Showing:

Annotations
Diagrams
Facets
Source
Used by
Main schema Win_System_Restore_Object.xsd
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
Element WinSystemRestoreObj:Windows_System_Restore_Entry
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
Windows_System_Restore_Entry object is intended to characterize Windows system restore points. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/dd408121(v=vs.85).aspx.
Diagram
Diagram Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Restore_Point_Description Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Restore_Point_Full_Path Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Restore_Point_Name Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Restore_Point_Type Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_ACL_Change_SID Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_ACL_Change_Username Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Backup_File_Name Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Change_Event Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_ChangeLog_Entry_Flags Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_ChangeLog_Entry_Sequence_Number Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_ChangeLog_Entry_Type Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Change_Log_File_Name Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Created Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_File_Attributes Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_New_File_Name Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Original_File_Name Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Original_Short_File_Name Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Process_Name Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Registry_Hive_List Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType
Type WinSystemRestoreObj:WindowsSystemRestoreObjectType
Type hierarchy
Children WinSystemRestoreObj:ACL_Change_SID, WinSystemRestoreObj:ACL_Change_Username, WinSystemRestoreObj:Backup_File_Name, WinSystemRestoreObj:ChangeLog_Entry_Flags, WinSystemRestoreObj:ChangeLog_Entry_Sequence_Number, WinSystemRestoreObj:ChangeLog_Entry_Type, WinSystemRestoreObj:Change_Event, WinSystemRestoreObj:Change_Log_File_Name, WinSystemRestoreObj:Created, WinSystemRestoreObj:File_Attributes, WinSystemRestoreObj:New_File_Name, WinSystemRestoreObj:Original_File_Name, WinSystemRestoreObj:Original_Short_File_Name, WinSystemRestoreObj:Process_Name, WinSystemRestoreObj:Registry_Hive_List, WinSystemRestoreObj:Restore_Point_Description, WinSystemRestoreObj:Restore_Point_Full_Path, WinSystemRestoreObj:Restore_Point_Name, WinSystemRestoreObj:Restore_Point_Type
Source
 
<xs:element name="Windows_System_Restore_Entry" type="WinSystemRestoreObj:WindowsSystemRestoreObjectType">
  <xs:annotation>
    <xs:documentation>Windows_System_Restore_Entry object is intended to characterize Windows system restore points. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/dd408121(v=vs.85).aspx.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:Restore_Point_Description
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The description of this restore point.
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="Restore_Point_Description" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The description of this restore point.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:Restore_Point_Full_Path
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The full path to the restore point.
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="Restore_Point_Full_Path" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The full path to the restore point.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:Restore_Point_Name
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The name associated with this restore point.
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="Restore_Point_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The name associated with this restore point.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:Restore_Point_Type
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The type of restore point. (ex: "Checkpoint").
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="Restore_Point_Type" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The type of restore point. (ex: "Checkpoint").</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:ACL_Change_SID
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The SID associated with a restore point change log event. This usually appears when the event flag includes "ACL Info".
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="ACL_Change_SID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The SID associated with a restore point change log event. This usually appears when the event flag includes "ACL Info".</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:ACL_Change_Username
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The username associated with a restore point change log event. It usually appears when the event flag includes "ACL Info".
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="ACL_Change_Username" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The username associated with a restore point change log event. It usually appears when the event flag includes "ACL Info".</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:Backup_File_Name
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The backup file name associated with a particular restore point change log event.
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="Backup_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The backup file name associated with a particular restore point change log event.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:Change_Event
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The change event associated with this restore point object (ex: "System Checkpoint", "Software Installation", etc.).
Diagram
Diagram Win_System_Restore_Object_xsd.tmp#ChangeLogEntryTypeType_datatype Win_System_Restore_Object_xsd.tmp#ChangeLogEntryTypeType
Type WinSystemRestoreObj:ChangeLogEntryTypeType
Type hierarchy
Source
 
<xs:element name="Change_Event" type="WinSystemRestoreObj:ChangeLogEntryTypeType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The change event associated with this restore point object (ex: "System Checkpoint", "Software Installation", etc.).</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:ChangeLog_Entry_Flags
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The flags associated with a restore point change log entry (ex: "ACL Info, "Short Name", etc.).
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="ChangeLog_Entry_Flags" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The flags associated with a restore point change log entry (ex: "ACL Info, "Short Name", etc.).</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:ChangeLog_Entry_Sequence_Number
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The change log sequence number associated with this restore point object.
Diagram
Diagram
Type LongObjectPropertyType
Source
 
