypeVocab is the default STIX vocabulary for expressing the type of infrastructure an attacker uses.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:AttackerInfrastructureTypeEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Attacker Infastructure Type Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#AttackerInfrastructureTypeVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:AttackerInfrastructureTypeEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for types of attacker infrastructure.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Anonymization
enumeration Anonymization - Proxy
enumeration Anonymization - TOR Network
enumeration Anonymization - VPN
enumeration Communications
enumeration Communications - Blogs
enumeration Communications - Forums
enumeration Communications - Internet Relay Chat
enumeration Communications - Micro-Blogs
enumeration Communications - Mobile Communications
enumeration Communications - Social Networks
enumeration Communications - User-Generated Content Websites
enumeration Domain Registration
enumeration Domain Registration - Dynamic DNS Services
enumeration Domain Registration - Legitimate Domain Registration Services
enumeration Domain Registration - Malicious Domain Registrars
enumeration Domain Registration - Top-Level Domain Registrars
enumeration Hosting
enumeration Hosting - Bulletproof / Rogue Hosting
enumeration Hosting - Cloud Hosting
enumeration Hosting - Compromised Server
enumeration Hosting - Fast Flux Botnet Hosting
enumeration Hosting - Legitimate Hosting
enumeration Electronic Payment Methods
Source
<xs:simpleType name="AttackerInfrastructureTypeEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for types of attacker infrastructure.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <source>The initial version of this enumeration was contributed by iSight Partners, Inc. and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Anonymization"/>
    <xs:enumeration value="Anonymization - Proxy"/>
    <xs:enumeration value="Anonymization - TOR Network"/>
    <xs:enumeration value="Anonymization - VPN"/>
    <xs:enumeration value="Communications"/>
    <xs:enumeration value="Communications - Blogs"/>
    <xs:enumeration value="Communications - Forums"/>
    <xs:enumeration value="Communications - Internet Relay Chat"/>
    <xs:enumeration value="Communications - Micro-Blogs"/>
    <xs:enumeration value="Communications - Mobile Communications"/>
    <xs:enumeration value="Communications - Social Networks"/>
    <xs:enumeration value="Communications - User-Generated Content Websites"/>
    <xs:enumeration value="Domain Registration"/>
    <xs:enumeration value="Domain Registration - Dynamic DNS Services"/>
    <xs:enumeration value="Domain Registration - Legitimate Domain Registration Services"/>
    <xs:enumeration value="Domain Registration - Malicious Domain Registrars"/>
    <xs:enumeration value="Domain Registration - Top-Level Domain Registrars"/>
    <xs:enumeration value="Hosting"/>
    <xs:enumeration value="Hosting - Bulletproof / Rogue Hosting"/>
    <xs:enumeration value="Hosting - Cloud Hosting"/>
    <xs:enumeration value="Hosting - Compromised Server"/>
    <xs:enumeration value="Hosting - Fast Flux Botnet Hosting"/>
    <xs:enumeration value="Hosting - Legitimate Hosting"/>
    <xs:enumeration value="Electronic Payment Methods"/>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:SystemTypeVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The SystemTypeVocab is the default STIX vocabulary for expressing the type of a system.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#SystemTypeVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#SystemTypeVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default System Type Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#SystemTypeVocab-1.0 optional
Source
<xs:complexType name="SystemTypeVocab-1.0">
  <xs:annotation>
    <xs:documentation>The SystemTypeVocab is the default STIX vocabulary for expressing the type of a system.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:SystemTypeEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default System Type Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#SystemTypeVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:SystemTypeEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for types of systems.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Enterprise Systems
enumeration Enterprise Systems - Application Layer
enumeration Enterprise Systems - Database Layer
enumeration Enterprise Systems - Enterprise Technologies and Support Infrastructure
enumeration Enterprise Systems - Network Systems
enumeration Enterprise Systems - Networking Devices
enumeration Enterprise Systems - Web Layer
enumeration Enterprise Systems - VoIP
enumeration Industrial Control Systems
enumeration Industrial Control Systems - Equipment Under Control
enumeration Industrial Control Systems - Operations Management
enumeration Industrial Control Systems - Safety, Protection and Local Control
enumeration Industrial Control Systems - Supervisory Control
enumeration Mobile Systems
enumeration Mobile Systems - Mobile Operating Systems
enumeration Mobile Systems - Near Field Communications
