Documentation for Open Vulnerability and Assessment Language (OVAL®)
Definition Type: Element
Name: auditeventpolicysubcategories_state
Namespace: http://oval.mitre.org/XMLSchema/oval-definitions-5#windows
Type: oval-def:StateType
Containing Schema: windows-definitions-schema.xsd
Abstract
Documentation:
The auditeventpolicysubcategories_state element specifies the different system activities that can be audited. An audit event policy subcategories test will reference a specific instance of this state that defines the exact subcategories that need to be evaluated. Please refer to the individual elements in the schema for more details about what each represents.
Collapse XSD Schema Diagram:
Drilldown into system_integrity in schema windows-definitions-schema_xsd Drilldown into security_system_extension in schema windows-definitions-schema_xsd Drilldown into security_state_change in schema windows-definitions-schema_xsd Drilldown into other_system_events in schema windows-definitions-schema_xsd Drilldown into ipsec_driver in schema windows-definitions-schema_xsd Drilldown into sensitive_privilege_use in schema windows-definitions-schema_xsd Drilldown into other_privilege_use_events in schema windows-definitions-schema_xsd Drilldown into non_sensitive_privilege_use in schema windows-definitions-schema_xsd Drilldown into other_policy_change_events in schema windows-definitions-schema_xsd Drilldown into mpssvc_rule_level_policy_change in schema windows-definitions-schema_xsd Drilldown into filtering_platform_policy_change in schema windows-definitions-schema_xsd Drilldown into authorization_policy_change in schema windows-definitions-schema_xsd Drilldown into authentication_policy_change in schema windows-definitions-schema_xsd Drilldown into audit_policy_change in schema windows-definitions-schema_xsd Drilldown into sam in schema windows-definitions-schema_xsd Drilldown into registry in schema windows-definitions-schema_xsd Drilldown into other_object_access_events in schema windows-definitions-schema_xsd Drilldown into kernel_object in schema windows-definitions-schema_xsd Drilldown into handle_manipulation in schema windows-definitions-schema_xsd Drilldown into filtering_platform_packet_drop in schema windows-definitions-schema_xsd Drilldown into filtering_platform_connection in schema windows-definitions-schema_xsd Drilldown into file_system in schema windows-definitions-schema_xsd Drilldown into file_share in schema windows-definitions-schema_xsd Drilldown into certification_services in schema windows-definitions-schema_xsd Drilldown into application_generated in schema windows-definitions-schema_xsd Drilldown into special_logon in schema windows-definitions-schema_xsd Drilldown into other_logon_logoff_events in schema windows-definitions-schema_xsd Drilldown into logon in schema windows-definitions-schema_xsd Drilldown into logoff in schema windows-definitions-schema_xsd Drilldown into ipsec_quick_mode in schema windows-definitions-schema_xsd Drilldown into ipsec_main_mode in schema windows-definitions-schema_xsd Drilldown into ipsec_extended_mode in schema windows-definitions-schema_xsd Drilldown into account_lockout in schema windows-definitions-schema_xsd Drilldown into detailed_directory_service_replication in schema windows-definitions-schema_xsd Drilldown into directory_service_replication in schema windows-definitions-schema_xsd Drilldown into directory_service_changes in schema windows-definitions-schema_xsd Drilldown into directory_service_access in schema windows-definitions-schema_xsd Drilldown into rpc_events in schema windows-definitions-schema_xsd Drilldown into process_termination in schema windows-definitions-schema_xsd Drilldown into process_creation in schema windows-definitions-schema_xsd Drilldown into dpapi_activity in schema windows-definitions-schema_xsd Drilldown into user_account_management in schema windows-definitions-schema_xsd Drilldown into security_group_management in schema windows-definitions-schema_xsd Drilldown into other_account_management_events in schema windows-definitions-schema_xsd Drilldown into distribution_group_management in schema windows-definitions-schema_xsd Drilldown into computer_account_management in schema windows-definitions-schema_xsd Drilldown into application_group_management in schema windows-definitions-schema_xsd Drilldown into other_account_logon_events in schema windows-definitions-schema_xsd Drilldown into kerberos_ticket_events in schema windows-definitions-schema_xsd Drilldown into credential_validation in schema windows-definitions-schema_xsd Drilldown into notes in schema oval-definitions-schema_xsd Drilldown into Signature in schema xmldsig-core-schema_xsd Drilldown into deprecated in schema oval-definitions-schema_xsd Drilldown into comment in schema oval-definitions-schema_xsd Drilldown into operator in schema oval-definitions-schema_xsd Drilldown into version in schema oval-definitions-schema_xsd Drilldown into id in schema oval-definitions-schema_xsd Drilldown into StateType in schema oval-definitions-schema_xsdXSD Diagram of auditeventpolicysubcategories_state in schema windows-definitions-schema_xsd (Open Vulnerability and Assessment Language (OVAL®))
Collapse XSD Schema Code: 
<xsd:element name="auditeventpolicysubcategories_state" substitutionGroup="oval-def:state">
    <xsd:annotation>
        <xsd:documentation>The auditeventpolicysubcategories_state element specifies the different system activities that can be audited. An audit event policy subcategories test will reference a specific instance of this state that defines the exact subcategories that need to be evaluated. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation>
    </xsd:annotation>
    <xsd:complexType>
        <xsd:complexContent>
            <xsd:extension base="oval-def:StateType">
                <xsd:sequence>
                    <!-- Account Logon Audit Policy Subcategories -->
                    <xsd:element name="credential_validation" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstecredentialvalidation" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:credential_validation">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the credential_validation entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="kerberos_ticket_events" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstekerberosticketevents" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:kerberos_ticket_events">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the kerberos_ticket_events entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="other_account_logon_events" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteotheraccountlogonevents" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:other_account_logon_events">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the other_account_logon_events entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <!-- Account Management Audit Policy Subcategories -->
                    <xsd:element name="application_group_management" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteapplicationgroupmanagement" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:application_group_management">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the application_group_management entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="computer_account_management" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstecomputeraccountmanagement" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:computer_account_management">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the computer_account_management entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="distribution_group_management" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstedistributiongroupmanagement" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:distribution_group_management">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the distribution_group_management entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="other_account_management_events" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteotheraccountmanagementevents" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:other_account_management_events">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the other_account_management_events entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="security_group_management" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstesecuritygroupmanagement" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:security_group_management">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the security_group_management entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="user_account_management" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteuseraccountmanagement" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:user_account_management">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the user_account_management entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <!-- Detailed Tracking Audit Policy Subcategories -->
