From e439080d458ca38e1a707171a0a937aab15a642a Mon Sep 17 00:00:00 2001 From: Charissa Miller <48832936+clemiller@users.noreply.github.com> Date: Mon, 21 Oct 2024 11:37:22 -0400 Subject: [PATCH] remove autogenerated markdown files --- docusaurus/docs/sdo/asset.schema.md | 60 -------- docusaurus/docs/sdo/campaign.schema.md | 50 ------- docusaurus/docs/sdo/collection.schema.md | 48 ------- docusaurus/docs/sdo/data-component.schema.md | 39 ------ docusaurus/docs/sdo/data-source.schema.md | 41 ------ docusaurus/docs/sdo/group.schema.md | 40 ------ docusaurus/docs/sdo/identity.schema.md | 35 ----- docusaurus/docs/sdo/malware.schema.md | 58 -------- docusaurus/docs/sdo/matrix.schema.md | 39 ------ docusaurus/docs/sdo/mitigation.schema.md | 32 ----- docusaurus/docs/sdo/software.schema.md | 36 ----- docusaurus/docs/sdo/tactic.schema.md | 85 ------------ docusaurus/docs/sdo/technique.schema.md | 106 -------------- docusaurus/docs/sdo/tool.schema.md | 39 ------ .../docs/smo/marking-definition.schema.md | 129 ------------------ docusaurus/docs/sro/relationship.schema.md | 47 ------- 16 files changed, 884 deletions(-) delete mode 100644 docusaurus/docs/sdo/asset.schema.md delete mode 100644 docusaurus/docs/sdo/campaign.schema.md delete mode 100644 docusaurus/docs/sdo/collection.schema.md delete mode 100644 docusaurus/docs/sdo/data-component.schema.md delete mode 100644 docusaurus/docs/sdo/data-source.schema.md delete mode 100644 docusaurus/docs/sdo/group.schema.md delete mode 100644 docusaurus/docs/sdo/identity.schema.md delete mode 100644 docusaurus/docs/sdo/malware.schema.md delete mode 100644 docusaurus/docs/sdo/matrix.schema.md delete mode 100644 docusaurus/docs/sdo/mitigation.schema.md delete mode 100644 docusaurus/docs/sdo/software.schema.md delete mode 100644 docusaurus/docs/sdo/tactic.schema.md delete mode 100644 docusaurus/docs/sdo/technique.schema.md delete mode 100644 docusaurus/docs/sdo/tool.schema.md delete mode 100644 docusaurus/docs/smo/marking-definition.schema.md delete mode 100644 docusaurus/docs/sro/relationship.schema.md diff --git a/docusaurus/docs/sdo/asset.schema.md b/docusaurus/docs/sdo/asset.schema.md deleted file mode 100644 index 9d12785..0000000 --- a/docusaurus/docs/sdo/asset.schema.md +++ /dev/null @@ -1,60 +0,0 @@ -# Asset Schema - -## Asset - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'x-mitre-asset'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`created_by_ref`** (\*) | The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| `revoked` | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| **`external_references`** (\*) | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
| -| **`object_marking_refs`** (\*) | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_ _or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`name`** (\*) | The name of the object. | `string` (_min length: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_old_attack_id` | Old ATT&CK IDs that may have been associated with this object | `string` | -| `x_mitre_deprecated` | Indicates whether the object has been deprecated. | `boolean` | -| `description` | A description of the object. | `string` | -| `x_mitre_platforms` | List of platforms that apply to the object. | `Array<'Field Controller/RTU/PLC/IED' \| 'Network' \| 'Data Historian' \| 'Google Workspace' \| 'Office 365' \| 'Containers' \| 'Azure AD' \| 'Engineering Workstation' \| 'Control Server' \| 'Human-Machine Interface' \| 'Windows' \| 'Linux' \| 'IaaS' \| 'None' \| 'iOS' \| 'PRE' \| 'SaaS' \| 'Input/Output Server' \| 'macOS' \| 'Android' \| ...>` (_min: 1_) | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| `x_mitre_contributors` | People and organizations who have contributed to the object. Not found on relationship objects. | `Array` | -| `x_mitre_sectors` | List of industry sector(s) an asset may be commonly observed in. | [XMitreSectors](#xmitresectors) | -| `x_mitre_related_assets` | Related assets describe sector specific device names or alias that may be commonly associated with the primary asset page name or functional description. Related asset objects include a description of how the related asset is associated with the page definition. | [RelatedAssets](#relatedassets) | -| `x_mitre_modified_by_ref` | The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations. | `any` | - -_(\*) Required._ - -## RelatedAsset - -_Object containing the following properties:_ - -| Property | Description | Type | -| :---------------------- | :--------------------------------------------------------------- | :------------------------------ | -| **`name`** (\*) | | `string` | -| `related_asset_sectors` | List of industry sector(s) an asset may be commonly observed in. | [XMitreSectors](#xmitresectors) | -| `description` | A description of the object. | `string` | - -_(\*) Required._ - -## RelatedAssets - -Related assets describe sector specific device names or alias that may be commonly associated with the primary asset page name or functional description. Related asset objects include a description of how the related asset is associated with the page definition. - -_Array of [RelatedAsset](#relatedasset) items._ - -## XMitreSectors - -List of industry sector(s) an asset may be commonly observed in. - -_Array of `'Electric' | 'Water and Wastewater' | 'Manufacturing' | 'Rail' | 'Maritime' | 'General'` items._ diff --git a/docusaurus/docs/sdo/campaign.schema.md b/docusaurus/docs/sdo/campaign.schema.md deleted file mode 100644 index e099a14..0000000 --- a/docusaurus/docs/sdo/campaign.schema.md +++ /dev/null @@ -1,50 +0,0 @@ -# Campaign Schema - -## Campaign - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'campaign'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`created_by_ref`** (\*) | The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| **`revoked`** (\*) | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| **`external_references`** (\*) | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
  • `source_name`: `string`
  • `description`: `string`
  • `url`: `string` (_url_)
  • `external_id`: `string`
| -| **`object_marking_refs`** (\*) | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
  • `marking_ref`: `any` - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • `selectors`: `Array`
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_
  • `extension_type`: `string`
  • `extension_properties`: _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_)