<xs:element name="ChangeLog_Entry_Sequence_Number" type="cyboxCommon:LongObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The change log sequence number associated with this restore point object.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:ChangeLog_Entry_Type
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The changelog entry type associated with this restore point object.
Diagram
Diagram Win_System_Restore_Object_xsd.tmp#ChangeLogEntryTypeType_datatype Win_System_Restore_Object_xsd.tmp#ChangeLogEntryTypeType
Type WinSystemRestoreObj:ChangeLogEntryTypeType
Type hierarchy
Source
 
<xs:element name="ChangeLog_Entry_Type" type="WinSystemRestoreObj:ChangeLogEntryTypeType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The changelog entry type associated with this restore point object.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:Change_Log_File_Name
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The changelog file associated with the restore point.
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="Change_Log_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The changelog file associated with the restore point.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:Created
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The created date of the system restore point.
Diagram
Diagram
Type DateTimeObjectPropertyType
Source
 
<xs:element name="Created" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
  <xs:annotation>
    <xs:documentation>The created date of the system restore point.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:File_Attributes
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
Attributes of the file associated with this restore point object (ex: "Directory").
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="File_Attributes" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>Attributes of the file associated with this restore point object (ex: "Directory").</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:New_File_Name
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The new filename of the file associated with this restore point object.
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="New_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The new filename of the file associated with this restore point object.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:Original_File_Name
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The original filename associated with this restore point change log event.
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="Original_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The original filename associated with this restore point change log event.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:Original_Short_File_Name
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The original Short filename (SFN) of the file associated with this restore point object.
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="Original_Short_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The original Short filename (SFN) of the file associated with this restore point object.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:Process_Name
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The process name associated with this restore point object.
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="Process_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The process name associated with this restore point object.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:WindowsSystemRestoreObjectType / WinSystemRestoreObj:Registry_Hive_List
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The registry hives associated with this restore point.
Diagram
Diagram Win_System_Restore_Object_xsd.tmp#HiveListType_Hive Win_System_Restore_Object_xsd.tmp#HiveListType
Type WinSystemRestoreObj:HiveListType
Children WinSystemRestoreObj:Hive
Source
 
<xs:element name="Registry_Hive_List" type="WinSystemRestoreObj:HiveListType" minOccurs="0" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>The registry hives associated with this restore point.</xs:documentation>
  </xs:annotation>
</xs:element>
Element WinSystemRestoreObj:HiveListType / WinSystemRestoreObj:Hive
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The Hive element specifies the Windows registry hive associated with the system restore point.
Diagram
Diagram
Type StringObjectPropertyType
Source
 
<xs:element name="Hive" type="cyboxCommon:StringObjectPropertyType" minOccurs="1" maxOccurs="unbounded">
  <xs:annotation>
    <xs:documentation>The Hive element specifies the Windows registry hive associated with the system restore point.</xs:documentation>
  </xs:annotation>
</xs:element>
Complex Type WinSystemRestoreObj:WindowsSystemRestoreObjectType
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The WindowsSystemRestoreObjectType is intended to characterize Windows system restore points.
Diagram
Diagram Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Restore_Point_Description Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Restore_Point_Full_Path Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Restore_Point_Name Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Restore_Point_Type Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_ACL_Change_SID Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_ACL_Change_Username Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Backup_File_Name Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Change_Event Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_ChangeLog_Entry_Flags Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_ChangeLog_Entry_Sequence_Number Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_ChangeLog_Entry_Type Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Change_Log_File_Name Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Created Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_File_Attributes Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_New_File_Name Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Original_File_Name Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Original_Short_File_Name Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Process_Name Win_System_Restore_Object_xsd.tmp#WindowsSystemRestoreObjectType_Registry_Hive_List
Type extension of ObjectPropertiesType
Type hierarchy
Used by
Children WinSystemRestoreObj:ACL_Change_SID, WinSystemRestoreObj:ACL_Change_Username, WinSystemRestoreObj:Backup_File_Name, WinSystemRestoreObj:ChangeLog_Entry_Flags, WinSystemRestoreObj:ChangeLog_Entry_Sequence_Number, WinSystemRestoreObj:ChangeLog_Entry_Type, WinSystemRestoreObj:Change_Event, WinSystemRestoreObj:Change_Log_File_Name, WinSystemRestoreObj:Created, WinSystemRestoreObj:File_Attributes, WinSystemRestoreObj:New_File_Name, WinSystemRestoreObj:Original_File_Name, WinSystemRestoreObj:Original_Short_File_Name, WinSystemRestoreObj:Process_Name, WinSystemRestoreObj:Registry_Hive_List, WinSystemRestoreObj:Restore_Point_Description, WinSystemRestoreObj:Restore_Point_Full_Path, WinSystemRestoreObj:Restore_Point_Name, WinSystemRestoreObj:Restore_Point_Type
Source
 
