This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org.
Element report:Report
Namespace
http://stix.mitre.org/Report-1
Annotations
The Report construct gives context to a grouping of STIX content.
Specifies a timestamp for the definition of a specific version of a Report. When used in conjunction with the id, this field is specifying the definition time for the specific version of the Report. When used in conjunction with the idref, this field is specifying a reference to a specific version of a Report defined elsewhere. This field has no defined semantic meaning if used in the absence of either the id or idref fields.
Specifies the relevant Report schema version for this content.
Source
<xs:element name="Report" type="report:ReportType"><xs:annotation><xs:documentation>The Report construct gives context to a grouping of STIX content.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Header" type="report:HeaderType" minOccurs="0"><xs:annotation><xs:documentation>The Header field provides the contextual information for this grouping of STIX content.</xs:documentation></xs:annotation></xs:element>
The Title field provides a simple title for this Report.
Diagram
Type
xs:string
Source
<xs:element name="Title" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>The Title field provides a simple title for this Report.</xs:documentation></xs:annotation></xs:element>
The Intent field characterizes the intended purpose(s) or use(s) for this Report.
This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ReportIntentVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.
Source
<xs:element name="Intent" type="stixCommon:ControlledVocabularyStringType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Intent field characterizes the intended purpose(s) or use(s) for this Report.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ReportIntentVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.</xs:documentation><xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.</xs:documentation></xs:annotation></xs:element>
Specifies the intended order position of this construct instance (e.g. Description) within a set of potentially multiple peer construct instances. If only a single construct instance is present its ordinality can be assumed to be 1. If multiple construct instances are present, the ordinality field should be specified with unique values for each instance.
Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interferring with XML validation of the STIX document. If this attribute is absent, the implication is that no markup is being used.
Source
<xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Description field provides a description of this Report.</xs:documentation></xs:annotation></xs:element>
Specifies the intended order position of this construct instance (e.g. Description) within a set of potentially multiple peer construct instances. If only a single construct instance is present its ordinality can be assumed to be 1. If multiple construct instances are present, the ordinality field should be specified with unique values for each instance.
Used to indicate a particular structuring format (e.g., HTML5) used within an instance of StructuredTextType. Note that if the markup tags used by this format would be interpreted as XML information (such as the bracket-based tags of HTML) the text area should be enclosed in a CDATA section to prevent the markup from interferring with XML validation of the STIX document. If this attribute is absent, the implication is that no markup is being used.
Source
<xs:element name="Short_Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Short_Description field provides a short description of this Report.</xs:documentation></xs:annotation></xs:element>
Specifies the relevant handling guidance for this Report. The valid marking scope is the nearest ReportType ancestor of this Handling element and all its descendants.
<xs:element name="Handling" type="marking:MarkingType" minOccurs="0"><xs:annotation><xs:documentation>Specifies the relevant handling guidance for this Report. The valid marking scope is the nearest ReportType ancestor of this Handling element and all its descendants.</xs:documentation></xs:annotation></xs:element>
The Information_Source field details the source of this Report, including time information as well as information about the producer, contributors, tools, and references.
<xs:element name="Information_Source" type="stixCommon:InformationSourceType" minOccurs="0"><xs:annotation><xs:documentation>The Information_Source field details the source of this Report, including time information as well as information about the producer, contributors, tools, and references.</xs:documentation></xs:annotation></xs:element>
The cybox_update_version field specifies the update version of the CybOX language utilized for this set of Observables. This field MUST be used when using an update version of CybOX.
Source
<xs:element name="Observables" type="cybox:ObservablesType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more cyber observables.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Indicators" type="report:IndicatorsType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more cyber threat Indicators.</xs:documentation></xs:annotation></xs:element>
This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is IndicatorType in the http://stix.mitre.org/Indicator-2 namespace. This type is defined in the indicator.xsd file or at the URL http://stix.mitre.org/XMLSchema/indicator/2.2/indicator.xsd.