_or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`name`** (\*) | The name of the object. | `string` (_min length: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_old_attack_id` | Old ATT&CK IDs that may have been associated with this object | `string` | -| **`x_mitre_deprecated`** (\*) | Indicates whether the object has been deprecated. | `boolean` | -| **`description`** (\*) | A description of the object. | `string` | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| **`x_mitre_modified_by_ref`** (\*) | The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations. | `any` | -| `x_mitre_contributors` | People and organizations who have contributed to the object. Not found on relationship objects. | `Array` | -| **`aliases`** (\*) | Alternative names used to identify this campaign. The first alias must match the object's name. | `Array` | -| **`first_seen`** (\*) | The time that this Campaign was first seen. | `any` | -| **`last_seen`** (\*) | The time that this Campaign was last seen. | `any` | -| **`x_mitre_first_seen_citation`** (\*) | One or more citations for when the object was first seen, in the form '(Citation: [citation name])(Citation: [citation name])...', where each [citation name] can be found as one of the source_name values in the external_references. | [XMitreFirstSeenCitation](#xmitrefirstseencitation) | -| **`x_mitre_last_seen_citation`** (\*) | One or more citations for when the object was last seen, in the form '(Citation: [citation name])(Citation: [citation name])...', where each [citation name] can be found as one of the source_name values in the external_references. | [XMitreLastSeenCitation](#xmitrelastseencitation) | - -_(\*) Required._ - -## XMitreFirstSeenCitation - -One or more citations for when the object was first seen, in the form '(Citation: [citation name])(Citation: [citation name])...', where each [citation name] can be found as one of the source_name values in the external_references. - -_Any type._ - -## XMitreLastSeenCitation - -One or more citations for when the object was last seen, in the form '(Citation: [citation name])(Citation: [citation name])...', where each [citation name] can be found as one of the source_name values in the external_references. - -_Any type._ diff --git a/docusaurus/docs/sdo/collection.schema.md b/docusaurus/docs/sdo/collection.schema.md deleted file mode 100644 index c133f04..0000000 --- a/docusaurus/docs/sdo/collection.schema.md +++ /dev/null @@ -1,48 +0,0 @@ -# Collection Schema - -## Collection - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'x-mitre-collection'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`created_by_ref`** (\*) | The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| `revoked` | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| `external_references` | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
  • `source_name`: `string`
  • `description`: `string`
  • `url`: `string` (_url_)
  • `external_id`: `string`
| -| **`object_marking_refs`** (\*) | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
  • `marking_ref`: `any` - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • `selectors`: `Array`
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_
  • `extension_type`: `string`
  • `extension_properties`: _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_)
_or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`name`** (\*) | The name of the object. | `string` (_min length: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_old_attack_id` | Old ATT&CK IDs that may have been associated with this object | `string` | -| `x_mitre_deprecated` | Indicates whether the object has been deprecated. | `boolean` | -| **`description`** (\*) | Details, context, and explanation about the purpose or contents of the collection. | `string` | -| **`x_mitre_contents`** (\*) | Specifies the objects contained within the collection. | [XMitreContents](#xmitrecontents) | - -_(\*) Required._ - -## ObjectVersionReference - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------- | :------------------------------------------------------------------------------------------------------------------------------- | :---- | -| **`object_ref`** (\*) | The ID of the referenced object. | `any` | -| **`object_modified`** (\*) | The modified time of the referenced object. It MUST be an exact match for the modified time of the STIX object being referenced. | `any` | - -_(\*) Required._ - -## XMitreContents - -Specifies the objects contained within the collection. - -_Array of at least 1 [ObjectVersionReference](#objectversionreference) items._ diff --git a/docusaurus/docs/sdo/data-component.schema.md b/docusaurus/docs/sdo/data-component.schema.md deleted file mode 100644 index 0911498..0000000 --- a/docusaurus/docs/sdo/data-component.schema.md +++ /dev/null @@ -1,39 +0,0 @@ -# Data component Schema - -## DataComponent - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'x-mitre-data-component'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`created_by_ref`** (\*) | The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| `revoked` | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| `external_references` | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
  • `source_name`: `string`
  • `description`: `string`
  • `url`: `string` (_url_)
  • `external_id`: `string`
| -| **`object_marking_refs`** (\*) | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
  • `marking_ref`: `any` - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • `selectors`: `Array`
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_
  • `extension_type`: `string`
  • `extension_properties`: _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_)
_or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`name`** (\*) | The name of the object. | `string` (_min length: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_old_attack_id` | Old ATT&CK IDs that may have been associated with this object | `string` | -| `x_mitre_deprecated` | Indicates whether the object has been deprecated. | `boolean` | -| **`description`** (\*) | A description of the object. | `string` | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| **`x_mitre_modified_by_ref`** (\*) | The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations. | `any` | -| **`x_mitre_data_source_ref`** (\*) | STIX ID of the data source this component is a part of. | [XMitreDataSourceRef](#xmitredatasourceref) | - -_(\*) Required._ - -## XMitreDataSourceRef - -STIX ID of the data source this component is a part of. - -_Any type._ diff --git a/docusaurus/docs/sdo/data-source.schema.md b/docusaurus/docs/sdo/data-source.schema.md deleted file mode 100644 index 5245cef..0000000 --- a/docusaurus/docs/sdo/data-source.schema.md +++ /dev/null @@ -1,41 +0,0 @@ -# Data source Schema - -## DataSource - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'x-mitre-data-source'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`created_by_ref`** (\*) | The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| `revoked` | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| **`external_references`** (\*) | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