<xs:complexType name="WindowsSystemRestoreObjectType" mixed="false">
  <xs:annotation>
    <xs:documentation>The WindowsSystemRestoreObjectType is intended to characterize Windows system restore points.</xs:documentation>
  </xs:annotation>
  <xs:complexContent>
    <xs:extension base="cyboxCommon:ObjectPropertiesType">
      <xs:sequence>
        <xs:element name="Restore_Point_Description" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The description of this restore point.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Restore_Point_Full_Path" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The full path to the restore point.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Restore_Point_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The name associated with this restore point.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Restore_Point_Type" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The type of restore point. (ex: "Checkpoint").</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="ACL_Change_SID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The SID associated with a restore point change log event. This usually appears when the event flag includes "ACL Info".</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="ACL_Change_Username" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The username associated with a restore point change log event. It usually appears when the event flag includes "ACL Info".</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Backup_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The backup file name associated with a particular restore point change log event.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Change_Event" type="WinSystemRestoreObj:ChangeLogEntryTypeType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The change event associated with this restore point object (ex: "System Checkpoint", "Software Installation", etc.).</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="ChangeLog_Entry_Flags" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The flags associated with a restore point change log entry (ex: "ACL Info, "Short Name", etc.).</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="ChangeLog_Entry_Sequence_Number" type="cyboxCommon:LongObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The change log sequence number associated with this restore point object.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="ChangeLog_Entry_Type" type="WinSystemRestoreObj:ChangeLogEntryTypeType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The changelog entry type associated with this restore point object.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Change_Log_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The changelog file associated with the restore point.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Created" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
          <xs:annotation>
            <xs:documentation>The created date of the system restore point.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="File_Attributes" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>Attributes of the file associated with this restore point object (ex: "Directory").</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="New_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The new filename of the file associated with this restore point object.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Original_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The original filename associated with this restore point change log event.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Original_Short_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The original Short filename (SFN) of the file associated with this restore point object.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Process_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The process name associated with this restore point object.</xs:documentation>
          </xs:annotation>
        </xs:element>
        <xs:element name="Registry_Hive_List" type="WinSystemRestoreObj:HiveListType" minOccurs="0" maxOccurs="1">
          <xs:annotation>
            <xs:documentation>The registry hives associated with this restore point.</xs:documentation>
          </xs:annotation>
        </xs:element>
      </xs:sequence>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>
Complex Type WinSystemRestoreObj:ChangeLogEntryTypeType
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
ChangeLogEntryTypeType types, via a union of the ChangeLogEntryTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
Diagram
Diagram Win_System_Restore_Object_xsd.tmp#ChangeLogEntryTypeType_datatype
Type restriction of BaseObjectPropertyType
Type hierarchy
Used by
Source
 
<xs:complexType name="ChangeLogEntryTypeType">
  <xs:annotation>
    <xs:documentation>ChangeLogEntryTypeType types, via a union of the ChangeLogEntryTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
  </xs:annotation>
  <xs:simpleContent>
    <xs:restriction base="cyboxCommon:BaseObjectPropertyType">
      <xs:simpleType>
        <xs:union memberTypes="WinSystemRestoreObj:ChangeLogEntryTypeEnum xs:string"/>
      </xs:simpleType>
      <xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
        <xs:annotation>
          <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
        </xs:annotation>
      </xs:attribute>
    </xs:restriction>
  </xs:simpleContent>
</xs:complexType>
Complex Type WinSystemRestoreObj:HiveListType
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
HiveListType is intended to characterize a group of keys, subkeys, and values in the Windows registry that has a set of supporting files containing backups of its data and is associated with a system restore point.
 