                    <xsd:element name="dpapi_activity" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstedpapiactivity" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:dpapi_activity">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the dpapi_activity entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="process_creation" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteprocesscreation" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:process_creation">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the process_creation entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="process_termination" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteprocesstermination" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:process_termination">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the process_termination entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="rpc_events" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssterpcevents" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:rpc_events">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the rpc_events entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <!-- DS Access Audit Policy Subcategories -->
                    <xsd:element name="directory_service_access" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstedirectoryserviceaccess" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:directory_service_access">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the directory_service_access entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="directory_service_changes" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstedirectoryservicechanges" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:directory_service_changes">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the directory_service_changes entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="directory_service_replication" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstedirectoryservicereplication" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:directory_service_replication">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the directory_service_replication entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="detailed_directory_service_replication" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstedetaileddirectoryservicereplication" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:detailed_directory_service_replication">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the detailed_directory_service_replication entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <!-- Logon/Logoff Audit Policy Subcategories -->
                    <xsd:element name="account_lockout" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteaccountlockout" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:account_lockout">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the account_lockout entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="ipsec_extended_mode" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteipsecextendedmode" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:ipsec_extended_mode">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the ipsec_extended_mode entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="ipsec_main_mode" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteipsecmainmode" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:ipsec_main_mode">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the ipsec_main_mode entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="ipsec_quick_mode" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteipsec_quick_mode" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:ipsec_quick_mode">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the ipsec_quick_mode entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="logoff" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstelogoff" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:logoff">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the logoff entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="logon" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstelogon" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:logon">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the logon entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="other_logon_logoff_events" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteotherlogonlogoffevents" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:other_logon_logoff_events">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the other_logon_logoff_events entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="special_logon" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstespeciallogon" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:special_logon">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the special_logon entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <!-- Object Access Audit Policy Subcategories -->
                    <xsd:element name="application_generated" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteapplicationgenerated" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:application_generated">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the application_generated entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="certification_services" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstecertificationservices" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:certification_services">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the certification_services entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="file_share" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstefileshare" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:file_share">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the file_share entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="file_system" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstefilesystem" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:file_system">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the file_system entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="filtering_platform_connection" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstefilteringplatformconnection" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:filtering_platform_connection">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the filtering_platform_connection entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="filtering_platform_packet_drop" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstefilteringplatformpacketdrop" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:filtering_platform_packet_drop">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the filtering_platform_packet_drop entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="handle_manipulation" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstehandlemanipulation" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:handle_manipulation">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the handle_manipulation entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="kernel_object" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstekernelobject" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:kernel_object">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the kernel_object entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="other_object_access_events" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteotherobjectaccessevents" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:other_object_access_events">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the other_object_access_events entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="registry" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteregistry" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:registry">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the registry entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="sam" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstesam" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:sam">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the sam entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <!-- Policy Change Audit Policy Subcategories -->