Specifies a timestamp for the definition of a specific version of an Indicator. When used in conjunction with the id, this field is specifying the definition time for the specific version of the Indicator. When used in conjunction with the idref, this field is specifying a reference to a specific version of an Indicator defined elsewhere. This field has no defined semantic meaning if used in the absence of either the id or idref fields.
Source
<xs:element name="Indicator" type="stixCommon:IndicatorBaseType" maxOccurs="unbounded"><xs:annotation><xs:documentation>Characterizes a single cyber threat Indicator.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is IndicatorType in the http://stix.mitre.org/Indicator-2 namespace. This type is defined in the indicator.xsd file or at the URL http://stix.mitre.org/XMLSchema/indicator/2.2/indicator.xsd.</xs:documentation></xs:annotation></xs:element>
<xs:element name="TTPs" type="report:TTPsType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more cyber threat adversary Tactics, Techniques or Procedures.</xs:documentation></xs:annotation></xs:element>
Characterizes a single cyber threat adversary Tactic, Technique or Procedure.
This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is TTPType in the http://stix.mitre.org/TTP-1 namespace. This type is defined in the ttp.xsd file or at the URL http://stix.mitre.org/XMLSchema/ttp/1.2/ttp.xsd.
Specifies a timestamp for the definition of a specific version of a TTP item. When used in conjunction with the id, this field is specifying the definition time for the specific version of the TTP item. When used in conjunction with the idref, this field is specifying a reference to a specific version of a TTP item defined elsewhere. This field has no defined semantic meaning if used in the absence of either the id or idref fields.
Source
<xs:element name="TTP" type="stixCommon:TTPBaseType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>Characterizes a single cyber threat adversary Tactic, Technique or Procedure.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is TTPType in the http://stix.mitre.org/TTP-1 namespace. This type is defined in the ttp.xsd file or at the URL http://stix.mitre.org/XMLSchema/ttp/1.2/ttp.xsd.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Exploit_Targets" type="stixCommon:ExploitTargetsType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more potential targets for exploitation.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Incidents" type="report:IncidentsType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more cyber threat Incidents.</xs:documentation></xs:annotation></xs:element>
Identifies or characterizes a single cyber threat Incident.
This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is IncidentType in the http://stix.mitre.org/Incident-1 namespace. This type is defined in the incident.xsd file or at the URL http://stix.mitre.org/XMLSchema/incident/1.2/incident.xsd.
Specifies a timestamp for the definition of a specific version of an Incident. When used in conjunction with the id, this field is specifying the definition time for the specific version of the Incident. When used in conjunction with the idref, this field is specifying a reference to a specific version of an Incident defined elsewhere. This field has no defined semantic meaning if used in the absence of either the id or idref fields.
Source
<xs:element name="Incident" type="stixCommon:IncidentBaseType" maxOccurs="unbounded"><xs:annotation><xs:documentation>Identifies or characterizes a single cyber threat Incident.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is IncidentType in the http://stix.mitre.org/Incident-1 namespace. This type is defined in the incident.xsd file or at the URL http://stix.mitre.org/XMLSchema/incident/1.2/incident.xsd.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Courses_Of_Action" type="report:CoursesOfActionType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes Courses of Action to be taken in regards to one of more cyber threats.</xs:documentation></xs:annotation></xs:element>
The Course_Of_Action field characterizes a Course of Action to be taken in regards to one of more cyber threats.
This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is CourseOfActionType in the http://stix.mitre.org/CourseOfAction-1 namespace. This type is defined in the course_of_action.xsd file or at the URL http://stix.mitre.org/XMLSchema/course_of_action/1.2/course_of_action.xsd.
Specifies a timestamp for the definition of a specific version of a COA. When used in conjunction with the id, this field is specifying the definition time for the specific version of the COA. When used in conjunction with the idref, this field is specifying a reference to a specific version of a COA defined elsewhere. This field has no defined semantic meaning if used in the absence of either the id or idref fields.