enumeration Mobile Systems - Mobile Devices
enumeration Third-Party Services
enumeration Third-Party Services - Application Stores
enumeration Third-Party Services - Cloud Services
enumeration Third-Party Services - Security Vendors
enumeration Third-Party Services - Social Media
enumeration Third-Party Services - Software Update
enumeration Users
enumeration Users - Application And Software
enumeration Users - Workstation
enumeration Users - Removable Media
Source
<xs:simpleType name="SystemTypeEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for types of systems.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <source>The initial version of this enumeration was contributed by iSight Partners, Inc. and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Enterprise Systems"/>
    <xs:enumeration value="Enterprise Systems - Application Layer"/>
    <xs:enumeration value="Enterprise Systems - Database Layer"/>
    <xs:enumeration value="Enterprise Systems - Enterprise Technologies and Support Infrastructure"/>
    <xs:enumeration value="Enterprise Systems - Network Systems"/>
    <xs:enumeration value="Enterprise Systems - Networking Devices"/>
    <xs:enumeration value="Enterprise Systems - Web Layer"/>
    <xs:enumeration value="Enterprise Systems - VoIP"/>
    <xs:enumeration value="Industrial Control Systems"/>
    <xs:enumeration value="Industrial Control Systems - Equipment Under Control"/>
    <xs:enumeration value="Industrial Control Systems - Operations Management"/>
    <xs:enumeration value="Industrial Control Systems - Safety, Protection and Local Control"/>
    <xs:enumeration value="Industrial Control Systems - Supervisory Control"/>
    <xs:enumeration value="Mobile Systems"/>
    <xs:enumeration value="Mobile Systems - Mobile Operating Systems"/>
    <xs:enumeration value="Mobile Systems - Near Field Communications"/>
    <xs:enumeration value="Mobile Systems - Mobile Devices"/>
    <xs:enumeration value="Third-Party Services"/>
    <xs:enumeration value="Third-Party Services - Application Stores"/>
    <xs:enumeration value="Third-Party Services - Cloud Services"/>
    <xs:enumeration value="Third-Party Services - Security Vendors"/>
    <xs:enumeration value="Third-Party Services - Social Media"/>
    <xs:enumeration value="Third-Party Services - Software Update"/>
    <xs:enumeration value="Users"/>
    <xs:enumeration value="Users - Application And Software"/>
    <xs:enumeration value="Users - Workstation"/>
    <xs:enumeration value="Users - Removable Media"/>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:InformationTypeVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The InformationTypeVocab is the default STIX vocabulary for expressing the type of information.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#InformationTypeVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#InformationTypeVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Information Type Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#InformationTypeVocab-1.0 optional
Source
<xs:complexType name="InformationTypeVocab-1.0">
  <xs:annotation>
    <xs:documentation>The InformationTypeVocab is the default STIX vocabulary for expressing the type of information.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:InformationTypeEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Information Type Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#InformationTypeVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:InformationTypeEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for types of information.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Information Assets
enumeration Information Assets - Corporate Employee Information
enumeration Information Assets - Customer PII
enumeration Information Assets - Email Lists / Archives
enumeration Information Assets - Financial Data
enumeration Information Assets - Intellectual Property
enumeration Information Assets - Mobile Phone Contacts
enumeration Information Assets - User Credentials
enumeration Authentication Cookies
Source
<xs:simpleType name="InformationTypeEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for types of information.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <source>The initial version of this enumeration was contributed by iSight Partners, Inc. and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Information Assets"/>
    <xs:enumeration value="Information Assets - Corporate Employee Information"/>
    <xs:enumeration value="Information Assets - Customer PII"/>
    <xs:enumeration value="Information Assets - Email Lists / Archives"/>
    <xs:enumeration value="Information Assets - Financial Data"/>
    <xs:enumeration value="Information Assets - Intellectual Property"/>
    <xs:enumeration value="Information Assets - Mobile Phone Contacts"/>
    <xs:enumeration value="Information Assets - User Credentials"/>
    <xs:enumeration value="Authentication Cookies"/>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:ThreatActorTypeVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The ThreatActorTypeVocab is the default STIX vocabulary for expressing the type of a threat actor.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#ThreatActorTypeVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#ThreatActorTypeVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Threat Actor Type Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#ThreatActorTypeVocab-1.0 optional