  • `source_name`: `string`
  • `description`: `string`
  • `url`: `string` (_url_)
  • `external_id`: `string`
| -| **`object_marking_refs`** (\*) | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
  • `marking_ref`: `any` - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • `selectors`: `Array`
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_
  • `extension_type`: `string`
  • `extension_properties`: _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_)
_or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`name`** (\*) | The name of the object. | `string` (_min length: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_old_attack_id` | Old ATT&CK IDs that may have been associated with this object | `string` | -| `x_mitre_deprecated` | Indicates whether the object has been deprecated. | `boolean` | -| **`description`** (\*) | A description of the object. | `string` | -| `x_mitre_platforms` | List of platforms that apply to the object. | `Array<'Field Controller/RTU/PLC/IED' \| 'Network' \| 'Data Historian' \| 'Google Workspace' \| 'Office 365' \| 'Containers' \| 'Azure AD' \| 'Engineering Workstation' \| 'Control Server' \| 'Human-Machine Interface' \| 'Windows' \| 'Linux' \| 'IaaS' \| 'None' \| 'iOS' \| 'PRE' \| 'SaaS' \| 'Input/Output Server' \| 'macOS' \| 'Android' \| ...>` (_min: 1_) | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| **`x_mitre_modified_by_ref`** (\*) | The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations. | `any` | -| `x_mitre_contributors` | People and organizations who have contributed to the object. Not found on relationship objects. | `Array` | -| **`x_mitre_collection_layers`** (\*) | List of places the data can be collected from. | [XMitreCollectionLayers](#xmitrecollectionlayers) | - -_(\*) Required._ - -## XMitreCollectionLayers - -List of places the data can be collected from. - -_Array of `'Cloud Control Plane' | 'Host' | 'Report' | 'Container' | 'Device' | 'OSINT' | 'Network'` items._ diff --git a/docusaurus/docs/sdo/group.schema.md b/docusaurus/docs/sdo/group.schema.md deleted file mode 100644 index b2efd30..0000000 --- a/docusaurus/docs/sdo/group.schema.md +++ /dev/null @@ -1,40 +0,0 @@ -# Group Schema - -## Group - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'intrusion-set'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| `created_by_ref` | The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| `revoked` | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| **`external_references`** (\*) | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
  • `source_name`: `string`
  • `description`: `string`
  • `url`: `string` (_url_)
  • `external_id`: `string`
| -| `object_marking_refs` | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
  • `marking_ref`: `any` - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • `selectors`: `Array`
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_
  • `extension_type`: `string`
  • `extension_properties`: _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_)
_or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`name`** (\*) | The name of the object. | `string` (_min length: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_old_attack_id` | Old ATT&CK IDs that may have been associated with this object | `string` | -| `x_mitre_deprecated` | Indicates whether the object has been deprecated. | `boolean` | -| `description` | A description that provides more details and context about the Intrusion Set, potentially including its purpose and its key characteristics. | `string` | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| `x_mitre_contributors` | | `Array` | -| `x_mitre_modified_by_ref` | The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations. | `any` | -| `aliases` | Alternative names used to identify this group. The first alias must match the object's name. | `Array` | -| `first_seen` | The time that this Intrusion Set was first seen. | `any` | -| `last_seen` | The time that this Intrusion Set was last seen. | `any` | -| `goals` | The high-level goals of this Intrusion Set, namely, what are they trying to do. | `Array` | -| `resource_level` | This property specifies the organizational level at which this Intrusion Set typically works, which in turn determines the resources available to this Intrusion Set for use in an attack. | `'individual' \| 'club' \| 'contest' \| 'team' \| 'organization' \| 'government'` | -| `primary_motivation` | The primary reason, motivation, or purpose behind this Intrusion Set. | `'accidental' \| 'coercion' \| 'dominance' \| 'ideology' \| 'notoriety' \| 'organizational-gain' \| 'personal-gain' \| 'personal-satisfaction' \| 'revenge' \| 'unpredictable'` | -| `secondary_motivations` | The secondary reasons, motivations, or purposes behind this Intrusion Set. | `Array<'accidental' \| 'coercion' \| 'dominance' \| 'ideology' \| 'notoriety' \| 'organizational-gain' \| 'personal-gain' \| 'personal-satisfaction' \| 'revenge' \| 'unpredictable'>` | - -_(\*) Required._ diff --git a/docusaurus/docs/sdo/identity.schema.md b/docusaurus/docs/sdo/identity.schema.md deleted file mode 100644 index a524e10..0000000 --- a/docusaurus/docs/sdo/identity.schema.md +++ /dev/null @@ -1,35 +0,0 @@ -# Identity Schema - -## Identity - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'identity'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| `created_by_ref` | The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| `revoked` | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| `external_references` | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
  • `source_name`: `string`
  • `description`: `string`
  • `url`: `string` (_url_)
  • `external_id`: `string`
| -| **`object_marking_refs`** (\*) | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
  • `marking_ref`: `any` - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • `selectors`: `Array`
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_
  • `extension_type`: `string`
  • `extension_properties`: _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_)
