The ActionType is a complex type representing a single cyber observable action.
Field Name | Type | Description |
---|---|---|
@idoptional | QName |
The id field specifies a unique id for this Action. |
@idrefoptional | QName |
The idref field specifies a unique id reference to an Action defined elsewhere. |
@ordinal_positionoptional | positiveInteger |
The ordinal_position field is intended to reference the ordinal position of the action with within a series of actions. |
@action_statusoptional | ActionStatusTypeEnum |
The action_status field enables description of the status of the action being described. |
@contextoptional | ActionContextTypeEnum |
The context field is optional and enables simple characterization of the broad operational context in which the Action is relevant |
@timestampoptional | dateTime |
The timestamp field represents the local or relative time at which the action occurred or was observed. |
Type0..1 | ControlledVocabularyStringType |
The Type field is optional and utilizes a standardized controlled vocabulary to specify the basic type of the action that was performed. This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ActionTypeVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd. Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
|
Name0..1 | ControlledVocabularyStringType |
The Name field is optional and utilizes a standardized controlled vocabulary to identify/characterize the specific name of the action that was performed. This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ActionNameVocab in the http://cybox.mitre.org/default_vocabularies-2 namespace. This type is defined in the cybox_default_vocabularies.xsd file or at the URL http://cybox.mitre.org/XMLSchema/default_vocabularies/2.0.1/cybox_default_vocabularies.xsd. Users may also define their own vocabulary using the type extension mechanism (by specifying a vocabulary name and/or reference using the vocab_name and vocab_reference attributes, respectively) or simply use this as a string field.
|
Description0..1 | StructuredTextType |
The Description field contains a textual description of the action. |
Action_Aliases0..1 | ActionAliasesType |
The Action_Aliases field is optional and enables identification of other potentially used names for this Action. |
Action_Arguments0..1 | ActionArgumentsType |
The Action_Arguments field is optional and enables the specification of relevant arguments/parameters for this Action. |
Discovery_Method0..1 | MeasureSourceType |
The Discovery_Method field is optional and enables descriptive specification of how this Action was observed (in the case of a Cyber Observable Action instance) or could potentially be observed (in the case of a Cyber Observable Action pattern). |
Associated_Objects0..1 | AssociatedObjectsType |
The Associated_Objects construct is optional and enables the description/specification of cyber Objects relevant (either initiating or affected by) this Action. |
Relationships0..1 | RelationshipsType |
The Relationships construct is optional and enables description of other cyber observable actions that are related to this Action. |
Frequency0..1 | FrequencyType |
The Frequency field conveys a targeted observation pattern of the frequency of the associated event or action. |