Source
<xs:complexType name="ThreatActorTypeVocab-1.0">
  <xs:annotation>
    <xs:documentation>The ThreatActorTypeVocab is the default STIX vocabulary for expressing the type of a threat actor.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:ThreatActorTypeEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Threat Actor Type Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#ThreatActorTypeVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:ThreatActorTypeEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for types of threat actors.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Cyber Espionage Operations
enumeration Hacker
enumeration Hacker - White hat
enumeration Hacker - Gray hat
enumeration Hacker - Black hat
enumeration Hacktivist
enumeration State Actor / Agency
enumeration eCrime Actor - Credential Theft Botnet Operator
enumeration eCrime Actor - Credential Theft Botnet Service
enumeration eCrime Actor - Malware Developer
enumeration eCrime Actor - Money Laundering Network
enumeration eCrime Actor - Organized Crime Actor
enumeration eCrime Actor - Spam Service
enumeration eCrime Actor - Traffic Service
enumeration eCrime Actor - Underground Call Service
enumeration Insider Threat
enumeration Disgruntled Customer / User
Source
<xs:simpleType name="ThreatActorTypeEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for types of threat actors.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <source>The initial version of this enumeration was contributed by iSight Partners, Inc. and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Cyber Espionage Operations"/>
    <xs:enumeration value="Hacker"/>
    <xs:enumeration value="Hacker - White hat"/>
    <xs:enumeration value="Hacker - Gray hat"/>
    <xs:enumeration value="Hacker - Black hat"/>
    <xs:enumeration value="Hacktivist"/>
    <xs:enumeration value="State Actor / Agency"/>
    <xs:enumeration value="eCrime Actor - Credential Theft Botnet Operator"/>
    <xs:enumeration value="eCrime Actor - Credential Theft Botnet Service"/>
    <xs:enumeration value="eCrime Actor - Malware Developer"/>
    <xs:enumeration value="eCrime Actor - Money Laundering Network"/>
    <xs:enumeration value="eCrime Actor - Organized Crime Actor"/>
    <xs:enumeration value="eCrime Actor - Spam Service"/>
    <xs:enumeration value="eCrime Actor - Traffic Service"/>
    <xs:enumeration value="eCrime Actor - Underground Call Service"/>
    <xs:enumeration value="Insider Threat"/>
    <xs:enumeration value="Disgruntled Customer / User"/>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:MotivationVocab-1.1
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#MotivationVocab-1.1_vocab_name stix_default_vocabularies_xsd.tmp#MotivationVocab-1.1_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Motivation Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#MotivationVocab-1.1 optional
Source
<xs:complexType name="MotivationVocab-1.1">
  <xs:annotation>
    <xs:documentation>The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:MotivationEnum-1.1"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Motivation Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#MotivationVocab-1.1"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:MotivationEnum-1.1
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for motivations of a threat actor.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Ideological
enumeration Ideological - Anti-Corruption
enumeration Ideological - Anti-Establishment
enumeration Ideological - Environmental
enumeration Ideological - Ethnic / Nationalist
enumeration Ideological - Information Freedom
enumeration Ideological - Religious
enumeration Ideological - Security Awareness
enumeration Ideological - Human Rights
enumeration Ego
enumeration Financial or Economic
enumeration Military
enumeration Opportunistic
enumeration Political
Source
<xs:simpleType name="MotivationEnum-1.1">
  <xs:annotation>
    <xs:documentation>The possible values for motivations of a threat actor.</xs:documentation>
    <xs:appinfo>
      <version>1.1</version>
      <source>The initial version of this enumeration was contributed by iSight Partners, Inc. and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Ideological"/>
    <xs:enumeration value="Ideological - Anti-Corruption"/>
    <xs:enumeration value="Ideological - Anti-Establishment"/>
    <xs:enumeration value="Ideological - Environmental"/>
    <xs:enumeration value="Ideological - Ethnic / Nationalist"/>
    <xs:enumeration value="Ideological - Information Freedom"/>
    <xs:enumeration value="Ideological - Religious"/>
    <xs:enumeration value="Ideological - Security Awareness"/>
    <xs:enumeration value="Ideological - Human Rights"/>
    <xs:enumeration value="Ego"/>
    <xs:enumeration value="Financial or Economic"/>
    <xs:enumeration value="Military"/>
    <xs:enumeration value="Opportunistic"/>
    <xs:enumeration value="Political"/>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:MotivationVocab-1.0.1
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor.