                    <xsd:element name="audit_policy_change" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteauditpolicychange" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:audit_policy_change">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the audit_policy_change entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="authentication_policy_change" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteauthenticationpolicychange" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:authentication_policy_change">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the authentication_policy_change entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="authorization_policy_change" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteauthorizationpolicychange" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:authorization_policy_change">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the authorization_policy_change entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="filtering_platform_policy_change" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstefilteringplatformpolicychange" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:filtering_platform_policy_change">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the filtering_platform_policy_change entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="mpssvc_rule_level_policy_change" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstempssvcrulelevelpolicychange" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:mpssvc_rule_level_policy_change">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the mpssvc_rule_level_policy_change entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="other_policy_change_events" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteotherpolicychangeevents" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:other_policy_change_events">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the other_policy_change_events entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <!-- Privilege Use Audit Policy Subcategories -->
                    <xsd:element name="non_sensitive_privilege_use" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstenonsensitiveprivilegeuse" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:non_sensitive_privilege_use">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the non_sensitive_privilege_use entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="other_privilege_use_events" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteotherprivilegeuseevents" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:other_privilege_use_events">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the other_privilege_use_events entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="sensitive_privilege_use" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstesensitive_privilege_use" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:sensitive_privilege_use">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the sensitive_privilege_use entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <!-- System Audit Policy Subcategories -->
                    <xsd:element name="ipsec_driver" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteipsecdriver" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:ipsec_driver">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the ipsec_driver entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="other_system_events" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepssteothersystemevents" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:other_system_events">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the other_system_events entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="security_state_change" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstesecuritystatechange" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:security_state_change">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the security_state_change entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="security_system_extension" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstesecuritysystemextension" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:security_system_extension">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the security_system_extension entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="system_integrity" type="win-def:EntityStateAuditType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation />
                            <xsd:appinfo>
                                <sch:pattern id="aepsstesystemintegrity" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:auditeventpolicysubcategories_state/win-def:system_integrity">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the system_integrity entity of an auditeventpolicysubcategories_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                </xsd:sequence>
            </xsd:extension>
        </xsd:complexContent>
    </xsd:complexType>
</xsd:element>
Collapse Child Elements:
Name Type Min Occurs Max Occurs
Signature ds:Signature 0 1
notes oval-def:notes 0 1
credential_validation win-def:credential_validation 0 (1)
kerberos_ticket_events win-def:kerberos_ticket_events 0 (1)
other_account_logon_events win-def:other_account_logon_events 0 (1)
application_group_management win-def:application_group_management 0 (1)
computer_account_management win-def:computer_account_management 0 (1)
distribution_group_management win-def:distribution_group_management 0 (1)
other_account_management_events win-def:other_account_management_events 0 (1)
security_group_management win-def:security_group_management 0 (1)
user_account_management win-def:user_account_management 0 (1)
dpapi_activity win-def:dpapi_activity 0 (1)
process_creation win-def:process_creation 0 (1)
process_termination win-def:process_termination 0 (1)
rpc_events win-def:rpc_events 0 (1)
directory_service_access win-def:directory_service_access 0 (1)
directory_service_changes win-def:directory_service_changes 0 (1)
directory_service_replication win-def:directory_service_replication 0 (1)
detailed_directory_service_replication win-def:detailed_directory_service_replication 0 (1)
account_lockout win-def:account_lockout 0 (1)
ipsec_extended_mode win-def:ipsec_extended_mode 0 (1)
ipsec_main_mode win-def:ipsec_main_mode 0 (1)
ipsec_quick_mode win-def:ipsec_quick_mode 0 (1)
logoff win-def:logoff 0 (1)
logon win-def:logon 0 (1)
other_logon_logoff_events win-def:other_logon_logoff_events 0 (1)
special_logon win-def:special_logon 0 (1)
application_generated win-def:application_generated 0 (1)
certification_services win-def:certification_services 0 (1)
file_share win-def:file_share 0 (1)
file_system win-def:file_system 0 (1)
filtering_platform_connection win-def:filtering_platform_connection 0 (1)
filtering_platform_packet_drop win-def:filtering_platform_packet_drop 0 (1)
handle_manipulation win-def:handle_manipulation 0 (1)
kernel_object win-def:kernel_object 0 (1)
other_object_access_events win-def:other_object_access_events 0 (1)
registry win-def:registry 0 (1)
sam win-def:sam 0 (1)
audit_policy_change win-def:audit_policy_change 0 (1)
authentication_policy_change win-def:authentication_policy_change 0 (1)
authorization_policy_change win-def:authorization_policy_change 0 (1)
filtering_platform_policy_change win-def:filtering_platform_policy_change 0 (1)
mpssvc_rule_level_policy_change win-def:mpssvc_rule_level_policy_change 0 (1)
other_policy_change_events win-def:other_policy_change_events 0 (1)
non_sensitive_privilege_use win-def:non_sensitive_privilege_use 0 (1)
other_privilege_use_events win-def:other_privilege_use_events 0 (1)
sensitive_privilege_use win-def:sensitive_privilege_use 0 (1)
ipsec_driver win-def:ipsec_driver 0 (1)
other_system_events win-def:other_system_events 0 (1)
security_state_change win-def:security_state_change 0 (1)
security_system_extension win-def:security_system_extension 0 (1)
system_integrity win-def:system_integrity 0 (1)
Collapse Child Attributes:
Name Type Default Value Use
id oval-def:id Required
version oval-def:version Required
operator oval-def:operator AND Optional
comment oval-def:comment Optional
deprecated oval-def:deprecated false Optional
Collapse Derivation Tree:
Collapse References:
oval-def:state
Documentation for Open Vulnerability and Assessment Language (OVAL®)

Generated using Liquid Studio - Developer Bundle 21.0.0.0