-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathcore.xsd
326 lines (326 loc) · 24.8 KB
/
core.xsd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:cybox="http://docs.oasis-open.org/cti/ns/cybox/core-2" xmlns:stix="http://docs.oasis-open.org/cti/ns/stix/core-1" xmlns:marking="http://docs.oasis-open.org/cti/ns/stix/data-marking-1" xmlns:stixCommon="http://docs.oasis-open.org/cti/ns/stix/common-1" targetNamespace="http://docs.oasis-open.org/cti/ns/stix/core-1" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2.1" xml:lang="en">
<xs:annotation>
<xs:documentation> STIX[TM] Version 1.2.1. Committee Specification Draft 01 / Public Review Draft 01</xs:documentation>
<xs:appinfo>
<version>1.2.1</version>
<date>12/15/2015 9:00:00 AM</date>
<short_description>Structured Threat Information eXpression (STIX) - Schematic implementation for a structured cyber threat expression language architecture.</short_description>
<terms_of_use>Copyright (c) OASIS Open 2016. All Rights Reserved.
Distributed under the terms of the OASIS IPR Policy, [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.</terms_of_use>
<terms_of_use> Portions copyright (c) United States Government 2012-2016. All Rights Reserved.
Source: http://docs.oasis-open.org/cti/stix/v1.2.1/csprd01/schemas/
Latest version of the specification: REPLACE_WITH_SPECIFICATION_URL
TC IPR Statement: https://www.oasis-open.org/committees/cti/ipr.php
</terms_of_use>
</xs:appinfo>
</xs:annotation>
<xs:import namespace="http://docs.oasis-open.org/cti/ns/stix/common-1" schemaLocation="common.xsd"/>
<xs:import namespace="http://docs.oasis-open.org/cti/ns/cybox/core-2" schemaLocation="cybox/core.xsd"/>
<xs:import namespace="http://docs.oasis-open.org/cti/ns/stix/data-marking-1" schemaLocation="data-marking.xsd"/>
<xs:element name="STIX_Package" type="stix:STIXType">
<xs:annotation>
<xs:documentation>The STIX_Package field contains a bundle of information characterized in the Structured Threat Information eXpression (STIX) language.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:complexType name="STIXType">
<xs:annotation>
<xs:documentation>STIXType defines a bundle of information characterized in the Structured Threat Information eXpression (STIX) language.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="STIX_Header" type="stix:STIXHeaderType" minOccurs="0">
<xs:annotation>
<xs:documentation>The STIX_Header property characterizes the metadata for this package of STIX content.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Observables" type="cybox:ObservablesType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Observables property specifies a set of one or more cyber observables.</xs:documentation>
<xs:documentation>DEPRECATION NOTICE: The use of the @idref attribute on observables at the top level of this list is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications. Observables in this list should only be embedded, not referenced.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Indicators" type="stix:IndicatorsType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Indicators property specifies a set of one or more cyber threat Indicators.</xs:documentation>
<xs:documentation>DEPRECATION NOTICE: The use of the @idref attribute on indicators at the top level of this list is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications. Indicators in this list should only be embedded, not referenced.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="TTPs" type="stix:TTPsType" minOccurs="0">
<xs:annotation>
<xs:documentation>The TTPs property specifies a set of one or more cyber threat adversary Tactics, Techniques or Procedures (TTPs), or Kill Chains. </xs:documentation>
<xs:documentation>DEPRECATION NOTICE: The use of the @idref attribute on TTPs at the top level of this list is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications. TTPs in this list should only be embedded, not referenced.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Exploit_Targets" type="stixCommon:ExploitTargetsType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Exploit_Targets property specifies a set of zero or more potential targets for exploitation.</xs:documentation>
<xs:documentation>DEPRECATION NOTICE: The use of the @idref attribute on exploit targets at the top level of this list is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications. Exploit targets in this list should only be embedded, not referenced.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Incidents" type="stix:IncidentsType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Incidents property specifies a set of one or more cyber threat Incidents.</xs:documentation>
<xs:documentation>DEPRECATION NOTICE: The use of the @idref attribute on incidents at the top level of this list is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications. Incidents in this list should only be embedded, not referenced.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Courses_Of_Action" type="stix:CoursesOfActionType" minOccurs="0">
<xs:annotation>
<xs:documentation>The CoursesOfActions property specifies a set of one or more Courses of Action that could be taken in regard to one of more cyber threats.</xs:documentation>