NOTE: As of STIX Version 1.1, this version of the MotivationVocab is deprecated. Please use MotivationVocab-1.1 instead.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#MotivationVocab-1.0.1_vocab_name stix_default_vocabularies_xsd.tmp#MotivationVocab-1.0.1_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Motivation Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#MotivationVocab-1.0.1 optional
Source
<xs:complexType name="MotivationVocab-1.0.1">
  <xs:annotation>
    <xs:documentation>The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor.</xs:documentation>
    <xs:documentation>NOTE: As of STIX Version 1.1, this version of the MotivationVocab is deprecated. Please use MotivationVocab-1.1 instead.</xs:documentation>
    <xs:appinfo>
      <deprecated>true</deprecated>
    </xs:appinfo>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:MotivationEnum-1.0.1"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Motivation Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#MotivationVocab-1.0.1"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:MotivationEnum-1.0.1
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for motivations of a threat actor.
NOTE: As of STIX Version 1.1, this version of the MotivationEnum is deprecated. Please use MotivationEnum-1.1 instead.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Ideological
enumeration Ideological - Anti-Corruption
enumeration Ideological - Anti-Establishment
enumeration Ideological - Environmental
enumeration Ideological - Ethnic / Nationalist
enumeration Ideological - Information Freedom
enumeration Ideological - Religious
enumeration Ideological - Security Awareness
enumeration Ideological - Human Rights
enumeration Ego
enumeration Financial or Economic
enumeration Military
enumeration Opportunistic
enumeration Policital
Source
<xs:simpleType name="MotivationEnum-1.0.1">
  <xs:annotation>
    <xs:documentation>The possible values for motivations of a threat actor.</xs:documentation>
    <xs:documentation>NOTE: As of STIX Version 1.1, this version of the MotivationEnum is deprecated. Please use MotivationEnum-1.1 instead.</xs:documentation>
    <xs:appinfo>
      <version>1.0.1</version>
      <deprecated>true</deprecated>
      <source>The initial version of this enumeration was contributed by iSight Partners, Inc. and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Ideological"/>
    <xs:enumeration value="Ideological - Anti-Corruption"/>
    <xs:enumeration value="Ideological - Anti-Establishment"/>
    <xs:enumeration value="Ideological - Environmental"/>
    <xs:enumeration value="Ideological - Ethnic / Nationalist"/>
    <xs:enumeration value="Ideological - Information Freedom"/>
    <xs:enumeration value="Ideological - Religious"/>
    <xs:enumeration value="Ideological - Security Awareness"/>
    <xs:enumeration value="Ideological - Human Rights"/>
    <xs:enumeration value="Ego"/>
    <xs:enumeration value="Financial or Economic"/>
    <xs:enumeration value="Military"/>
    <xs:enumeration value="Opportunistic"/>
    <xs:enumeration value="Policital"/>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:MotivationVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor.
NOTE: As of STIX Version 1.0.1, this version of the MotivationVocab is deprecated. Please use MotivationVocab-1.0.1 instead.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#MotivationVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#MotivationVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Motivation Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#MotivationVocab-1.0 optional
Source
<xs:complexType name="MotivationVocab-1.0">
  <xs:annotation>
    <xs:documentation>The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor.</xs:documentation>
    <xs:documentation>NOTE: As of STIX Version 1.0.1, this version of the MotivationVocab is deprecated. Please use MotivationVocab-1.0.1 instead.</xs:documentation>
    <xs:appinfo>
      <deprecated>true</deprecated>
    </xs:appinfo>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:MotivationEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Motivation Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#MotivationVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:MotivationEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for motivations of a threat actor.