http://msdn.microsoft.com/en-us/library/windows/desktop/ms724877(v=vs.85).aspx.
Diagram
Diagram Win_System_Restore_Object_xsd.tmp#HiveListType_Hive
Used by
Children WinSystemRestoreObj:Hive
Source
 
<xs:complexType name="HiveListType">
  <xs:annotation>
    <xs:documentation>HiveListType is intended to characterize a group of keys, subkeys, and values in the Windows registry that has a set of supporting files containing backups of its data and is associated with a system restore point.</xs:documentation>
    <xs:documentation>http://msdn.microsoft.com/en-us/library/windows/desktop/ms724877(v=vs.85).aspx.</xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <xs:element name="Hive" type="cyboxCommon:StringObjectPropertyType" minOccurs="1" maxOccurs="unbounded">
      <xs:annotation>
        <xs:documentation>The Hive element specifies the Windows registry hive associated with the system restore point.</xs:documentation>
      </xs:annotation>
    </xs:element>
  </xs:sequence>
</xs:complexType>
Simple Type WinSystemRestoreObj:ChangeLogEntryTypeEnum
Namespace http://cybox.mitre.org/objects#WinSystemRestoreObject-2
Annotations
 
The change types found in a Restore Point changelog>.
Diagram
Diagram
Type restriction of xs:string
Facets
enumeration UPDATE_ACL 
Represents a changelog entry descriptor for updating an ACL. (0x00000001).
enumeration UPDATE_ATTRIBUTES 
Represents a changelog entry descriptor for updating attributes. (0x00000002).
enumeration DELETE_FILE 
Represents a changelog entry descriptor for deleting a file. (0x00000004).
enumeration CREATE_FILE 
Represents a changelog entry descriptor for creating a file. (0x00000010).
enumeration RENAME_FILE 
Represents a changelog entry descriptor for renaming a file. (0x00000020).
enumeration CREATE_DIRECTORY 
Represents a changelog entry descriptor for creating a directory. (0x00000040).
enumeration RENAME_DIRECTORY 
Represents a changelog entry descriptor for renaming a directory. (0x00000080).
enumeration DELETE_DIRECTORY 
Represents a changelog entry descriptor for deleting a directory. (0x00000100).
enumeration MNT_CREATE 
Related to filesystem attachment points. (0x00000200).
Source
 
<xs:simpleType name="ChangeLogEntryTypeEnum">
  <xs:annotation>
    <xs:documentation>The change types found in a Restore Point changelog>.</xs:documentation>
  </xs:annotation>
  <xs:restriction base="xs:string">
    <xs:enumeration value="UPDATE_ACL">
      <xs:annotation>
        <xs:documentation>Represents a changelog entry descriptor for updating an ACL. (0x00000001).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="UPDATE_ATTRIBUTES">
      <xs:annotation>
        <xs:documentation>Represents a changelog entry descriptor for updating attributes. (0x00000002).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DELETE_FILE">
      <xs:annotation>
        <xs:documentation>Represents a changelog entry descriptor for deleting a file. (0x00000004).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="CREATE_FILE">
      <xs:annotation>
        <xs:documentation>Represents a changelog entry descriptor for creating a file. (0x00000010).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="RENAME_FILE">
      <xs:annotation>
        <xs:documentation>Represents a changelog entry descriptor for renaming a file. (0x00000020).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="CREATE_DIRECTORY">
      <xs:annotation>
        <xs:documentation>Represents a changelog entry descriptor for creating a directory. (0x00000040).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="RENAME_DIRECTORY">
      <xs:annotation>
        <xs:documentation>Represents a changelog entry descriptor for renaming a directory. (0x00000080).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="DELETE_DIRECTORY">
      <xs:annotation>
        <xs:documentation>Represents a changelog entry descriptor for deleting a directory. (0x00000100).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
    <xs:enumeration value="MNT_CREATE">
      <xs:annotation>
        <xs:documentation>Related to filesystem attachment points. (0x00000200).</xs:documentation>
      </xs:annotation>
    </xs:enumeration>
  </xs:restriction>
</xs:simpleType>
Attribute WinSystemRestoreObj:ChangeLogEntryTypeType / @datatype
Namespace No namespace
Annotations
 
This attribute is optional and specifies the expected type for the value of the specified property.
Type DatatypeEnum
Used by
Source
 
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
  <xs:annotation>
    <xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
  </xs:annotation>
</xs:attribute>
XML Schema documentation generated by ® XML Editor.