40 lines
2.6 KiB
XML
40 lines
2.6 KiB
XML
|
<stix:STIX_Package
|
||
|
xmlns:example="http://example.com"
|
||
|
xmlns:incident="http://stix.mitre.org/Incident-1"
|
||
|
xmlns:stixCommon="http://stix.mitre.org/common-1"
|
||
|
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
|
||
|
xmlns:stix="http://stix.mitre.org/stix-1"
|
||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||
|
xsi:schemaLocation="
|
||
|
http://stix.mitre.org/Incident-1 http://stix.mitre.org/XMLSchema/incident/1.2/incident.xsd
|
||
|
http://stix.mitre.org/common-1 http://stix.mitre.org/XMLSchema/common/1.2/stix_common.xsd
|
||
|
http://stix.mitre.org/default_vocabularies-1 http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd
|
||
|
http://stix.mitre.org/stix-1 http://stix.mitre.org/XMLSchema/core/1.2/stix_core.xsd"
|
||
|
id="example:Package-d1a8110e-b693-11e3-8747-0800271e87d2"
|
||
|
version="1.2">
|
||
|
|
||
|
<stix:Incidents>
|
||
|
<stix:Incident id="example:incident-081d344b-9fae-d182-9cc7-d2d103e7c64f" xsi:type='incident:IncidentType' timestamp="2014-05-08T09:00:00.000000Z">
|
||
|
<incident:Title>Exfiltration from hr-data1.example.com</incident:Title>
|
||
|
<incident:Affected_Assets>
|
||
|
<incident:Affected_Asset>
|
||
|
<incident:Type count_affected="1">Database</incident:Type>
|
||
|
<incident:Description>Database server at hr-data1.example.com</incident:Description>
|
||
|
<incident:Business_Function_Or_Role>Hosts the database for example.com</incident:Business_Function_Or_Role>
|
||
|
<incident:Ownership_Class xsi:type="stixVocabs:OwnershipClassVocab-1.0">Internally-Owned</incident:Ownership_Class>
|
||
|
<incident:Management_Class xsi:type="stixVocabs:ManagementClassVocab-1.0">Internally-Managed</incident:Management_Class>
|
||
|
<incident:Location_Class xsi:type="stixVocabs:LocationClassVocab-1.0">Internally-Located</incident:Location_Class>
|
||
|
<incident:Nature_Of_Security_Effect>
|
||
|
<incident:Property_Affected>
|
||
|
<incident:Property xsi:type="stixVocabs:LossPropertyVocab-1.0">Confidentiality</incident:Property>
|
||
|
<incident:Description_Of_Effect>Data was exfiltrated, has not been determined which data or how.</incident:Description_Of_Effect>
|
||
|
<incident:Non_Public_Data_Compromised data_encrypted="false">Yes</incident:Non_Public_Data_Compromised>
|
||
|
</incident:Property_Affected>
|
||
|
</incident:Nature_Of_Security_Effect>
|
||
|
</incident:Affected_Asset>
|
||
|
</incident:Affected_Assets>
|
||
|
</stix:Incident>
|
||
|
</stix:Incidents>
|
||
|
</stix:STIX_Package>
|
||
|
|