NOTE: As of STIX Version 1.0.1, this version of the MotivationEnum is deprecated. Please use MotivationEnum-1.0.1 instead.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Ideological
enumeration Ideological - Anti-Corruption
enumeration Ideological - Anti-Establisment
enumeration Ideological - Environmental
enumeration Ideological - Ethnic / Nationalist
enumeration Ideological - Information Freedom
enumeration Ideological - Religious
enumeration Ideological - Security Awareness
enumeration Ideological - Human Rights
enumeration Ego
enumeration Financial or Economic
enumeration Military
enumeration Opportunistic
enumeration Policital
Source
<xs:simpleType name="MotivationEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for motivations of a threat actor.</xs:documentation>
    <xs:documentation>NOTE: As of STIX Version 1.0.1, this version of the MotivationEnum is deprecated. Please use MotivationEnum-1.0.1 instead.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <source>The initial version of this enumeration was contributed by iSight Partners, Inc. and is used with their permission.</source>
      <deprecated>true</deprecated>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Ideological"/>
    <xs:enumeration value="Ideological - Anti-Corruption"/>
    <xs:enumeration value="Ideological - Anti-Establisment"/>
    <xs:enumeration value="Ideological - Environmental"/>
    <xs:enumeration value="Ideological - Ethnic / Nationalist"/>
    <xs:enumeration value="Ideological - Information Freedom"/>
    <xs:enumeration value="Ideological - Religious"/>
    <xs:enumeration value="Ideological - Security Awareness"/>
    <xs:enumeration value="Ideological - Human Rights"/>
    <xs:enumeration value="Ego"/>
    <xs:enumeration value="Financial or Economic"/>
    <xs:enumeration value="Military"/>
    <xs:enumeration value="Opportunistic"/>
    <xs:enumeration value="Policital"/>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:IntendedEffectVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#IntendedEffectVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#IntendedEffectVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Intended Effect Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#IntendedEffectVocab-1.0 optional
Source
<xs:complexType name="IntendedEffectVocab-1.0">
  <xs:annotation>
    <xs:documentation>The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:IntendedEffectEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Intended Effect Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#IntendedEffectVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:IntendedEffectEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for effects intended by a threat actor.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Advantage
enumeration Advantage - Economic
enumeration Advantage - Military
enumeration Advantage - Political
enumeration Theft
enumeration Theft - Intellectual Property
enumeration Theft - Credential Theft
enumeration Theft - Identity Theft
enumeration Theft - Theft of Proprietary Information
enumeration Account Takeover
enumeration Brand Damage
enumeration Competitive Advantage
enumeration Degradation of Service
enumeration Denial and Deception
enumeration Destruction
enumeration Disruption
enumeration Embarrassment
enumeration Exposure
enumeration Extortion
enumeration Fraud
enumeration Harassment
enumeration ICS Control
enumeration Traffic Diversion
enumeration Unauthorized Access
Source
<xs:simpleType name="IntendedEffectEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for effects intended by a threat actor.</xs:documentation>
    <xs:appinfo>
      <version>1.0</version>
      <source>The initial version of this enumeration was contributed by iSight Partners, Inc. and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Advantage"/>
    <xs:enumeration value="Advantage - Economic"/>
    <xs:enumeration value="Advantage - Military"/>
    <xs:enumeration value="Advantage - Political"/>
    <xs:enumeration value="Theft"/>
    <xs:enumeration value="Theft - Intellectual Property"/>
    <xs:enumeration value="Theft - Credential Theft"/>
    <xs:enumeration value="Theft - Identity Theft"/>
    <xs:enumeration value="Theft - Theft of Proprietary Information"/>
    <xs:enumeration value="Account Takeover"/>
    <xs:enumeration value="Brand Damage"/>
    <xs:enumeration value="Competitive Advantage"/>
    <xs:enumeration value="Degradation of Service"/>
    <xs:enumeration value="Denial and Deception"/>
    <xs:enumeration value="Destruction"/>
    <xs:enumeration value="Disruption"/>
    <xs:enumeration value="Embarrassment"/>
    <xs:enumeration value="Exposure"/>
    <xs:enumeration value="Extortion"/>
    <xs:enumeration value="Fraud"/>
    <xs:enumeration value="Harassment"/>
