MISP-Taxii-Server/tests/incident-with-affected-asse...

40 lines
2.6 KiB
XML

<stix:STIX_Package
xmlns:example="http://example.com"
xmlns:incident="http://stix.mitre.org/Incident-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://stix.mitre.org/Incident-1 http://stix.mitre.org/XMLSchema/incident/1.2/incident.xsd
http://stix.mitre.org/common-1 http://stix.mitre.org/XMLSchema/common/1.2/stix_common.xsd
http://stix.mitre.org/default_vocabularies-1 http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd
http://stix.mitre.org/stix-1 http://stix.mitre.org/XMLSchema/core/1.2/stix_core.xsd"
id="example:Package-d1a8110e-b693-11e3-8747-0800271e87d2"
version="1.2">
<stix:Incidents>
<stix:Incident id="example:incident-081d344b-9fae-d182-9cc7-d2d103e7c64f" xsi:type='incident:IncidentType' timestamp="2014-05-08T09:00:00.000000Z">
<incident:Title>Exfiltration from hr-data1.example.com</incident:Title>
<incident:Affected_Assets>
<incident:Affected_Asset>
<incident:Type count_affected="1">Database</incident:Type>
<incident:Description>Database server at hr-data1.example.com</incident:Description>
<incident:Business_Function_Or_Role>Hosts the database for example.com</incident:Business_Function_Or_Role>
<incident:Ownership_Class xsi:type="stixVocabs:OwnershipClassVocab-1.0">Internally-Owned</incident:Ownership_Class>
<incident:Management_Class xsi:type="stixVocabs:ManagementClassVocab-1.0">Internally-Managed</incident:Management_Class>
<incident:Location_Class xsi:type="stixVocabs:LocationClassVocab-1.0">Internally-Located</incident:Location_Class>
<incident:Nature_Of_Security_Effect>
<incident:Property_Affected>
<incident:Property xsi:type="stixVocabs:LossPropertyVocab-1.0">Confidentiality</incident:Property>
<incident:Description_Of_Effect>Data was exfiltrated, has not been determined which data or how.</incident:Description_Of_Effect>
<incident:Non_Public_Data_Compromised data_encrypted="false">Yes</incident:Non_Public_Data_Compromised>
</incident:Property_Affected>
</incident:Nature_Of_Security_Effect>
</incident:Affected_Asset>
</incident:Affected_Assets>
</stix:Incident>
</stix:Incidents>
</stix:STIX_Package>