Source
<xs:element name="Course_Of_Action" type="stixCommon:CourseOfActionBaseType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Course_Of_Action field characterizes a Course of Action to be taken in regards to one of more cyber threats.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is CourseOfActionType in the http://stix.mitre.org/CourseOfAction-1 namespace. This type is defined in the course_of_action.xsd file or at the URL http://stix.mitre.org/XMLSchema/course_of_action/1.2/course_of_action.xsd.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Campaigns" type="report:CampaignsType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more cyber threat Campaigns.</xs:documentation></xs:annotation></xs:element>
This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is CampaignType in the http://stix.mitre.org/Campaign-1 namespace. This type is defined in the campaign.xsd file or at the URL http://stix.mitre.org/XMLSchema/campaign/1.2/campaign.xsd.
Specifies a timestamp for the definition of a specific version of a Campaign. When used in conjunction with the id, this field is specifying the definition time for the specific version of the Campaign. When used in conjunction with the idref, this field is specifying a reference to a specific version of a Campaign defined elsewhere. This field has no defined semantic meaning if used in the absence of either the id or idref fields.
Source
<xs:element name="Campaign" type="stixCommon:CampaignBaseType" maxOccurs="unbounded"><xs:annotation><xs:documentation>Characterizes a single cyber threat Campaign.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is CampaignType in the http://stix.mitre.org/Campaign-1 namespace. This type is defined in the campaign.xsd file or at the URL http://stix.mitre.org/XMLSchema/campaign/1.2/campaign.xsd.</xs:documentation></xs:annotation></xs:element>
<xs:element name="Threat_Actors" type="report:ThreatActorsType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more cyber Threat Actors.</xs:documentation></xs:annotation></xs:element>
This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is ThreatActorType in the http://stix.mitre.org/ThreatActor-1 namespace. This type is defined in the threat_actor.xsd file or at the URL http://stix.mitre.org/XMLSchema/threat_actor/1.2/threat_actor.xsd.
Specifies a timestamp for the definition of a specific version of a ThreatActor. When used in conjunction with the id, this field is specifying the definition time for the specific version of the ThreatActor. When used in conjunction with the idref, this field is specifying a reference to a specific version of a ThreatActor defined elsewhere. This field has no defined semantic meaning if used in the absence of either the id or idref fields.
Source
<xs:element name="Threat_Actor" type="stixCommon:ThreatActorBaseType" maxOccurs="unbounded"><xs:annotation><xs:documentation>Characterizes a single cyber Threat Actor.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is ThreatActorType in the http://stix.mitre.org/ThreatActor-1 namespace. This type is defined in the threat_actor.xsd file or at the URL http://stix.mitre.org/XMLSchema/threat_actor/1.2/threat_actor.xsd.</xs:documentation></xs:annotation></xs:element>
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:element name="Related_Reports" type="report:RelatedReportsType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more relationships to other Reports.</xs:documentation></xs:annotation></xs:element>
The Related_Report field is optional and enables content producers to express a relationship between the enclosing report (i.e., the subject of the relationship) and a disparate report (i.e., the object side of the relationship).
<xs:element name="Related_Report" type="stixCommon:RelatedReportType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Related_Report field is optional and enables content producers to express a relationship between the enclosing report (i.e., the subject of the relationship) and a disparate report (i.e., the object side of the relationship).</xs:documentation></xs:annotation></xs:element>
Complex Type report:ReportType
Namespace
http://stix.mitre.org/Report-1
Annotations
ReportType defines a contextual wrapper for a grouping of STIX content.
Specifies a timestamp for the definition of a specific version of a Report. When used in conjunction with the id, this field is specifying the definition time for the specific version of the Report. When used in conjunction with the idref, this field is specifying a reference to a specific version of a Report defined elsewhere. This field has no defined semantic meaning if used in the absence of either the id or idref fields.
Specifies the relevant Report schema version for this content.