_or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`name`** (\*) | The name of the object. | `string` (_min length: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_old_attack_id` | Old ATT&CK IDs that may have been associated with this object | `string` | -| `x_mitre_deprecated` | Indicates whether the object has been deprecated. | `boolean` | -| **`identity_class`** (\*) | The type of entity that this Identity describes, e.g., an individual or organization. This is an open vocabulary and the values SHOULD come from the identity-class-ov vocabulary. | `'individual' \| 'group' \| 'system' \| 'organization' \| 'class' \| 'unspecified'` | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| `description` | A description of the object. | `string` | -| `roles` | The list of roles that this Identity performs. | `Array` | -| `sectors` | The list of industry sectors that this Identity belongs to. This is an open vocabulary and values SHOULD come from the industry-sector-ov vocabulary. | `Array<'agriculture' \| 'aerospace' \| 'automotive' \| 'chemical' \| 'commercial' \| 'communications' \| 'construction' \| 'defense' \| 'education' \| 'energy' \| 'entertainment' \| 'financial-services' \| 'government' \| 'government-emergency-services' \| 'government-local' \| 'government-national' \| 'government-public-services' \| 'government-regional' \| 'healthcare' \| 'hospitality-leisure' \| ...>` | -| `contact_information` | The contact information (e-mail, phone number, etc.) for this Identity. | `string` | - -_(\*) Required._ diff --git a/docusaurus/docs/sdo/malware.schema.md b/docusaurus/docs/sdo/malware.schema.md deleted file mode 100644 index 2c86143..0000000 --- a/docusaurus/docs/sdo/malware.schema.md +++ /dev/null @@ -1,58 +0,0 @@ -# Malware Schema - -## Malware - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'malware'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`created_by_ref`** (\*) | The ID of the Source object that describes who created this object. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| `revoked` | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| **`external_references`** (\*) | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
  • `source_name`: `string`
  • `description`: `string`
  • `url`: `string` (_url_)
  • `external_id`: `string`
| -| **`object_marking_refs`** (\*) | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
  • `marking_ref`: `any` - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • `selectors`: `Array`
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_
  • `extension_type`: `string`
  • `extension_properties`: _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_)
_or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`name`** (\*) | The name of the object. | `string` (_min length: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_old_attack_id` | Old ATT&CK IDs that may have been associated with this object | `string` | -| `x_mitre_deprecated` | Indicates whether the object has been deprecated. | `boolean` | -| **`description`** (\*) | A description of the object. | `string` | -| `x_mitre_platforms` | List of platforms that apply to the object. | `Array<'Field Controller/RTU/PLC/IED' \| 'Network' \| 'Data Historian' \| 'Google Workspace' \| 'Office 365' \| 'Containers' \| 'Azure AD' \| 'Engineering Workstation' \| 'Control Server' \| 'Human-Machine Interface' \| 'Windows' \| 'Linux' \| 'IaaS' \| 'None' \| 'iOS' \| 'PRE' \| 'SaaS' \| 'Input/Output Server' \| 'macOS' \| 'Android' \| ...>` (_min: 1_) | -| `x_mitre_contributors` | | `Array` | -| `x_mitre_aliases` | Alternative names used to identify this software. The first alias must match the object's name. | `Array` | -| **`x_mitre_modified_by_ref`** (\*) | The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations. | `any` | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| `aliases` | Alternative names used to identify this software. | `Array` | -| **`is_family`** (\*) | Whether the object represents a malware family (if true) or a malware instance (if false) | `boolean` | -| `malware_types` | A set of categorizations for the malware being described. | `Array<'adware' \| 'backdoor' \| 'bot' \| 'bootkit' \| 'ddos' \| 'downloader' \| 'dropper' \| 'exploit-kit' \| 'keylogger' \| 'ransomware' \| 'remote-access-trojan' \| 'resource-exploitation' \| 'rogue-security-software' \| 'rootkit' \| 'screen-capture' \| 'spyware' \| 'trojan' \| 'virus' \| 'webshell' \| 'wiper' \| ...>` | -| `kill_chain_phases` | The list of Kill Chain Phases for which this malware can be used. | _Array of objects:_
  • `phase_name`: `string`
  • `kill_chain_name`: `'mitre-attack' \| 'mitre-mobile-attack' \| 'mitre-ics-attack'`
| -| `first_seen` | The time that this malware instance or malware family was first seen. | `any` | -| `last_seen` | The time that this malware family or malware instance was last seen. | `any` | -| `os_execution_envs` | The operating systems that the malware family or malware instance is executable on. This applies to virtualized operating systems as well as those running on bare metal. | `Array` | -| `architecture_execution_envs` | The processor architectures (e.g., x86, ARM, etc.) that the malware instance or family is executable on. | `Array<'alpha' \| 'arm' \| 'ia-64' \| 'mips' \| 'powerpc' \| 'sparc' \| 'x86' \| 'x86-64'>` | -| `implementation_languages` | The programming language(s) used to implement the malware instance or family. | `Array<'applescript' \| 'bash' \| 'c' \| 'c++' \| 'c#' \| 'go' \| 'java' \| 'javascript' \| 'lua' \| 'objective-c' \| 'perl' \| 'php' \| 'powershell' \| 'python' \| 'ruby' \| 'scala' \| 'swift' \| 'typescript' \| 'visual-basic' \| 'x86-32' \| ...>` | -| `capabilities` | Any of the capabilities identified for the malware instance or family. | `Array<'accesses-remote-machines' \| 'anti-debugging' \| 'anti-disassembly' \| 'anti-emulation' \| 'anti-memory-forensics' \| 'anti-sandbox' \| 'anti-vm' \| 'captures-input-peripherals' \| 'captures-output-peripherals' \| 'captures-system-state-data' \| 'cleans-traces-of-infection' \| 'commits-fraud' \| 'communicates-with-c2' \| 'compromises-data-integrity' \| 'compromises-data-availability' \| 'compromises-system-availability' \| 'controls-local-machine' \| 'degrades-security-software' \| 'degrades-system-updates' \| 'determines-c2-server' \| ...>` | -| `sample_refs` | The sample_refs property specifies a list of identifiers of the SCO file or artifact objects associated with this malware instance(s) or family. | `Array<[StixArtifactType](#stixartifacttype) _or_ [StixFileType](#stixfiletype)>` | - -_(\*) Required._ - -## StixArtifactType - -Used to specify the artifact stixType of the sample_refs property. - -_Any type._ - -## StixFileType - -Used to specify the file stixType of the sample_refs property. - -_Any type._ diff --git a/docusaurus/docs/sdo/matrix.schema.md b/docusaurus/docs/sdo/matrix.schema.md deleted file mode 100644 index e23c823..0000000 --- a/docusaurus/docs/sdo/matrix.schema.md +++ /dev/null @@ -1,39 +0,0 @@ -# Matrix Schema - -## Matrix - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'x-mitre-matrix'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`created_by_ref`** (\*) | The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| `revoked` | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| **`external_references`** (\*) | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