<xs:documentation>DEPRECATION NOTICE: The use of the @idref attribute on courses of action at the top level of this list is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications. Courses of action in this list should only be embedded, not referenced.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Campaigns" type="stix:CampaignsType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Campaigns property specifies a set of one or more Campaigns.</xs:documentation>
<xs:documentation>DEPRECATION NOTICE: The use of the @idref attribute on campaigns at the top level of this list is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications. Campaigns in this list should only be embedded, not referenced.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Threat_Actors" type="stix:ThreatActorsType" minOccurs="0">
<xs:annotation>
<xs:documentation>The ThreatActors property specifies a set of one or more Threat Actors.</xs:documentation>
<xs:documentation>DEPRECATION NOTICE: The use of the @idref attribute on threat actors at the top level of this list is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications. Threat actors in this list should only be embedded, not referenced.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Reports" type="stix:ReportsType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Reports property specifies a set of one or more Reports.</xs:documentation>
<xs:documentation>DEPRECATION NOTICE: The use of the @idref attribute on reports at the top level of this list is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications. Reports in this list should only be embedded, not referenced.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Related_Packages" type="stix:RelatedPackagesType" minOccurs="0">
<xs:annotation>
<xs:documentation>Characterizes one or more relationships to other Packages.</xs:documentation>
<xs:documentation>DEPRECATION NOTICE: The use of the @idref attribute on related packages is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications. Related packages in this list should only be embedded, not referenced.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attribute name="id" type="xs:QName">
<xs:annotation>
<xs:documentation>The id property specifies a globally unique identifier for the STIX Package. </xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="idref" type="xs:QName">
<xs:annotation>
<xs:documentation>The idref property specifies an identifier reference to a STIX Package specified elsewhere.</xs:documentation>
<xs:documentation>. When the idref property is used, the id property MUST NOT also be specified and the other properties of the STIXType SHOULD NOT hold any content. </xs:documentation>
<xs:documentation>DEPRECATED: This property is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications.</xs:documentation>
<xs:appinfo>
<deprecated>true</deprecated>
</xs:appinfo>
</xs:annotation>
</xs:attribute>
<xs:attribute name="timestamp" type="xs:dateTime">
<xs:annotation>
<xs:documentation>Specifies a timestamp for the definition of a specific version of a STIX Package. When used in conjunction with the id, this property is specifying the definition time for the specific version of the STIX Package. When used in conjunction with the idref, this property is specifying a reference to a specific version of a STIX Package defined elsewhere. This property has no defined semantic meaning if used in the absence of either the id or idref properties.</xs:documentation>
<xs:documentation>DEPRECATED: This property is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications.</xs:documentation>
<xs:appinfo>
<deprecated>true</deprecated>
</xs:appinfo>
</xs:annotation>
</xs:attribute>
<xs:attribute name="version" type="stix:STIXPackageVersionEnum">
<xs:annotation>
<xs:documentation>The version property specifies the version identifier of the STIX Core data model used to capture the information associated with the STIX Package.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
<xs:simpleType name="STIXPackageVersionEnum">
<xs:annotation>
<xs:documentation>An enumeration of all versions of STIX package types valid in the current release of STIX.</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string">
<xs:enumeration value="stix-1.2.1"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="STIXHeaderType">
<xs:annotation>
<xs:documentation>The STIXHeaderType provides a structure for characterizing a package of STIX content.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="Title" type="xs:string" minOccurs="0">
<xs:annotation>
<xs:documentation>The Title property captures a title for the STIX Package and reflects what the content producer thinks the Package as a whole should be called. The Title property is typically used by humans to reference a particular Package; however, it is not suggested for correlation.</xs:documentation>
<xs:documentation>DEPRECATED: This property is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications.</xs:documentation>
<xs:appinfo>
<deprecated>true</deprecated>
</xs:appinfo>
</xs:annotation>
</xs:element>
<xs:element name="Package_Intent" type="stixCommon:ControlledVocabularyStringType" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The Package_Intent property specifies the intended purpose(s) or use(s) for The STIX Package. Examples of potential purposes are phishing, exploit characterization and malware samples (these specific values are only provided to help explain the property: they are neither recommended types nor necessarily part of any existing vocabulary). </xs:documentation>
