Merge branch 'RichieB2B-ncsc-nl/retention'

2019-05-21 13:36:35 +02:00 · 2019-05-21 13:36:35 +02:00 · 3168215c32
parent b8e850dde8 7675d98902
commit 3168215c32
2 changed files with 68 additions and 1 deletions
--- a/MANIFEST.json
+++ b/MANIFEST.json
@ -459,11 +459,16 @@
      "version": 1,
      "name": "dark-web",
      "description": "Criminal motivation on the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project."
+    },
+    {
+      "version": 1,
+      "name": "retention",
+      "description": "Retention taxonomy to describe the retention period of the tagged information."
    }
  ],
  "path": "machinetag.json",
  "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
  "description": "Manifest file of MISP taxonomies available.",
  "license": "CC-0",
-  "version": "20190517"
+  "version": "20190521"
 }
--- a/retention/machinetag.json
+++ b/retention/machinetag.json
@ -0,0 +1,62 @@
+{
+  "namespace": "retention",
+  "expanded": "retention",
+  "description": "Add a retenion time to events to automatically remove the IDS-flag on ip-dst or ip-src attributes. We calculate the time elapsed based on the date of the event. Supported time units are: d(ays), w(eeks), m(onths), y(ears). The numerical_value is just for sorting in the web-interface and is not used for calculations.",
+  "version": 1,
+  "refs": [
+    "https://en.wikipedia.org/wiki/Retention_period"
+  ],
+  "predicates": [
+    {
+      "value": "expired",
+      "expanded": "Set when the retention period has expired",
+      "numerical_value": 0,
+      "hide_tag": true
+    },
+    {
+      "value": "1d",
+      "expanded": "1 day",
+      "numerical_value": 1
+    },
+    {
+      "value": "2d",
+      "expanded": "2 days",
+      "numerical_value": 2
+    },
+    {
+      "value": "7d",
+      "expanded": "7 days",
+      "numerical_value": 7
+    },
+    {
+      "value": "2w",
+      "expanded": "2 weeks",
+      "numerical_value": 14
+    },
+    {
+      "value": "1m",
+      "expanded": "1 month",
+      "numerical_value": 30
+    },
+    {
+      "value": "2m",
+      "expanded": "2 months",
+      "numerical_value": 60
+    },
+    {
+      "value": "3m",
+      "expanded": "3 months",
+      "numerical_value": 90
+    },
+    {
+      "value": "6m",
+      "expanded": "6 months",
+      "numerical_value": 180
+    },
+    {
+      "value": "1y",
+      "expanded": "1 year",
+      "numerical_value": 365
+    }
+  ]
+}