  • `source_name`: `string`
  • `description`: `string`
  • `url`: `string` (_url_)
  • `external_id`: `string`
| -| **`object_marking_refs`** (\*) | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
  • `marking_ref`: `any` - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • `selectors`: `Array`
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_
  • `extension_type`: `string`
  • `extension_properties`: _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_)
_or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`name`** (\*) | The name of the object. | `string` (_min length: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_old_attack_id` | Old ATT&CK IDs that may have been associated with this object | `string` | -| `x_mitre_deprecated` | Indicates whether the object has been deprecated. | `boolean` | -| **`description`** (\*) | A description of the object. | `string` | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| **`x_mitre_modified_by_ref`** (\*) | The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations. | `any` | -| **`tactic_refs`** (\*) | An ordered list of x-mitre-tactic STIX IDs corresponding to the tactics of the matrix. The order determines the appearance within the matrix. | [XMitreTacticRefs](#xmitretacticrefs) | - -_(\*) Required._ - -## XMitreTacticRefs - -An ordered list of x-mitre-tactic STIX IDs corresponding to the tactics of the matrix. The order determines the appearance within the matrix. - -_Array of `any` items._ diff --git a/docusaurus/docs/sdo/mitigation.schema.md b/docusaurus/docs/sdo/mitigation.schema.md deleted file mode 100644 index d0959e0..0000000 --- a/docusaurus/docs/sdo/mitigation.schema.md +++ /dev/null @@ -1,32 +0,0 @@ -# Mitigation Schema - -## Mitigation - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'course-of-action'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`created_by_ref`** (\*) | The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| `revoked` | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| **`external_references`** (\*) | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
  • `source_name`: `string`
  • `description`: `string`
  • `url`: `string` (_url_)
  • `external_id`: `string`
| -| **`object_marking_refs`** (\*) | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
  • `marking_ref`: `any` - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • `selectors`: `Array`
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_
  • `extension_type`: `string`
  • `extension_properties`: _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_)
_or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`name`** (\*) | The name of the object. | `string` (_min length: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_old_attack_id` | Old ATT&CK IDs that may have been associated with this object | `string` | -| `x_mitre_deprecated` | Indicates whether the object has been deprecated. | `boolean` | -| **`description`** (\*) | A description that provides more details and context about the Mitigation. | `string` | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| **`x_mitre_modified_by_ref`** (\*) | The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations. | `any` | - -_(\*) Required._ diff --git a/docusaurus/docs/sdo/software.schema.md b/docusaurus/docs/sdo/software.schema.md deleted file mode 100644 index b3cf544..0000000 --- a/docusaurus/docs/sdo/software.schema.md +++ /dev/null @@ -1,36 +0,0 @@ -# Software Schema - -## Software - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | The id property universally and uniquely identifies this object. | `any` | -| **`type`** (\*) | | `'malware' \| 'tool'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`created_by_ref`** (\*) | The ID of the Source object that describes who created this object. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| `revoked` | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| **`external_references`** (\*) | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
  • `source_name`: `string`
  • `description`: `string`
  • `url`: `string` (_url_)
  • `external_id`: `string`
| -| **`object_marking_refs`** (\*) | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
  • `marking_ref`: `any` - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • `selectors`: `Array`
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_
  • `extension_type`: `string`
  • `extension_properties`: _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_)
_or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`name`** (\*) | The name of the object. | `string` (_min length: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_old_attack_id` | Old ATT&CK IDs that may have been associated with this object | `string` | -| `x_mitre_deprecated` | Indicates whether the object has been deprecated. | `boolean` | -| **`description`** (\*) | A description of the object. | `string` | -| `x_mitre_platforms` | List of platforms that apply to the object. | `Array<'Field Controller/RTU/PLC/IED' \| 'Network' \| 'Data Historian' \| 'Google Workspace' \| 'Office 365' \| 'Containers' \| 'Azure AD' \| 'Engineering Workstation' \| 'Control Server' \| 'Human-Machine Interface' \| 'Windows' \| 'Linux' \| 'IaaS' \| 'None' \| 'iOS' \| 'PRE' \| 'SaaS' \| 'Input/Output Server' \| 'macOS' \| 'Android' \| ...>` (_min: 1_) | -| `x_mitre_contributors` | | `Array` | -| `x_mitre_aliases` | Alternative names used to identify this software. The first alias must match the object's name. | `Array` | -| **`x_mitre_modified_by_ref`** (\*) | The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations. | `any` | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| `aliases` | Alternative names used to identify this software. | `Array` | - -_(\*) Required._ diff --git a/docusaurus/docs/sdo/tactic.schema.md b/docusaurus/docs/sdo/tactic.schema.md deleted file mode 100644 index e98bf8f..0000000 --- a/docusaurus/docs/sdo/tactic.schema.md +++ /dev/null @@ -1,85 +0,0 @@ -# Tactic Schema - -## Tactic - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'x-mitre-tactic'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`created_by_ref`** (\*) | The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| `revoked` | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| **`external_references`** (\*) | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
  • `source_name`: `string`