<xs:documentation>This property is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is PackageIntentVocab-1.0 in the http://docs.oasis-open.org/cti/ns/stix/vocabularies-1 namespace. This type is defined in the vocabularies.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/vocabularies.xsd.</xs:documentation>
<xs:documentation>Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use a string.</xs:documentation>
<xs:documentation>DEPRECATED: This property is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications.</xs:documentation>
<xs:appinfo>
<deprecated>true</deprecated>
</xs:appinfo>
</xs:annotation>
</xs:element>
<xs:element name="Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The Description property captures a textual description of the STIX Package. Any length is permitted. Optional formatting is supported via the structuring_format property.</xs:documentation>
<xs:documentation>DEPRECATED: This property is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications.</xs:documentation>
<xs:appinfo>
<deprecated>true</deprecated>
</xs:appinfo>
</xs:annotation>
</xs:element>
<xs:element name="Short_Description" type="stixCommon:StructuredTextType" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The Short_Description property captures a short textual description of the STIX Package. This property is secondary and should only be used if the Description property is already populated and another, shorter description is available.</xs:documentation>
<xs:documentation>DEPRECATED: This property is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications.</xs:documentation>
<xs:appinfo>
<deprecated>true</deprecated>
</xs:appinfo>
</xs:annotation>
</xs:element>
<xs:element name="Profiles" type="stixCommon:ProfilesType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Profiles property specifies a set of one or more profiles that the content of the STIX Package conforms to.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Handling" type="marking:MarkingType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Handling property specifies the appropriate data handling markings for the properties of this STIX Package. The marking scope is limited to the STIX Package and the content it contains. Note that data handling markings can also be specified at a higher level.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Information_Source" type="stixCommon:InformationSourceType" minOccurs="0">
<xs:annotation>
<xs:documentation>The Information_Source property characterizes the source of the STIX Package and all of its contained information. Examples of details captured include identitifying characteristics, time-related attributes, and a list of the tools used to collect the information. </xs:documentation>
<xs:documentation>This Information_Source property applies both to the package metadata in the STIX_Header as well as individually to the contents of the STIX_Package (unless overriden by their own Information_Source property).</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
<!---->
<xs:complexType name="IndicatorsType">
<xs:annotation>
<xs:documentation>The IndicatorsType specifies a set of one or more cyber threat Indicators.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="Indicator" type="stixCommon:IndicatorBaseType" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The Indicator property characterizes a cyber threat Indicator. </xs:documentation>
<xs:documentation> This property is implemented through the xsi:type extension mechanism. The default and strongly recommended type is IndicatorType in the http://docs.oasis-open.org/cti/ns/stix/indicator-1 namespace. This type is defined in the indicator.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/indicator.xsd.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="TTPsType">
<xs:annotation>
<xs:documentation>The TTPsType specifies a set of one or more cyber threat TTPs or Kill Chains.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="TTP" type="stixCommon:TTPBaseType" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The TTP property characterizes a cyber threat adversary Tactic, Technique or Procedure (TTP).</xs:documentation>
<xs:documentation>This property is implemented through the xsi:type extension mechanism. The default and strongly recommended type is TTPType in the http://docs.oasis-open.org/cti/ns/stix/ttp-1 namespace. This type is defined in the ttp.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/ttp.xsd.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Kill_Chains" type="stixCommon:KillChainsType" minOccurs="0">
<xs:annotation>
<xs:documentation>A cyber kill chain is a phase-based model to describe the stages of an attack. The Kill_Chains property specifies a set of one or more specific kill chain definitions. The kill_chain property is further defined in the STIX Common data model. Note that kill chains may also be defined using the Kill_Chains property of ttp:TTPType, which is equivalent to this property. Suggested practice is to use the TTP TTPType Kill_Chains property (rather than this property) to define a kill chain.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="IncidentsType">
<xs:annotation>
