Showing:

Annotations
Attributes
Diagrams
Source
Main schema snort_test_mechanism.xsd
Namespace http://stix.mitre.org/extensions/TestMechanism#Snort-1
Annotations
 
This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.
Element snortTM:SnortTestMechanismType / snortTM:Product_Name
Namespace http://stix.mitre.org/extensions/TestMechanism#Snort-1
Annotations
 
Name of the Snort-compatible tool that the rules were written again. If the tool has a CPE name, use of that name is suggested, otherwise a simple name like "Snort", "Suricata", or "Sourcefire" could be used.
Diagram
Diagram
Type xs:string
Source
 
<xs:element name="Product_Name" type="xs:string" minOccurs="0">
  <xs:annotation>
    <xs:documentation>Name of the Snort-compatible tool that the rules were written again. If the tool has a CPE name, use of that name is suggested, otherwise a simple name like "Snort", "Suricata", or "Sourcefire" could be used.</xs:documentation>
  </xs:annotation>
</xs:element>
Element snortTM:SnortTestMechanismType / snortTM:Version
Namespace http://stix.mitre.org/extensions/TestMechanism#Snort-1
Annotations
 
The Version of Snort or Snort-compatible tool that the rules were written against.
Diagram
Diagram
Type xs:string
Source
 
<xs:element name="Version" type="xs:string" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The Version of Snort or Snort-compatible tool that the rules were written against.</xs:documentation>
  </xs:annotation>
</xs:element>
Element snortTM:SnortTestMechanismType / snortTM:Rule
Namespace http://stix.mitre.org/extensions/TestMechanism#Snort-1
Annotations
 
The Rule field encapsulates a Snort rule in its native format within a String field. The specification should be within a CDATA construct within the String field.
Diagram
Diagram stix_common_xsd.tmp#EncodedCDATAType_encoded stix_common_xsd.tmp#EncodedCDATAType
Type stixCommon:EncodedCDATAType
Attributes
QName Type Default Use Annotation
encoded xs:boolean false optional 
If true, specifies that the content encoded in the element is encoded using Base64 per RFC4648.
Source
 
<xs:element name="Rule" type="stixCommon:EncodedCDATAType" minOccurs="0" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Rule field encapsulates a Snort rule in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
  </xs:annotation>
</xs:element>
Element snortTM:SnortTestMechanismType / snortTM:Event_Filter
Namespace http://stix.mitre.org/extensions/TestMechanism#Snort-1
Annotations
 
The Event_Filter field encapsulates a Snort event filter line in its native format within a String field. The specification should be within a CDATA construct within the String field.
Diagram
Diagram stix_common_xsd.tmp#EncodedCDATAType_encoded stix_common_xsd.tmp#EncodedCDATAType
Type stixCommon:EncodedCDATAType
Attributes
QName Type Default Use Annotation
encoded xs:boolean false optional 
If true, specifies that the content encoded in the element is encoded using Base64 per RFC4648.
Source
 
<xs:element name="Event_Filter" type="stixCommon:EncodedCDATAType" minOccurs="0" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Event_Filter field encapsulates a Snort event filter line in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
  </xs:annotation>
</xs:element>
Element snortTM:SnortTestMechanismType / snortTM:Rate_Filter
Namespace http://stix.mitre.org/extensions/TestMechanism#Snort-1
Annotations
 
The Rate_Filter field encapsulates a Snort rate filter line in its native format within a String field. The specification should be within a CDATA construct within the String field.
Diagram
Diagram stix_common_xsd.tmp#EncodedCDATAType_encoded stix_common_xsd.tmp#EncodedCDATAType
Type stixCommon:EncodedCDATAType
Attributes
QName Type Default Use Annotation
encoded xs:boolean false optional 
If true, specifies that the content encoded in the element is encoded using Base64 per RFC4648.
Source
 
<xs:element name="Rate_Filter" type="stixCommon:EncodedCDATAType" minOccurs="0" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Rate_Filter field encapsulates a Snort rate filter line in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
  </xs:annotation>
</xs:element>
Element snortTM:SnortTestMechanismType / snortTM:Event_Suppression
Namespace http://stix.mitre.org/extensions/TestMechanism#Snort-1
Annotations
 