Source
<xs:complexType name="ReportType"><xs:annotation><xs:documentation>ReportType defines a contextual wrapper for a grouping of STIX content.</xs:documentation></xs:annotation><xs:complexContent><xs:extension base="stixCommon:ReportBaseType"><xs:sequence><xs:element name="Header" type="report:HeaderType" minOccurs="0"><xs:annotation><xs:documentation>The Header field provides the contextual information for this grouping of STIX content.</xs:documentation></xs:annotation></xs:element><xs:element name="Observables" type="cybox:ObservablesType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more cyber observables.</xs:documentation></xs:annotation></xs:element><xs:element name="Indicators" type="report:IndicatorsType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more cyber threat Indicators.</xs:documentation></xs:annotation></xs:element><xs:element name="TTPs" type="report:TTPsType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more cyber threat adversary Tactics, Techniques or Procedures.</xs:documentation></xs:annotation></xs:element><xs:element name="Exploit_Targets" type="stixCommon:ExploitTargetsType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more potential targets for exploitation.</xs:documentation></xs:annotation></xs:element><xs:element name="Incidents" type="report:IncidentsType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more cyber threat Incidents.</xs:documentation></xs:annotation></xs:element><xs:element name="Courses_Of_Action" type="report:CoursesOfActionType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes Courses of Action to be taken in regards to one of more cyber threats.</xs:documentation></xs:annotation></xs:element><xs:element name="Campaigns" type="report:CampaignsType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more cyber threat Campaigns.</xs:documentation></xs:annotation></xs:element><xs:element name="Threat_Actors" type="report:ThreatActorsType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more cyber Threat Actors.</xs:documentation></xs:annotation></xs:element><xs:element name="Related_Reports" type="report:RelatedReportsType" minOccurs="0"><xs:annotation><xs:documentation>Characterizes one or more relationships to other Reports.</xs:documentation></xs:annotation></xs:element></xs:sequence><xs:attribute name="version" type="report:ReportVersionEnum"><xs:annotation><xs:documentation>Specifies the relevant Report schema version for this content.</xs:documentation></xs:annotation></xs:attribute></xs:extension></xs:complexContent></xs:complexType>
Complex Type report:HeaderType
Namespace
http://stix.mitre.org/Report-1
Annotations
The HeaderType provides a structure for characterizing the contextual information in a Report of STIX content.
<xs:complexType name="HeaderType"><xs:annotation><xs:documentation>The HeaderType provides a structure for characterizing the contextual information in a Report of STIX content.</xs:documentation></xs:annotation><xs:sequence><xs:element name="Title" type="xs:string" minOccurs="0"><xs:annotation><xs:documentation>The Title field provides a simple title for this Report.</xs:documentation></xs:annotation></xs:element><xs:element name="Intent" type="stixCommon:ControlledVocabularyStringType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Intent field characterizes the intended purpose(s) or use(s) for this Report.</xs:documentation><xs:documentation>This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ReportIntentVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.</xs:documentation><xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.</xs:documentation></xs:annotation></xs:element><xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Description field provides a description of this Report.</xs:documentation></xs:annotation></xs:element><xs:element name="Short_Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Short_Description field provides a short description of this Report.</xs:documentation></xs:annotation></xs:element><xs:element name="Handling" type="marking:MarkingType" minOccurs="0"><xs:annotation><xs:documentation>Specifies the relevant handling guidance for this Report. The valid marking scope is the nearest ReportType ancestor of this Handling element and all its descendants.</xs:documentation></xs:annotation></xs:element><xs:element name="Information_Source" type="stixCommon:InformationSourceType" minOccurs="0"><xs:annotation><xs:documentation>The Information_Source field details the source of this Report, including time information as well as information about the producer, contributors, tools, and references.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