    <xs:enumeration value="ICS Control"/>
    <xs:enumeration value="Traffic Diversion"/>
    <xs:enumeration value="Unauthorized Access"/>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:PlanningAndOperationalSupportVocab-1.0.1
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions of a threat actor.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#PlanningAndOperationalSupportVocab-1.0.1_vocab_name stix_default_vocabularies_xsd.tmp#PlanningAndOperationalSupportVocab-1.0.1_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Planning and Operational Support Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#PlanningAndOperationalSupportVocab-1.0.1 optional
Source
<xs:complexType name="PlanningAndOperationalSupportVocab-1.0.1">
  <xs:annotation>
    <xs:documentation>The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions of a threat actor.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:PlanningAndOperationalSupportEnum-1.0.1"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Planning and Operational Support Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#PlanningAndOperationalSupportVocab-1.0.1"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:PlanningAndOperationalSupportEnum-1.0.1
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for types of planning and operational support functions of a threat actor.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Data Exploitation
enumeration Data Exploitation - Analytic Support
enumeration Data Exploitation - Translation Support
enumeration Financial Resources
enumeration Financial Resources - Academic
enumeration Financial Resources - Commercial
enumeration Financial Resources - Government
enumeration Financial Resources - Hacktivist or Grassroot
enumeration Financial Resources - Non-Attributable Finance
enumeration Skill Development / Recruitment
enumeration Skill Development / Recruitment - Contracting and Hiring
enumeration Skill Development / Recruitment - Document Exploitation (DOCEX) Training
enumeration Skill Development / Recruitment - Internal Training
enumeration Skill Development / Recruitment - Military Programs
enumeration Skill Development / Recruitment - Security / Hacker Conferences
enumeration Skill Development / Recruitment - Underground Forums
enumeration Skill Development / Recruitment - University Programs
enumeration Planning
enumeration Planning - Operational Cover Plan
enumeration Planning - Open-Source Intelligence (OSINT) Gathering
enumeration Planning - Pre-Operational Surveillance and Reconnaissance
enumeration Planning - Target Selection
Source
<xs:simpleType name="PlanningAndOperationalSupportEnum-1.0.1">
  <xs:annotation>
    <xs:documentation>The possible values for types of planning and operational support functions of a threat actor.</xs:documentation>
    <xs:appinfo>
      <version>1.0.1</version>
      <source>The initial version of this enumeration was contributed by iSight Partners, Inc. and is used with their permission.</source>
    </xs:appinfo>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="Data Exploitation"/>
    <xs:enumeration value="Data Exploitation - Analytic Support"/>
    <xs:enumeration value="Data Exploitation - Translation Support"/>
    <xs:enumeration value="Financial Resources"/>
    <xs:enumeration value="Financial Resources - Academic"/>
    <xs:enumeration value="Financial Resources - Commercial"/>
    <xs:enumeration value="Financial Resources - Government"/>
    <xs:enumeration value="Financial Resources - Hacktivist or Grassroot"/>
    <xs:enumeration value="Financial Resources - Non-Attributable Finance"/>
    <xs:enumeration value="Skill Development / Recruitment"/>
    <xs:enumeration value="Skill Development / Recruitment - Contracting and Hiring"/>
    <xs:enumeration value="Skill Development / Recruitment - Document Exploitation (DOCEX) Training"/>
    <xs:enumeration value="Skill Development / Recruitment - Internal Training"/>
    <xs:enumeration value="Skill Development / Recruitment - Military Programs"/>
    <xs:enumeration value="Skill Development / Recruitment - Security / Hacker Conferences"/>
    <xs:enumeration value="Skill Development / Recruitment - Underground Forums"/>
    <xs:enumeration value="Skill Development / Recruitment - University Programs"/>
    <xs:enumeration value="Planning"/>
    <xs:enumeration value="Planning - Operational Cover Plan"/>
    <xs:enumeration value="Planning - Open-Source Intelligence (OSINT) Gathering"/>
    <xs:enumeration value="Planning - Pre-Operational Surveillance and Reconnaissance"/>
    <xs:enumeration value="Planning - Target Selection"/>
  </xs:restriction>
</xs:simpleType>
Complex Type stixVocabs:PlanningAndOperationalSupportVocab-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions of a threat actor.