The Event_Suppression field encapsulates a Snort event suppression line in its native format within a String field. The specification should be within a CDATA construct within the String field.
Diagram
Diagram stix_common_xsd.tmp#EncodedCDATAType_encoded stix_common_xsd.tmp#EncodedCDATAType
Type stixCommon:EncodedCDATAType
Attributes
QName Type Default Use Annotation
encoded xs:boolean false optional 
If true, specifies that the content encoded in the element is encoded using Base64 per RFC4648.
Source
 
<xs:element name="Event_Suppression" type="stixCommon:EncodedCDATAType" minOccurs="0" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Event_Suppression field encapsulates a Snort event suppression line in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
  </xs:annotation>
</xs:element>
Complex Type snortTM:SnortTestMechanismType
Namespace http://stix.mitre.org/extensions/TestMechanism#Snort-1
Annotations
 
The SnortTestMechanismType specifies an instantial extension from the abstract TestMechanismType intended to support the inclusion of a Snort rule as a test mechanism content.
Diagram
Diagram indicator_xsd.tmp#TestMechanismType_id indicator_xsd.tmp#TestMechanismType_idref indicator_xsd.tmp#TestMechanismType_Efficacy indicator_xsd.tmp#TestMechanismType_Producer indicator_xsd.tmp#TestMechanismType snort_test_mechanism_xsd.tmp#SnortTestMechanismType_Product_Name snort_test_mechanism_xsd.tmp#SnortTestMechanismType_Version snort_test_mechanism_xsd.tmp#SnortTestMechanismType_Rule snort_test_mechanism_xsd.tmp#SnortTestMechanismType_Event_Filter snort_test_mechanism_xsd.tmp#SnortTestMechanismType_Rate_Filter snort_test_mechanism_xsd.tmp#SnortTestMechanismType_Event_Suppression
Type extension of indicator:TestMechanismType
Type hierarchy
Children indicator:Efficacy, indicator:Producer, snortTM:Event_Filter, snortTM:Event_Suppression, snortTM:Product_Name, snortTM:Rate_Filter, snortTM:Rule, snortTM:Version
Attributes
QName Type Use Annotation
id xs:QName optional 
Specifies a unique ID for this Test Mechanism.
idref xs:QName optional 
Specifies a reference to the ID of a Test Mechanism specified elsewhere.
 
When idref is specified, the id attribute must not be specified, and any instance of this Test Mechanism should not hold content.
Source
 
<xs:complexType name="SnortTestMechanismType">
  <xs:annotation>
    <xs:documentation>The SnortTestMechanismType specifies an instantial extension from the abstract TestMechanismType intended to support the inclusion of a Snort rule as a test mechanism content.</xs:documentation>
  </xs:annotation>
  <xs:complexContent>
    <xs:extension base="indicator:TestMechanismType">
      <xs:sequence>
        <xs:element name="Product_Name" type="xs:string" minOccurs="0">
          <xs:annotation>
            <xs:documentation>Name of the Snort-compatible tool that the rules were written again. If the tool has a CPE name, use of that name is suggested, otherwise a simple name like "Snort", "Suricata", or "Sourcefire" could be used.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Version" type="xs:string" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The Version of Snort or Snort-compatible tool that the rules were written against.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Rule" type="stixCommon:EncodedCDATAType" minOccurs="0" maxOccurs="unbounded">
          <xs:annotation>
            <xs:documentation>The Rule field encapsulates a Snort rule in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Event_Filter" type="stixCommon:EncodedCDATAType" minOccurs="0" maxOccurs="unbounded">
          <xs:annotation>
            <xs:documentation>The Event_Filter field encapsulates a Snort event filter line in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Rate_Filter" type="stixCommon:EncodedCDATAType" minOccurs="0" maxOccurs="unbounded">
          <xs:annotation>
            <xs:documentation>The Rate_Filter field encapsulates a Snort rate filter line in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Event_Suppression" type="stixCommon:EncodedCDATAType" minOccurs="0" maxOccurs="unbounded">
          <xs:annotation>
            <xs:documentation>The Event_Suppression field encapsulates a Snort event suppression line in its native format within a String field. The specification should be within a CDATA construct within the String field.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
XML Schema documentation generated by ® XML Editor.