Heads up! These docs are for STIX 1.0, which is not the latest version (1.2). View the latest!

CampaignTypeCampaign Schema

The CampaignType characterizes a single cyber threat Campaign.


Fields

Field Name Type Description
@idoptional QName

Specifies a globally unique identifier for this cyber threat Campaign.

@idrefoptional QName

Specifies a globally unique identifier for a cyber threat Campaign specified elsewhere.

@versionoptional CampaignVersionType

Specifies the relevant STIX-Campaign schema version for this content.

Title0..1 string

The Title field provides a simple title for this Campaign.

Names0..1 NamesType

The Names field specifies Names used to identify this Campaign. These may be either internal or external names.

Intended_Effect0..n StatementType

The Intended_Effect field characterizes the intended effect of this cyber threat Campaign.

It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is IntendedEffectVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.0.0/stix_default_vocabularies.xsd .

Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.

Status0..1 ControlledVocabularyStringType

The status of this Campaign. For example, is the Campaign ongoing, historical, future, etc.

This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is CampaignStatusType in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.0.0/stix_default_vocabularies.xsd .

Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.

Related_TTPs0..1 RelatedTTPsType

The Related_TTPs field specifies TTPs asserted to be related to this cyber threat Campaign.

Related_Incidents0..1 RelatedIncidentsType

The Related_Incidents field identifies or characterizes one or more Incidents related to this cyber threat Campaign.

Related_Indicators0..1 RelatedIndicatorsType

The Related_Indicators field identifies or characterizes one or more cyber threat Indicators related to this cyber threat Campaign.

Attribution0..n AttributionType

The Attribution field specifies assertions of attibuted Threat Actors for this cyber threat Campaign.

Associated_Campaigns0..1 AssociatedCampaignsType

The Associated_Campaigns field specifies other cyber threat Campaigns asserted to be associated with this cyber threat Campaign.

Confidence0..1 ConfidenceType

The Confidence field characterizes the level of confidence held in the characterization of this Campaign.

Activity0..n ActivityType

The Activity field characterizes actions taken in regards to this ThreatActor. This field is defined as of type ActivityType which is an abstract type enabling the extension and inclusion of various formats of Activity characterization.

Information_Source0..1 InformationSourceType

The Information_Source field details the source of this entry.

Handling0..1 MarkingType

The Handling field specifies the appropriate data handling markings for the elements of this Campaign. The valid marking scope is the nearest CampaignBaseType ancestor of this Handling element and all its descendants.