  • `description`: `string`
  • `url`: `string` (_url_)
  • `external_id`: `string`
| -| **`object_marking_refs`** (\*) | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
  • `marking_ref`: `any` - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • `selectors`: `Array`
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_
  • `extension_type`: `string`
  • `extension_properties`: _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_)
_or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`name`** (\*) | The name of the object. | `string` (_min length: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_old_attack_id` | Old ATT&CK IDs that may have been associated with this object | `string` | -| `x_mitre_deprecated` | Indicates whether the object has been deprecated. | `boolean` | -| **`description`** (\*) | A description of the object. | `string` | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| **`x_mitre_shortname`** (\*) | The x_mitre_shortname of the tactic is used for mapping techniques into the tactic. It corresponds to kill_chain_phases.phase_name of the techniques in the tactic. | [XMitreShortName](#xmitreshortname) | -| **`x_mitre_modified_by_ref`** (\*) | The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations. | `any` | - -_(\*) Required._ - -## XMitreShortName - -The x_mitre_shortname of the tactic is used for mapping techniques into the tactic. It corresponds to kill_chain_phases.phase_name of the techniques in the tactic. - -_Enum string, one of the following possible values:_ - -
-Expand for full list of 40 values - -- `'credential-access'` -- `'execution'` -- `'impact'` -- `'persistence'` -- `'privilege-escalation'` -- `'lateral-movement'` -- `'defense-evasion'` -- `'exfiltration'` -- `'discovery'` -- `'collection'` -- `'resource-development'` -- `'reconnaissance'` -- `'command-and-control'` -- `'initial-access'` -- `'inhibit-response-function'` -- `'privilege-escalation'` -- `'lateral-movement'` -- `'discovery'` -- `'initial-access'` -- `'impact'` -- `'persistence'` -- `'execution'` -- `'command-and-control'` -- `'collection'` -- `'evasion'` -- `'impair-process-control'` -- `'initial-access'` -- `'exfiltration'` -- `'persistence'` -- `'privilege-escalation'` -- `'command-and-control'` -- `'execution'` -- `'impact'` -- `'credential-access'` -- `'collection'` -- `'lateral-movement'` -- `'defense-evasion'` -- `'network-effects'` -- `'discovery'` -- `'remote-service-effects'` - -
diff --git a/docusaurus/docs/sdo/technique.schema.md b/docusaurus/docs/sdo/technique.schema.md deleted file mode 100644 index 41d76f7..0000000 --- a/docusaurus/docs/sdo/technique.schema.md +++ /dev/null @@ -1,106 +0,0 @@ -# Technique Schema - -## Technique - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'attack-pattern'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| `created_by_ref` | The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| `revoked` | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| **`external_references`** (\*) | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
  • `source_name`: `string`
  • `description`: `string`
  • `url`: `string` (_url_)
  • `external_id`: `string`
| -| `object_marking_refs` | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
  • `marking_ref`: `any` - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • `selectors`: `Array`
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_
  • `extension_type`: `string`
  • `extension_properties`: _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_)
_or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`name`** (\*) | The name of the object. | `string` (_min length: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_old_attack_id` | Old ATT&CK IDs that may have been associated with this object | `string` | -| `x_mitre_deprecated` | Indicates whether the object has been deprecated. | `boolean` | -| `kill_chain_phases` | | _Array of objects:_
  • `phase_name`: `string`
  • `kill_chain_name`: `'mitre-attack' \| 'mitre-mobile-attack' \| 'mitre-ics-attack'`
| -| `description` | A description of the object. | `string` | -| `x_mitre_platforms` | List of platforms that apply to the object. | `Array<'Field Controller/RTU/PLC/IED' \| 'Network' \| 'Data Historian' \| 'Google Workspace' \| 'Office 365' \| 'Containers' \| 'Azure AD' \| 'Engineering Workstation' \| 'Control Server' \| 'Human-Machine Interface' \| 'Windows' \| 'Linux' \| 'IaaS' \| 'None' \| 'iOS' \| 'PRE' \| 'SaaS' \| 'Input/Output Server' \| 'macOS' \| 'Android' \| ...>` (_min: 1_) | -| `x_mitre_detection` | Strategies for identifying if a technique has been used by an adversary. | [XMitreDetection](#xmitredetection) | -| **`x_mitre_is_subtechnique`** (\*) | If true, this attack-pattern is a sub-technique. | [XMitreIsSubtechnique](#xmitreissubtechnique) | -| `x_mitre_data_sources` | Sources of information that may be used to identify the action or result of the action being performed. | [XMitreDataSources](#xmitredatasources) | -| `x_mitre_defense_bypassed` | List of defensive tools, methodologies, or processes the technique can bypass. | [XMitreDefenseBypasses](#xmitredefensebypasses) | -| `x_mitre_contributors` | People and organizations who have contributed to the object. Not found on relationship objects. | `Array` | -| `x_mitre_permissions_required` | The lowest level of permissions the adversary is required to be operating within to perform the technique on a system. | [XMitrePermissionsRequired](#xmitrepermissionsrequired) | -| `x_mitre_remote_support` | If true, the technique can be used to execute something on a remote system. | [XMitreRemoteSupport](#xmitreremotesupport) | -| `x_mitre_system_requirements` | Additional information on requirements the adversary needs to meet or about the state of the system (software, patch level, etc.) that may be required for the technique to work. | [XMitreSystemRequirements](#xmitresystemrequirements) | -| `x_mitre_impact_type` | Denotes if the technique can be used for integrity or availability attacks. | `Array<'Availability' \| 'Integrity'>` | -| `x_mitre_effective_permissions` | The level of permissions the adversary will attain by performing the technique. | [XMitreEffectivePermissions](#xmitreeffectivepermissions) | -| `x_mitre_network_requirements` | | `boolean` | -| `x_mitre_tactic_type` | "Post-Adversary Device Access", "Pre-Adversary Device Access", or "Without Adversary Device Access". | [XMitreTacticType](#xmitretactictype) | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| `x_mitre_modified_by_ref` | The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations. | `any` | - -_(\*) Required._ - -## XMitreDataSource - -A single data source in the format 'Data Source Name: Data Component Name'. - -_Any type._ - -## XMitreDataSources - -Sources of information that may be used to identify the action or result of the action being performed. - -_Array of [XMitreDataSource](#xmitredatasource) items._ - -## XMitreDefenseBypasses - -List of defensive tools, methodologies, or processes the technique can bypass. - -_Array of at least 1 `'Signature-based detection' | 'Multi-Factor Authentication' | 'Network Intrusion Detection System' | 'Application Control' | 'Host forensic analysis' | 'Exploit Prevention' | 'Signature-based Detection' | 'Data Execution Prevention' | 'Heuristic Detection' | 'File system access controls' | 'File Monitoring' | 'Digital Certificate Validation' | 'Logon Credentials' | 'Firewall' | 'Host Forensic Analysis' | 'Static File Analysis' | 'Heuristic detection' | 'Notarization' | 'System access controls' | 'Binary Analysis' | ...