<xs:documentation>The IncidentsType specifies a set of one or more cyber threat Incidents.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="Incident" type="stixCommon:IncidentBaseType" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The Incident property characterizes a cyber threat Incident. </xs:documentation>
<xs:documentation>This property is implemented through the xsi:type extension mechanism. The default and strongly recommended type is IncidentType in the http://docs.oasis-open.org/cti/ns/stix/incident-1 namespace. This type is defined in the incident.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/incident.xsd.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="CoursesOfActionType">
<xs:annotation>
<xs:documentation>The CoursesOfActionType specifies a set of one or more actions that could be taken in regard to cyber threats.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="Course_Of_Action" type="stixCommon:CourseOfActionBaseType" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The Course_Of_Action property characterizes a Course of Action that could be taken in regard to one of more cyber threats. </xs:documentation>
<xs:documentation> This property is implemented through the xsi:type extension mechanism. The default and strongly recommended type is CourseOfActionType in the http://docs.oasis-open.org/cti/ns/stix/course-of-action-1 namespace. This type is defined in the course-of-action.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/course-of-action.xsd.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="CampaignsType">
<xs:annotation>
<xs:documentation>The CampaignsType specifies a set of one or more cyber threat Campaigns.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="Campaign" type="stixCommon:CampaignBaseType" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The Campaign property characterizes a cyber threat Campaign. </xs:documentation>
<xs:documentation>This property is implemented through the xsi:type extension mechanism. The default and strongly recommended type is CampaignType in the http://docs.oasis-open.org/cti/ns/stix/campaign-1 namespace. This type is defined in the campaign.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/campaign.xsd.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="ThreatActorsType">
<xs:annotation>
<xs:documentation>The ThreatActorsType specifies a set of one or more cyber Threat Actors.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="Threat_Actor" type="stixCommon:ThreatActorBaseType" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The ThreatActor property characterizes a cyber Threat Actor. </xs:documentation>
<xs:documentation>This property is implemented through the xsi:type extension mechanism. The default and strongly recommended type is ThreatActorType in the http://docs.oasis-open.org/cti/ns/stix/threat-actor-1 namespace. This type is defined in the threat-actor.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/threat-actor.xsd.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="ReportsType">
<xs:annotation>
<xs:documentation>The ReportsType specifies a set of one or more cyber threat Reports.</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name="Report" type="stixCommon:ReportBaseType" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The Report property characterizes a cyber threat Report. </xs:documentation>
<xs:documentation>This property is implemented through the xsi:type extension mechanism. The default and strongly recommended type is ReportType in the http://docs.oasis-open.org/cti/ns/stix/report-1 namespace. This type is defined in the report.xsd file or at the URL http://docs.oasis-open.org/cti/stix/v1.2.1/csd01/xml-schemas/report.xsd.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="RelatedPackageType">
<xs:annotation>
<xs:documentation>The RelatedPackageType identifies or characterizes the relationship of STIX Package to another.</xs:documentation>
</xs:annotation>
<xs:complexContent>
<xs:extension base="stixCommon:GenericRelationshipType">
<xs:sequence>
<xs:element name="Package" type="stix:STIXType">
<xs:annotation>
<xs:documentation>The Package property captures or references a STIX Package related to this STIX Package.</xs:documentation>
<xs:documentation>This property is implemented through the xsi:type extension mechanism. The default and strongly recommended type is IncidentType in the http://docs.oasis-open.org/cti/ns/stix/incident-1 namespace. This type is defined in the incident.xsd file or at the URL http://docs.oasis-open.org/cti/stix-1.2.1-xml-binding/v1.0/csd01/schemas/incident.xsd.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="RelatedPackagesType">
<xs:annotation>
<xs:documentation>The RelatedPackagesType specifies a set of one or more STIX Package related to this STIX Package. It extends GenericRelationShipListType defined in the STIX Common data model, which specifies the scope (whether the elements of the set are related individually or as a group).</xs:documentation>
</xs:annotation>
<xs:complexContent>
<xs:extension base="stixCommon:GenericRelationshipListType">
<xs:sequence>
<xs:element name="Related_Package" type="stix:RelatedPackageType" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The Related_Package property characterizes a relationship to one or more other STIX Packages.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:schema>