new: [misp-workflow] new misp-workflow taxonomy to have a consistent tag message for the MISP workflow

2022-11-01 15:44:44 +01:00 · 2022-11-01 15:44:44 +01:00 · b2ed54990f
parent d5833e9730
commit b2ed54990f
2 changed files with 52 additions and 3 deletions
--- a/MANIFEST.json
+++ b/MANIFEST.json
@ -316,7 +316,7 @@
    {
      "description": "Financial taxonomy to describe financial services, infrastructure and financial scope.",
      "name": "financial",
-      "version": 3
+      "version": 7
    },
    {
      "description": "Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid).",
@ -493,6 +493,11 @@
      "name": "misp",
      "version": 12
    },
+    {
+      "description": "MISP workflow taxonomy to support result of workflow execution.",
+      "name": "misp-workflow",
+      "version": 1
+    },
    {
      "description": "MONARC Threats Taxonomy",
      "name": "monarc-threat",
@ -656,7 +661,7 @@
    {
      "description": "Thales Group Taxonomy - was designed with the aim of enabling desired sharing and preventing unwanted sharing between Thales Group security communities.",
      "name": "thales_group",
-      "version": 2
+      "version": 4
    },
    {
      "description": "The ThreatMatch Sectors, Incident types, Malware types and Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.",
@ -720,5 +725,5 @@
    }
  ],
  "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
-  "version": "20220918"
+  "version": "20221101"
 }
--- a/misp-workflow/machinetag.json
+++ b/misp-workflow/machinetag.json
@ -0,0 +1,44 @@
+{
+  "namespace": "misp-workflow",
+  "expanded": "MISP workflow",
+  "description": "MISP workflow taxonomy to support result of workflow execution.",
+  "version": 1,
+  "predicates": [
+    {
+      "value": "result",
+      "expanded": "result",
+      "description": "Result of the workflow execution"
+    }
+  ],
+  "values": [
+    {
+      "predicate": "result",
+      "entry": [
+        {
+          "value": "ids-flag-removed",
+          "expanded": "IDS flag removed"
+        },
+        {
+          "value": "ids-flag-added",
+          "expanded": "IDS flag added"
+        },
+        {
+          "value": "pushed-to-zmq",
+          "expanded": "Pushed to ZMQ"
+        },
+        {
+          "value": "email-sent",
+          "expanded": "Email sent"
+        },
+        {
+          "value": "webhook-triggered",
+          "expanded": "Webhook triggered"
+        },
+        {
+          "value": "execution-stopped",
+          "expanded": "Execution stopped"
+        }
+      ]
+    }
+  ]
+}