` items._ - -## XMitreDetection - -Strategies for identifying if a technique has been used by an adversary. - -_String._ - -## XMitreEffectivePermissions - -The level of permissions the adversary will attain by performing the technique. - -_Array of at least 1 `'Administrator' | 'SYSTEM' | 'User' | 'root'` items._ - -## XMitreIsSubtechnique - -If true, this attack-pattern is a sub-technique. - -_Boolean._ - -## XMitrePermissionsRequired - -The lowest level of permissions the adversary is required to be operating within to perform the technique on a system. - -_Array of at least 1 `'Remote Desktop Users' | 'SYSTEM' | 'Administrator' | 'root' | 'User'` items._ - -## XMitreRemoteSupport - -If true, the technique can be used to execute something on a remote system. - -_Boolean._ - -## XMitreSystemRequirements - -Additional information on requirements the adversary needs to meet or about the state of the system (software, patch level, etc.) that may be required for the technique to work. - -_Array of `string` items._ - -## XMitreTacticType - -"Post-Adversary Device Access", "Pre-Adversary Device Access", or "Without Adversary Device Access". - -_Array of `'Post-Adversary Device Access' | 'Pre-Adversary Device Access' | 'Without Adversary Device Access'` items._ diff --git a/docusaurus/docs/sdo/tool.schema.md b/docusaurus/docs/sdo/tool.schema.md deleted file mode 100644 index 286a4e9..0000000 --- a/docusaurus/docs/sdo/tool.schema.md +++ /dev/null @@ -1,39 +0,0 @@ -# Tool Schema - -## Tool - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'tool'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`created_by_ref`** (\*) | The ID of the Source object that describes who created this object. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| `revoked` | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| **`external_references`** (\*) | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
  • `source_name`: `string`
  • `description`: `string`
  • `url`: `string` (_url_)
  • `external_id`: `string`
| -| **`object_marking_refs`** (\*) | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
  • `marking_ref`: `any` - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • `selectors`: `Array`
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_
  • `extension_type`: `string`
  • `extension_properties`: _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_)
_or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`name`** (\*) | The name of the object. | `string` (_min length: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_old_attack_id` | Old ATT&CK IDs that may have been associated with this object | `string` | -| `x_mitre_deprecated` | Indicates whether the object has been deprecated. | `boolean` | -| **`description`** (\*) | A description of the object. | `string` | -| `x_mitre_platforms` | List of platforms that apply to the object. | `Array<'Field Controller/RTU/PLC/IED' \| 'Network' \| 'Data Historian' \| 'Google Workspace' \| 'Office 365' \| 'Containers' \| 'Azure AD' \| 'Engineering Workstation' \| 'Control Server' \| 'Human-Machine Interface' \| 'Windows' \| 'Linux' \| 'IaaS' \| 'None' \| 'iOS' \| 'PRE' \| 'SaaS' \| 'Input/Output Server' \| 'macOS' \| 'Android' \| ...>` (_min: 1_) | -| `x_mitre_contributors` | | `Array` | -| `x_mitre_aliases` | Alternative names used to identify this software. The first alias must match the object's name. | `Array` | -| **`x_mitre_modified_by_ref`** (\*) | The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations. | `any` | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| `aliases` | Alternative names used to identify this software. | `Array` | -| `tool_types` | The kind(s) of tool(s) being described. | `Array<'denial-of-service' \| 'exploitation' \| 'information-gathering' \| 'network-capture' \| 'credential-exploitation' \| 'remote-access' \| 'vulnerability-scanning' \| 'unknown'>` | -| `kill_chain_phases` | The list of kill chain phases for which this Tool can be used. | _Array of objects:_
  • `phase_name`: `string`
  • `kill_chain_name`: `'mitre-attack' \| 'mitre-mobile-attack' \| 'mitre-ics-attack'`
| -| `tool_version` | The version identifier associated with the Tool | `string` | - -_(\*) Required._ diff --git a/docusaurus/docs/smo/marking-definition.schema.md b/docusaurus/docs/smo/marking-definition.schema.md deleted file mode 100644 index ba83180..0000000 --- a/docusaurus/docs/smo/marking-definition.schema.md +++ /dev/null @@ -1,129 +0,0 @@ -# Marking definition Schema - -## BaseMarkingDefinition - -_Object containing the following properties:_ - -| Property | Type | -| :------------------------- | :------------------------------------ | -| **`type`** (\*) | `'marking-definition'` | -| **`spec_version`** (\*) | `'2.1'` | -| **`id`** (\*) | `string` (_uuid_) | -| **`created`** (\*) | `string` (_ISO 8601_) | -| **`definition_type`** (\*) | `'tlp'` | -| **`name`** (\*) | `string` | -| **`definition`** (\*) | [TlpMarkingObject](#tlpmarkingobject) | - -_(\*) Required._ - -## MarkingDefinition - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'marking-definition'` | -| `name` | The name of the object. | `string` (_min length: 1_) | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`created_by_ref`** (\*) | The ID of the Source object that describes who created this object. | `any` | -| **`definition_type`** (\*) | The definition_type property identifies the type of Marking Definition. | `'statement' \| 'tlp'` | -| **`definition`** (\*) | The definition property contains the marking object itself (e.g., the TLP marking as defined in section 7.2.1.4, the Statement marking as defined in section 7.2.1.3). Any new marking definitions SHOULD be specified using the extension facility described in section 7.3. If the extensions property is not present, this