The ActionType is a complex type representing a single cyber observable action.
| Field Name | Type | Description |
|---|---|---|
| @idoptional | QName |
The id field specifies a unique id for this Action. |
| @idrefoptional | QName |
The idref field specifies a unique id reference to an Action defined elsewhere. |
| @ordinal_positionoptional | positiveInteger |
The ordinal_position field is intended to reference the ordinal position of the action with within a series of actions. |
| @action_statusoptional | ActionStatusTypeEnum |
The action_status field enables description of the status of the action being described. |
| @contextoptional | ActionContextTypeEnum |
The context field is optional and enables simple characterization of the broad operational context in which the Action is relevant |
| @timestampoptional | dateTime |
The timestamp field represents the local or relative time at which the action occurred or was observed. |
| Type0..1 | ControlledVocabularyStringType |
The Type field is optional and utilizes a standardized controlled vocabulary to specify the basic type of the action that was performed. This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ActionTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd. Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
|
| Name0..1 | ControlledVocabularyStringType |
The Name field is optional and utilizes a standardized controlled vocabulary to identify/characterize the specific name of the action that was performed. This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ActionNameVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd. Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
|
| Description0..1 | StructuredTextType |
The Description field contains a textual description of the action. |
| Action_Aliases0..1 | ActionAliasesType |
The Action_Aliases field is optional and enables identification of other potentially used names for this Action. |
| Action_Arguments0..1 | ActionArgumentsType |
The Action_Arguments field is optional and enables the specification of relevant arguments/parameters for this Action. |
| Discovery_Method0..1 | MeasureSourceType |
The Discovery_Method field is optional and enables descriptive specification of how this Action was observed (in the case of a Cyber Observable Action instance) or could potentially be observed (in the case of a Cyber Observable Action pattern). |
| Associated_Objects0..1 | AssociatedObjectsType |
The Associated_Objects construct is optional and enables the description/specification of cyber Objects relevant (either initiating or affected by) this Action. |
| Relationships0..1 | RelationshipsType |
The Relationships construct is optional and enables description of other cyber observable actions that are related to this Action. |
| Frequency0..1 | FrequencyType |
The Frequency field conveys a targeted observation pattern of the frequency of the associated event or action. |