The SecurityCompromiseVocab is the default STIX vocabulary for expressing whether or not an incident resulted in a security compromise.
|Yes||It has been confirmed that this incident resulted in a security compromise.|
|Suspected||It is suspected that this incident resulted in a security compromise.|
|No||It has been confirmed that this incident did not result in a security compromise.|
|Unknown||It is not known whether this incident resulted in a security compromise.|
The vocab_name field specifies the name of the controlled vocabulary.
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.