<xs:complexType name="IndicatorsType"><xs:sequence><xs:element name="Indicator" type="stixCommon:IndicatorBaseType" maxOccurs="unbounded"><xs:annotation><xs:documentation>Characterizes a single cyber threat Indicator.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is IndicatorType in the http://stix.mitre.org/Indicator-2 namespace. This type is defined in the indicator.xsd file or at the URL http://stix.mitre.org/XMLSchema/indicator/2.2/indicator.xsd.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
<xs:complexType name="TTPsType"><xs:sequence><xs:element name="TTP" type="stixCommon:TTPBaseType" minOccurs="0" maxOccurs="unbounded"><xs:annotation><xs:documentation>Characterizes a single cyber threat adversary Tactic, Technique or Procedure.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is TTPType in the http://stix.mitre.org/TTP-1 namespace. This type is defined in the ttp.xsd file or at the URL http://stix.mitre.org/XMLSchema/ttp/1.2/ttp.xsd.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
<xs:complexType name="IncidentsType"><xs:sequence><xs:element name="Incident" type="stixCommon:IncidentBaseType" maxOccurs="unbounded"><xs:annotation><xs:documentation>Identifies or characterizes a single cyber threat Incident.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is IncidentType in the http://stix.mitre.org/Incident-1 namespace. This type is defined in the incident.xsd file or at the URL http://stix.mitre.org/XMLSchema/incident/1.2/incident.xsd.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
<xs:complexType name="CoursesOfActionType"><xs:sequence><xs:element name="Course_Of_Action" type="stixCommon:CourseOfActionBaseType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Course_Of_Action field characterizes a Course of Action to be taken in regards to one of more cyber threats.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is CourseOfActionType in the http://stix.mitre.org/CourseOfAction-1 namespace. This type is defined in the course_of_action.xsd file or at the URL http://stix.mitre.org/XMLSchema/course_of_action/1.2/course_of_action.xsd.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
<xs:complexType name="CampaignsType"><xs:sequence><xs:element name="Campaign" type="stixCommon:CampaignBaseType" maxOccurs="unbounded"><xs:annotation><xs:documentation>Characterizes a single cyber threat Campaign.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is CampaignType in the http://stix.mitre.org/Campaign-1 namespace. This type is defined in the campaign.xsd file or at the URL http://stix.mitre.org/XMLSchema/campaign/1.2/campaign.xsd.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
<xs:complexType name="ThreatActorsType"><xs:sequence><xs:element name="Threat_Actor" type="stixCommon:ThreatActorBaseType" maxOccurs="unbounded"><xs:annotation><xs:documentation>Characterizes a single cyber Threat Actor.</xs:documentation><xs:documentation>This field is implemented through the xsi:type extension mechanism. The default and strongly recommended type is ThreatActorType in the http://stix.mitre.org/ThreatActor-1 namespace. This type is defined in the threat_actor.xsd file or at the URL http://stix.mitre.org/XMLSchema/threat_actor/1.2/threat_actor.xsd.</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:complexType>
Indicates how multiple related items should be interpreted in this relationship. If "inclusive" is specified, then a single conceptual relationship is being defined between the subject and the collection of objects indicated by the related items (i.e. the relationship is not necessarily relevant for any one particular object being referenced, but for the aggregated collection of objects referenced). If "exclusive" is specified, then multiple relationships are being defined between the specific subject and each object individually.
Source
<xs:complexType name="RelatedReportsType"><xs:complexContent><xs:extension base="stixCommon:GenericRelationshipListType"><xs:sequence><xs:element name="Related_Report" type="stixCommon:RelatedReportType" maxOccurs="unbounded"><xs:annotation><xs:documentation>The Related_Report field is optional and enables content producers to express a relationship between the enclosing report (i.e., the subject of the relationship) and a disparate report (i.e., the object side of the relationship).</xs:documentation></xs:annotation></xs:element></xs:sequence></xs:extension></xs:complexContent></xs:complexType>
Simple Type report:ReportVersionEnum
Namespace
http://stix.mitre.org/Report-1
Annotations
An enumeration of all versions of Report types valid in the current release of STIX.
<xs:simpleType name="ReportVersionEnum"><xs:annotation><xs:documentation>An enumeration of all versions of Report types valid in the current release of STIX.</xs:documentation></xs:annotation><xs:restriction base="xs:string"><xs:enumeration value="1.0"/></xs:restriction></xs:simpleType>
<xs:attribute name="version" type="report:ReportVersionEnum"><xs:annotation><xs:documentation>Specifies the relevant Report schema version for this content.</xs:documentation></xs:annotation></xs:attribute>