NOTE: As of STIX Version 1.0.1, this version of the PlanningAndOperationalSupportVocab is deprecated. Please use PlanningAndOperationalSupportVocab-1.0.1 instead.
Diagram
Diagram stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_name stix_common_xsd.tmp#ControlledVocabularyStringType_vocab_reference stix_common_xsd.tmp#ControlledVocabularyStringType stix_default_vocabularies_xsd.tmp#PlanningAndOperationalSupportVocab-1.0_vocab_name stix_default_vocabularies_xsd.tmp#PlanningAndOperationalSupportVocab-1.0_vocab_reference
Type restriction of stixCommon:ControlledVocabularyStringType
Type hierarchy
Attributes
QName Type Fixed Use
vocab_name xs:string STIX Default Planning and Operational Support Vocabulary optional
vocab_reference xs:anyURI http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#PlanningAndOperationalSupportVocab-1.0 optional
Source
<xs:complexType name="PlanningAndOperationalSupportVocab-1.0">
  <xs:annotation>
    <xs:documentation>The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions of a threat actor.</xs:documentation>
    <xs:documentation>NOTE: As of STIX Version 1.0.1, this version of the PlanningAndOperationalSupportVocab is deprecated. Please use PlanningAndOperationalSupportVocab-1.0.1 instead.</xs:documentation>
    <xs:appinfo>
      <deprecated>true</deprecated>
    </xs:appinfo>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="stixCommon:ControlledVocabularyStringType">
      <xs:simpleType>
        <xs:union memberTypes="stixVocabs:PlanningAndOperationalSupportEnum-1.0"/>
      </xs:simpleType>
      <xs:attribute name="vocab_name" type="xs:string" use="optional" fixed="STIX Default Planning and Operational Support Vocabulary"/>
      <xs:attribute name="vocab_reference" type="xs:anyURI" use="optional" fixed="http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd#PlanningAndOperationalSupportVocab-1.0"/>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Simple Type stixVocabs:PlanningAndOperationalSupportEnum-1.0
Namespace http://stix.mitre.org/default_vocabularies-1
Annotations
The possible values for types of planning and operational support functions of a threat actor.
NOTE: As of STIX Version 1.0.1, this version of the PlanningAndOperationalSupportEnumType is deprecated. Please use PlanningAndOperationalSupportEnum-1.0.1 instead.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration Data Exploitation
enumeration Data Exploitation - Analytic Support
enumeration Data Exploitation - Translation Support
enumeration Financial Resources
enumeration Financial Resources - Academic
enumeration Financial Resources - Commercial
enumeration Financial Resources - Government
enumeration Financial Resources - Hacktivist or Grassroot
enumeration Financial Resources - Non-Attributable Finance
enumeration Skill Development / Recruitment
enumeration Skill Development / Recruitment - Contracting and Hiring
enumeration Skill Development / Recruitment - Document Exploitation (DOCEX) Training
enumeration Skill Development / Recruitment - Internal Training
enumeration Skill Development / Recruitment - Military Programs
enumeration Skill Development / Recruitment - Security / Hacker Conferences
enumeration Skill Development / Recruitment - Underground Forums
enumeration Skill Development / Recruitment - University Programs
enumeration Planning
enumeration Planning - Operational Cover Plan
enumeration Planning - Open-Source Intelligence (OSINT) Gethering
enumeration Planning - Pre-Operational Surveillance and Reconnaissance
enumeration Planning - Target Selection
Source
<xs:simpleType name="PlanningAndOperationalSupportEnum-1.0">
  <xs:annotation>
    <xs:documentation>The possible values for types of planning and operational support functions of a threat actor.</xs:documentation>
    <xs:documentation>NOTE: As of STIX Version 1.0.1, this version of the PlanningAndOperationalSupportEnumType is deprecated. Please use PlanningAndOperationalSupportEnum-1.0.1 instead.</xs:documentation>