From 7be9709062915d6d5cbf7f9d2740f3c974559685 Mon Sep 17 00:00:00 2001
From: Jop van der Lelie <jop@honeyned.nl>
Date: Tue, 21 May 2019 10:31:00 +0200
Subject: [PATCH 1/2] Add retention taxonomy

---
 retention/machinetag.json | 62 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 retention/machinetag.json

diff --git a/retention/machinetag.json b/retention/machinetag.json
new file mode 100644
index 0000000..5c83f0e
--- /dev/null
+++ b/retention/machinetag.json
@@ -0,0 +1,62 @@
+{
+  "namespace": "retention",
+  "expanded": "retention",
+  "description": "Add a retenion time to events to automatically remove the IDS-flag on ip-dst or ip-src attributes. We calculate the time elapsed based on the date of the event. Supported time units are: d(ays), w(eeks), m(onths), y(ears). The numerical_value is just for sorting in the web-interface and is not used for calculations.",
+  "version": 1,
+  "refs": [
+    "https://en.wikipedia.org/wiki/Retention_period"
+  ],
+  "predicates": [
+    {
+      "value": "expired",
+      "expanded": "Set when the retention period has expired",
+      "numerical_value": 0,
+      "hide_tag": true
+    },
+    {
+      "value": "1d",
+      "expanded": "1 day",
+      "numerical_value": 1
+    },
+    {
+      "value": "2d",
+      "expanded": "2 days",
+      "numerical_value": 2
+    },
+    {
+      "value": "7d",
+      "expanded": "7 days",
+      "numerical_value": 7
+    },
+    {
+      "value": "2w",
+      "expanded": "2 weeks",
+      "numerical_value": 14
+    },
+    {
+      "value": "1m",
+      "expanded": "1 month",
+      "numerical_value": 30
+    },
+    {
+      "value": "2m",
+      "expanded": "2 months",
+      "numerical_value": 60
+    },
+    {
+      "value": "3m",
+      "expanded": "3 months",
+      "numerical_value": 90
+    },
+    {
+      "value": "6m",
+      "expanded": "6 months",
+      "numerical_value": 180
+    },
+    {
+      "value": "1y",
+      "expanded": "1 year",
+      "numerical_value": 365
+    }
+  ]
+}

From 7675d98902e378a641eb91b79800b9768caa9176 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 21 May 2019 13:34:46 +0200
Subject: [PATCH 2/2] chg: [MANIFEST] retention taxonomy added

---
 MANIFEST.json | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/MANIFEST.json b/MANIFEST.json
index 05408de..fb9c43b 100644
--- a/MANIFEST.json
+++ b/MANIFEST.json
@@ -459,11 +459,16 @@
       "version": 1,
       "name": "dark-web",
       "description": "Criminal motivation on the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project."
+    },
+    {
+      "version": 1,
+      "name": "retention",
+      "description": "Retention taxonomy to describe the retention period of the tagged information."
     }
   ],
   "path": "machinetag.json",
   "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
   "description": "Manifest file of MISP taxonomies available.",
   "license": "CC-0",
-  "version": "20190517"
+  "version": "20190521"
 }