From b2ed54990fad98e67cd576b783e64cb62a12e6a0 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 1 Nov 2022 15:44:44 +0100
Subject: [PATCH] new: [misp-workflow] new misp-workflow taxonomy to have a
 consistent tag message for the MISP workflow

---
 MANIFEST.json                 | 11 ++++++---
 misp-workflow/machinetag.json | 44 +++++++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+), 3 deletions(-)
 create mode 100644 misp-workflow/machinetag.json

diff --git a/MANIFEST.json b/MANIFEST.json
index b76f9a3..4ebe446 100644
--- a/MANIFEST.json
+++ b/MANIFEST.json
@@ -316,7 +316,7 @@
     {
       "description": "Financial taxonomy to describe financial services, infrastructure and financial scope.",
       "name": "financial",
-      "version": 3
+      "version": 7
     },
     {
       "description": "Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid).",
@@ -493,6 +493,11 @@
       "name": "misp",
       "version": 12
     },
+    {
+      "description": "MISP workflow taxonomy to support result of workflow execution.",
+      "name": "misp-workflow",
+      "version": 1
+    },
     {
       "description": "MONARC Threats Taxonomy",
       "name": "monarc-threat",
@@ -656,7 +661,7 @@
     {
       "description": "Thales Group Taxonomy - was designed with the aim of enabling desired sharing and preventing unwanted sharing between Thales Group security communities.",
       "name": "thales_group",
-      "version": 2
+      "version": 4
     },
     {
       "description": "The ThreatMatch Sectors, Incident types, Malware types and Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.",
@@ -720,5 +725,5 @@
     }
   ],
   "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
-  "version": "20220918"
+  "version": "20221101"
 }
diff --git a/misp-workflow/machinetag.json b/misp-workflow/machinetag.json
new file mode 100644
index 0000000..9b09a6c
--- /dev/null
+++ b/misp-workflow/machinetag.json
@@ -0,0 +1,44 @@
+{
+  "namespace": "misp-workflow",
+  "expanded": "MISP workflow",
+  "description": "MISP workflow taxonomy to support result of workflow execution.",
+  "version": 1,
+  "predicates": [
+    {
+      "value": "result",
+      "expanded": "result",
+      "description": "Result of the workflow execution"
+    }
+  ],
+  "values": [
+    {
+      "predicate": "result",
+      "entry": [
+        {
+          "value": "ids-flag-removed",
+          "expanded": "IDS flag removed"
+        },
+        {
+          "value": "ids-flag-added",
+          "expanded": "IDS flag added"
+        },
+        {
+          "value": "pushed-to-zmq",
+          "expanded": "Pushed to ZMQ"
+        },
+        {
+          "value": "email-sent",
+          "expanded": "Email sent"
+        },
+        {
+          "value": "webhook-triggered",
+          "expanded": "Webhook triggered"
+        },
+        {
+          "value": "execution-stopped",
+          "expanded": "Execution stopped"
+        }
+      ]
+    }
+  ]
+}