property MUST be present. | [TlpMarkingObject](#tlpmarkingobject) _or_ [StatementMarkingObject](#statementmarkingobject) | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | - -_(\*) Required._ - -## StatementMarkingObject - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------- | :---------------------------------------------------------------------------------------------------- | :------- | -| **`statement`** (\*) | A Statement (e.g., copyright, terms of use) applied to the content marked by this marking definition. | `string` | - -_(\*) Required._ - -## TlpAmber - -_Object containing the following properties:_ - -| Property | Type | -| :------------------------- | :----------------------------------------------------------- | -| **`type`** (\*) | `'marking-definition'` | -| **`spec_version`** (\*) | `'2.1'` | -| **`id`** (\*) | `'marking-definition--f88d31f6-486f-44da-b317-01333bde0b82'` | -| **`created`** (\*) | `string` (_ISO 8601_) | -| **`definition_type`** (\*) | `'tlp'` | -| **`name`** (\*) | `'TLP:AMBER'` | -| **`definition`** (\*) | _Object with properties:_
  • `tlp`: `'amber'`
| - -_(\*) Required._ - -## TlpGreen - -_Object containing the following properties:_ - -| Property | Type | -| :------------------------- | :----------------------------------------------------------- | -| **`type`** (\*) | `'marking-definition'` | -| **`spec_version`** (\*) | `'2.1'` | -| **`id`** (\*) | `'marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da'` | -| **`created`** (\*) | `string` (_ISO 8601_) | -| **`definition_type`** (\*) | `'tlp'` | -| **`name`** (\*) | `'TLP:GREEN'` | -| **`definition`** (\*) | _Object with properties:_
  • `tlp`: `'green'`
| - -_(\*) Required._ - -## TlpMarkingDefinition - -_Union of the following possible types:_ - -- [TlpWhite](#tlpwhite) -- [TlpGreen](#tlpgreen) -- [TlpAmber](#tlpamber) -- [TlpRed](#tlpred) - -## TlpMarkingObject - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------- | :------------------------------------------------------------------------------------------------ | :------- | -| **`tlp`** (\*) | The TLP level [TLP] of the content marked by this marking definition, as defined in this section. | `string` | - -_(\*) Required._ - -## TlpRed - -_Object containing the following properties:_ - -| Property | Type | -| :------------------------- | :----------------------------------------------------------- | -| **`type`** (\*) | `'marking-definition'` | -| **`spec_version`** (\*) | `'2.1'` | -| **`id`** (\*) | `'marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed'` | -| **`created`** (\*) | `string` (_ISO 8601_) | -| **`definition_type`** (\*) | `'tlp'` | -| **`name`** (\*) | `'TLP:RED'` | -| **`definition`** (\*) | _Object with properties:_
  • `tlp`: `'red'`
| - -_(\*) Required._ - -## TlpWhite - -_Object containing the following properties:_ - -| Property | Type | -| :------------------------- | :----------------------------------------------------------- | -| **`type`** (\*) | `'marking-definition'` | -| **`spec_version`** (\*) | `'2.1'` | -| **`id`** (\*) | `'marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9'` | -| **`created`** (\*) | `string` (_ISO 8601_) | -| **`definition_type`** (\*) | `'tlp'` | -| **`name`** (\*) | `'TLP:WHITE'` | -| **`definition`** (\*) | _Object with properties:_
  • `tlp`: `'white'`
| - -_(\*) Required._ diff --git a/docusaurus/docs/sro/relationship.schema.md b/docusaurus/docs/sro/relationship.schema.md deleted file mode 100644 index 00fd87c..0000000 --- a/docusaurus/docs/sro/relationship.schema.md +++ /dev/null @@ -1,47 +0,0 @@ -# Relationship Schema - -## Relationship - -_Object containing the following properties:_ - -| Property | Description | Type | -| :------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **`id`** (\*) | | `any` | -| **`type`** (\*) | | `'relationship'` | -| **`spec_version`** (\*) | The version of the STIX specification used to represent this object. | `'2.0' \| '2.1'` | -| **`created`** (\*) | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| **`modified`** (\*) | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond. | `any` | -| `created_by_ref` | The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous. | `any` | -| `labels` | The labels property specifies a set of terms used to describe this object. | `Array` | -| `revoked` | The revoked property indicates whether the object has been revoked. | `boolean` | -| `confidence` | | `number` (_int, ≥1, ≤99_) | -| `lang` | Identifies the language of the text content in this object. | `string` | -| `external_references` | A list of external references which refers to non-STIX information. | _Array of at least 1 objects:_
  • `source_name`: `string`
  • `description`: `string`
  • `url`: `string` (_url_)
  • `external_id`: `string`
| -| **`object_marking_refs`** (\*) | The list of marking-definition objects to be applied to this object. | `Array` | -| `granular_markings` | The set of granular markings that apply to this object. | _Array of objects:_
  • `marking_ref`: `any` - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • `selectors`: `Array`
| -| `extensions` | Specifies any extensions of the object, as a dictionary. | _Object with dynamic keys of type_ `string` _and values of type_ _Object with properties:_
  • `extension_type`: `string`
  • `extension_properties`: _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_)
_or_ _Object with dynamic keys of type_ `string` _and values of type_ `unknown` (_optional & nullable_) | -| **`relationship_type`** (\*) | The name used to identify the type of Relationship. | [RelationshipType](#relationshiptype) | -| `description` | A description of the object. | `string` | -| **`source_ref`** (\*) | The ID of the source (from) object. | `any` | -| **`target_ref`** (\*) | The ID of the target (to) object. | `any` | -| **`x_mitre_modified_by_ref`** (\*) | The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations. | `any` | -| **`x_mitre_attack_spec_version`** (\*) | The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions. | `string` | -| **`x_mitre_domains`** (\*) | The technology domains to which the ATT&CK object belongs. | `Array<'enterprise-attack' \| 'mobile-attack' \| 'ics-attack'>` (_min: 1_) | -| **`x_mitre_version`** (\*) | Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects. | `any` | -| `x_mitre_deprecated` | Indicates whether the object has been deprecated. | `boolean` | - -_(\*) Required._ - -## RelationshipType - -The name used to identify the type of Relationship. - -_Enum string, one of the following possible values:_ - -- `'uses'` -- `'mitigates'` -- `'subtechnique-of'` -- `'detects'` -- `'attributed-to'` -- `'targets'` -- `'revoked-by'`